The cost implications of dedicated feeds means that many networks operating within a coalition environment use the public Internet to connect with one another, leaving them open to a variety of threats. Examples include the international cooperation of law-enforcement agencies, business alliances or military coalitions (eg NATO, SFOR, KFOR) where the common utilization of IT resources is essential but at the same time leaves them exposed to high risks.

Structure of an Intrusion-Warning-System (IWS) in Multi-Domain Environments

It is easy to see how security-related activities can be detected rapidly if it is possible to access a greater amount of attack-related incident reports from a wide range of sources. A well-known example would be Internet worms such as the virulent “MSBlaster” worm in the summer of 2003, which was able to infect thousands of servers and desktop PCs because a network service vulnerability had not been fixed. The merging of different information sources becomes more relevant as a means of detecting coordinated attacks against a large number of targeted systems when a common strategy lies behind all activities.

A key objective of security experts is to merge all attack-focused information in order to obtain more data for their analysis tools. A multi-domain IWS (Intrusion Warning System) developed as part of the research project collects and evaluates information from the security processes within the participating IT systems so that a warning report, with corresponding supplementary information, can be circulated to all domains preventing any potential damage.

MITE – MANET Intrusion Detection for Tactical Environments

NetOpFü, known by NATO as Network Enabled Capabilities (NEC), plays a key role in many areas of the armed forces’ electronic infrastructure. Wireless networks in operational areas are particularly in need of protection because important sensor data must be identified and forwarded. Network structures are vulnerable to a variety of threats and require a range of approaches to protection including preventive, detection-oriented, pro-active and reactive. Because the protection of the networks is so important it makes sense to transfer the “Intrusion Detection” and “Intrusion Response” features to wireless tactical networks and to expand elements that are specific to the operational sector.

Ad hoc networks (MANETs – Mobile ad hoc networks) are particularly important in this context because they can be operated dynamically and without the need for fixed infrastructure. The defining characteristics of a military operational area differ greatly from typical civilian scenarios (such as conferences, disaster relief and other benign collaborative environments).

Operational scenario for tactical MANETs

A logical extension which developed out of the findings of our “Intrusion Security” research is a new project looking into “Intrusion Detection” and “Intrusion Response” systems for tactical MANETs, from now on referred to as “MITE” (MANET Intrusion Detection for Tactical Environments). The research activities are working primarily towards ISO/ Level 3 and upwards.

The initial phase of the project is concerned with investigating a variety of operational scenarios in which tactical MANETs could be used. One of the scenarios will then be selected for further development, the choice being based on its practical relevance and its ability to be demonstrated. Potential attacks on this scenario will then be identified, analyzed and evaluated. Finally, concepts will be developed for detecting subsets within the threats that emerge as the most dangerous. These will be developed further at the implementation stage and incorporated into a working prototype.

As in the past, these projects will be carried out in close collaboration with subcontractors who have specific expertise in these areas. Subcontractors include the of , the Institut für Informatik IV (), the Fachhochschule Koblenz (university of applied sciences), Fachbereich Elektrotechnik/Informationstechnik (Department of Electrical Engineering/Information Technology), and the Fraunhofer Institut Graphische Datenverarbeitung (Fraunhofer Institute for Computer Graphics), Fachbereich Sicherheitstechnologien (Department of Security Technologies).