Small wireless handheld devices are becoming ubiquitous. Such devices offer new opportunities for forming lightweight collaborative ad hoc groups without the support of a fixed infrastructure. However, wireless communication is inherently more open to eavesdroppers and intruders than strictly wired networks. Currently, there is no means for secure dynamic group association in wireless multicast groups. Moreover, ad hoc network protocols have not addressed security considerations.
Any sufficiently complex computer system has vulnerabilities. Such vulnerabilities can be exploited by attackers who will be able to penetrate the system. Approaches such as secure protocols (SSL or Secure Socket Layer) perform only in the client server model and are not applicable to groups.
One typical approach to security for collaborative groups in networks is to use virtual private networks (VPNs). Such an approach is still difficult to successfully apply to mobile ad hoc networks, as current VPN technology requires fixed infrastructure such as firewalls and gateways.
Fault-tolerant protocols are known for authentication and key distribution but they rely on several authentication servers, some of which may be compromised. (L. Gong. Increasing Availability and Security of an Authentication Service. IEEE Journal on Selected Areas in Communications, 11(5):657-662, June 1993.) Whereas systems are known that may provide an authentication service to establish a secure point-to-point communications between two, the need for a secure service for a group rather than merely a pair remains a pressing problem to be solved.
Systems exist capable of providing secure group communication between distributed computers. These infrastructures provide group membership and multitasked services that support a variety of network level faults including network partitioning. Key agreement or key distribution protocols are implemented on top of these services, and cryptography ensures confidentiality and integrity of group communication. However, existing systems typically provide security against attacks on network traffic but do not provide intrusion tolerance. Moreover, these services have not yet been extended into a wireless network.
What is needed is an architecture that provides secure services in wireless networks. What is also needed is the essence of a VPN in a wireless network. Moreover, such a VPN is needed in mobile ad hoc networks. And such a secure communication system should tolerate some degree of intrusion while maintaining network stability.