The flexibility and mobility of Mobile Ad hoc Networks (MANETs) have made them increasing popular in a wide range of use cases. To protect these networks, security protocols have been developed to protect routing and application data. However, these protocols only protect routes or communication, not both. Both secure routing and communication security protocols must be implemented to provide full protection. The use of communication security protocols originally developed for wireline and WiFi networks can also place a heavy burden on the limited network resources of a MANET. To address these issues, a novel secure framework (SUPERMAN) is proposed. The framework is designed to allow existing network and routing protocols to perform their functions, whilst providing node authentication, access control, and communication security mechanisms. This paper presents a novel security framework for MANETs, SUPERMAN. Simulation results comparing SUPERMAN with IPsec, SAODV and SOLSR are provided to demonstrate the proposed frameworks suitability for wireless communication security. http://ieeexplore.ieee.org/document/7809102/?reload=true
This solution consists of two parts:
* SUPERMAN Linux Kernel Module
* SUPERMAN Linux Daemon
superman v1.0
Kernel Module
The kernel module provides the network layer packet processing required by SUPERMAN.
--------------------------------------------------
Transport Layer
--------------------------------------------------
| Network Layer ^
v |
LOCAL OUT LOCAL IN
| ^
v |
--------------- |
| ROUTING | |
--------------- |
| ---------------
|<--------FORWARD<-----| ROUTING |
| ---------------
| ^
v |
POST ROUTING PRE ROUTING
| ^
v |
--------------------------------------------------
Data Link Layer
--------------------------------------------------As packets pass through local in and local out, SUPERMAN applies end-to-end encryption/decryption to the packet to secure it’s contents. As packets pass through Post Routing and Pre Routing, SUPERMAN applies point-to-point HMAC tagging and verification.
In addition, the kernel module provides packet generation for the specialist SUPERMAN packet types and injects them into the appropriate parts of the network stack.
The following guide has been tested and works with (although may not be limited to) the following:
– Ubuntu x64 16.04 – desktop prefered although tested with server using SSH X tunnelling (ssh -X).
– Debian Jessie kernel 4.7.0-0.bpo.1-686-pae
– Kernel version 4.4.
– Running as a regular user who has sudo permissions.
Usage:
git clone https://bitbucket.org/wj88/superman && cd superman make To build the APT package: ./build-aptpkg.sh The output is superman_1.0_all.deb which can then be copied over to the target nodes and install using: sudo dpkg -i superman_1.0_all.deb If this fails with a message about the package depending on something that isn't installed, you can fix it with: sudo apt-get -fy install
To create a CA certificate (which only needs to be done once), typically with the CA’s /etc/superman/ directory:
# Make sure the /etc/superman directory exists mkdir -p /etc/superman # Create a CA private root key openssl genrsa -out /etc/superman/ca_privatekey.pem 2048 # Create a CA certificate openssl req -x509 -new -nodes -subj "/C=UK/ST=London/L=Greenwich/O=University of Greenwich/OU=Faculty of Engineering and Science/CN=fes.gre.ac.uk" -key /etc/superman/ca_privatekey.pem -days 1024 -out /etc/superman/ca_certificate.pem # Generate DH parameters (1024 bits long safe prime, generator 2): openssl dhparam -out /etc/superman/dh_params.pem 1024 # # Now copy the following to each node: # dh_params.pem # ca_certificate.pem #
Source: https://bitbucket.org/wj88