Tamper-resistant communication layer for attack mitigation and reliable intrusion detection
First Claim
1. A system for tamper-resistant communication in a network node, comprising:
- a log capture system residing in a tamper-resistant communication layer storing message statistics and message data including node communication activity data with other nodes in a network passing through the tamper-resistant communication layer in a data memory device disposed between a network layer and a link layer of a network protocol stack;
a log query system residing in the tamper-resistant communication layer, and electronically requesting node communication activity data from the log capture system, the log query system determines whether a query by other node in the network is related to the node communication activity data stored in the log capture system;
a log reply system residing in the tamper-resistant communication layer, and electronically transmitting node communication activity data in response to a query by the log query system, the log reply system determines whether transmission of the node communication activity data is responsive to the query;
a multi-hop forwarding system residing in the tamper-resistant communication layer, and detecting whether the message data has been dropped by one or more intermediate nodes in the network; and
a route error management system residing in the tamper-resistant communication layer, and analyzing a route error message generated by a routing protocol, and forwarding the route error message to one or more nodes in the network.
3 Assignments
0 Petitions
Accused Products
Abstract
A Tamper-Resistant Communication layer (TRC) adapted to mitigate ad hoc network attacks launched by malicious nodes is presented. One embodiment of the invention utilizes TRC, which is a lean communication layer placed between a network layer and the link layer of a network protocol stack. All aspects of the network protocol stack, with the exception of the routing protocol and data packet forwarding mechanism in the network layer, are unchanged. TRC takes charge of certain key functions of a routing protocol in order to minimize network attacks. Additionally, TRC implements highly accurate self-monitoring and reporting functionality that can be used by nodes in the network to detect compromised nodes. TRC of a node controls its ability to communicate with other nodes by providing non-repudiation of communications. The tamper-resistant nature of TRC provides high assurance that it cannot be bypassed or compromised.
-
Citations
7 Claims
-
1. A system for tamper-resistant communication in a network node, comprising:
-
a log capture system residing in a tamper-resistant communication layer storing message statistics and message data including node communication activity data with other nodes in a network passing through the tamper-resistant communication layer in a data memory device disposed between a network layer and a link layer of a network protocol stack; a log query system residing in the tamper-resistant communication layer, and electronically requesting node communication activity data from the log capture system, the log query system determines whether a query by other node in the network is related to the node communication activity data stored in the log capture system; a log reply system residing in the tamper-resistant communication layer, and electronically transmitting node communication activity data in response to a query by the log query system, the log reply system determines whether transmission of the node communication activity data is responsive to the query; a multi-hop forwarding system residing in the tamper-resistant communication layer, and detecting whether the message data has been dropped by one or more intermediate nodes in the network; and a route error management system residing in the tamper-resistant communication layer, and analyzing a route error message generated by a routing protocol, and forwarding the route error message to one or more nodes in the network. - View Dependent Claims (2)
-
-
3. A method for eliminating bogus messages between nodes in an ad hoc wireless network, comprising:
-
electronically preventing the generation of bogus route maintenance messages with a tamper-resistant communication layer; querying a log capture system residing in the tamper-resistant communication layer and determining whether a route maintenance message is related to route maintenance messages stored in the log capture system; forwarding by the tamper-resistant communication layer the route maintenance message to the appropriate node in the network after determining by the tamper-resistant communication layer whether forwarding of the route maintenance message is responsive to the query; ensuring hop-by-hop authentication of the route maintenance message; and
ensuring multi-hop forwarding of the route maintenance message;wherein the hop-by-hop authentication and the multi-hop forwarding are performed by the tamper-resistant communication layer without the intervention of a routing protocol.
-
-
4. A system for tamper-resistant communication in a node in an ad hoc network, comprising:
-
means for storing message data residing in a tamper-resistant communication layer including node communication activity data with other nodes in the ad hoc network passing through the tamper-resistant communication layer disposed between a network layer and a link layer of a network protocol stack; means for query residing in the tamper-resistant communication layer for requesting node communication activity data from the means for storing message data, the means for query determines whether a query by other node in the network, for the message data is related to the node communication activity data stored in the means for storing message data; means for reply residing in the tamper-resistant communication layer for determining whether transmission of the node communication activity data is responsive to the query, the means for reply electronically transmitting the node communication activity data in response to the query; means residing in the tamper-resistant communication layer for detecting whether the message data has been dropped by one or more intermediate nodes in the network; and means residing in the tamper-resistant communication layer for analyzing a route error message generated by a routing protocol, and forwarding the route error message to one or more nodes in the network. - View Dependent Claims (5, 6, 7)
-
Specification