Secure Mobile Ad hoc Network (SMANET)
A midterm report submitted to
Network Information and Space Security Center (NISSC)
for Summer 2003
C. Edward Chow
Paul J. Fong
1. Project Goal
This study will investigate and develop methods of creating a Secure Mobile Ad hoc Network
(SMANET) by protecting it from the most ostensible forms of attack. These security methods will
include:
 Erecting a wireless firewall
 Detecting wireless intrusion attempts
 Authenticating routing updates and
 Responding with group rekeying measures designed to isolate the attacker.
2 Project Status
The first objective of the SMANET project has been accomplished. A Linux iptable-based
wireless firewall has been created for a mobile ad hoc network (MANET) that allows only hosts with
specified Media Access Control (MAC) addresses to join the mobile ad hoc network. We have
developed two separate firewalls: one for the typical ad hoc node and one for the gateway node which
has an additional Internet connection. Details of the firewall rules and preliminary performance for
our SMANET testbed are included in a full report at http://cs.uccs.edu/~smanet/.
A MANET without a firewall or authentication provisions provide an attacker with an
opportunity to join the wireless network. At best, the attacker may passively listen to the network
traffic and potentially compromise confidential information. At worst, the attacker may disrupt the
network communication. This project will continue to develop the remainder of the MANET security
provisions in accordance with our stated project objectives.
The Ad Hoc On-Demand Distance Vector (SAODV) Routing Internet Draft [Zapata2001,
Zapata2002] has been carefully studied to prepare for development of a routing update authentication
scheme for the SMANET. This authentication method will employ digital signatures or certificates to
verify routing updates.
An intrusion detection system (IDS) is being developed. The IDS will be based on the A2D2
project [Cearns2002] and will be integrated into the firewall.
We have obtained a copy of the Keystone group rekeying system and corrected its cryptolibrary code to obtain true randomness in the new Redhat Linux environment. The Keystone system is
now running on both Solaris and Linux systems. We have obtained a license for the Antigone Secure
Groupware from University of Michigan and have downloaded the licensed software. An
implementation of the IDIP protocol [IDIP] was developed by Sarah Jelinek for her master project and
will be integrated into the SMANET system.
1
3. References
[AODV] Ad-hoc On-demand Distance Vector Protocol.
http://w3.antd.nist.gov/wctg/aodv_kernel/.
[Antigone] Antigone Secure Groupware
http://antigone.citi.umich.edu/content/antigone-2.0.11/docs/html/alpha.html
[Andreasson] Andreasson, Oskar. “Iptables Tutorial 1.1.19.”
http://iptables-tutorial.frozentux.net/iptables-tutorial.html
[Cearns2002] Cearns, Angela. “Design of an Autonomous Anti-DDoS network (A2D2).” Masters
thesis.
[IDIP] Network Associates Labs & Boeing. “IDIP Architecture.”
http://zen.ece.ohiou.edu/~inbounds/DOCS/reldocs/IDIP_Architecture.doc, 2002.
[McDaniel2001] McDaniel, Patrick D. (2001), “Policy Management in Secure Group
Communication.” PhD dissertation. University of Michigan.
[PBD2002] Charles E. Perkins, Elizabeth M. Belding-Royer, and Samir Das. "Ad Hoc On Demand
Distance Vector (AODV) Routing." IETF Internet draft, draft-ietf-manet-aodv-11.txt, June 2002
(Work in Progress).
[Snort] Snort version 2.0, the open source network intrusion detection system. http://www.snort.org/.
[Zapata2002] M.G. Zapata & N. Asokan, “Securing Ad hoc Routing Protocols,” 2002, ACM 1-58113585-8/02/0009.
[Zapata2001] Zapata, M.G. “Secure Ad Hoc On-Demand Distance Vector (SAODV) Routing.”
http://www.ietf.org/internet-drafts/draft-guerrero-manet-saodv-00.txt, Internet Draft, October 2001.
[ZLL2003] X. Brian Zhang, Simon S. Lam, and D-Y Lee, “Group Rekeying with Limited Unicast
Recovery,” Technical Report, TR-02-36 Revised February 2003.
http://www.cs.utexas.edu/users/lam/Vita/Misc/rekey_TR.pdf
2