Abstract

This paper investigates the architecture of the mobile ad-hoc network security (MANS), a novel system that provides security to mobile ad-hoc networks (MANETs). MANET nodes operate in a decentralized "trust no peer" mode that complicates and inhibits security services, thus creating a formidable security challenge. Here the design of MANS is presented and its performance is investigated. MANS is based on a "neighborhood watch" concept. This approach builds a fully decentralized scalable security policy that is law-governed globally using only local actions. MANS formally prescribes a local collaborative group function by defining neighborhoods, their states and neighborhood-wide majority voting decisions. It utilizes these concepts in developing the security recovery policy, including specification, implementation, and enforcement. MANS has been tested successfully with simulation experiments; the results presented here cover the case of an attacked but honest node as well as that of a compromised dishonest node. In both cases, it is shown that MANS identifies the attacked and/or compromised node, requiring only a modest size neighborhood to accomplish it. Then, MANS acts to isolate the node and thus avoid or minimize any adverse impact of its compromise.