Securing Ad Hoc Wireless Networks Against Data Injection Attacks Using Firewalls

The authors propose to secure ad hoc networks against data injection attacks by placing firewall functionality at strategic locations in the ad hoc network. The authors first show that, given the locations of attackers and victims, the problem of placement of firewall functionality at a fixed number of ad hoc nodes while minimizing the impact of the data injection attack is identical to the k-coverage problem, this problem is known to be NP-hard. Then, the authors develop a near-optimal approximate algorithm for placing firewall functions. The authors also incorporate the loss behavior of wireless links in our algorithm. Next, the authors develop an architecture to determine the location of the attackers. Our architecture uses a separate control network (a cellular network in this paper) in conjunction with ad hoc networks to provide a provable attack detection mechanism. The authors evaluate our firewall placement algorithm for various topologies obtained from ns-2 simulations. Our results show that our algorithm can find near-optimal solutions. Based on a simple analysis and measurement results, the authors also find that the overhead of our provable attack detection mechanism is low.