Passive Clustering (PC) is an overhead-free classifying mechanism proposed by the University of California at Los Angeles (UCLA) to improve flooding efficiency in dense ad hoc networks where flooding is a major contributor to the control overhead. PC does not require that all participating network nodes advertise cluster-dependent information. The UCLA PC implementation was not realized because of difficulties in modifying the radio-layer Media Access Control (MAC) protocol to carry the cluster state information. In response to these difficulties, the inventors of the present invention developed a Layer Independent PC (LIPC) scheme that enables the cluster state information to be carried at any protocol layer.
Cluster-Based Key Management (CBKM) and secure routing schemes have been proposed to take advantage of cluster-based wireless ad hoc network infrastructures, and provide secure cluster head election, key management and secure routing. In traditional CBKM schemes, cluster domain members elect a cluster head as the dominant certificate authority (CA) using an election mechanism that takes into account such factors as the number of accusations, the mobile speed, distance between neighboring nodes, and length of time the node is a cluster head. Client nodes query their cluster heads for certificates, and periodically broadcast hello messages containing info nation, e.g., neighbor nodes, adjacent clusters, certificate repositories, etc., to maintain synchronization of cluster membership.
To accomplish secure routing, cluster heads propagate cluster secure route request (CSRREQ) packets from source to destination, and propagate the corresponding cluster secure route reply (CSRREP) packets from destination to source. CSRREQ and CSRREP packets are authenticated at each cluster head in the communication path and protected using a Rivest-Shamir-Aldeman (RSA) algorithm.
The cluster head election algorithm uses an (n,k) threshold cryptography, weight-based scheme to convict malicious nodes and elect stable cluster heads. This scheme is complex and technically difficult to implement in a LIPC environment that does not have extra control packets, unless significant changes are made to the LIPC cluster formation algorithm. No methodology is provided for estimating the level of convicted accusation for each node.
Another approach to CBKM uses host-based (or network-based) intrusion detection and response techniques for wireless ad hoc networks. One technique in this approach proposes a distributed anomaly detection model where trace analysis and anomaly detection is done locally at each node, with possible cooperation among nodes to increase overall effectiveness. This technique provides a generic framework for intrusion detection in wireless ad hoc networks. However, the technique neither specifies a security solution that fits the LIPC structure, nor takes advantage of the overhead reduction mechanisms of LIPC.
Alternatively, a distributed intrusion detection system has been proposed that is based on mobile agent technology. The trust level is dynamically updated using reports from threat detection tools. This mobile agent-based intrusion detection scheme is an effective way to distribute intrusion detection functionality among multiple hosts, but is problematic because mobile agents may be the primary targets of attack.
In another approach, trust models are used to compute and assign a trust level to each ad hoc network node. The trust models require the use of extra control packets (hello messages) to maintain trust tables, and align well with active clustering schemes, but these trust models do not align well with passive clustering schemes.
No security solutions have been developed to protect PC and LIPC cluster formation and to protect PC and LIPC from malicious attacks, such as passive eavesdropping, broadcasting false routing information, and active filtering from adversarial nodes. Such malicious attacks could force illegal node state transitions and compromise secure routing of control packets or user traffic. As discussed above, several schemes have been proposed to secure routing protocols for wireless and mobile ad hoc networks. They however have not been applied to LIPC, and will not work reliably and efficiently for LIPC. This is because, unlike conventional clustering algorithms, LIPC has the following features. LIPC does not need extra control packets, e.g., hello messages with neighbor lists, to form clusters, LIPC does not require an initialization period to enhance flooding efficiencies, and LIPC operates in soft state clustering mode with a timeout feature to preserve freshness of the state of each node.
The security solutions known in the art for protecting wireless and mobile ad hoc networks rely on control packets, an initialization period and/or operation in stateless mode. Proposals for securing cluster-based ad hoc networks focus primarily on conventional active clustering schemes, and so depend strongly on explicit signaling mechanisms to carry protocol-specific control packets. As such, these security solutions rely on some level of feedback from, and coordination among, the different nodes in the network to implement their Intrusion Detection System (IDS).