A secure and resistant architecture against attacks for mobile ad hoc networks

In this paper, we propose a new architecture based on an efficient trust model and secure distributed clustering algorithm (SDCA) in order to distribute a certification authority (CA) for ensuring the distribution of certificates in each cluster. We use the combination of a fully self-organized security for trust models like pretty good privacy (PGP) adapted to ad hoc technology and the clustering algorithm which is based on the use of trust and mobility metrics, in order to select the clusterhead and to establish a public key infrastructure (PKI) in each cluster for authentication and exchange of data. Furthermore, we present a new approach: the dynamic demilitarized zone (DDMZ) to protect the CA in each cluster. The principal idea of DDMZ consists in selecting the dispensable nodes, also called registration authorities (RAs); these nodes must be confident and located at one-hope from the CA. Their roles are to receive, filter and treat the requests from any unknown node to the A. With this approach, we can avoid the single point of failure in each cluster. Moreover, we propose a probabilistic model to define the direct connectivity between confident nodes in order to study the resistance degree of the DDMZ against different attacks. In addition, we evaluate the performance of the proposed SDCA and we estimate the robustness and the availability of DDMZ through the simulations. The effects of direct connectivity and transmission range on the stability and security of the network are analyzed. The simulation's results confirm that the proposed architecture is scalable, secure, and more resistant against attacks. Copyright (C) 2009 John Wiley & Sons, Ltd.