HISTORIA DE VIDA

Design of low-cost honeypots for oppnets is challenging because physical security of honeypots cannot be guaranteed for the entire lifetime of an oppnet. Observations from honeypots cannot be trusted unless secure channels of communication are established. Attackers masquerading as honeypots or posing DoS attacks on honeypots are examples of problems that need to be solved.

We are investigating a hybrid honeyfarm architecture for oppnets that integrates the high-interaction technologies of Collapsar honeyfarm [22] and Potemkin honeyfarm [51], providing both centralized management and decentralized honeypot presence. The resulting system can be made scalable and efficient, using late binding of resources, flash cloning, and redirectors.

5.7 Conclusions

This chapter describes the concept of opportunistic networks (oppnets), and presents the related research challenges in privacy and security.

Oppnets constitute a newly identified category of computer networks. When deployed, oppnets attempt to detect candidate helper systems existing in their relative vicinity—ranging from sensing and monitoring, to computing and communication systems—and integrate them under their own control. When such a candidate is detected by an oppnet, the oppnet evaluates the benefits that it could realize if the candidate joins it. If the

112 Lilien et al.

evaluation is positive the oppnet invites the candidate to become its helper. In this manner, an oppnet can grow from a small seed into a large network with vast sensing, communication, and computation capabilities.

Oppnets will facilitate many applications. As an example, they can help building an integrated network called for in various critical or emergency situations [48]. Oppnets can be used to enable connectivity in an area where any existing communication or information infrastructure has been fractured or partially destroyed. Oppnets will integrate various systems that were not designed to work together. The integration will enhance the flow of information that, for example, can assist in rescue and recovery efforts for devastated areas, or can provide more data on phenomena that are just developing, such as wildfires or flash torrents.

Answering to the identified privacy and security challenges in oppnets will contribute to advancing knowledge and understanding not only for the opportunistic networks, but will simultaneously advance the state of the art of computer privacy and security in ad hoc and in general-purpose computer networks.

We continue working on a number of the identified challenges, continuing our investigation of privacy and security in oppnets. The planned prototype opportunistic network will provide a proof of concept for our solutions, as well as stimulation and feedback necessary for fine- tuning the proposed solutions.

Acknowledgements

This work was supported in part by the National Science Foundation under Grant IIS-0242840, and in part by the U.S. Department of Commerce under Grant BS123456.

The authors would also like to acknowledge Western Michigan University for its support and its contributions to the WiSe (Wireless Sensornet) Laboratory, Computational Science Center and Information Technology and Image Analysis (ITIA) Center.

L. Lilien, a co-PI on the NSF grant providing a partial support for this research, would like to thank Professor Bharat Bhargava from Purdue University, the PI for this grant.

L. Lilien would like to thank the participants of the International Workshop on Research Challenges in Security and Privacy for Mobile and Wireless Networks (WSPWN 2006) for their helpful comments and feedback on oppnets. In particular, he would like to thank Mr. Hien Nguyen, a Ph.D. student at the Florida International University, for a

The Concept of Opportunistic Networks and their Research Challenges 113

fruitful discussion that resulted in crystallizing the idea of the oppnet reserve.

L. Lilien also expresses his thanks to the following students of his advanced computer security course for their contributions to the following research projects: (a) contributors to helper privacy and oppnet privacy: N. Bhargava, T. Goodman, V. Kalvala, H.R. Ravi, R. Rekala, A. Rudra, V. Talati, and Y. Yoder ; (b) contributors to authentication of oppnet nodes and helpers: V.V. Krishna, P.E. Miller, and A.K. Yedugani; (c) contributors to dealing with specific attacks: S. Chittineni, N. Jawanda, D. Koka, S. Pulimamidi, and H. Singh; and (d) contributors to intrusion detection, honeypots and honeyfarms: R. Dondati and S. Mapakshi.

Any opinions, finding, conclusions or recommendation expressed in the paper are those of the authors and do not necessarily reflect the views of the funding agencies or institutions.

References

1. D. Balfanz, D. K. Smetters, P. Stewart and H. C. Wong, “Talking To Strangers: Authentication in Ad-Hoc Wireless Networks,” Symposium on Network and Distributed Systems Security(NDSS '02), San Diego, CA, Feb. 2002.

2. S. Bansal and M. Baker, “Observation based cooperation enforcement in ad hoc networks,” CoRR, July 2003. Available at http://www.informatik.uni- trier.de/~ley/db/journals/corr/corr0307.html#cs-NI-0307012.

3. B. Bhargava, L. Lilien, A. Rosenthal, and M. Winslett, “Pervasive Trust,” IEEE Intelligent Systems, vol. 19(5), Sep./Oct.2004, pp. 74–77.

4. N. Borisov, Active Certificates: A Framework for Delegation,” M.S. Dis- sertation, University of California, Berkeley, 2002.

5. S. Buchegger and J. Le Boudec, “Performance Analysis of the CONFIDANT Protocol: Cooperation Of Nodes — Fairness in Dynamic Ad-hoc Networks,” 13 IEEE/ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHoc 2002), Lausanne, Switzerland, June 2002.

6. M. Burnside, D. Clarke, Mills, A. Maywah, S. Devadas, R. Rivest, “Proxy- Based Security Protocols in Networked Mobile Devices”, 17th ACM Symp. on Applied Computing (SAC’02), Madrid, Spain, March 2002, pp. 265–272. 7. R. Campbell, J. Al-Muhtadi, P. Naldurg, G. Sampemane and M.D. Mickunas,

“Towards Security and Privacy for Pervasive Computing,” IEEE Computer, vol. 34 (12), Dec. 2001, pp. 154–157.

8. O. Can, and M. Unalir, “Distributed Policy Management in Semantic Web,” Dept. of Computer Engineering, Ege University Bornova, Izmir, Turkey, 2006.

9. S. apkun and M. Cagalj, “Integrity Regions: authentication through presence in wireless networks,” 5th ACM Workshop on Wireless Security (WiSe’06), Los Angeles, CA, Sep. 2006, pp. 1–10.

“

114 Lilien et al.

10. Y. Chen, C. Jensen, E. Gray, V. Cahill, J. Seigneur, “A General Risk Assess- ment of Security in Pervasive Computing,” Technical Report TCD-CS-2003- 45, Dept. of Computer Science, Trinity College, Dublin, Ireland, Nov. 2003. 11. A. Dersingh, R. Liscano, and A. Jost, “Using Semantic Policies for Ad Hoc

Coalition Access Control,” International Workshop on Ubiquitous Access Control (IWUAC'06), San Jose, CA, 2006.

12. D.B. Faria and D.R. Cheriton, “Detecting Identity Based Attacks in Wireless Networks Using Signalprints,” 5th ACM Workshop on Wireless Security (WiSe’06), Los Angeles, CA, Sep. 2006.

13. K. Farkas, J. Heidemann, and L. Iftode, “Intelligent Transportation and Pervasive Computing,” IEEE Pervasive Computing, vol. 5 (4), Oct. 2006, pp. 18–19.

14. S. Farrell, J. Vollbrecht, P. Calhoun, L. Gommans, G. Gross, B. DB Bruijn, C. DB Laat, M. Holdrege, and D. Spence, “AAA Authorization Requirements,” RFC 2906, The Internet Society, Aug. 2000. Available at: http://www.faqs.org/ rfcs/ rfc2906.html.

15. I. Goldberg and D. Wagner, “Taz Servers and the Rewebber Network: Enabling Anonymous Publishing on the World Wide Web,” First Monday, 1998.

16. K. Hoeper and G. Gong, “Bootstrapping Security in Mobile Ad Hoc Networks Using Identity-Based Schemes with Key Revocation,” Technical Report CACR 2006-04, Centre for Applied Cryptographic Research, Waterloo, Canada, 2006.

17. Y.-C. Hu and A. Perrig, “A Survey of Secure Wireless Ad Hoc Routing,” IEEE Security & Privacy, Special Issue on Making Wireless Work, Vol. 2(3), May/June 2004, pp.28–39.

18. Y.-C. Hu, A. Perrig, and D.B. Johnson, “Ariadne: A Secure On-Demand Routing Protocol for Ad Hoc Networks,” 8th Ann. Intl. Conf. Mobile Computing and Networking (MobiCom 2002), Atlanta, Georgia, Sep. 2002, pp. 12–23.

19. Y. Huang, W. Fan, W. Lee, and P. S. Yu, “Cross-feature analysis for detecting ad-hoc routing anomalies,” 23rd International Conference on Distributed Computing Systems (ICDCS 2003), Providence, RI, May 2003, pp. 478–487. 20. M. Humphrey and M. Thompson, "Security Implications of Typical Grid

Computing Usage Scenarios," 10th IEEE International Symposium on High Performance Distributed Computing, San Francisco, CA, Aug. 2001, pp. 95–103.

21. H. Inerowicz, S. Howell, F. Regnier, and R. Reifenberger, “Protein Microarray Fabrication for Immunosensing,” 224th American Chemical Society (ACS) National Meeting, Aug. 2002.

22. X. Jiang and D. Xu, "Collapsar: a VM-based Architecture for Network Attack Detection Center," 13th Usenix Security Symposium, San Diego, CA, Aug. 2004. Available at: www.ise.gmu.edu/~xjiang/pubs/JPDC06.pdf

23. W. E. Johnston, K. Jackson, and S. Talwar, “Security Considerations for Computational and Data Grids,” 10th IEEE Symposium on High Performance Distributed Computing, San Francisco, CA, Aug. 2001.

The Concept of Opportunistic Networks and their Research Challenges 115 24. L. Kagal and T. Berners-Lee, “Rein: Where Policies Meet Rules in the

Semantic Web,” Technical Report, MIT, 2005.

25. L. Kagal, T. Finin, and A. Joshi, “Trust-Based Security in Pervasive Computing Environments,” IEEE Computer, vol. 34 (12), Dec. 2001, pp. 154–157.

26. L. Kagal, M. Paolucci, N. Srinivasan, G. Denker, T. Finin, and K. Sycara, “Authorization and Privacy for Semantic Web Services,” First International Semantic Web Services Symposium, AAAI 2004 Spring Symposium, March 2004.

27. L. Kagal, J. Undercoffer, F. Perich, A. Joshi, T. Finin, and Y. Yesha, “Vigil: Providing Trust for Enhanced Security in Pervasive Systems,” Dept. of CSEE, University of Maryland Baltimore County, August 20021. Available at: http://ebiquity.umbc.edu/paper/html/id/54/Vigil-Providing-Trust-for- Enhanced-Security-in-Pervasive-Systems

28. J. Li, J. Mirkovic, M. Wang, P. Reiher, and L. Zhang. “SAVE: Source Address Validity Enforcement Protocol,” UCLA Technical Report 01-0004, Los Angeles, CA, 2001.

29. X. Li, J. Slay, and S. Yu, “Evaluating Trust in Mobile Ad hoc Networks,” The

Workshop of International Conference on Computational Intelligence and Security, Dec. 2005, Xi’an, China. Available at: http://esm.cis.unisa. edu.au/new_esml/resources/publications/evaluating%20trust%20in%20mobil e%20ad-hoc%20networks.pdf

30. L. Lilien and B. Bhargava, “A Scheme for Privacy-preserving Data Dis- semination,” IEEE Transactions on Systems, Man and CyberneticsCybernetics, Part A: Systems and Humans, Vol. 36(3), May 2006, pp. 503 506.

31. L. Lilien and A. Gupta, Personal Communication, Department of Computer

Science, Western Michigan University, Kalamazoo, MI, Dec. 2005.

32. L. Lilien, A. Gupta, and Z. Yang, “Opportunistic Networks and Their Emergency Applications and Standard Implementation Framework,” submitted for publication.

33. L. Lilien, Z. H. Kamal, and A. Gupta, :Opportunistic Networks: Research Challenges in Specializing the P2P Paradigm,” 3rd International Workshop on P2P Data Management, Security and Trust (PDMST'06), Kraków, Poland, Sep. 2006.

34. M. Locasto, J. Parekh, A. Keromytis, S. Stolfo, “Towards Collaborative Security and P2P Intrusion Detection,” 2005 IEEE Workshop on Information Assurance and Security, June 2005. Available at: http://www1.cs.columbia. edu/ids/publications/locasto2005iaw.pdf

35. P. Michiardi and R. Molva, “CORE: A collaborative reputation mechanism to enforce node cooperation in mobile ad hoc networks,” Sixth IFIP Conference on Security Communications, and Multimedia (CMS 2002), Portorož, Slovenia, Sep. 2002.

36. A. Mishra, K. Nadkarni, A. Patcha, "Intrusion Detection in Wireless Ad Hoc Networks", IEEE Wireless Communications, Vol. 11(1), Feb. 2004, pp. 48–60. 37. H. Moustafa, G. Burdon, and Y. Gourhant, “Authentication, Authorization

and Accounting (AAA) in Hybrid Ad hoc Hotspot's Environments,” 4th –

116 Lilien et al.

International Workshop on Wireless Mobile Applications and Services on WLAN Hotspots (WMASH 2006), Los Angeles, CA, Sep. 2006.

38. M. Mutka, Personal Communication, Department of Computer Science and Engineering, Michigan State University, East Lansing, MI, Dec. 2006. 39. D. Nordqvist, L. Westerdahl and A. Hansson, "Intrusion Detection System

and Response for Mobile Ad hoc Networks," FOI-R 1683, Command and Control Systems, User Report, July 2005.

40. D. Olmedilla, “Security and Privacy on the Semantic Web,” in: M. Petkovic and W. Jonker (editors), Security, Privacy and Trust in Modern Data Management, Springer, 2006.

41. L. Pelusi, A. Passarella, and M. Conti, “Opportunistic Networking: Data

Forwarding in Disconnected Mobile Ad Hoc Networks,” IEEE

Communications, Vol. 44(11), Nov. 2006, pp. 134–141.

42. A. Pfitzmann and M. Waidner, “Networks Without User Observability — Design Options,” Eurocrypt ’85, Workshop on the Theory and Application of of Cryptographic Techniques, Linz, Austria, April 1985, pp. 245–253.

43. G. Selander et al., “Ambient Network Intermediate Security Architecture,”

Deliverable 7.1, v. 3.2, Ambient Networks Project, Sixth Framework Programme, European Union, Feb. 2005. Available at: www.ambient- networks.org/phase1web/

publications/D7-1_PU.pdf.

44. L. Spitzner, “Definitions and Value of Honeypots”, GovernmentSecurity.org, May 2002. Available at: http://www.trackinghackers.com/papers/honeypots. html

45. “SWRL: A Semantic Web Rule Language Combining OWL and RuleML,” The World Wide Web Consortium (W3C), May 2004. Available at: http://www.w3.org/Submissions/SWRL/

46. P. Thibodeau, “Pervasive computing has pervasive problems,” ComputerWorld, Vol. 36(41), Oct. 7, 2002.

47. J. Undercoffer, F. Perich, A. Cedillnik, L. Kagal, A. Joshi, “A Secure Infra- structure for Service Discovery and Access in Pervasive Computing,” Technical Report, TR-CS-01-12, Dept. of CSEE, University of Maryland Baltimore County, 2001. Available at: http://citeseer.ist.psu.edu/cedilnik01secure.html.

48. U.S. Government Printing Office via GPO Access, “Combating Terrorism: Assessing the Threat of a Biological Weapons Attack.” Last accessed on December 15, 2005. Available at: http://www.armscontrolcenter.org/cbw/ resources/hearings/snsvair_20011012_combating_terrorism_assessing_biological_ weapons_attack.htm

49. L. Venkatraman and D. Agrawal, “A novel authentication scheme for ad hoc networks”, Wireless Communications and Networking Conference (WCNC 2000), Vol. 3, Chicago, IL, Sep. 2000, pp. 1268–1273.

50. J. Vollbrecht, P. Calhoun, S. Farrell, L. Gommans, G. Gross, B. de Bruijn, C. de Laat, M. Holdrege, D. Spence, “RFC 2905 - AAA Authorization Application Examples”, Network Working Group, The Internet Society, Aug. 2000. Available at: www.faqs.org/rfcs/rfc2905.html.

51. M. Vrable, J. Ma, J. Chen, D. Moore, E. Vandekieft, A. C. Snoeren,

The Concept of Opportunistic Networks and their Research Challenges 117 Potemkin Virtual Honeyfarm,” ACM Symposium on Operating System Principles (SOSP'05), Brighton, UK, Oct. 2005.

52. W. Wagealla, C. English, S. Terzis, and P. Nixon, “A Trust-based Collaboration Model for Ubiquitous Computing,” Ubicomp2002 Security Workshop, Goteborg, Sweden, Sept./Oct. 2002.

53. V. Welch, F. Siebenlist, I. Foster, J. Bresnahan, K. Czajkowski, J. Gawor, C. Kesselman, S. Meder, L. Pearlman, and S. Tuecke, “Security for Grid Services,” Intl. Symp. on High Performance Distributed Computing, Seattle, WA, June 2003, pp. 48-57. Available at: citeseer.ist.psu.edu/welch03security. html.

54. G. Xu and L. Iftode, “Locality Driven Key Management Architecture for Mobile Ad hoc Networks,” IEEE International Conference on Mobile Ad- hoc and Sensor Systems, Fort Lauderdale, FL, Oct. 2004.

55. T. Yu, M. Winslett, and K. E. Seamons, “Supporting Structured Credentials and Sensitive Policies through Interoperable Strategies for Automated Trust Negotiation,” ACM Transactions on Information and System Security (TISSEC), 6(1), Feb. 2003.

56. D. Zamboni, “Using Internal Sensors for Computer Intrusion Detection,” CERIAS Technical Report 2001-42, CERIAS, Purdue University, West Lafayette, IN, Aug. 2001.

6 On Performance Cost of On-demand

Anonymous Routing Protocols in Mobile

Ad Hoc Networks

Jiejun Kong

1

, Jun Liu

2

, Xiaoyan Hong

2

, Dapeng Wu

3

, and

Mario Gerla

4

1_{Jiejun Kong is currently with Scalable Network Technologies, Inc., 6701 Center}

Drive West, Suite 520, Los Angeles, CA 90045.

2

Jun Liu and Xiaoyan Hong are with the Department of Computer Science, University of Alabama, Tuscaloosa, AL 35487.

3

Dapeng Wu is with the Department of Electric and Computer Engineering, University of Florida, Gainesville, FL 32611.

4_{Mario Gerla is with the Department of Computer Science, University of}

California, Los Angeles, CA 90095.

6.1 Introduction

A mobile ad hoc network (MANET) can establish an instant communica- tion structure for many time-critical and mission-critical applications. Nevertheless, the intrinsic characteristics of ad hoc networks, such as wire- less transmission and node mobility, make it very vulnerable to security threats. Many security protocol suites have been proposed to protect wire- less communications, however, they do not consider anonymity protection and leave identity information freely available to nearby passive eaves- droppers. The goal of passive attacks is very different from those of other attacks on routing, such as route disruption or “denial-of-service” attacks. In fact, the passive enemy will avoid such aggressive schemes, in the at- tempt to be as “invisible” as possible, until it traces, locates, and then physically destroys legitimate assets [29, 51]. Consider for example a bat- tlefield scenario with ad hoc, multi-hop wireless communications support. The adversary could deploy reconnaissance and surveillance sensor net- works in the battlefield and maintain communications among them. Via in- tercepted wireless transmissions, they could infer the location, movement,

120 Kong et al.

number of participants, and even the goals of our task forces. Anonymity and location privacy guarantees for our ad hoc networks are critical, oth- erwise the entire mission may be compromised. This poses challenging constraints on routing and data forwarding.

6.1.1 Mobile sensor networks

Recent advances in manufacturing technologies have enabled the physical realization of small, light-weight, low-power, and low-cost micro air vehi- cles (MAVs) [21,22]. These MAVs refer to a new breed of unmanned air vehicles (UAVs) or aerial robots that are significantly smaller than cur- rently available UAVs. Figure 6.1(a) illustrates the WASP MAV recently tested by DARPA. It is a 32 cm “flying wing” made of a plastic lithium- ion battery material that provides both electrical power and wing structure. The wing utilizes synthetic battery materials, which generate an average output of more than nine watts during flight -- enough power to propel the miniature aircraft for one hour forty-seven minutes. Such aerial robots, equipped with information sensing and transmission capabilities, extend the sphere of awareness and mobility of human beings, and allow for sur- veillance or exploration of environments too hazardous or remote for hu- man beings.

MAVs are expected to serve as an enabling technology for a plethora of civilian and military applications, including homeland security, reconnais- sance, surveillance, tracking of terrorists/suspects, rescue and search, and highway/street patrol. With signal processing techniques (and other out-of- band techniques like visual perception which will not be discussed here), a team of three MAVs can locate the position of a target such as a person’s or a car’s communication interface. Due to the small size of MAVs, the tracking of MAVs is almost unnoticed by the target being tracked (Figure 6.1(b)). The velocity of an MAV is from 10 to 30 miles per hour, which is fast enough to track a human being or an automobile on local roads.

When a mobile ad hoc network is in operation, the mobile sensors car- ried by MAVs can eavesdrop routing messages and data traffic so to trace where a mobile wireless sender node is, infer the motion pattern of the mobile node, or identify a multi-hop path between a pair of nodes [51].

On Performance Cost of On-demand Anonymous Routing Protocols 121

Fig. 6.1(a). Micro Aerial Vehicle (MAV)

122 Kong et al.

6.1.2 On-demand routing

Most routing protocols in ad hoc networks fall into two categories: proac- tive routing and reactive routing (aka., on demand routing) [9]. In proac- tive ad hoc routing protocols like OLSR [1], TBRPF [34] and DSDV [53], mobile nodes constantly exchange routing messages which typically in- clude node identities and their connection status to other nodes (e.g., link state or distance vector), so that every node maintains sufficient and fresh network topological information to allow them to find any intended recipi- ents at any time. On the other hand, on demand routing has become a ma-

In document Concepciones de ambiente de pobladores del municipio de Planadas Tolima victimas del conflicto armado y en situación de posconflicto (página 104-109)