Security Using Pre-Existing Routing for Mobile Ad hoc Networks: SUPERMAN
https://www.ispeech.org/text.to.speech
The flexibility and mobility of Mobile Ad hoc Networks (MANETs) have made them increasing popular in a wide range of use cases. To protect these networks, security protocols have been developed to protect routing and application data. However, these protocols only protect routes or communication, not both. Both secure routing and communication security protocols must be implemented to provide full protection. The use of communication security protocols originally developed for wireline and WiFi networks can also place a heavy burden on the limited network resources of a MANET. To address these issues, a novel secure framework (SUPERMAN) is proposed. The framework is designed to allow existing network and routing protocols to perform their functions, whilst providing node authentication, access control, and communication security mechanisms. This paper presents a novel security framework for MANETs, SUPERMAN. Simulation results comparing SUPERMAN with IPsec, SAODV and SOLSR are provided to demonstrate the proposed frameworks suitability for wireless communication security.
This solution consists of two parts:
- SUPERMAN Linux Kernel Module
- SUPERMAN Linux Daemon
Kernel Module
The kernel module provides the network layer packet processing required by SUPERMAN.
--------------------------------------------------
Transport Layer
--------------------------------------------------
| Network Layer ^
v |
LOCAL OUT LOCAL IN
| ^
v |
--------------- |
| ROUTING | |
--------------- |
| ---------------
|<--------FORWARD<-----| ROUTING |
| ---------------
| ^
v |
POST ROUTING PRE ROUTING
| ^
v |
--------------------------------------------------
Data Link Layer
--------------------------------------------------
As packets pass through local in and local out, SUPERMAN applies end-to-end encryption/decryption to the packet to secure it’s contents. As packets pass through Post Routing and Pre Routing, SUPERMAN applies point-to-point HMAC tagging and verification.
In addition, the kernel module provides packet generation for the specialist SUPERMAN packet types and injects them into the appropriate parts of the network stack.
When loaded, the kernel module provides a number of proc filesystem entries.
cat /proc/superman/version # Display the SUPERMAN kernel version cat /proc/superman/security_table # Summary of the data stored in the security table cat /proc/superman/interfaces_table # Summary of the interfaces and whether SUPERMAN is applied cat /proc/superman/queue_info # Summary of the state of the packet queue_info
The SUPERMAN kernel module is unable to operate on it’s own as it uses public key certificates and Diffie-Hellman which, by way of it’s implementation, requiring userland libraries and, in turn, the SUPERMAN daemon.
Daemon
The daemon provides support to the kernel module as well as an element of control over how the kernel module works.
The daemon communicates with the kernel module through a generic netlink interface an is therefore dependant on libnl-genl-3.0. It also requires a minimum OpenSSL version of 1.0.2d (this is when the ability to include a Diffie-Hellman key share within the certificate was introduced).
[adsense size='1']
Trying SUPERMAN
You have a number of options for trying out SUPERMAN. You can use the test environment provided which emulates nodes using virtual machines to demonstrate how SUPERMAN works. Alternatively you can install SUPERMAN to a set of real devices in a live environment to try it out.
The following guide has been tested and works with (although may not be limited to) the following:
- Ubuntu x64 16.04 – desktop prefered although tested with server using SSH X tunnelling (ssh -X).
- Kernel version 4.4.
- Running as a regular user who has sudo permissions.
Clone the repository and change into the repos directory:
git clone https://bitbucket.org/wj88/superman.git cd superman
https://bitbucket.org/wj88/superman
Gloss