Skip to main content
SpringerLink
Log in

Modeling and analysis of intrusion detection integrated with batch rekeying for dynamic group communication systems in mobile ad hoc networks

  • Published:
Wireless Networks Aims and scope Submit manuscript

Abstract

We investigate performance characteristics of secure group communication systems (GCSs) in mobile ad hoc networks that employ intrusion detection techniques for dealing with insider attacks tightly coupled with rekeying techniques for dealing with outsider attacks. The objective is to identify optimal settings including the best intrusion detection interval and the best batch rekey interval under which the system lifetime (mean time to security failure) is maximized while satisfying performance requirements. We develop a mathematical model based on stochastic Petri net to analyze tradeoffs between security and performance properties, when given a set of parameter values characterizing operational and environmental conditions of a GCS instrumented with intrusion detection tightly coupled with batch rekeying. We compare our design with a baseline system using intrusion detection integrated with individual rekeying to demonstrate the effectiveness.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Fig. 1
Fig. 2
Fig. 3
Fig. 4
Fig. 5
Fig. 6
Fig. 7
Fig. 8
Fig. 9
Fig. 10
Fig. 11
Fig. 12
Fig. 13
Fig. 14

Similar content being viewed by others

References

  1. Bianchi, G. (2003). Performance analysis of the IEEE 802.11 distributed coordination function. IEEE Journal on Selected Areas in Communications, 18(3), 535–547.

    Article  MathSciNet  Google Scholar 

  2. Brutch, P., & Ko, C. (2003). Challenges in intrusion detection for wireless ad-hoc networks. Proceedings of Symposium on Applications and the Internet Workshops (pp. 368–373), 27–31 Jan 2003.

  3. Cabrera, J. B. D., Gutierrez, C., & Mehra, R. K. (2005). Infrastructures and algorithms for distributed anomaly-based intrusion detection in mobile ad-hoc networks. IEEE Military Communications Conference (Vol. 3, pp. 1831–1837). MILCOM 2005, 17–20 Oct 2005.

  4. Carvalho, M. M., & Garcia-Luna-Aceves, J. J. (2003). Delay analysis of IEEE 802.11 in single-hop networks. Proceedings of 11th IEEE International Conference on Network Protocols (pp. 146–155), 4–7 Nov 2003.

  5. Chan, H., Gligor, V. D., Perrig, A., & Muralidharan, G. (2005). On the distribution and revocation of cryptographic keys in sensor networks. IEEE Trans on Dependable and Secure Computing, 2(3), 233–247.

    Article  Google Scholar 

  6. Cho, J. H., & Chen, I. R. (2005). On design tradeoffs between security and performance in wireless group communicating systems. IEEE 1st Workshop on Secure Network Protocols (NPSec) (pp. 13–18). Boston, Nov 2005.

  7. Cho, J. H., Chen, I. R., & Eltoweissy, M. (2008). On optimal batch rekeying for secure group communications in wireless networks. Wireless Networks (ACM/Springer), 14(6), 915–927.

    Article  Google Scholar 

  8. Cho, J. H., Chen, I. R., & Feng, P. G. (2008). Performance analysis of dynamic group communication systems with intrusion detection integrated with batch rekeying in mobile ad hoc networks. Proceedings of 22nd International Conference on Advanced Information Networking and Applications-Workshop(AINAW2008) (pp. 644–649). GinoWan, Okinawa, Japan, 25–28 Mar 2008.

  9. Cho, J. H., Chen, I. R., & Wang, D. C. (2008). Performance optimization of region-based group key management in mobile ad hoc networks. Performance Evaluation (Elsevier), 65(5), 319–344.

    Article  Google Scholar 

  10. Debar, H., & Wespi, A. (2001). Aggregation and correlation of intrusion-detection alerts. Proceedings of 4th International Symposium on Recent Advances in Intrusion Detection (pp. 85–103), 10–12 Oct 2001.

  11. Gärtner, F. C. (2003). Byzantine failures and security: Arbitrary is not (always) random. Technical Report IC/2003/20, EPFL, Apr 2003.

  12. Hardjono, T., Cain, B., & Monga, I. (1998). Intra-domain group key management protocol. Internet Draft, Feb 1998.

  13. Huang, Y., & Lee, W. (2003). A cooperative intrusion detection system for ad hoc networks. Proceedings of 1st ACM Workshop on Security of Ad-hoc and Sensor Networks (pp. 135–147). Fairfax, VA.

  14. Inkinen, K. (2004). New secure routing in ad hoc networks: Study and evaluation of proposed schemes. Seminar on Internetworking. Sjökulla, Finland.

  15. Kachirski, O., & Guha, R. (2002). Intrusion detection using mobile agents in wireless ad hoc networks. Proceedings of IEEE Workshop on Knowledge Media Networking (pp. 153–158), 10–12 July 2002.

  16. Karygiannis, T., & Owens, L. (2002). Wireless network security: 802.11, bluetooth and handheld devices. Retrieved 2002, from NIST, http://www.windowsecurity.com/articles/intrusion_detection/. Accessed Nov 2007.

  17. Kazienko, P., & Dorosz, P. (2004). Intrusion detection systems (IDS) Part I, II: Network intrusions, attack symptoms, IDS tasks, and IDS architecture, 2004.

  18. Kim, Y., Perrig, A., & Tsudik, G. (2000). Simple and fault-tolerant key agreement for dynamic collaborative groups. 7th ACM Conference on Computer and Communications Security (pp. 235–244). Athens, Greece, Nov 2000.

  19. Kong, J., Zerfos, P., Luo, H., Lu, S., & Zhang, L. (2001). Providing robust and ubiquitous security support for mobile ad hoc networks. IEEE 9th International Conference on Network Protocols (ICNP’01) (pp. 251–260), 11–14 Nov 2001.

  20. Lang, R., & Deng, Z. (2008). Data distribution algorithm using time based weighted distributed hash tables. Proceedings of 7 th International Conference on Grid and Cooperative Computing (pp. 210–213), 24–26 Oct 2008.

  21. Lee, P. P. C., Lui, J. C. S., & Yau, D. K. Y. (2006). Distributed collaborative key agreement and authentication protocols for dynamic peer groups. IEEE/ACM Trans on Networking, 14(2), 263–276.

    Article  Google Scholar 

  22. Li, X., Yang, Y. R., Gouda, M. G., & Lam, S. S. (2001). Batch rekeying for secure group communications. Proceedings of 10th International Conference on World Wide Web (pp. 525–534). Hong Kong, July 2001.

  23. Marti, S., Giuli, T., Lai, K., & Baker, M. (2000). Mitigating routing misbehavior in mobile ad hoc networks. Proceedings of 6th Annual ACM/IEEE Mobile Computing and Networking (pp. 255–265). Boston, MA, Aug 2000.

  24. Mishra, A., Nadkarni, K., & Patcha, A. (2004). Intrusion detection in wireless ad-hoc networks. IEEE Wireless Communications, 11(1), 48–60.

    Article  Google Scholar 

  25. Setia, S., Koussih, S., Jajodia, S., & Harder, E. (2000). Kronos: A scalable group rekeying approach for secure multicast. IEEE Symposium on Security and Privacy (pp. 215–228). Oakland, CA, May 2000.

  26. Steiner, M., Tsudik, G., & Waidner, M. (1996). Diffie-Hellman key distribution extended to group communication. Proceedings of 3rd ACM Conference on Computer and Communications Security (pp. 31–37). New Delhi, India, Jan 1996.

  27. Steiner, M., Tsudik, G., & Waidner, M. (2000). Key agreement in dynamic peer groups. IEEE Transactions on Parallel and Distributed Systems, 11(8), 769–980.

    Article  Google Scholar 

  28. Sterne, D., Balasubramanyam, P., Carman, D., Wilson, B., Talpade, R., & Ko, C., et al. (2005). A general cooperative intrusion detection architecture for MANETs. Proceedings of 3rd IEEE International Workshop on Information Assurance (pp. 57–70) 23–24 Mar 2005.

  29. Sun, B., Wu, K., & Pooch, U. W. (2003). Alert aggregation in mobile ad hoc networks. Proceedings of 2003 ACM Workshop on Wireless Security (pp. 69–78). ACM Press, San Diego, Sep 2003.

  30. Sun, B., Wu, K., & Pooch, U. W. (2003). Routing anomaly detection in mobile ad-hoc networks. Proceedings of IEEE 12th International Conference on Computer Communications and Networks (pp. 25–31). ICCCN, Oct 2003.

  31. Wong, C. K., Gouda, M., & Lam, S. S. (2000). Secure group communications using key graphs. IEEE/ACM Transactions on Networking, 8(1), 16–30.

    Article  Google Scholar 

  32. Wu, B., Wu, J., & Dong, Y. (2009). An efficient group key management scheme for mobile ad hoc networks. International Journal of Security and Networks, 4(1), 125–134.

    Article  Google Scholar 

  33. Yang, Y. R., Li, X., Zhang, X., & Lam, S. S. (2001). Reliable group rekeying: A performance analysis (pp. 27–38). San Diego CA: ACM SIGCOMM 2001.

  34. Zhang, H., Goel, A., & Govindan, R. (2005). Improving lookup latency in distributed hash table systems using random sampling. IEEE/ACM Transactions on Networking, 13(5), 1121–1134.

    Article  Google Scholar 

  35. Zhang, Y., Lee, W., & Huang, Y. A. (2003). Intrusion detection techniques for mobile wireless networks. Wireless Networks (ACM/Springer), 9(5), 545–556.

    Article  Google Scholar 

  36. Zhu, B., Bao, F., Deng, R. H., Kankanhalli, M. S., & Wang, G. (2005). Efficient and robust key management for large mobile ad-hoc networks. Computer Networks, 48(4), 657–682.

    Article  MATH  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. Computational and Information Sciences Directorate, U.S. Army Research Laboratory, Adelphi, MD, USA

    Jin-Hee Cho

  2. Department of Computer Science, Virginia Tech, Blacksburg, VA, USA

    Ing-Ray Chen

Authors
  1. Jin-Hee Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ing-Ray Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Ing-Ray Chen.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Cho, JH., Chen, IR. Modeling and analysis of intrusion detection integrated with batch rekeying for dynamic group communication systems in mobile ad hoc networks. Wireless Netw 16, 1157–1173 (2010). https://doi.org/10.1007/s11276-009-0194-x

Download citation

  • Received:

  • Accepted:

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s11276-009-0194-x

Keywords

Search

Navigation