Leveraging Social Networks for Key Distribution to Secure Communication in Tactical Military Networks Ahmed Bahjat Guohong Cao Thomas F. La Porta Penn State University University Park, PA {bhajat, gcao, tlp}@cse.psu.edu Bhaskar Krishnamachari University of Southern California Los Angeles, CA bkrishna@usc.edu Abstract— Cooperative caching in MANETS and forwarding data items through mobile nodes in Delay Tolerant Networks are two important methods for improving performance and providing connectivity in mobile tactical networks. In this paper we present the challenges of securing cooperative caching the DTN systems. Our security solution is based on MML-IPSec. The main challenge of this system is key distribution and its impact on performance. We propose leveraging military structure, knowledge of missions, and the roles of personnel to enable secure systems to maintain high performance. Keywords-caching, DTN, IPSec, key distribution I. INTRODUCTION Mobile Ad Hoc Networks (MANETs) are an important substrate for the exchange of information in military environments. MANETs facilitate local communication amongst soldiers and sharing of information retrieved over backhaul wireless links from central sites, such as command centers. Communication between groups of soldiers, or between deployed soldiers and a command center may also be assisted by a special type of MANET called a Delay Tolerant Network (DTN). DTNs make use of moving nodes, vehicles or soldiers, to physically carry information in situations when wireless communications links are unavailable. The performance of MANETs is limited by the capacity and characteristics of wireless communications links. The performance of DTNs is limited by the ability to correctly select nodes to carry information between groups based on the mobility characteristics of the nodes. When a node in a MANET requests information from a command center, its request is forwarded through peer nodes in the MANET, to a wireless backhaul that provides connectivity to a command center. This request may incur large delays as it traverses the wireless multi-hop MANET, and may cause congestion on the wireless backhaul link. To reduce these performance bottlenecks, in prior work, we introduced the notion of cooperative caching [1][2]. In one version of cooperative caching, nodes within a MANET that have received information, or assisted in retrieving information, store a copy. If further requests to retrieve the same piece of information are routed through a node with a stored local copy, this node may respond to the request directly, thus eliminating the need to send the request all the way to the command center. This reduces the latency of the request and alleviates congestion on the backhaul link. A similar process is used in DTNs. When a node has data to forward to a destination, if the node is in a disconnected network partition, it will place a replica of the data in a set of mobile nodes that may travel towards the destination node to deliver the data. We have previously developed algorithms for selecting the best set of nodes in which to place the replica in vehicular networks which are a special case of DTN [3]. Both cooperative caching in MANETS and placing replicas for delivery in DTNs is an inherently insecure operation. All nodes assisting in the delivery and retrieval of data can see the destination, information requested, and information itself. Providing security for these systems is challenging because participating nodes must be able to determine what information to store. In this paper we propose to use a variant of Mobile Multi- layered IPSec (MML-IPSec) [4][5] to secure tactical MANETs and DTNs. With MML-IPSec packets may be divided into a control zone, which contains the destination addresses and a reference to the data, and a payload zone which carries the data item. Each zone may be encrypted or signed with a different key. We propose a hierarchy of keys be judiciously deployed in nodes that require specific information for a mission. Control zone keys are more widely deployed so that more nodes may assist in the delivery of information. However, because information, such as communicating parties, may be leaked with just the control zone key, even this key should have limited deployment. We show that if keys are not deployed with care, the performance benefits of cooperative caching are largely lost, and that the performance of DTNs seriously degrades. However, if keys are intelligently deployed using information about the “social network” of the soldiers based on knowledge of their missions, secure data transfer may be achieved while maintaining the performance benefits of cooperative caching in MANETs and sophisticated DTN algorithms. The remainder of the paper is organized as follows. In Section II we provide a background on cooperative caching and DTN networks; in Section III we present our solution for The 2010 Military Communications Conference - Unclassified Program - Cyber Security and Network Management 978-1-4244-8179-8/10/$26.00 ©2010 IEEE 1635