Multi-Layer Security Framework for Manets: An Overview

Abstract

1.0

Introduction
Mobile Ad Hoc Networks (MANETs) deploy with the rapid proliferation of wireless

lightweight devices such as laptops, PDAs, wireless telephones, and wireless sensors. They
have

been

used

in

applications

such

as

survivable,

dynamic

communication

for

emergency/rescue operations, disaster relief efforts, and military networks. These applications
demand high security protection where any security weaknesses identified needed to be
addressed appropriately. Many security mechanisms developed for wired network cannot be
applied directly to MANETs due to their self-constructed infrastructure [1]. In MANETs, the
nodes are mobile. As a result, the network topology may change rapidly and unpredictably over
time. Furthermore, the network is decentralized; where all network activity including discovering
the topology and delivering messages must be executed by the nodes themselves.
Security problem in MANETs from the security design perspective is the lack of a clear
line of defense. Most of the security solutions proposed in Manets cover preventive and reactive
solution [ ]. Preventive and reactive mechanism only specialized to one network layer, protocol
or attack. According to [ ], in order to achieve optimum security protection, additional level of
defense should be placed when designing security framework, which is intrusion tolerance (IT).
Intrusion tolerance plays a role to complement security hole in Manets. Its goal is to make
systems tolerant to attacks and intruders, which are to afford some essential network services in
the presence of malicious attacks. Furthermore, the combination of these three lines of defense
will achieve survivability requirements in Manets.
Problem statements
Many security researches in Manets only combine with prevention and reaction
mechanism. This approach is known as cross layer approach. In this approach, prevention
mechanism work to avoid any type of attacks such as firewall and cryptographic system [ ], and
reaction mechanism will take action to mitigate the intrusion via Intrusion Detection System
(IDS). Although the prevention mechanism will be the fit to defense the attacks, however, some
attack may be succeeded entering the network. Thus, the reaction mechanism will begin to

work by detecting and stopping the attack. This approach would not guarantee the network
operation in the presence of attacks. It needs a mechanism of intrusion tolerance to afford some
essential network services in the presence of attacks.

Intrusion tolerance will provide the

survivability of the network [ ].

Intrusion tolerance can be achieved through a firewall mechanism, a technique for
detecting and recovering intruders induced path failures, a trust relationship between nodes an
IP-sec authentication based packet authentication and wireless router modules [ ].
This paper focuses on new multi layer security framework for Manets incorporating new
defense line. Rest of this paper is organized as follows: section II present literature review on
cross-layer framework. In section III, we see the limitation of cross layer framework and
compared it with new multi layer framework. Section IV proposed multi layer security framework
for Manets, Finally we conclude and present our future direction.

Literature review

In MANETs, nodes are depends on other node(s) to route or forward a packet to

its destination. The nodes are accessible to both legitimate and malicious nodes. As a
result, there is no clear line of defense in MANETs from the security design perspective.
In general, security mechanism follows two defense lines: one preventive and another
reactive [ ]. The prevention is mainly achieved by secure routing protocols that prevent
the attacker from installing incorrect routing updates at other nodes. These protocols
are typically based on previous routing protocol such as AODV [3] and Destination
Sequence Distance Vector (DSDV) [4] which applies different cryptography techniques
to authenticate the routing messages.

At this point, authentication plays a role to

identify the legitimate nodes. On the other hand, reactive is to take action on demand to
mitigate intrusion, as intrusion detection systems (IDS). Nevertheless, preventive and
solution are not efficient to handle all attacks and intrusion. Thus, the third defense line
which is tolerance should be included in designing new security framework. These three
lines of defense need to be incorporated to fully survive the networks in Manets [ ].

In literature, a number of approaches to provide security via cross layer security

protocol have been proposed. Geethapriya and et al [ ] have proposed cross layer
based intrusion detection systems to identify malicious node(s). Their framework covers
link and network layers for reaction mechanism to detect the intrusion.

It provides

multiple level of detection across different layer of protocol stacks. However, this
approach only covers up to two level of defense. Intrusion tolerant is important
whenever nodes need to back up in services in the presence of malicious attacks.
Lei Guang and Chadi Assi [ ] also proposed cross layer security design between
routing and MAC layer. The approach is to mitigate certain interlayer attacks. These two
layer attacks work together to facilitate detection and reaction against node MAC
misbehavior in Manets. At the end the trust list based on the detection information
obtained at MAC layer were build. Their work also tackle up to two layers of defense.