Method and system for enforcing security polices in MANETs
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
H04L-029/06
G06F-017/00
G06F-015/16
출원번호
US-0448637
(2006-12-29)
등록번호
US-8370894
(2013-02-05)
국제출원번호
PCT/EP2006/012606
(2006-12-29)
§371/§102 date
20091021
(20091021)
국제공개번호
WO2008/080430
(2008-07-10)
발명자
/ 주소
Costa, Luciana
Freguglia, Giorgio
Frosali, Federico
출원인 / 주소
Telecom Italia S.p.A.
인용정보
피인용 횟수 :
0인용 특허 :
2
초록▼
A method of enforcing security policies in a mobile ad-hoc network, includes: entrusting at least one first network node along a data traffic route from a data traffic origin node to a data traffic destination node, with the enforcing of predefined security policies on the data traffic; and entrusti
A method of enforcing security policies in a mobile ad-hoc network, includes: entrusting at least one first network node along a data traffic route from a data traffic origin node to a data traffic destination node, with the enforcing of predefined security policies on the data traffic; and entrusting at least one second network node, distinct from said first network node, with the control of the enforcement of the security policies by the first network node.
대표청구항▼
1. A method of enforcing security policies in a mobile ad-hoc network, comprising: entrusting at least one first network node, along a data traffic route from a data traffic origin node to a data traffic destination node, with enforcing of predefined security policies on said data traffic;entrusting
1. A method of enforcing security policies in a mobile ad-hoc network, comprising: entrusting at least one first network node, along a data traffic route from a data traffic origin node to a data traffic destination node, with enforcing of predefined security policies on said data traffic;entrusting at least one second network node, distinct from said first network node, with control of the enforcement of the security policies by said first network node; andhaving the at least one second network node control compliance with the predefined security policies of data traffic passing through at least one third network node along said data traffic route. 2. The method of claim 1, wherein said at least one first network node comprises a network node being a direct neighbour of the origin node. 3. The method of claim 2, wherein said at least one first network node further comprises a network node being a direct neighbour of the destination node. 4. The method of claim 1, further comprising: providing at least one central security policies distribution server capable of being configured to distribute the predefined security policies to the network nodes. 5. The method of claim 1, further comprising: having the at least one second network node selecting said at least one third network node among a set of multipoint relay nodes thereof. 6. The method of claim 5, wherein having the at least one second network node selecting the at least one third network node comprises selecting the at least one third network node among two or more respective multipoint relay nodes as either: the multipoint relay node through which a lowest number of nodes distant two hops can be reached; orin case two or more of the multipoint relay nodes of the second network nodes allow reaching a same lowest number of nodes distant two hops, the multipoint relay node that has in turn elected a lowest number of multipoint relay nodes. 7. The method of claim 6, wherein having the at least one second network node selecting the at least one third network node further comprises: in case two or more of the multipoint relay nodes of the second network nodes have elected a same lowest number of multipoint relay nodes, choosing the at least one third network node at random among said two or more of the multipoint relay nodes of the second network node that have elected the lowest number of multipoint relay nodes. 8. The method of claim 1, wherein, in case the at least one second network node is in a loop, selecting the at least one third network node comprises selecting, among the multipoint relay nodes of the second network node, the network node that, starting from the second network node and passing through a node in the loop having lowest network address, allows reaching a first node announced in a multipoint relay selector set in a transmission control protocol message. 9. The method of claim 1, further comprising: in case the second network node detects a security policies violation:having the second network node ascertain whether the third network node is the first network node;if the third network node is the first network node, having the second network node undertake an action directed to at least temporarily exclude the first network node from the network;if the third network node is not the first network node, having the second network node: identify the first network node, andin case said first network node is a direct neighbour of the second network node, undertake an action directed to at least temporarily exclude the first network node from the network;in case said first network node is not a direct neighbour of the second network node, or the first network node cannot be identified, broadcast an alarm message capable of being adapted to inform the other network nodes of the security policies violation. 10. The method according to claim 1, further comprising: having the second network node controlling whether the third network node properly routes data traffic entering thereinto; andin the negative case, having the second network node undertake an action to temporarily exclude the third network node from the network. 11. The method of claim 10, wherein controlling whether the third network node properly routes data traffic entering thereinto comprises: having the second network node ascertain that, for each data packet entering the third network node and destined to a destination network node different from the third node, there is a corresponding data packet exiting the third node. 12. A system for enforcing security policies in a mobile ad-hoc network, comprising: at least one first network node, along a data traffic route from a data traffic origin node to a data traffic destination node, entrusted with enforcing of predefined security policies on data traffic; andat least one second network node, distinct from said first network node, entrusted with control of enforcement of security policies by said first network node, wherein the at least one second network node is configured to control compliance with the predefined security policies of the data traffic passing through at least one third network node along said data traffic route. 13. The system of claim 12, wherein said at least one first network node comprises a network node being a direct neighbour of the origin node. 14. The system of claim 13, wherein said at least one first network node further comprises a network node being a direct neighbour of the destination node. 15. The system of claim 12, further comprising at least one central security policies distribution server capable of being configured to distribute the predefined security policies to the network nodes. 16. The system of claim 12, wherein: the at least one second network node is capable of being adapted to select the at least one third network node among a set of a multipoint relay nodes thereof. 17. The system of claim 16, wherein said at least one second network node is capable of being adapted to select the at least one third network node among two or more respective multipoint relay nodes as either: the multipoint relay node through which a lowest number of nodes distant two hops can be reached; orin case two or more of the multipoint relay nodes of the second network nodes allow reaching a same lowest number of nodes distant two hops, the multipoint relay node that has in turn elected a lowest number of multipoint relay nodes. 18. The system of claim 17, wherein said at least one second network node is capable of being adapted to select the at least one third network node randomly among two or more of the multipoint relay nodes of the second network node that have elected the lowest number of multipoint relay nodes. 19. The system of claim 16, wherein, in case the at least one second network node is in a loop, the second network node is capable of being adapted to select, among the multipoint relay nodes of the second network node, the network node that, starting from the second network node and passing through a node in the loop having lowest network address, allows reaching a first announced node announced in a multipoint relay selector set in a transmission control protocol message. 20. The system of claim 12, wherein: in case the second network node detects a security policies violation, the second network node is capable of being adapted to assess whether the third network node is the first network node, and:in the affirmative case, to undertake an action directed to at least temporarily exclude the first network node from the network;in the negative case:to identify the first network node;in case said first network node is a direct neighbour of the second network node, undertake an action directed to at least temporarily exclude the first network node from the network; andin case said first network node is not a direct neighbour of the second network node, or the first network node cannot be identified, to broadcast an alarm message capable of being adapted to inform the other network nodes of the security policies violation. 21. The system according to claim 12, wherein the second network node is further capable of being adapted to control whether the third network node properly routes data traffic entering thereinto, and, in the negative case, to undertake an action to temporarily exclude the third network node from the network. 22. The system of claim 21, wherein the second network node is capable of being adapted to ascertain that, for each data packet entering the third network node and destined to a destination network node different from the third node, there is a corresponding data packet exiting the third node.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.