Secure Enterprise Mobile Ad-hoc Networks

Threat intrusions to enterprise computing systems have led to a formulation of guarded enterprise systems. The approach was to build an impenetrable fortress to prevent hostile entities from entering the enterprise domain. However, this defense and its many reinforcements have repeatedly been found inadequate. The current complexity level has made the fortress approach to security, which is implemented throughout the defense, banking, and other hightrust industries unworkable. An alternative security approach, called Enterprise Level Security (ELS), is the result of a concentrated multi-year program of pilots and research. The primary identity credential for ELS is the Public Key Infrastructure (PKI) certificate, issued to the individual who is provided with a Personal Identity Verification (PIV) card with a hardware chip for storing the private key. All sessions are preceded by a PKI mutual authentication (secondary authentication may be employed when necessary) within Transport Layer Security (TLS) 1.2, and a secure communication pipeline is established. This process was deemed to provide a high enough identity assurance to proceed. However, mobile ad-hoc networking allows entities to dynamically connect and reconfigure connections to make use of available networking resources in a changing environment. These networks range from tiny sensors setting up communications based on a random or unknown configuration to aircraft communicating with each other, the ground, and satellites. Scenarios have differing requirements in terms of setup, reconfiguration, power, speed, and range. This paper presents an adaptation of the ELS principles to the mobile adhoc scenario.