GANDHI & DAVE : SECURITY IN MOBILE AD HOC NETWORKS |
341 |
The PGP model adopts a decentralized web of trust approach where all users act as independent Certification Authority. Each user has the capability to sign and verify the keys of other users. Resurrecting Duckling Model is based upon master-slave relationship. A slave considers first node that sends it a secret key as a master and receives all instructions and access control instructions from master. The master-slave bond can be broken either by master or in case of time-out. There is another trust model [19] that makes use of trust agents that reside on the network nodes. The model computes the situational trust in agents based upon the general trust in the user nodes and the importance and utility of the situation in which a node finds itself. Each agent operates independently and maintains its individual perspective of trust hierarchy. Each agent performs trust derivation, quantification and computation functions. Zheng et al [20] propose two models, one for independent ad hoc networks and another for an ad hoc network with connection to a fixed network. In both the models, Personal Trust Bubble represents an ad hoc node. In the bubble, the owner of the ad hoc device has illogically full trust on the device. Among bubbles and between the bubbles and fixed networks, logical and rational trust relationship needs to be evaluated computationally. 5.3. Intrusion Detection Systems in MANETs An Intrusion Detection System (IDS) [22] is a defense system that detects hostile activities in a network and then tries to prevent such activities that may compromise system security. IDSs monitor audit data, look for intrusions in the system and initiate a proper response. The type of intrusion response for MANETs depends upon the type of intrusion, the network protocols and applications in use, and the confidence of the evidence. Intrusion detection can be classified as anomaly detection, misuse detection and specification based detection. Effectiveness and efficiency are the two key requirements for running IDS on MANETs. The basic model for IDS proposed in [23], runs an IDS agent on each node. It performs the local data collection and local detection. Cooperative detection and global intrusion response can be triggered when a node detects an anomaly. The data collection module gathers local audit traces and activity logs that are used by the local detection engine to detect local anomaly. Both the local and global response modules provide intrusion response actions. |
The local response module triggers actions local to this mobile node whereas the global one co-ordinates actions among neighbouring nodes. This model has also been the basis of an intrusion detection system for securing AODV protocol. Another kind of multilayer IDS has also been
proposed in [23]. This system makes use of mobile
agents. Mobile agents move around the network to
execute their task. They work in parallel and facilitate
implementation of robust attack-resistant IDS
architectures [24]. A mobile agent can cooperate with
other agent, it can copy itself and can move itself from
one platform to another taking either a static or a
dynamic route. The dynamic route is based on
information collected from the network. The mobile
agents determine autonomously when, where and Figure 1 shows an IDS model using mobile agents [23]. It includes six layers, every layer comprises of some agents making use of services of lower layer. Agents in every layer execute special tasks by specialized agents to implement their function. Management agents are in the lowest layer and can exchange information with the others layers. From layer 2 (entrance inspection agents), an agent in a layer activates one or more agents in an upper layer by means of the message exchange mechanism. Cluster-based Intrusion Detection System MANET nodes typically have limited battery
power, thus it is not efficient to make each MANET
node always a monitoring node, especially when the
threat level is low. Instead, a cluster of neighbouring
MANET nodes can randomly and fairly elect a
monitoring node, the cluster head, for the entire
neighbourhood. In other words, the responsibility of
intrusion detection is shared among nodes in the cluster.
As a result, the cluster formation algorithm and clusterbased
IDS schemes have been proposed in [25]. This
scheme not only detects whether a particular node is
malicious or not but also attempts to detect the type of
attack. An anomaly is detected using across-feature
analysis, where various features are compared to other
features. The features selected for classification may
be either traffic related (e.g. packet type, flow direction etc.) or non-traffic related (e.g. velocity, route cache |