The SECAN-LAB

Interoperability Laboratory for Security in Ad-Hoc Networks

Welcome to the SECAN-Lab of the University of Luxembourg.

In SECAN-Lab, research is targeted (as its name indicates) towards the areas of interoperability and security aspects of spontaneously-created and self-organized wireless networks (MANETs — Mobile Ad-Hoc Networks).

Originally created as a project proposal, SECAN-Lab Project, which was submitted as “Titre I” to the Luxembourg Ministry of Culture, Higher Education and Research (MCESR) as an internal project within the University of Luxembourg in 2003/2004, it today plays the role of an umbrella covering a number of coherent (follow-up) research projects with a number of international partners from academia, industry and government.

SECAN-Lab aims to combine academic research in the area of privacy and identity handling in distributed environments with application areas and reference scenarios exemplified by the different projects in which SECAN-Lab is involved.

There are several reasons why approaches based on the technology of wired networks (LANs) do not apply to interoperability, safety and security discussions in spontaneous scenarios.

As in LANs, one problem lies in the need to transfer data from one participant in the network to another. However, if the destination cannot be addressed directly, other participants have to be asked to forward the data towards the destination. In LANs, these function are fulfilled by special router devices. Because of the spontaneous character of ad hoc networks, where no prediction of the topology is possible, each participant in the network has to fulfil this function.

In LANs, the structure changes only slowly and, since the routers are centrally administered, one can expect that routing is done in a trustworthy manner and that the connectivity to each desired destination can be guaranteed (otherwise alarms will ring and system administrators will have to update the servers). Generally, it is assumed that changes do not degrade functionality. Malicious or unfair routers are nearly impossible, because it is easy to identify them and then to take action against them.

However, this behaviour cannot be expected in wireless ad hoc networks:

Chains of neighbourship relationships from the source to the destination may change from moment to moment.
The neighbour one asks to route may be previously unknown.
It is difficult to exclude routers from the network because it is difficult to definitely identify participants.
It is difficult to determine whether behaviour is unfair, malicious, necessary or innocent because the behaviour may be inevitable as a result of resource limitations of the device or because circumstances have changed in a way that make it no longer possible to fulfil the request.

Generally, one must be aware that participants may act unfairly or maliciously, and that the reasons for such actions are not obvious.

Solutions based upon security mechanisms and encryption (e.g. a Public Key Infrastructure — PKI) are not suitable. The Internet would not have become so successful if each participant first had to register somewhere to obtain unique keys. Besides, one cannot expect an ad hoc network to have a link to such a registry instance (perhaps a Trust Centre inside a LAN). And even if each participant has a unique identifier (e.g. private and public key created by the producers of the device), this does not help to answer the question of whether a neighbour's actions are fair and benevolent. Other mechanisms for obtaining cooperation, such as trust relationships, may be a way forward.

In LANs, one uses IP numbers that are not only a globally unique identifier for each participant in the network, but which also contain hierarchical information that can be used to discover routes. In mobile ad hoc networks it is difficult to find such a globally unique ID that can be used for routing yet still is flexible enough to allow the movement of a participant around the network.

IP always functions in the same manner, whether the network is a small LAN, a MAN or a large WAN: the technology has no practical size limits (apart from the maximum number of hosts and the maximum number of hops between two hosts). Mobile ad hoc networks have bigger problems with scalability. Because each node also may act as a router, the technology used to route information between two devices must either be based on knowledge about network, or on the clever flooding of requests, in order to determine a possible path. It is easy to understand that neither method really works for large networks because this would mean either the transfer of huge volumes network update information so that each node could build its own view of the network; or that the network would be flooded with masses of routing requests.

Having said that, SECAN-Lab targets its research in the field of mobile ad hoc networks in the following areas:

Creating cooperation between devices (0-hop distance, “n”-hop distance) on basis of trust, if security fails
Creating mechanisms for interoperability of one-to-one communications.
Finding strategies to route information through the network, independent of its size (no flooding, no global view of the net).
Finding strategies to route information through the network that are resistant to a certain proportion of malicious and unfair participants, both by ignoring these participants and by utilizing redundancy.
Finding strategies to route information through the network, which still work when the wireless network has one or several links to a wired LAN.
Creating globally unique identifiers which may help to address devices and to find routes.

Besides theoretical analysis and development of solutions, SECAN-Lab also sees its focus as a laboratory for practical experimentation with the newest mobile devices and technologies, especially for securing one-to-one communications within an n-hop distance.