A Distributed Hierarchical Policy Management System for Security Control over Tactical Mobile Ad Hoc Networks

Abstract

Tactical mobile ad hoc wireless networks can provide flexibility, agility, and mobility for dynamic network-centric warfare. They are designed to function without fixed infrastructure support. But, this design makes network security attacks hard to detect and control. For instance, an attacker could compromise one portion of the network by inducing a worm and then move to another portion of the network and replay the attack without being detected. In this paper, we describe a policy management system (PMS) that provides ubiquitous and consistent security policy control despite adverse conditions such as node mobility, node failures, network partitions, a compromise of the routing infrastructure, a high packet loss rate, and ongoing cyber attacks. We give performance results in a 47-node emulated network. Key challenges in tactical networks include a lossy environment with bit error rates as high as 0.001 and bandwidth as low as 500Kbits/s. TCP backs off in the face of packet loss and hence behaves poorly in such networks. Tactical network are also subject to cyber attacks that have the potential even to compromise the routing infrastructure. Our PMS architecture mitigates these issues by using a transport protocol that has two components, one oriented toward normal operation when the routing infrastructure is functioning and one oriented toward limited, but robust, operation even when the routing infrastructure has been compromised. In normal operation we use a reliable UDP protocol (RUDP) and in times of compromise we use a flooding protocol.