Classification and Review of Security Schemes in Mobile Computing

doi:10.4236/wsn.2010.26054

Paper Menu >>

Journal Menu >>

Wireless Sensor Network, 2010, 2, 419-440

doi:10.4236/wsn.2010.26054 Published Online June 2010 (http://www.SciRP.org/journal/wsn)

Classification and Review of Security Schemes

in Mobile Computing

Sathish Alampalayam Kumar

Department of Computer Science and Information Technology PSG Institute of Advanced Studies, Coimbatore, India

E-mail: sathish.ap@gmail.com

Received October 13, 2009; revised November 20, 2009; accepted December 25, 2009

Abstract

In this paper, we present the classification and review of security schemes in mobile computing system. We

classify these schemes based on types the infrastructure used in the mobile computing system-Mobile Ad

Hoc Networks (MANET) and Mobile Agent model. Mobile Ad Hoc Networks are pervasive, ubiquitous and

without any centralized authority. These unique characteristics, combined with ever-increasing security

threats, demand solutions in securing ad hoc networks prior to their deployment in commercial and military

applications. This paper reviews the prevailing mobile ad hoc network security threats, the existing solution

schemes, their limitations and open research issues. We also explain the Intrusion detection and response

technique as an alternate method to protect the MANET based mobile computing systems and their ap-

proaches. A literature review of important existing Intrusion Detection approaches and Intrusion Response

Approaches for MANET is also presented. This paper also presents the limitations of existing Intrusion De-

tection and Response Approaches for MANET and open research issues in providing MANET security. With

respect to Mobile Agent based mobile computing system, we have presented the classification of various

types of security attacks in Mobile Agent based model and presented the security solutions for those type of

attacks proposed by the various schemes and the open research issues in providing security for Mobile Agent

based mobile computing system. Such classification enhances the understanding of the proposed security

schemes in the mobile computing system, assists in the development and enhancement of schemes in the fu-

ture and helps in choosing an appropriate scheme while implementing a mobile computing system.

Keywords: Wireless Sensor Networks, Beta Trust Model, Trust Routing Protocol, Network Security, Trust

Evaluation

1. Introduction

Although the wonderful invention of Internet offers ac-

cess to information sources worldwide, we do not expect

to benefit from that access until we arrive at some famil-

iar point-whether home, office, or school. However, the

increasing variety of wireless devices offering IP con-

nectivity, such as PDA’s, handhelds, and digital cellular

phones, is beginning to change our perceptions of the

Internet.

Mobile computing and networking should not be con-

fused with the portable computing and networking we

have today. In mobile networking, computing activities

are not disrupted when the user changes the computer’s

point of attachment to the Internet. Instead, all the needed

reconnections occur automatically and none interactively.

Mobile Internet implies changing the point of attachment

as the host (mobile station) roams between cells.

Truly, mobile computing offers many advantages.

Confident access to the Internet anytime, anywhere will

help free us from the ties that bind us to our desktops.

Having the Internet available to us as we move will

give us the tools to build new computing environments

wherever we go. This is especially convenient in a wire-

less LAN office environment, where the boundaries

between attachment points are not sharp and are often

invisible.

However, there are still some technical obstacles that

must be overcome before mobile networking can be-

come widespread. The most fundamental is the security

management, which is almost an afterthought until the

recent years. Providing security services in the mobile

computing environment is challenging because it is

420 S. A. KUMAR

more vulnerable for intrusion and eavesdropping. Au-

thentication mechanisms are designed to protect a sys-

tem from unauthorized access to its resources and data.

However, at present, completely preventing breaches of

security seems unrealistic, especially in mobile com-

puting systems [1,2]. A Personal Area Network (PAN)

level firewall as envisioned for the next generation

wireless networks can protect only if the users are at

home and not when the users are roaming [3]. Even if

such a firewall is provided, the communication would

get fragmented by these ‘check points’ on the network,

as each firewall needs maintenance of activities like log

control, software update etc., creating unnecessary over-

head. Thus existing technologies like firewalls and Virtual

Private Network (VPN) sandboxes cannot be directly

applied to the wireless mobile world. Even if the fire-

wall concept were achieved by creating a private extra-

net (VPN) which extends the firewall protected domain

to wherever the user moves, this would still lead to in-

efficient routing. Security is a fundamental concern for

mobile network based system. Harrison et al. [4] iden-

tify security as a “severe concern” and regard it as the

primary obstacle to adopting mobile systems.

2. Mobile Computing Systems Security

2.1. Mobile Computing Systems Security

Classification

The security approaches for mobile computing systems

can be classified as shown in the following Figure 1.

2.2. MANET and Security Attacks

in MANET

2.2.1. MANET Background

A Mobile Ad hoc Network (MANET) is a collection of

wireless mobile nodes forming a temporary network

without any centralized authority. In a MANET, each

wireless mobile node operates not only as an end-system,

but also as a router to forward packets. The nodes are

free to move about and organize themselves into a net-

work. MANET does not require any fixed infrastructure

such as base stations; therefore, it is an attractive net-

working option for connecting mobile devices quickly

and spontaneously. For instance, first responders at a

disaster site or soldiers in a battlefield must provide their

own communications. A MANET is a possible solution

for this need to quickly establish communications in a

mobile, transient and infrastructure-less environment. This

is one of many applications where MANET’s can be

used. Mobile ad-hoc networks are the future of wireless

networks. Nodes in these networks will generate both

user and application traffic and perform various network

functions.

In the last decade, wired and wireless computer network

revolution has changed the computing scenario. The pos-

sibilities and opportunities due to this revolution are limit-

less; unfortunately, so too are the risks and chances of at-

tacks due to intrusion by malicious nodes [4]. Intrusion is

defined as an attack or a deliberate unauthorized attempt

Security for mobile computing systems

Security for MANET based system Security for Mobile Agent based system

Attack Prevention Attack Detection and Response

Security Approaches Security Approaches

Agent vs. Agent attack Agent vs. Host attack Host vs. Agent attack Host vs. External parties attack

security approaches security approaches security approaches security approaches

Figure 1. Taxonomy of security for mobile computing systems.

S. A. KUMAR 421

to access information, manipulate information, or render

a system unreliable or unusable [5]. According to [6],

threat can be defined as “the potential possibility of a

deliberate unauthorized attempt to 1) access information,

2) manipulate information and 3) render a system unre-

liable or unusable. By security we mean protecting nodes

from damages due to either voluntary or accidental at-

tacks [7]. This protection is provided by predicting an

attack by monitoring a set of metrics measured from the

ad hoc network, and then responding and modifying the

security of the network based on the vulnerability level at

a given time.

Security in mobile ad hoc network is essential even for

basic network functions like routing which are carried

out by the nodes themselves rather than specialized rou-

ters. The intruder in the ad hoc network can come from

anywhere, along any direction, and target any communi-

cation channel in the network. Compare this with a

wired network where the intruder gains physical access

to the wired link or can pass through security holes at

firewalls and routers. Since the infrastructure-free mo-

bile ad hoc network does not have a clear line of de-

fense, every node must be prepared for the adversary.

The centralized or hierarchical network security solu-

tion for the existing wired and infrastructure-based cel-

lular wireless networks will not work properly for Mo-

bile Ad Hoc Networks [8]. Securing the ad hoc net-

works, like any other field of computers, is based on the

principle of confidentiality and integrity. These princi-

ples exist in every field, but the presence of malicious

nodes, selfish nodes, covert channels and eavesdroppers

in the mobile ad hoc network makes this an extremely

important and challenging problem [9]. In the past sev-

eral years, there has been a surge of network security

research in the field of information assurance that has

focused on protecting the network using techniques

such as authentication and encryption. These techniques

are applicable in the wired and infrastructure-based

cellular network. In the case of infrastructure-free Mo-

bile Ad Hoc Networks these techniques are not appli-

cable [8]. In the infrastructure-free networks, the nodes

themselves perform basic network functions like rout-

ing and packet forwarding. Therefore, mobile ad hoc

network security is a pressing issue, which needs im-

mediate research attention [10-13]. Providing security

services in the mobile computing environment is chal-

lenging because it is more vulnerable for intrusion and

eavesdropping. The challenge of mobile ad hoc network

security has attracted several researchers with the aim

of securing mobile ad hoc computer networks.

2.2.2. Security Attacks in MANET

A MANET can be subjected to active attacks and passive

attacks. Active attacks refer to the direct attacks by a

hostile entity during execution or transmission phase.

Some of the major types of active attacks are routing

attacks and active DoS attacks. Passive attacks refer to

the indirect attacks by an entity in the network during

collaboration. Some of the major types of passive attacks

include actions like selfishness, eavesdropping, traffic

analysis and passive DoS attacks.

1) Active Attack in MANET:

a) Routing Attacks:

Routing attack is a significant problem because nodes

within the ad hoc network themselves performs routing

functions and the security concepts are not incorporated

in most of the routing protocols. Also, routing tables

form the basis of network operations and any corruption

to the routing table may lead to significant adverse con-

sequences.

Designing a secure ad hoc network routing protocol is

a challenge for the following reasons: Firstly, routing

relies on the trustworthiness of all the nodes involved

and it is difficult to distinguish selfish nodes from normal

nodes. Secondly, rapid mobility of nodes that perform

the role of routing and network topology makes the de-

sign of a secure routing protocol more difficult. Active

routing attacks differ in their behavior depending on the

nature of the routing protocol. In the case of link-state

routing protocol, a router sends information about its

neighbors. Hence a malicious router can send incorrect

updates about its neighbors, or remain silent if the link

state of the neighbor has actually changed. However, in

the case of distance-vector protocols, routers can send

wrong and potentially dangerous updates regarding any

nodes in the network, since the nodes do not have the full

network topology. These attacks in case of both link-

state and distance-vector protocols are very difficult to

prevent if the routers exhibit Byzantine faults [14].

In the MANET shown in Figure 2, let us assume that

packets are supposed to traverse from source node A to

destination node C. However, the intruder updates the

routing table so that the packets traverse from B to D

instead of C, and hence the packets from A never reach

C. This also causes congestion on domains served by

nodes A, D and E, due to the bombardment of packets

whose actual destination was C. Thus the attack can lead

to network performance degradation.

Some of the important and common methods of rout-

ing attacks are:

i) Router Protocol Poisoning: In this attack an intruder

causes the disruption by poisoning the routing protocol.

Securing these attacks is important because the routing

protocol forms the basis of network operations, and any

corruption of the protocol may lead to significant conse-

quences. These attacks on the Mobile Ad Hoc Networks

can lead to looping, congestion, sub optimal routing and

partitioning [15]. Thus, they can ultimately affect the

performance of an ad hoc network.

ii) Injecting incorrect information in the routing table:

In this type of routing attack, malicious nodes or an in-

truder would inject incorrect routing information, which

422 S. A. KUMAR

B C

Figure 2. Routing loop attack.

in turn would poison the routing tables. These attacks

would result in the artificial partitioning of the network,

and the hosts residing in one partition would not be able

to communicate with hosts residing in the other partition.

iii) Routing Loop Attacks: In this attack, intruder or

malicious nodes update the routing table to create a loop,

so that packets can traverse in the network without

reaching the destination, thereby conserving energy and

bandwidth.

b) Active DoS Attacks:

These attacks can be defined as the direct denial of

service attacks on a node by another hostile node through

packet flooding, packet modification, deletion or forging

of packets or routing table. Following are some of the

common types of active DoS attacks by selfish nodes or

adversaries: replay of expired routing information, bogus

nodes create traffic by bombarding the neighboring

nodes with the packets, radio jamming, flooding central-

ized resource with the requests, ability to change routing

protocol to operate as the user wants, Byzantine failure,

sleep deprivation torture (Battery Exhaustion) and in-

jecting incorrect routing information.

Active DoS attack is depicted in Figure 3, where node

B is a host node and C is the intruder. The intruder node

C creates a huge traffic resulting in the exhaustion of the

node B’s resources. This results in the inability of node B

to serve genuine nodes A, D, E and F fairly. Thus, DoS

attacks on the mobile ad hoc networks can lead to net-

work performance degradation.

2) Passive Attack in MANET

a) Selfish Attacks:

Passive attacks could be caused by selfishness, eaves-

dropping and traffic analysis. In this section we explain

selfishness attacks to give an idea of passive attacks. In

the selfishness attacks, the selfish node abuses con-

strained resources, such as battery power, for its own

benefit [16]. They do not intend to directly damage other

nodes in the network. Attackers may also get hold of a

node and modify its behavior to make it malicious, so the

node would perform selfish attacks in need of resources.

These attacks have limited effectiveness compared to the

routing-table “poisoning” and DoS attacks [17]. This is

because, the attacks are limited to a part of the network

rather than the whole network as in the case of routing

protocol attacks.

Some of the common types of selfish node attacks in

mobile ad hoc network are packet mistreatment and en-

ergy consumption attacks. In this kind of attack, a node

in mobile ad hoc network does not perform the expected

network functions, like packet forwarding or routing, and

later claims that the transaction or communication never

took place [17]. It could be deliberate or accidental, due

to false repudiation of a transaction or due to scarce re-

sources in the mobile ad hoc networks.

As shown in Figure 4, the packets are supposed to

traverse from source node A to destination node C.

However, selfish node B discards the packets from A and

hence the packets from A never reach C. This results in

‘black hole’ attacks. This in turn may result in deadlock

issues which result in performance degradation. Some of

the important and common methods of selfish attacks are:

i) Packet mistreatment or interception: In this kind of

attack, a selfish node does not perform the function of

packet forwarding. As mentioned earlier, interruption

Figure 3. DoS attack.

A D

Intruder updates routing table so that the packets are

routed from B to D instead of C and hence the packets

from A never reach C.

Intruder C bombards the host node B with

ackets so that B could not service the othe

genuine nodes fairly

S. A. KUMAR 423

Selfish Node B discards the packet

from A and forwards to itself instead

of forwarding to C, and hence the

ackets from A never reach C.

Figure 4. Packet mistreatment attack.

of packets may reduce the overall throughput of the net-

work. In a specialized form of packet discarding, selfish

nodes do not forward the packets to host destination, but

to itself. This result in black hole and DoS attacks.

ii) Energy consumption: In this kind of attacks, nodes

try to save significant battery power by not performing

networking functions such as routing. This is due to the

fact that in ad hoc network most of the energy is con-

sumed by routing of packets. For instance, experiments

have shown that if the average hop from source to desti-

nation is 5, approximately 80% of the available energy is

spent in sending packets from source to destination by

packet forwarding [17].

2.3. Mobile Agent Model and Security Threats in

Mobile Agent Model

2.3.1. Mobile Agent Model Background

A distributed mobile agent system model for a wireless

internet host environment involves the following parties,

mobile agents and fixed base stations as shown in Figure

5. Some of the wireless models [18] applied for special

applications like mobile military networks assumes mo-

bile base stations. However, in this discussion we assume

the base station is fixed.

Mobile Agent:

The Mobile Agent (MA) is a software component [19]

 A thread as in Telescript, that can migrate among

different nodes carrying its execution state (i.e., program

counter, call stack etc.) Here the run-time image of the

component is transferred as a whole, including its execu-

tion state.

The task to rebuild the execution state is carried out by

the run-time support of the Mobile Code System.

 Or just a code fragment as in TACOMA [20] as-

sociated with initialization data that can be shipped to a

remote host. They don’t have the ability to migrate once

they have started their execution. These systems claim to

be able to move the state of a component along with its

code. This assertion is justified by the availability of

mechanisms that allow the programmer to pack some

portion of the data space of an executing component be-

fore the component’s code is sent to a remote destina-

tion.

It is the programmer’s task to rebuild the execution

state of a component after its migration, using the data

transferred with the code.

Thus a mobile agent (with respect to design paradigm)

contains.

 Code component-Executing Unit (EU) (Sequential

flows of computation), which encapsulate the know-how

to perform a particular computation.

 Resource component-(entities that can be shared

among multiple EUs such as a file in a file system, an

object shared by threads in a multi-threaded object-ori-

ented language, or an operating system variable) that

represents data or devices used during the computation.

Home Platform

Mobile

Agent

Base Station 2

Base Station1

Mobile

Agent

Mobile

Agent

Figure 5. Mobile agent model in mobile computing.

424 S. A. KUMAR

 Computational components that are active execu-

tors capable to carry out a computation.

Mobility allows an agent to move or hop among base

station. The base station provides a computational envi-

ronment in which an agent operates. The purpose of Mo-

bile Agent in terms of Artificial Intelligence (AI) re-

search paradigm is a software component that is able to

achieve a goal by performing actions and reacting to

events in a dynamic environment. The behavior of this

component is determined by the knowledge of the rela-

tionships among events, actions and goals. However, in

terms of Distributed Systems research paradigm, the

purpose of the mobile agent is to allow the migration of

the whole computational component to a remote site,

along the code it needs, some resources required to per-

form the task along with its execution state of an EU to a

different CE (Computation Environment or Host).

Mobile Agents are increasingly becoming popular

with the ubiquitous and widespread deployment of

wireless and internet technologies. With the help of

mobile agents it is possible to create distributed appli-

cations where the programs can autonomously traverse

from one computer to another and get executed. They

are more powerful than an ordinary applets [21] due to

the AI component, they decide themselves where and

when to traverse and execute. They are prominently

applied in mobile computing systems. Connection mana-

gement for mobile computing requires continuous re-

configuration of the data links. If connectivity fails, the

mobile computing system requires applications to han-

dle extended off-line periods. “Mobile software agents

are very useful in this context, since they could encap-

sulate long-lasting transactions. They could carry a re-

quest to server, cause its execution and bring back the

result as soon as the connectivity is reestablished [21].”

Due its ability to preprocess the results, it makes use of

the slow communication link between the mobile de-

vice and the network.

2.3.2. Security Threats in Mobile Agent Based Model:

In the mobile agent-host model the security attacks or

threats could be classified into four categories:

 mobile agent attacked by another mobile agent

 mobile agent attacking by the host

 host attacked by a mobile agent

 host attacked by external unauthorized party like an

agent or host

For the ease of understanding, any agent or host attack

could be further classified into active or passive attacks.

Before further classification, it is essential to define ac-

tive and passive attacks.

Active attacks can be defined as the direct attacks on

an entity by another hostile entity during its execution or

transmission like code/message modification, deletion or

forging.

Passive attacks can be defined as the indirect attacks

on an entity by another hostile entity during its execution

or transmission like eavesdropping and traffic analysis.

Mobile Agent Attacked by another Agent:

Different types of attacks by a MA against another MA

can be classified as shown in the following taxonomy.

1) Active Attacks:

Denial of service: In these attacks agent could spam

other agents causing resource constraints by repeatedly

sending messages to another agent, may place undue

burden on the message handling routines of the recipient.

Agents can also intentionally distribute false or useless

information to prevent other agents from completing

their tasks correctly or in a timely manner.

Unauthorized Access: In these attacks agent would

invoke other agent’s public methods by accessing or

modifying agent’s code or data, which could change the

behavior of agent from trusted to harmful one.

2) Passive Attacks:

Repudiation: Agent participating in a transaction or

communication later claims that the transaction or com-

munication never took place―could be deliberate or

accidental, due to false repudiation of a transaction or

due to imperfect business transactions within an organi-

zation.

Masquerade: In this category an agent posing as host

could deceive other agents and it harms both the agent

that is being deceived and the agent whose identity has

been assumed, especially in agent societies where repu-

tation is valued and used as a means to establish trust.

Mobile agent attacked by the host:

Different types of attacks by a host against MA can be

classified as shown in the following taxonomy.

3) Active Attacks

Denial of Service: In these attacks host would ignore

agent service request by not executing the agent or turn-

ing away the request. This would introduce unaccept-

able delays for critical tasks like handoff in the mobile

computing world. Agents on other platforms waiting for

the results from a non-responsive agent in the malicious

host platform could cause deadlock or livelock prob-

lems.

Alteration: Since agent visits various base stations or

hosts during its life time, it could be altered by any of the

hosts an agent passes through its lifetime. Thus a mobile

agent is exposed to a new risk each time it is in transit

and each time it is instantiated on a new platform.

Copy and Replay: In these attacks an agent or its

message could be copied and replayed several times by

the host.

4) Passive Attacks

Masquerade: In these attacks host deceives a mobile

agent as to its true destination and corresponding security

domain. Thus it harms both the agent and the host or

platform it assumes. This is a more serious problem than

an agent masquerading as other agent.

S. A. KUMAR 425

Mobile Agent Host Model Security Threats

Agent vs. Agent Agent vs. Host Host vs. Agent Host vs. External parties

Figure 6. Taxonomy of mobile agent model security threats.

Figure 7. Taxonomy of mobile agent attacked by another agent attacks.

Figure 8. Taxonomy of mobile agent attacked by host security threats.

Repudiation: Host participating in a transaction or

communication with an agent later claims that the trans-

action or communication never took place-could be de-

liberate or accidental, due to false repudiation of a trans-

action or due to imperfect business transactions within an

organization.

Host attacked by mobile agents

Different types of attacks by a MA against host can be

classified as shown in the following taxonomy.

5) Active Attacks:

Denial of Service: In these attacks agent consume ex-

cess amount of host resources so that the host can not

service other agents properly.

Unauthorized access: In these attacks, agent without

proper authorization could harm the host.

6) Passive Attacks

Masquerading: In these attacks agent may pose as an

authorized agent to gain access to services and resources

to which it is not entitled, to shift the blame for any ac-

tions for which it does not want to be held accountable

and to damage the trust the legitimate agent has estab-

lished in an agent community and its associated reputa-

tion.

Host attacked by other unauthorized external par-

ties including host and agents:

Different types of attacks by an external party like an

426 S. A. KUMAR

Host attacked by Mobile Agent Security Threats

Active AttacksPassive Attacks

Denial of Service Unauthorized Access Masquerade

Figure 9. Taxonomy of host attacked by mobile agent security threats.

Host attacked by external parties Security Threats

Active AttacksPassive Attacks

Denial of Service Unauthorized AccessMasquerade

Figure 10. Taxonomy of host attacked by external parties security threats.

external MA or an external host against the host can be

classified as shown in the following taxonomy.

7) Active Attacks

Unauthorized Access: In these attacks, remote users,

processes, and agents may request resources from the

host, for which they are not authorized.

Denial of service: In these attacks, the agent services

offered by the host or base station can be disrupted by

common denial of service attacks.

8) Passive Attacks

Masquerade: An agent on a remote base station can

masquerade as another agent and request services and

resources for which it is not authorized. They may act in

conjunction with its platform (base station) to deceive

the host.

3. MANET Security Approaches

3.1. MANET Attack Prevention Approaches

In this section, we classify the MANET security work

into two broad categories based on the type of attack:

active attack or passive attack.

3.1.1. Review of MANET Attack Prevention Security

Schemes for Active attacks

In ad hoc networks, a mobile node or host may depend

on other node(s) to route or forward a packet to its desti-

nation. The security of these nodes could be compro-

mised by an external attacker or due to the selfish nature

of other nodes. This would create a severe threat of De-

nial of Service (DoS) and routing attacks where mali-

cious nodes combine and deny the services to legitimate

nodes. Unlike nodes in a wired network, the nodes of

MANET may have less processing power as well as bat-

tery life and consequently would try to conserve re-

sources. In this scenario, the usual authentication and

encryption methods would not apply to a MANET the

same way they would in a wired network [22]. However,

both authentication and encryption are even more im-

portant in a MANET [23,24]. Steiner et al. have devel-

oped a Group key Diffie-Hellman (GDH) model that

provides a flexible solution to group key management.

Yi et al. [25] have developed the MOCA (MObile Certi-

fication Authority) protocol that helps manage heteroge-

neous mobile nodes as part of a MANET. MOCA uses

Public Key Infrastructure (PKI) technology.

The impact of authentication attacks is quite wide-

spread and it includes unauthorized access, denial of ser-

vice, masquerading, information leakage, and domain

hijacking. Capkun et al. [26] have developed some solu-

tions using a concept that they introduce, called Maxi-

mum Degree Algorithm (MDA), for preventing denial of

S. A. KUMAR 427

service due to poor key management.

Routing is an important aspect of moving packets

around in a network. It is a challenging problem because

nodes within the ad hoc network themselves performs

routing function and the security concepts were not in-

corporated into the routing protocols when they were

designed. It is important because the routing table forms

the basis of the network operations and any corruption

of routing table may lead to significant consequences.

Routing attacks in mobile ad hoc network are more chal-

lenging since routing relies on the trustworthiness of all

the nodes involved and it is difficult to distinguish selfish

nodes from normal nodes. Basically there are two meth-

ods used for routing: AODV (Ad hoc On-demand Dis-

tance Vector) routing and DSDV (Destination Sequenced

Distance Vector) routing. These two methods can be

classified as reactive and proactive respectively since

AODV method discovers a route only when needed

whereas the DSDV method maintains a dynamic routing

table at all times.

A reactive routing method was proposed by Yang et al.

[27]. In this method, a unified network layer prevention

method known as Self Organized Security (SOS) scheme

that uses AODV routing is used. This scheme takes a

self-organized approach by exploiting full localized de-

sign, without assuming any apriori trust or secret asso-

ciation between nodes. In this model, each node has a

token in order to participate in the network operations,

and its local neighbors collaboratively monitor it to de-

tect any misbehavior in routing or packet forwarding

services. Upon expiration of the token, each node renews

its token via its multiple neighbors. The period of the

validity of a node’s token is dependent on how long it

has stayed and behaved well in the network. A well-be-

having node accumulates its credit and renews its token

less frequently as time evolves. In essence, this security

solution exploits collaboration among local nodes to

protect the network layer without completely trusting any

individual node.

Another reactive scheme, called Techniques for Intru-

sion-Resistant Ad Hoc Routing Algorithms (TIARA)

was proposed by Ramanujam et al. to detect and elimi-

nate DoS [28]. This model presents a new approach for

building intrusion resistant ad hoc networks in the wake

of DoS attacks using wireless router extensions. This

approach relies on extending the capabilities of existing

ad hoc routing algorithms to handle intruders without

modifying the existing routing algorithms. This scheme

proposes a new network layer mechanism for detecting

and recovering from intruder induced malicious faults

that work in concert with existing ad hoc routing algo-

rithms and augment their capabilities.

Hu et al. [29] have developed a DSDV-based secure

routing method called SEAD (Secure Efficient Ad hoc

Distance vector). This method uses efficient one-way

hash functions and does not use symmetric cryptographic

operations in the protocol in order to support the nodes of

limited CPU processing capability and to guard against

Denial-of-Service (DoS) attacks. The primary reason for

this is due to the fact that the nodes in an ad hoc net-

work are unable to verify asymmetric signatures quickly

enough for routing protocols to decide on the routing

path.

Routing attacks differ in their execution depending on

the nature of the routing protocol. In the case of link state

routing protocol such as AODV, a router sends informa-

tion about its neighbors. Hence, a malicious router can

send incorrect updates about its neighbors or remain si-

lent if the link state of the neighbor has actually changed.

However, in case of distance vector protocols such as

DSDV, routers can send wrong and potentially danger-

ous updates regarding any nodes in the network since the

nodes do not have the full network topology. Awerbuch

et al. [30] studies the behavior of routers in the presence

of Byzantine faults. They use an On-demand Secure

Routing Protocol (OSRP) that defines a reliability metric

based on past records and use it to select the secure path.

Reliability metric is represented by a list of link weights

where high weights correspond to low reliability. Each

node in the network maintains its own list, referred to as

a weight list, and dynamically updates that list when it

detects faults. Faulty links are identified using a secure

adaptive probing technique that is embedded in the nor-

mal packet stream. These links are avoided using a se-

cure route discovery protocol that incorporates the reli-

ability metric. This protocol achieves these functionality

by three successive phases: Route discovery with fault

avoidance phase whose input is source node's weight list

and output is the full least weight path from the source

node to the destination node, Byzantine fault detection

phase whose input is the full weight path and output is a

faulty link and link weight management phase which

takes a faulty link as an input and whose output is the

weight list which in turn is used by the route discovery

phase to avoid faulty paths. This is a very efficient ap-

proach to detect secure routes. In a related paper, Awer-

buch [30] discusses a method for secure ad hoc routing.

Zhou et al. [31] have an alternative solution for the

problems with AODV and DSDV routing methods. They

have developed a hybrid approach using both AODV and

DSDV methods. This method, known as the Key Man-

agement Service (KMS), defends routing from denial of

service attacks in ad hoc networks by taking advantage

of multiple routes between nodes. Due to the dynamic

changes in topology, the routing protocols of ad hoc

network need to handle outdated routing information,

which is similar to that of the compromised routing at-

tacks. The principle here is that as long as there are

enough proper nodes, the routing protocol would be able

to find the routes working around the compromised

nodes. Thus, if the nodes can find multiple routes, nodes

can switch to an alternate route when a fault has been

428 S. A. KUMAR

detected in the primary route. This method also uses rep-

lication and new cryptographic schemes, such as thresh-

old cryptography, to build a highly secure and highly

available key management service, which forms the core

of the security framework.

In addition to the methods discussed above, there are

some additional methods proposed in the literature to

handle various forms of attacks. For example, the Secure

Routing Protocol (SRP) by Papadimitratos et al. [31]

guarantees correct route discovery, so that fabricated,

compromised, or replayed route replies are rejected or

never reach the route requester. SRP assumes a security

association between the end-points of a path only and so

intermediate nodes do not have to be trusted for the route

discovery. This is achieved by requiring that the request

along with a unique random query identifier reach the

destination, where a route reply is constructed and a

message authentication code is computed over the path

and returned to the source. The authors prove the cor-

rectness of the protocol analytically.

Another preventive solution for DoS attacks in ad hoc

wireless networks is proposed by Luo et al. [32]. In this

solution they distribute the functionality of authentica-

tion servers, thus enabling each node in the network to

collaboratively self-secure themselves. This is achieved

by using the certificate-based approach. This scheme

supports ubiquitous security for mobile nodes, scales to

network size, and is robust against adversary break-ins.

In this method centralized management is minimized and

the nodes in the network collaboratively self-secure

themselves. This scheme proposes a suite of fully dis-

tributed and localized protocols that facilitate practical

deployment. It also features communication efficiency to

conserve the wireless channel bandwidth and independ-

ency from both the underlying transport layer protocols

and the network layer routing protocols.

The ARIADNE method developed in Europe is an-

other important secure on-demand routing protocol. De-

veloped by Hu et al. [33], ARIADNE (Alliance of Re-

mote Instructional Authoring and Distributed Networks

for Europe) prevents attackers from tampering with un-

compromised routes consisting of uncompromised nodes.

It is based on Dynamic Source Routing (DSR) approach

and relies on symmetric cryptography only. ARIADNE

protocol is designed in three stages: The first stage pre-

sents a mechanism that enables the target to verify the

authenticity of the Route Request. Second stage presents

a key management protocol that relies on synchronized

clocks, digital signatures, and standard MAC (Message

Authentication Code) for authenticating data in Route

Requests and Route Reply. The final stage presents an

efficient per-hop hashing technique to verify that no

node is missing from the node list in the Request. Hu

et al. present simulations that show that the performance

is close to DSR without optimizations.

Marti et al. [34] have taken another variation on the

DSR method. This method shows increased throughput

in Mobile Ad Hoc Networks by complementing DSR

with a watchdog for detection of denied packet forward-

ing and a pathrater for trust management and routing

policy rating that every path uses, thus enabling nodes to

avoid malicious nodes in their routes as a detective and

reactive protection measure. This reaction does not pun-

ish malicious nodes that do not cooperate, but actually

relieves them of the burden of forwarding for others

while having their messages forwarded, and it allows

nodes to use better paths and thus increase their th-

roughput.

The traditional Secure Routing Protocol (SRP) is well

suited for a wired network. In developing a similar pro-

tocol for MANETs, Yi et al. [35] propose a new routing

technique called Security-Aware ad hoc Routing (SAR)

that incorporates security attributes as parameters into ad

hoc route discovery. SAR enables the use of security as a

negotiable metric to improve the relevance of the routes

discovered by ad hoc routing protocols. Ad hoc routing

protocols enable nodes in ad hoc networks communicate

with their neighbors through Route REQuest (RREQ)

packets and Route REPly (RREP) packets. In SAR, the

security metrics are embedded into RREQ packets. In-

termediate nodes receive these packets with particular

security level and process these packets or forward the

packets depending on the security level of the intermedi-

ate node. If it cannot provide required security level,

RREQ packets are dropped. Otherwise RREP packets are

sent back to the source from destination or intermediate

nodes. This approach, though resource intensive is a

useful alternative for preventing attacks.

So far we have looked at research that addresses au-

thentication, denial of service, selfish node and routing

protocol attacks in a MANET. One of the main require-

ments in a MANET is for each node to let other nodes

know of their presence and readiness to participate in the

MANET. In a wireless local area network, an Access

Point (AP) is used to let the mobile nodes communicate

with other nodes on the network. In a MANET, there is

no Access Point and so each node must know the other

nodes that participate in the MANET. One way to let the

other nodes know of their presence, a mobile node sends

out beacon signals. Binkley et al. [36] propose an au-

thenticated routing protocol to address link security is-

sues in this regard. This proposal also reduces the DoS

threats like replay attacks caused by an Address Resolu-

tion Protocol (ARP) or ad hoc routing protocol spoof,

which would destroy a link-layer route to a host. This

protocol transmits beacons similar to that of mobile IP

agents. When a host node or agent receives the transmit-

ted beacons, they authenticate them and if it is authentic,

they add the MAC-to-IP address binding contained in the

beacon into their table of authentic bindings.

Another security scheme proposed by Kong et al. [37]

and Luo et al. [32] supports ubiquitous security services

S. A. KUMAR 429

for mobile hosts through threshold secret sharing mecha-

nism where they distribute certificate authority functions.

These methods are based on RSA cryptography and pro-

vide distributed localized certificate services like certifi-

cate issuing, renewal and revocation. These methods

employ localized certification schemes to enable ubiqui-

tous services. This model uses RSA system key pair de-

noted by {Sk, Pk} where Sk is the system secret/private

key and is used to sign certificates for all entities in the

network. Pk is the system public key which verifies the

certificate signed by Sk. In this scheme, Sk is shared

among network entities but not visible or known by any

component in the network, except at the boot strapping

phase. Each entity Vi also maintains a secret share Pvi

and a RSA personal public and private key pair {Ski, Pki}

besides the system key pair. Thus, it uses the concept of

threshold secret sharing and updating each entity’s secret

share periodically to further enhance robustness against

break-ins. This scheme scales to network size and is ro-

bust against break-ins. In the threshold secret sharing

mechanism each entity holds a secret share and multiple

entities in a local neighborhood jointly provide complete

services.

There are several open issues in the models that were

reviewed. The important among them are explained as

follows: The GDH method needs further study for the

detection and resolution of inconsistent certificates, im-

provement of certificate graph models and enhancing the

use of existing PKI infrastructure. The MOCA method

uses a unicast approach that only exploits information in

the local routing cache. One useful extension would be to

devise a way for a node to browse neighboring nodes’

routing tables. This would help in avoiding flooding. The

CORE method considers only attacks from selfish nodes

but not from active intruders. Hence one has to extend

this method for intruder attacks as well. The solution for

attack by selfish nodes presented in the nuglets method is

focused just on packet forwarding attacks. Applica-

tion-level issues like mutual provision of information

services in an ad hoc network have to be addressed in

order to better utilize the nuglet counter. The CONFI-

DANT method assumes that nodes are authenticated and

that no node can pretend to be another in order to get rid

of a bad reputation. This assumption could lead to mis-

placed trust in systems. The Guardian Angel method is

not a comprehensive security scheme since it does not

take into account the attacks like packet forwarding and

denial of service or routing attacks, which are common-

place today.

3.1.2. Review of MANET Attack Prevention Security

Schemes for Passive Attacks

We noted earlier some of the problems due to selfish

nodes not performing their role properly in a MANET.

Actions of a selfish node could lead to congestion, lower

throughput and denial of service. Buttyan et al. [38] have

shown by simulation that a selfish node does not partici-

pate actively in packet forwarding in order to conserve

electrical energy. This study shows that typically every

node spends 80% of the energy in forwarding packets.

This work also introduces a special counter called nuglet

counter that is used to keep track of selfish behavior of

nodes. In trying to solve the selfish node problem, Mi-

chiardi et al. [39] have developed a model called CORE

(Collaborative REputation). Under CORE’s approach,

every node monitors the behavior of the neighboring

nodes for a particular requested function and collects data

about the execution of that function. If the observed result

of the function matches with the expected result, then the

observation takes a positive value. This mechanism al-

lows a node to detect if any of its neighbors are selfish

nodes and gradually isolate them.

As seen above, the problem of selfish behavior by

nodes in a MANET is something significant that needs to

be addressed. In a MANET, many nodes try to conserve

battery life and consequently resort to selfish behavior by

dropping packets rather than forwarding them as they are

supposed to do in a network. Buchegger et al. [40] study

the vulnerabilities exposed by selfish nodes in a MANET.

Buchegger et al. [40] introduce a new protocol called

CONFIDANT (Cooperation of Nodes-Fairness In Dis-

tributed Ad hoc NETworks) to address this problem.

Each node maintains reputation indexes about each of its

neighbors based on their behavior and use these indexes

to isolate misbehaving nodes. Avoine et al. [41] have

developed a cryptography-based fair key exchange mod-

el called Guardian Angel. This model uses a probabilistic

approach without involving a trusted third party in key

exchange.

3.1.3. Limitations of Existing MANET Attack

Prevention Schemes and Open Research Issues

1) Active Attack Security Approaches

The scheme GDH needs further exploration of mecha-

nisms for the detection and resolution of inconsistent

certificates, improvement of certificate graph models and

making use of existing PKI infrastructure [26]. Scheme

MDA does not provide authentication of the participants.

In addition, more formal arguments need to be developed

to support optimality claims [41]. Unicast approaches by

the scheme MOCA only exploit information in the local

routing cache. One potential extension is to let a node

browse into neighboring nodes’ routing tables. For ex-

ample, a node may be short of one or two cached routes

and that would lead to flooding. If the node has a way to

peek into the neighbors’ routing tables and find a couple

of new cached routes, it can avoid flooding. Potential

overhead for this approach would be the extra commu-

nication required between neighbors to exchange the

information in routing tables. Whether the benefit would

surpass the overhead is an interesting question to inves-

tigate [25]. All the unicast based approaches in the

430 S. A. KUMAR

MOCA protocol do not take into account the direction of

Certification REQuests (CREQs). At a worst case, all the

MOCAs picked by its unicast approach could reside on

one side of the network from the requesting node. Then it

is possible that all the CREQs are sent into one direction

sharing the same next hop nodes, potentially causing

unnecessary contention. This leads to a failure or at least

delayed responses. One possible solution for such a sce-

nario is to utilize the next hop field in the cached routing

table entries. For example, by selecting a set of MOCAs

with all the different next hops, one can expect to have a

spatial load balancing effect in that each CREQ will go

out in different directions [25].

The SEAD approach does not incorporate mechanisms

to detect and expose nodes that advertise routes but do

not forward packets [29]. In the Beacon scheme, scal-

ability is an issue if there are large numbers of nodes

compared to the available bandwidth. The proposed

model assumes all nodes in a network share a symmetric

key used only for beacon authentication. In addition to

problems with scalability, every agent and mobile node

at the site has to know the network authentication key.

The symmetric keys might be replaced with public key

cryptography. Public-key signature and verification of

beacons and Mobile-IP registration messages is feasible,

even though transmitting such a signature requires more

link bandwidth. Every node can possess its own key and

simply sign its beacons and registrations. The distribu-

tion of certificates such that mobile nodes and agents can

verify a beacon is again a higher-level problem [36].

SOS model provides fully localized design, easy support

of dynamic node membership, limited intrusion tolerance

capacity and decreasing overhead over time. While these

characteristics are appealing, this scheme also has limita-

tions as this is achieved at the increased computational

overhead (associated with asymmetric cryptography pri-

mitives) compared with other hash function based designs

[27]. In the TRUST model when a new node enters the

system, it assumes that the node already has an initial cer-

tificate. This results in the problem of registering users.

Also when two ad hoc networks merge, this model does

not provide mechanisms for nodes originated from dif-

ferent networks to certify and authenticate each other

[32]. In SRP model, fair utilization of network resources

is an issue. Possible ways to dismay nodes from broad-

casting at the highest possible rate is still an issue [36].

Since the ARIADNE model does not possess the op-

timizations of DSR, the resulting protocol is less efficient

than the highly optimized version of DSR that runs in a

trusted environment [33]. An important aspect of OSRP

scheme is that the algorithm can be used to detect a fault.

However, it is difficult to design such a scheme that is

resistant to a large number of adversaries. The method

suggested in this paper uses a fixed threshold scheme.

This scheme does not explore other methods, such as

adaptive threshold or probabilistic schemes which may

provide superior performance and extensibility. Also this

scheme does not provide means of protecting routing

against traditional denial of service attacks [30]. The

Watchdog and Pathrater model assumes that there are

no apriori trust relationships. Performance of model is

bound to suffer when trusted node lists in ad hoc net-

works are also taken into account. Also, in this model, all

the simulations are based on Constant Bit Rate (CBR)

data with no reliability requirements. The analysis should

be extended to explain how the routing extensions per-

form with TCP flows common to network applications

[34].

2) Passive Attack Security Approaches

The scheme CORE considers only attacks from selfish

nodes but not from active intruders. Hence the scheme

needs to be extended and tested for intruder attacks as

well. Also there is no definition of formal method to

analytically prove robustness of CORE [39]. The solu-

tion for attack by selfish nodes, presented in Nuglets

model is focused just on packet forwarding attacks. This

model also does not address application-level issues like

mutual provision of information services in an ad hoc

network [38]. The CONFIDANT protocol assumes that

nodes are authenticated and that no node can pretend to

be another in order to get rid of a bad reputation [40].

The Guardian Angel model is not a comprehensive secu-

rity scheme and does not take into account the attacks

like packet forwarding and denial of service or routing

attacks [41].

3.2. MANET Intrusion Detection and Response

Security Approaches

3.2.1. Review of MANET Intrusion Detection Security

Approaches

The following are some of the popular IDA models that

we studied in our literature survey. Kachirski and Guha

proposed an IDS model which is efficient and band-

width-conscious [42]. It targets intrusion at multiple lev-

els and fits the distributed nature of IDA for Mobile

Networks. The method has clusters and the IDA on clus-

ter head employs independent detection decision-making

after gathering information from other nodes. It utilizes

mobile agent for communication among various nodes.

This model provides a framework to work with multiple

types of audit data. It is expandable, meaning, if the IDA

needs to work with new types of audit data, it can do so

by just incorporating extra agents that can monitor the

new type of audit data. Unfortunately, its performance is

not verified by any implementation. Once its perform-

ance is proved to be on an acceptable level, this frame-

work can serve as a generic and expandable architecture

for commercial products, since having a possibility to

add in more functionality is an important property for

successful products. Because it utilizes the cluster heads,

it is supposed to make the network more efficient by

S. A. KUMAR 431

limiting the resources usage for IDA purposes to only a

few nodes. Such a framework can be applied in an envi-

ronment where the security requirement is medium and

efficiency requirement is high. Also, it may easily be

expanded for multi-layered mobile networks.

IDS model for wireless Mobile Ad Hoc Networks

proposed by Zhang and Lee implements local and col-

laborative decision making with anomaly detection [43].

In this approach, individual IDA agents can work by

themselves and also collaborate in decision making.

Each IDA agent runs on a node and monitors local ac-

tivities. If a node detects local intrusion with strong evi-

dence, then the node concludes that intrusion has hap-

pened and initiates an alarm response. However, if the

evidence is not strong enough but needs investigation in

a wider area in the network, then the IDA agent can start

collaboration procedure which is a distributed consensus

algorithm. This model provides a framework that fits the

distributed nature of mobile networks as well. It also

works with multiple types of audit data. If the IDA needs

to work with new types of data, it can add in more data

collection module in the IDA agent. It uses data mining

as the local intrusion detection mechanism. The data

mining is supposed to be superior in terms of both detec-

tion rate and false alarm rate. Also, because this IDA

does not use mobile agents for communication, it can be

designed for high security need, if it can find an effective

way to protect from Byzantine nodes.

Huang and Lee have proposed a cluster-based scheme

in which a cluster head is elected by a group of nodes in

a neighborhood (citizen nodes) and the head node moni-

tor the citizen nodes [44]. Once the cluster head is

elected, the other nodes need to transmit the features they

obtain locally to the cluster head. This IDA uses anomaly

detection implemented with data mining as its detection

technique [44]. This model improves the efficiency of

mobile networks by limiting the resources usage for IDA

purposes to only a few nodes. The implementation proves

it can also achieve satisfactory level of detection rate.

Such a framework can be applied in environments where

the security requirement is medium but efficiency re-

quirement is high. Also, it may easily be expanded for

multi-layered mobile networks [45].

Patrick and Camp have designed architecture for ad

hoc networks, where each node runs a local IDA [46].

Each node detects intrusion locally and uses external

data to confirm the detection. The nodes use mobile

agents to communicate and collaborate. This model pro-

vides a scalable architecture by using mobile agents. If

the IDA needs more functionality, it can just incorporate

more mobile agents with new tasks. It is supposed to

reduce network traffic for intrusion detection purpose.

However, since this architecture relies heavily on the use

of mobile agents, it incurs computational complexity in

creating and managing all the agents. This architecture

needs an implementation to verify its performance.

Bo, Wu and Pooch have proposed an IDA model

which uses collaboration mechanism with anomaly de-

tection [47]. In this model, a network is divided into log-

ical zones. Each zone has a gateway node and individual

nodes. Individual nodes have an IDA agent to detect in-

trusion activities individually. Once an individual node

detects intrusion, it generates an alert message. Gateway

node aggregates and correlates the alerts generated by

the nodes in its zone. An algorithm is used to aggregate

the alerts based on the similarities in the attributes of the

alert [45]. Only gateway nodes utilize the alert to initiate

an alarm [46]. This method does not use mobile agents

but has gateway nodes, which work just like a cluster

head. This architecture can be applied in environment

where the requirement for IDA performance and security

is high.

Huang et al. have proposed a detection algorithm

scheme that uses the statistics of packets, namely, the

relation between different features such as the correlation

between the number of packets dropped and the per-

centage of change in routing table [48]. This algorithm

can be used as an intrusion detection engine in other IDA

architectures. This model has low overhead, but was de-

signed only for one routing protocol-OLSR and needs

modification for other protocols.

Tseng et al. have proposed an IDS system where the

normal behavior of critical objects in the network is con-

structed with the normal specification first. Then the ac-

tual behavior is compared to the normal specification

[49]. It uses distributed network monitor to trace the re-

quest-reply flow in the routing protocol. The network

monitor runs a specification based detection algorithm to

make decisions [50,51]. This model is novel with no

conventional local detection mechanism, but has low

efficiency since packet is checked at each hop.

Neighborhood Watch, an IDS protocol proposed by

Sowjanya and Shah has two neighboring nodes of which

one node is used to ensure that the packets are not modi-

fied while traveling in the network [52]. This is done by

comparing the information in each packet at each hop. It

has two modes: passive mode-to protect a single host and

active mode-to collaboratively protect the nodes in a

cluster. In active mode, a cluster head starts a voting al-

gorithm to determine whether intrusion really happens.

Puttini et al. have proposed an IDS architecture where

information in the management information base (MIB)

is used as input data [53]. It also uses mobile agent and a

collaborative decision making mechanism. This model is

distributed and efficient in use, with high scalability and

can detect attack at multiple levels, but has security,

computational cost and management problems related to

mobile agents.

IDS Model proposed by Brutch and Ko is a statistical

anomaly detection algorithm [54]. It works by first as-

suming that the audit trail generated from a host has been

converted to a canonical audit trail (CAT) format. It then

432 S. A. KUMAR

uses a CAT file to generate session vectors representing

the activities of the users’ sessions. These session vectors

are then analyzed against specific types of intrusive ac-

tivities to calculate “anomaly scores”. If the scores cross

some thresholds, warnings reports are generated. The

algorithm analyzes a session vector in three steps:

1) it calculates a Bernoulli vector,

2) it calculates the weighted intrusion score, and

3) it calculates the suspicion quotient. The Bernoulli

vector is generated from the session vectors as well as

some threshold vectors. It is a simple binary vector in

which the values in the vector are set to one if the corre-

sponding arbitrary counts fall outside the threshold for a

particular user group. The weighted intrusion score is

generated for a particular session and for a particular

intrusion type. It can be used to assign a suspicion value

to the session. This suspicion value, or suspicion quotient,

for a session is determined by what percentage of ran-

dom sessions have a weighted intrusion score less than or

equal to the weighted intrusion score of the current ses-

sion. It describes how closely a session resembles the

intrusion type as compared to all other sessions. The

Haystack algorithm gets its name by being the algorithm

implemented in the IDA called Haystack. Haystack is a

host-based system, which attempts to detect several types

of intrusions: attempted break-ins, masquerade attacks,

penetration of the security system, leakage of informa-

tion, denial of service, and malicious use. It was initially

developed for use in the US military network. This algo-

rithm is designed for use in a secured wired military

network. If in a wireless ad hoc environment, it requires

a designated node to act as a central administrator and all

the other nodes to allow the central administrator to re-

trieve audit trails from them. The central administrator

can be pre-designated by the human initiator of the ad

hoc network or can be assigned by programming. The

audit trails requested can be submitted by the nodes

themselves or by the mobile agents allowed to run on the

nodes.

An IDS approach, Indra, proposed by Janakiraman

et al. is a distributed intrusion detection scheme based on

sharing information between trusted peers in a network

to guard the network as a whole against intrusion at-

tempts [55]. It is a detection tool that takes a proactive

and P2P approach to network security. The basic idea

behind this model is cross monitoring or simply called

“neighborhood watch,” and is very simple. In this me-

thod, the hosts on the P2P network join together to form

some sort of an immune system where each host distrib-

utes information on attempted attacks among the inter-

ested peers in the network. Such information is usually

gathered by the intended victim of an attack and by noti-

fying its adjacent hosts, an alarm can be sounded. This

allows the system to react proactively or retroactively.

When an alarm is sounded, subsequent attacks to other

hosts are repelled straightaway as the adjacent hosts

would have forewarned other hosts.

Most of the surveyed models use packets and network

traffic related information such as updates in routing

table or request-reply flow in the network. Among the

ones that use packets related information, IDS approach

proposed in [50,51] uses the information inside the pack-

ets header directly, such as network address or port

number. Other models using packet or network traffic

related information mainly use statistical data processes

from packet information, such as the statistics of the

number of packets received and sent or the statistics of

change in routing table. IDS Model as described in [48]

utilizes the statistics derived from packet or traffic re-

lated statistics, for instance, the correlation between the

number of packets dropped and the percentages of up-

dates in routing table. Intrusion Detection approaches

illustrated in [43] allow the IDA to work on different

types of audit data or the possibility to adapt to different

types of audit data. This property is valuable and should

be an important consideration for the future design of

IDA. Most of the architectures detect only the fact that

an intrusion happens. Some models go further to obtain

more information, such as the type of attack and the lo-

cation of the intruder. For instance, Zone based IDA can

detect both the type and location of the attack [46].

Some of the intrusion detection models utilize cluster

head or gateway nodes [42]. The advantage of cluster

head is that some of the resource consuming computation,

such as intrusion detection, can be carried out only on

some nodes of the network. Therefore, most other nodes

can focus on the real work of network traffic. The cluster

head usually collects information from cluster member to

make the detection decision. In some methods, the origi-

nal input data is further processed or formatted before it

is sent to the cluster head. By doing this, the network

traffic for transferring such data is reduced. The compu-

tation on the cluster head can also be reduced because

the incoming data from member nodes is already for-

matted for the IDA use. The security communication

between the cluster head and its member nodes should

receive attention of research.

Most of the methods in our review, except the model

proposed in [49], utilize anomaly detection. The anomaly

detection is more suitable than misuse detection in Mo-

bile Ad Hoc Networks. In Mobile Ad Hoc Networks, the

anomaly detection has a weakness: the profile of normal

behavior needs to be updated periodically. This places a

heavy burden on the limited network resources.

3.2.2. Review of MANET Intrusion Response Security

Approaches

Although intrusion response component is related and

coexist with the intrusion detection framework, it re-

ceives considerably less attention than detection frame-

work owing to the inherent complexity in developing and

deploying response in an automated fashion [56]. Most

S. A. KUMAR 433

of the security models generate an alarm informing the

administrator, who then decides the response. However,

it is desirable that the response consists of an automated

corrective action to protect the network from an identical

future attack.

There are few IDA models that provide the integrated

detection and response feature. Zhang et al. in their

framework have explained that local response module

triggers action local to the mobile node and the global

response module coordinates actions among neighboring

nodes, such as the IDS agents in the network electing a

remedy work [43]. They have also explained that the

type of response depends on the type of intrusion, the

type of protocols, applications and the confidence in the

evidence with examples. However, they have not pro-

vided any implementation details regarding the intrusion

response aspect of the model. Similarly, there is no do-

cumentation on the simulation or experimental results on

the response aspect of the model. However, there is a

detailed explanation on the experimental results of the

detection framework of the model. Thus, even though the

idea of integrated detection and response model seems

feasible, it appears that the implementation and simula-

tion have not been conducted. Similarly, few related IDA

models propose response actions/frameworks for respon-

ding to the attacks once it is detected [57-65]. However

the response system incorporating all those actions is not

implemented.

There are a few intrusion prevention approaches de-

scribed in the literature for mobile ad hoc network secu-

rity as well. Puttini et al. have proposed a secure routing

protocol that combines a certificate based authentication

service with intrusion detection model to provide pre-

ventive and corrective protections for Mobile Ad Hoc

Networks [53]. Bhargava et al. have proposed a security

model for AODV routing protocol to prevent attacks in

mobile networks [66].

3.2.3. Limitations of existing MANET Intrusion

Detection and Response Security Approaches

and Open Research Issues

The misuse detection systems use patterns of known at-

tacks to match and identify those intrusions [67]. Al-

though it can accurately and efficiently detect instances

of known attacks, it lacks the ability to adapt in detecting

new type of attacks. The anomaly detection systems on

other hand detect intrusions by finding deviations from

the established user profiles. Anomaly detection should

detect new types of intrusions but it could have higher

false positive rate [68]. Traditionally, IDA are developed

using expert knowledge of the system and attack meth-

ods [48]. Due to the complexity of modern network sys-

tem and sophistication of attackers, expert knowledge

engineering is often very limited and unreliable [43].

Some IDA schemes are very sensitive to the data repre-

sentation. For instance, these schemes may fail to gener-

alize an unseen data if the representation contains irrele-

vant information. In some instance, it has been observed

that training of IDA requires a noise-free data (the data

that is labeled ‘normal’) [42]. It has been observed that

the existing IDA performs poorly in detection as well as

the false positive rates at higher mobility rates [46]. It

has recently been observed that Denial of Service (DoS)

attacks are targeted even against the IDA [18]. Thus,

IDA themselves needs to be protected. An IDA should

also be able to distinguish an attack from an internal sys-

tem fault.

The identification of intruder and appropriate response

techniques to protect Mobile Ad Hoc Networks still

represents a challenging issue. The need to coordinate

intrusion detection and response techniques and the need

to respond and control the identified attacks effectively,

require further research. It can be noted that though the

response concepts are explained in the existing intrusion

detection models, implementation details and results for

the response framework are not provided to demonstrate

and validate their response techniques. Also according to

our literature review, we observe that none of the exist-

ing models has proposed an intrusion control approach

for mobile and senor networks, such that detection and

response are done continuously to protect the mobile ad

hoc networks.

To summarize, the related existing intrusion detection

and intrusion response approaches suffer from one or

more of the following limitations specifically with re-

spect to mobile ad hoc networks:

 Lower detection rate when mobility is used as a pa

rameter.

 Higher false positive rate when mobility is used as a

parameter.

 Appropriate response techniques to protect Mobile

Ad Hoc Networks after threat detection.

4. Review of Mobile Agent Model Security

Approaches

In the following sections, we present the security ap-

proaches for the different attack scenarios explained ear-

lier in Section 2.

4.1. Security Approaches for Mobile Agent

Attacked by Another Agent

Location privacy through user smart card is proposed by

[69]. This scheme takes care of the unauthorized access,

masquerade attacks, which is achieved through secret

keys for secure communication with network and the

other users. It has some advantages like location and

identification privacy in addition to just content privacy.

This proposal uses digital mix proposed by Chaum [70].

A digital mix enables two parties to communicate with-

434 S. A. KUMAR

out unauthorized parties being able to determine either

the message content or the source and destinations of the

messages. In addition, the sender of a message can re-

main anonymous to the recipient. This is achieved through

an intermediate computer called a ‘mix’ processes mes-

sages so that header information is hidden from follow-

ing communications. The main idea is new authentica-

tion, digital mix, information leak and billing services.

The architecture new security features for mobile net-

works with existing infrastructure be provided through

additional intelligent network services.

Profiling mobile users by Bayesian decision algorithm

[71] proposes to provide detection and response solution

for an agent attacked by agent privacy problems like

masquerade and unauthorized access. This proposal fo-

cuses on the application of anomaly detection techniques

to mobile networks and generation of user profiles within

GSM mobile networks.

Enhanced privacy and authentication for GSM by C. H.

Lee et al. [72] proposes three improved methods to en-

hance the security, to reduce the storage space, to elimi-

nate the sensitive information stored in VLR, and con-

sequently to improve the performance of the system. It

includes an improved authentication protocol for the

mobile station, a data confidentiality protocol, and a lo-

cation privacy protocol. This proposal tends to improve

but not to alter the existing architecture of the system,

which is a very useful feature for the practical reasons.

This scheme attempts to provide a solution for unauthor-

ized access and masquerading by means of improved

authentication protocol which eliminated the redundant

sensitive information stored in Virtual Location Register

(VLR), data confidentiality protocol (with/without ses-

sion key table in Home Location Register (HLR/SC) and

location privacy protocol with/without conference key

shared by HLR’s.

4.2. Security Approaches for Mobile Agent

Attacked by the Host

Mobile code cryptography [21] provides solution throu-

gh encrypted functions and digital signing. This proposal

uses cryptographic primitives and homomorphic encryp-

tion schemes (public key) and function composition sch-

emes. This solution tries to prove that mobile code holds

the key to uncouple the secure execution of programs

from the trustworthiness of the underlying execution

support. This solution tries to prove that one can obtain a

system where a host can execute an encrypted function

without having to decrypt it. The functions would be

encrypted such that the resulting transformation can be

implemented as a (mobile) program that will be executed

on a remote host. The executing computer will see the

program’s clear text instructions but will not be able to

understand the function that the program implements.

This scheme attempts to provide a solution for masquer-

ade and eavesdropping attacks by host on agent. This is

achieved with the help of cryptography and encrypting

agent functions that are executed by the host. This is re-

alized via homomorphic functions and homomorphic

encryption scheme.

Secure and open mobile agents (SOMA) [73] provide

secrecy and integrity to the mobile agents by means of

encryption and authenticated channels. Here agent is

encrypted and digitally signed. This model has no over-

head as in Trusted Third Party (TTP) solutions. The so-

lution is an efficient, scalable and robust than multiple

host (MH) protocols. However this proposal does not

discusses about secrecy during the agent execution and

secure delegation. This scheme attempts to provide a

solution for eavesdropping, masquerade and alteration

attacks on agent by host. This is achieved through a se-

curity infrastructure and layered security policies that

imposes authorizations and authentications. The security

infrastructure consists of a policy server, a domain server

for domain management, a role server for role manage-

ment, a certification authority for issuing and the lifecy-

cle management of certificates, an authentication server,

an authorization server.

Another proposal, AJANATA [74] provides secure

access to system resources and supports isolated protec-

tion domains for agents by using supported thread groups

and class loaders. This security architecture provides a

solution for providing denial of service, alteration, eaves-

dropping and masquerade attacks by host on agent. This

is achieved by authentication protocol, by generic Agent-

Server class, Ajanta security manager. Authentication

protocol’s name services enforce its security policies.

The architecture also provides protected name spaces for

different users. This model uses proxy concept and pro-

tects the information of agent. The proposed architecture

is built upon Java’s security model and address problems

related to protecting agent servers, agents and the name

service information.

A solution through smartcards [9] by multifunctional

trusted smart cards uses Java card for authentication and

signing device, when user sends an agent and for trusted

computing base attached to host environment. This sche-

me attempts to protect agent from alteration, denial of

service and masquerade attacks by host on agent. This is

achieved by allowing agents to carry encrypted code

parts and protecting an agent’s itinerary by means of

security store. The decrypted form will be visible to smart-

card only. This is achieved by using public key encryp-

tion with certified public keys. This approach protects

specific parts of mobile agent better than just using Java

Card alone. This proposal which uses trusted computing

base claims better protection for the agents than the mo-

bile code cryptography, encrypted functions, code ob-

fuscation and cryptographic trace etc.

A public key based secure Mobile IP was proposed by

Zao et al. [75] in their Mobile IP Security System (Mo-

S. A. KUMAR 435

IPS) was based on a DNS based X.509 PKI and the in-

novation in cross certification and zero-message key

generation. This proposal attempts to provide solution

for alteration, masquerading and eavesdropping attacks

by means of key management and cryptographic keys for

authentication, access control and using secure tunneling.

The system supplies cryptographic keys for authenticat-

ing Mobile IP v4 location management messages and

establishing IPSec tunnels for Mobile IP redirected pack-

ets. It was developed to support three services that are

essential to the safe operation of Mobile IP: 1) authenti-

cation of Mobile IP control messages for location update,

2) access control of Mobile Nodes to resources in the

foreign networks, and 3) secure tunneling to redirected

IP datagram. Public key technology is used for the scal-

ability reasons. A DNS based PKI has clear advantage

over a distributed system of key distribution centers

(KDC) since PKI solves the potentially complicated server

discovery problem, and it eliminates the need for real-

time key dispatches by the KDC.

Sufatrio and Lam [76] proposed a solution for the se-

curity aspect of the registration protocol, an extension in

Mobile IP. This scheme provides solution for the mas-

querade, alteration, non-repudiation and eavesdropping

attacks, through the public-key based authentication with

a minimal use of public key cryptography. This scheme

also attempts to provide solution for a replay attack on

mobile agent’s registration. It provides a scalable solu-

tion for authentication and non-repudiation and also

strives for minimal computing and administration cost on

the mobile agent.

Detecting malicious changes to an agent’s state during

its execution or data does not yet have a general solution

yet.

4.3. Security Approaches for Host Attacked by

Mobile Agents

Authentication protects host [3] by preventing agent pre-

tending as host. This is achieved through shared key for

encryption messages or privacy.

The issues that face this model are the authentication

is needed whenever the agent traverses each new cell,

especially with network partitions. This model tries to

address the following security goals.

1) Walkstation (mobile agent or computer) and the

basestation must be able to authenticate each other. It

prevents a malicious station from pretending to be a base

station and also it permits the walkstation to choose the

services of a particular base station in the presence of

collocated networks.

2) Once authenticated walkstation and basestation sho-

uld be able to communicate securely. Privacy has two

dimensions: data privacy and location privacy.

3) Walkstations should be provided location privacy.

Some applications will require location privacy, while

others may exploit the knowledge of walkstations. The

goal is to provide location privacy at the lowest layer.

Higher layers may disseminate location information ac-

cording to the needs of the applications.

4) The security should be optional (due to the tradeoff

in the limited resources and the security) and efficient.

This scheme attempts to provide secured solution for

unauthorized access and masquerade attacks. This is

achieved by mutual authentication of base station and

walk station and thereby generating a shared key for en-

cryption of messages. This scheme relies on private/

public key mechanism to achieve the solution.

The proposal of SOMA architecture provides authen-

tication and authorization for the host security from mo-

bile agents. This model addresses the issue of balanced

trade off between several requirements, often contrasting

security, flexibility, usability and efficiency. This scheme

proposes a scheme for the protection of agents from ma-

licious hosts (sites), which is fundamental for agent-

based applications in untrusted environments and are still

an active research area. This scheme attempts to provide

a solution for masquerade and unauthorized access at-

tacks by agents on host.

The solution through Proof Carrying Code (PCC) [77]

provides a security for hosts in the masquerade and un-

authorized attacks via proof checker ensured by code

producer which is “tamper proof” and “self certifying

code/agent”. Necula suggests that the theory of progra-

mming languages, including formal semantics, type the-

ory and applications of logic, are critical to solving the

untrusted-code security problem essentially through the

exploitation of static checking for achieving a high level

of security in mobile-code applications. The advantages

of PCC are that the burden of providing security is

shifted to code producer; they are tamperproof and self

certifying.

PCC is a technique by which host establishes a set of

safety rules that guarantee safe behavior of programs,

and the code producer creates a formal safety proof that

proves, for the untrusted code, adherence to the safety

rules. Then, the host is able to use a simple and fast proof

validator to check, with certainty that the proof is valid

and hence the foreign code is safe to execute.

Lu et al. [23] proposed an algorithm for fair service in

error-prone wireless channels this algorithm provides

short term fairness among flows which perceive a clean

channel, long term throughput and fairness bounds for all

flows with bounded channel error, an expanded sched-

ulable region by decoupling delay/bandwidth weights,

and supports both delay sensitive and error sensitive data

flows. This wireless fair service algorithm attempts to

provide solution for denial of service attacks, by provid-

ing a performance effective fair service in error-prone

communication channels.

Trost and Binkely proposed [24] an authenticated link-

level ad hoc routing protocol for Mobile IP, which ad-

436 S. A. KUMAR

dresses link security issues. This scheme attempts to

provide solution for unauthorized access and masquerade

attacks. It addresses the issues of attacker stealing host’s

packets. The protocol also eliminates denial of service

attacks caused by an ARP spoof destroying data link

layer towards a host. The protocol also tries to limit the

eavesdropping, copy and replay, alteration attacks an

unwanted visitor to do for a host. This is achieved by not

only correct implementation of sound protocols but also

by proper maintenance methodologies. In this protocol,

mobile agent’s and node’s packets are authenticated and

security problems associated with ARP spoofing are also

reduced by this scheme. The authentication is provided

through network authentication key and adhoc key. This

scheme also attempts to provide a solution for the replay

attacks by agent.

Perkins proposed a Mobile IP/AAA trust model [78]

which relies on the existence of servers that are capable

of performing accounting, authentication, and authoriza-

tion (AAA) services. This new infrastructure is designed

to meet the emerging needs of cellular telephony [79] for

mobile data service to a large population of mobile tele-

phone users, and eventually over VoIP. Several schemes

like security infrastructure in CDMA networks [80] uses

the Mobile IP/AAA trust model for their solution. This

model attempts to provide a solution for alteration, ea-

vesdropping and masquerade attacks by satisfying the

AAA security requirements and protocols.

4.4. Security Approaches for Host Attacked by

Other Unauthorized External Parties

Including Host and Agents

Protection of dumb host by a scheme for authenticating

host in a secure mobile network [81] attempts to provide

solution for masquerade and unauthorized attacks. This

is achieved using a hierarchy of mobile agents and relies

upon the computation priorities to determine which agent

is to be active in each authentication request. The scheme

attempts to solve the This scheme proposes a hierarchical

simulation model and analyzes several factors involved

in the computation of priorities, to determine the optimal

weightings of each factor involved and the dependence,

if any, of these weightings on the factors of the hierarchy

itself.

Protection for host by fault tolerant authentication [13]

has some positive aspects like fault tolerance and scal-

ability issues taken care, clusters of a node than single

over the other proposals like Virtual Router Redundancy

Protocol (VRRP), which are not scalable. This proposal

attempts to solve the masquerade and unauthorized ac-

cess attacks on hosts by using hierarchical authentication

and a flat model as in a LAN environment. These tech-

niques make use of backup servers. However, the per-

formance issues that affect performance are still the is-

sues that are to be taken care by partitioning the secret

key database and through analysis to discover the pa-

rameters that affect the performance of the system and

study how the priorities depend on these factors.

MACKMAN [82] propose a solution motivated by the

deficiencies found in the registration and authentication

service of the existing protocols such as GSM, CDPD,

and IS-41. This solution employs mutual authentication

and digital signatures to provide a more secure registra-

tion and authentication service for mobile computing by

using Elliptic Curve RSA (ECRSA) for the efficiency

reasons. This scheme provides solution for unauthorized

access, denial of service and masquerade attacks by ad-

dressing the following issues:

 Trustworthiness of Intermediate Network.

 Mutual Authentication between a mobile agent and

mobile host.

 Data Confidentiality against both active and passive

intrusion by malicious agents.

 Untraceability requires protection of registered us-

ers from unauthorized entities. A mobile host should be

able to request network services without divulging any

access control information to eavesdroppers. The degree

of untraceability availability to mobile host depends

upon the policies enforced by the underlying system and

the tradeoffs between cost and benefits.

 Time Synchronization, since the mobile agents tra-

vel across various time zones and administrative authori-

ties and hence the time synchronization in security sys-

tems for mobile environments is not recommended.

 Optional Security and Modes of Security: Due to

the scarce mobile environment resources likes bandwidth

and power and hence various modes of security should

be made optional.

 Flexibility: The security system for mobile envi-

ronments should provide enough flexibility to incorpo-

rate future advances in shared-key cryptographic tech-

niques.

 Interoperability: The security system for mobile en-

vironments should provide for interoperability between

numerous variations and versions of cryptographic pro-

ducts.

Multicast security proposed by LiGong and N. Shahc-

hum [83] tries to provide security in a group-oriented

secure data exchange in a multicast environment which

could be extended to a mobile environment, where it

attempts to solve identity of the originator of a message

and group-oriented authentication. These mechanisms

are incorporated into session, presentation, and network

layers of the network architecture, where they consist of

authentication, encryption, and physical access to the tree,

respectively. This scheme attempts a solution for mas-

querade, unauthorized access and denial of service at-

tacks in a multicast environment. Masquerade attack is

solved through authentication (using pair wise authenti-

S. A. KUMAR 437

cation model) and secure session membership policies,

registration, deregistration, secure session communica-

tion (using a common encryption key) and secure broad-

cast using polynomial interpolation. The problem of

message eavesdropping and masquerading is achieved

through encryption and decryption. The problem of un-

authorized access attacks is solved through pair wise

authentication model.

Joseph and Kaashoek proposed [84] proposed building

reliable mobile computing applications using the Rover

toolkit, to add server-side support for reliable operation,

in addition to the existing client-side support. In this

scheme they attempted to provide solution for denial of

service attacks by implementing server failure recovery

procedures and server failure detection.

4.5. Limitations of the Existing Schemes and the

Open Research Issues

Since security in mobile computing is an after thought

until the recent years, there are many open issues that

need to be addressed. Many proposals address the issue

of site protection against malicious agents. The comple-

mentary problem of protecting agents while executing in

potentially malicious sites (host or base station) is spe-

cific to MA technology. The secrecy and integrity during

agent execution need to be preserved in order to leverage

the MA exploitation in wide application contexts. The

agency secrecy of both code and state parts represents a

challenging issue [85]. It seems rather impossible to hide

the agent code from the site responsible for its execution.

The same applies to the state part if the code has to work

on it.

So far a little research was done on protecting a mo-

bile agent from malicious hosts: the main focus was on

making the execution of mobile code efficient and safe

for the host. This is due to the assumption that mobile

code is impossible to protect without resort to special

hardware, simply because the code has to be executed by

the hosting system.

However protecting a mobile agent against malicious

hosts is not a “nice-to-have” feature but is essential for

an agent system’s usefulness [21]. The security research

issues could be summarized as follows:

 Can a mobile agent protect itself against tampering

by a mobile host? (code and execution integrity)

 Can a mobile agent remotely sign a document

without disclosing the user’s private key? (computing

with secrets in public).

 Can a mobile agent conceal the program it wants to

have executed? (code privacy)

 Secure routing or denial of service attacks protection.

 Can a host (computer) execute a cipher program

without understanding it?

Other relevant issues include

 The protection of the executing host from malicious

actions of mobile code.

 The protection of the network as a whole (e.g., from

spamming agents or hosts).

 The secure routing of mobile code.

 The detection of tampering by and the identification

of a malicious host.

 The protection of mobile code against input/output

analysis.

In a dynamic system, mobile agents entering remote

domains need to have the ability to inherit permissions

from their home agents while maintaining information

and location security. The security mechanism should be

designed so that the provision of security does not add

significant delays during call setup and communication

and does not waste the scarce resources like wireless link

bandwidth and the battery power [10]. Proposed security

schemes should be efficient in the number and size of

messages exchanged and should not cause the channel

bandwidth to increase or cause propagation of errors nor

should it result in increased error rates.

Another issue typical to mobile computing environ-

ment is the issue of time synchronization, since the mo-

bile agents travel across various time zones and adminis-

trative authorities and hence the time synchronization in

security systems for mobile environments is not recom-

mended. Also, any security system for mobile environ-

ments should provide enough flexibility to incorporate

future advances in shared-key cryptographic techniques

and numerous variations of cryptographic products.

5. Conclusions

In this paper we have presented the taxonomy of security

schemes for mobile computing systems. We have classi-

fied them based upon the infrastructure that makes up the

mobile computing system and then by the type of attacks.

The classification helps increasing our understanding of

the security issues and requirements of the mobile com-

puting and the schemes that could solve these issues and

requirements. In general, there are tradeoff between the

resource constraints, performance, scalability and the

provision of security features. Also, there is a no single

scheme that provides a general solution for the different

kind of security threats in the mobile computing envi-

ronment. With respect to the MANET based mobile

computing system, our analysis shows that the potential

threats faced by MANETs come in the form of denial of

service, selfish node behavior, or routing attack. Also

majority of the recent effort is spent to secure active

MANET attacks rather than passive MANET attacks.

With respect to the mobile agent model based mobile

computing system, providing security for the mobile

agent from the fixed host seems to be more challenging

than providing the security for fixed host from mobile

438 S. A. KUMAR

agent. The taxonomy developed in this paper highlights

the contributions for different types of attacks and shows

the different types of approaches taken to provide secu-

rity. This taxonomy should help researchers focus on

underlying methods, limitations of the existing schemes

and open research issues needed to secure MANETs.

6. References

[1] H. Reiser and G. Vogt, “Security Requirements for Man-

agement Systems Using Mobile Agents,” Proceedings of

the 5th IEEE Symposium on Computers and Communica-

tions, Antibes-Juan Les Pins, 2000, pp. 160-165.

[2] J. E. Canavan, “Fundamentals of Network Security,”

Artech House, Boston, 2001.

[3] S. Funfrocken, “Protecting Mobile Web-Commerce Agents

with Smartcards,” Proceedings of the 1st International

Symposium on Agent Systems and Applications, Palm

Springs, California, 1999, pp. 90-102.

[4] H. Deng, Q. Zeng and D. P. Agrawal, “Network Intrusion

Detection System Using Random Projection Technique,”

Proceedings of the International Conference on Security

and Management, Las Vegas, 2003, pp. 10-16.

[5] A. Sundaram, “An Introduction to Intrusion Detection,”

Crossroads: The ACM Student Magazine, Vol. 2, No. 4,

1996, pp. 3-7.

[6] J. P. Anderson, “Computer Security Threat Monitoring

and Surveillance,” James P. Anderson Co., Fort Wash-

ington, 1980.

[7] A. Mitrokotsa, N. Komninos and C. Douligeris, “Intrusion

Detection with Neural Networks and Watermarking Tech-

niques for MANET,” Proceedings of IEEE International

Conference on Pervasive Services, Los Alamitos, CA,

USA, 2007, pp. 118-127.

[8] J. Hubaux, L. Buttyan and S. Capkun, “The Quest for

Security in Mobile Ad Hoc Networks,” Proceedings of

the MobiHoc Conference, California, 2001, pp. 146-155.

[9] F. Stajano and R. Anderson, “The Resurrecting Duckling:

Security Issues for Ad Hoc Wireless Networks,” Pro-

ceedings of International workshop on Security Protocols,

Berlin, 1999, pp. 172-194.

[10] P. Vinayakray-Jani, “Security within Ad Hoc Networks,”

Presented at First PAMPAS Workshop, London, 2002, pp.

66-67.

[11] K. Wrona, “Distributed Security: Ad Hoc Networks and

Beyond,” Presented at First PAMPAS Workshop, London,

2002, pp. 70-71.

[12] L. Buttyan and J. Hubaux, “Report on a Working Session

on Security,” ACM SIGMOBILE Mobile Computing and

Communications Review, Vol. 7, No. 1, 2003, pp. 74-94.

[13] P. Michiardi and R. Molva, “Simulation-Based Analysis

of Security Exposures in Mobile Ad Hoc Networks,”

Proceedings of European Wireless Conference, Florence,

2002, pp. 287-292.

[14] B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens,

“An On-Demand Secure Routing Protocol Resilient to

Byzantine Failures,” Proceedings of ACM Workshop on

Wireless Security, Atlanta, 2002, pp. 21-30.

[15] P. Papadimitratos and Z. Haas, “Secure Routing for Mo-

bile Ad Hoc Networks,” Proceedings of SCS Communi-

cation Networks and Distributed Systems Modeling and

Simulation Conference, San Antonio, 2002, pp. 27-31.

[16] S. Buchegger and J. Boudec, “Nodes Bearing Grudges:

Towards Routing Security, Fairness and Robustness in

Mobile Ad Hoc Networks,” Proceedings of 10th Eu-

romicro Workshop on Parallel, Distributed and Network-

based Processing, Canary Islands, 2002, pp. 403-410.

[17] P. Michiardi and R. Molva, “Prevention of Denial of

Service Attacks and Selfishness in Mobile Ad Hoc Net-

works,” Research Report RR-02-063, Institute Eurecom,

2002.

[18] B. K. Bhargava, S. B. Kamisetty and S. K. Madria, “Fault

Tolerant Authentication in Mobile Computing,” Pro-

ceedings of International Conference on Internet Com-

puting, Las Vegas, Nevada, USA, June 2000, pp. 395-402.

[19] A. Fugetto, G. P. Pivvo and G. Vigna, “Understanding

Code Mobility,” IEEE Transactions on Software Engi-

neering, Vol. 24, No. 5, 1998, pp. 342-361.

[20] D. Johansen, R. V. Renessee and F. B. Schneider, “An

Introduction to the TACOMA Distributed System-Version

1.0,” Technical Report, Department of Computer Science,

University of Tromso and Cornell University, 1995.

[21] T. Sander and C. Tschud, “Towards Mobile Code Cryp-

tography,” Proceedings of IEEE Symposium on Security

and Privacy, California, 1998, pp. 215-224.

[22] B. Askwith, M. Merabti, Q. Shi and K. Whiteley, “Achiev-

ing User Privacy in Mobile Networks,” Proceedings of

13th Annual Computer Security Applications Conference,

USA, 1997, pp. 108-116.

[23] T. G. Brutch and P. C. Brutch, “Mutual Authentication,

Confidentiality and Key Management (MACKMAN)

System for Mobile Computing and Wireless Communica-

tion,” Proceedings of 14th Annual Computer Security

Applications Conference, Scottsdale, Arizona, 1998, pp.

308-317.

[24] B. K. Bhargava, S. B. Kamisetty and S. K. Madria, “Fault

Tolerant Authentication in Mobile Computing,” Pro-

ceedings of International Conference on Internet Com-

puting, Las Vegas, Nevada, USA, 2000, pp. 395-402.

[25] S. Yi and R. Kravets, “Key Management for Heterogene-

ous Ad Hoc Wireless Networks,” Technical Report

UIUCDCS-R-2002-2290, Department of Computer Sci-

ence, University of Illinois, 2002.

[26] S. Capkun, L. Buttyan and J. P. Hubaux, “Self Organized

Public-Key Management for Mobile Ad Hoc Networks,”

Transactions on Mobile Computing, Vol. 2, No. 1, 2003,

pp. 52-64.

[27] H. Yang, X. Meng and S. Lu, “Self-Organized Network

Layer Security in Mobile Ad Hoc Networks,” Proceed-

ings of ACM MOBICOM Wireless Security Workshop,

Atlanta, 2002, pp. 11-20.

[28] A. A. Ramanujam, J. Bonney, R. Hagelstrom and K.

Thurber, “Techniques for Intrusion-Resistant Ad Hoc

S. A. KUMAR 439

Routing Algorithms (TIARA),” Proceedings of MILCOM

Conference, Los Angeles, 2000, pp. 660-664.

[29] Y. Hu, D. B. Johnson and A. Perrig, “SEAD: Secure Effi-

cient Distance Vector Routing for Mobile Wireless Ad Hoc

Networks,” Proceedings of 4th IEEE Workshop on Mobile

Computing Systems & Applications, New York, 2002, pp.

3-13.

[30] B. Awerbuch, D. Holmer, C. Nita-Rotaru and H. Rubens,

“An On-Demand Secure Routing Protocol Resilient to

Byzantine Failures,” Proceedings of ACM Workshop on

Wireless Security, Atlanta, 2002, pp. 21-30.

[31] P. Papadimitratos and Z. Haas, “Secure Routing for Mo-

bile Ad Hoc Networks,” Proceedings of SCS Communi-

cation Networks and Distributed Systems Modeling and

Simulation Conference, San Antonio, 2002, pp. 27-31.

[32] H. Luo and S. Lu, “Ubiquitous and Robust Authentica-

tion Services for Ad Hoc Wireless Networks,” Technical

Report, Department of Computer Science, 2000.

[33] Y. Hu, A. Perrig and D. B. Johnson, “Ariadne: A Secure

On-Demand Routing Protocol for Ad Hoc Networks,”

Proceedings of the 8th Annual International Conference

on Mobile Computing and Networking, Atlanta, 2002, pp.

12-23.

[34] S. Marti, T. J. Giuli, K. Lai and M. Baker, “Mitigating

Routing Misbehavior in Mobile Ad Hoc Networks,”

Proceedings of 6th Annual Conference on Mobile Com-

puting and Networking, Boston, 2000, pp. 255-265.

[35] S. Yi, P. Naldurg and R. Kravets, “Security-Aware Ad

Hoc Routing for Wireless Networks,” Proceedings of

Second ACM International Symposium on Mobile Ad Hoc

Networking and Computing, Urbana, 2001, pp. 299-302.

[36] J. Brinkley and W. Trost, “Authenticated Ad Hoc Routing

at the Link Layer for Mobile Systems,” Wireless Net-

works, Vol. 7, No. 2, 2001, pp. 139-145.

[37] J. Kong, H. Lou, K. Xu, D. Gu, M. Gerla and S. Lu,

“Adaptive Security for Multi-Layer Ad Hoc Networks,”

Special Issue of Wireless Communication and Mobile

Computing, Vol. 2, No. 5, 2002, pp. 533-547.

[38] L. Buttyán and J. P. Hubaux, “Stimulating Cooperation in

Self-Organizing Mobile Ad Hoc Networks,” ACM Jour-

nal for Mobile Networks (MONET), Vol. 8, No. 5, 2003,

pp. 579-592.

[39] P. Michiardi and R. Molva, “Core: A Collaborative

Reputation Mechanism to Enforce Node Cooperation in

Mobile Ad Hoc Networks,” Proceedings of Communica-

tion and Multimedia Security Conference, Portoroz, 2002,

pp. 107-121.

[40] S. Buchegger and J. Boudec, “Performance Analysis of the

CONFIDANT Protocol: Cooperation of Nodes-Fairness in

Distributed Ad Hoc NeTworks,” Proceedings of Mobi-

Hoc Conference, Switzerland, 2002, pp. 226-236.

[41] G. Avoine and S. Vaudenay, “Cryptography with Guard-

ian Angels: Bringing Civilization to Pirates,” ACM Mo-

bile Computing and Communications Review (MC2R),

Vol. 7, No. 1, 2003, pp. 74-94.

[42] O. Kachirski and R. Guha, “Effective Intrusion Detection

Using Multiple Sensors in Wireless Ad Hoc Networks,”

Proceedings of 36th International Conference on System

Sciences, Hawaii, 2003, pp. 57-64.

[43] Y. Zhang, W. Lee and Y. Huang, “Intrusion Detection

Techniques for Mobile Wireless Networks,” Wireless

Networks, Vol. 9, No. 5, 2003, pp. 545-556.

[44] Y. Huang and W. Lee, “A Cooperative Intrusion Detec-

tion System for Ad Hoc Networks,” Proceedings of ACM

Workshop on Security of Ad Hoc and Sensor Networks,

Fairfax, Virginia, 2003, pp. 135-147.

[45] H. Debar and A. Wespi, “Aggregation and Correlation of

Intrusion Detection Alerts,” Proceedings of 4th Interna-

tional Symposium on Recent Advances in Intrusion De-

tection, Davis, CA, USA, 2001, pp. 85-103.

[46] P. Albers and O. Camp, “Security in Ad Hoc Networks:

A General Intrusion Detection Architecture Enhancing

Trust Based Approaches,” Proceedings of 1st Interna-

tional Workshop on Wireless Information Systems, Ciu-

dad Real, Spain, 2002, pp. 1-12.

[47] B. Sun, K. Wu and U. W. Pooch, “Integration of Mobility

and Intrusion Detection for Wireless Ad Hoc Networks,”

International Journal of Communication Systems, Vol. 20,

No. 6, 2006, pp. 695-721.

[48] Y. Huang, W. Fan, W. Lee and P. S. Yu, “Cross-Feature

Analysis for Detecting Ad Hoc Routing Anomalies,”

Proceedings of 23rd International Conference on Dis-

tributed Computing Systems, Providence, 2003, pp. 478-487.

[49] C. Tseng and P. Balasubramanyam, “A Specification-

Based Intrusion Detection System for AODV,” Proceed-

ings of ACM Workshop on Security of Ad Hoc and Sensor

Networks, Fairfax, 2003, pp. 125-134.

[50] R. Sekar, “Specification-Based Anomaly Detection: A New

Approach for Detecting Network Intrusions,” Proceed-

ings of 9th ACM Conference on Computer and Commu-

nications Security, Washington, DC, USA, 2002, pp. 265-

274.

[51] Y. Okazaki, I. Sato and S. Goto, “A New Intrusion De-

tection Method Based on Process Profiling,” Proceedings

of Symposium on Applications and the Internet, Nara City,

Japan, 2002, pp. 82-91.

[52] R. Sowjanya and H. Shah, “Neighborhood Watch: An

Intrusion Detection and Response Protocol for Mobile Ad

Hoc Networks,” UMBC Technical Report, 2002.

[53] R. Puttini, J. Percher, L. Me, O. Camp and R. De Souza,

“A Modular Architecture for Distributed IDS in MANET

Structures,” Lecture Notes in Computer Science, Vol.

2669, 2003, pp. 91-113.

[54] P. Brutch and C. Ko, “Challenges in Intrusion Detection

for Wireless Ad Hoc Networks,” Proceedings of Sympo-

sium on Applications and the Internet Workshop, Orlando,

Florida, 2003, pp. 368-373.

[55] R. Janakiraman, M. Waldvogel and Q. Zhang, “Indra: A

Peer-to-Peer Approach to Network Intrusion Detection

and Prevention,” Proceedings of 12th IEEE International

Workshops, Linz, 2003, pp. 226-231.

[56] N. Stakhanova, S. Basu and J. Wong, “Taxonomy of

Intrusion Response Systems,” Technical Report 06-05,

440 S. A. KUMAR

Computer Science, Iowa State University, 2006.

[57] M. M. Islam, R. Pose and C. Kopp, “An Intrusion Detec-

tion System for Suburban Ad-Hoc Networks,” Proceedings

of IEEE Tencon Conference, Melbourne, 2005, pp. 41-46.

[58] G. Vigna, S. Gwalani, K. Srinivasan, E. Belding-Royer and

R. Kemmerer, “An Intrusion Detection Tool for AODV-

Based Ad Hoc Wireless Networks,” Proceedings of the

20th ACSA Conference, Tucson, 2004, pp. 16-27.

[59] R. Puttini, J. Percher, L. Me and R. Sousa, “A Fully Dis-

tributed IDS for MANET,” Proceedings of IEEE Sympo-

sium on Computers and Communications, Brasilia, 2004,

pp. 331-338.

[60] B. Lu and U. W. Pooch, “Cooperative Security-Enforce-

ment Routing in Mobile Ad Hoc Networks,” Proceedings

of the 4th IEEE International Conference on Mobile and

Wireless Communications Network, 2002, pp. 157-161.

[61] D. Sterne, P. Balasubramanyam, D. Carman, B. Wilson,

R. Talpade, C. Ko, R. Balupari, C. Y. Tseng, T. Bowen,

K. Levitt and J. Rowe, “A General Cooperative Intrusion

Detection Architecture for MANETs,” Proceedings of the

3rd IEEE International Workshop on Information Assur-

ance, College Park, MD, USA, 2005, pp. 57-70.

[62] A. Patwardhan, J. Parker, A. Joshi, M. Iorga and T. Ka-

rygiannis, “Secure Routing and Intrusion Detection in Ad

hoc Networks,” Proceedings of the 3rd International

Conference on Pervasive Computing and Communica-

tions, Hawaii, 2005, pp. 191-199.

[63] Y. Fu, J. He and G. Li, “A Distributed Intrusion Detec-

tion Scheme for Mobile Ad Hoc Networks,” Proceedings

of Computer Software and Applications Conference, 2007,

pp. 75-80.

[64] N. Komninos, D. Vergados and C. Douligeris, “Detecting

Unau-thorized and Compromised Nodes in Mobile Ad

Hoc Networks,” Ad Hoc Networks, Vol. 5, No. 3, 2007,

pp. 289-298.

[65] A. Mitrokotsa, M. Tsagkaris and C. Douligeris, “Intrusion

Detection in Mobile Ad Hoc Networks Using Classifica-

tion Algorithms,” IFIP International Federation for Infor-

mation Processing, Palma de Mallorca, 2008, pp. 133-144.

[66] S. Bhargava and D. P. Agrawal, “Security Enhancements

in AODV Protocol for Wireless Ad Hoc Networks,”

Proceedings of IEEE Vehicular Technology Conference,

Atlantic City, 2001, pp. 2143-2147.

[67] B. Sun, K. Wu and U. Pooch, “Routing Anomaly Detec-

tion in Mobile Ad Hoc Networks,” Proceedings of 12th

International Conference on Computer Communications

and Networks, Dallas, 2003, pp. 20-23.

[68] R. Guha, O. Kachirski, D. G. Schwartz, S. Stoecklin and

E. Yilmaz, “Case-Based Agents for Packet-Level Intru-

sion Detection in Ad Hoc Networks,” Proceedings of

17th International Symposium on Computer and Informa-

tion Sciences, Florida, 2002, pp. 315-320.

[69] B. Askwith, M. Merabti, Q. Shi and K. Whiteley, “Achie-

ving User Privacy in Mobile Networks,” Proceedings of

the 13th Annual Computer Security Applications Confer-

ence, San Diego, 1997, pp. 108-116.

[

70] D. Chaum, “Security without Identification: Transaction

Systems to Make Big Brother Obsolete” Communications

of the ACM, Vol. 28, No. 10, 1985, pp. 1030-1044.

[71] B. Roland, K. Dogan and R. Peter, “How to Increase

Security in Mobile Networks by Anamoly Detection,”

Proceedings of the 14th Annual Computer Security Ap-

plications Conference, Phoenix,1998, pp. 3-12.

[72] C. H. Lee, M. S. Hwang and W. P. Yang, “Enhanced

Privacy and Authentication for the Global System for

Mobile Communications,” Wireless Networks, Vol. 5, No.

4, 1999, pp. 231-243.

[73] P. Bellavista, A. Corrradi and C. Stefanelli, “SOMA Se-

cure and Open Mobile Agent Programming Environment,”

Proceedings of the 4th International Symposium on the

Autonomous Decentralized Systems, 1999, pp. 238-245.

[74] N. M. Karnik and A. R. Tripathi, “A Security Architec-

ture for Mobile Agents in Ajanta,” Proceedings of the In-

ternational Conference on Distributed Computing Sys-

tems, Taipei, Taiwan, 2000, pp. 402-409.

[75] J. Zao, S. Kent, J. Gahm, G. Troxel, M. Condell, P. Heliek,

N. Yuan and I. Castineyra, “A Public-Key Based Secure

Mobile IP Wireless Networks,” Wireless Networks, Vol.

5, No. 5, 1999, pp. 373-390.

[76] S. K. Y. Lam, “Mobile IP Registration Protocol: A Secu-

rity Attack and New Secure Minimal Public-Key Based

Authentication,” Proceedings of the 4th International

Symposium on Parallel Architectures, Algorithms and

Networks, Singapore, 1998, pp. 364-369.

[77] G. Necula and P. Lee, “Research on Proof-Carrying Code

for Untrusted-Code Security,” Proceedings of IEEE Sym-

posium on Security and Privacy, 1997, p. 204.

[78] C. E. Perkins, “Mobile IP Joins Forces with AAA,” IEEE

Personal Communications, Vol. 1, No. 4, 2000, pp. 59-61.

[79] T. Hiller et al., “3G Wireless Data Provider Architecture

Using Mobile IP and AAA,” IETF Internet Draft, 1999.

[80] P. J. McCann and T. Hiller, “An Internet Infrastructure

for Cellular CDMA Networks Using Mobile IP,” IEEE

Personal Communications, 2000, pp. 26-30.

[81] D. McClure and B. Bhargava, “On Assigning Priorities of

Keying Parameters in a Secure Mobile Network,” Pro-

ceedings of IEEE Workshop on Reliable and Secure Ap-

plication in Mobile Environment, New Orleans, 2001.

[82] T. G. Brutch and P. C. Brutch, “Mutual Authentication,

Confidentiality and Key Management (MACKMAN)

System for Mobile Computing and Wireless Communica-

tion,” Proceedings of the 14th Annual Computer Security

Applications Conference, Phoenix, 1998, pp. 308-317.

[83] L. Gong and N. Shacham, “Multicast Security and its

Extension to a Mobile Environment,” Wireless Networks,

Vol. 1, No. 3, 1995, pp. 281-296.

[84] A. D. Joseph and M. F. Kaashoek, “Building Reliable

Mobile-Aware Applications Using the Rover Toolkit

Wireless Networks,” Vol. 3, No. 5, 1997, pp. 405-420.

[85] A. Corradi, R. Montanari and C. Stefanelli, “Mobile

Agent Protection in the Internet Environment,” Proceed-

ings of 23rd Annual International Computer Software

and Applications Conference, Phoenix, 1999, pp. 20-25.