The ultimate goal of the security solutions for mobile ad hoc networks is to provide services for the desired security needs, mainly confidentiality, integrity, availability, authentication and non-repudiation, at the desired security level. In general, the research has noted that traditional security solutions, such as public key infrastructures, or authentication mechanisms, are potential also for ad hoc networks, but in many cases they are not sufficient by themselves.

Technical security metrics can be used to describe, and hence compare, technical objects. This includes algorithms, specifications, architectures and alternative designs, products, and as-implemented systems at different stages of the system lifecycle. Design vulnerabilities can result from an insecure design, whereas implementation vulnerabilities are connected to poor implementation of a product. Thus the former term typically refers to lower technology maturity. Security metrics model consists of three components: the object being measured, the security objectives (i.e. the “measuring rod” the object is being measured against), and the method of measurement. The security objectives typically consist of security requirements, such as specifications or standards, e.g. Common Criteria (CC) [ 2 ] Protection Profiles.

III. BASIS OF SECURITY METRICS FOR MANETS A compositional approach can be used to define security metrics for MANETs, with the following, possibly iterative, steps [ 7 ]: 1. Define security objectives: the security objectives can be defined based on the knowledge of the security environment, assumptions and threats. Among other things, they should determine the required security level; 2. Select component metrics based on the security objectives; 3. Find cross-relationships (dependencies) between the component metrics and possibly re-define component metrics as independently as possible; 4. Compose integrated security level information: the final composition mainly depends on the method of measurement. The composition can be used for both quantitative and qualitative security metrics.

Critical control information distribution in a mobile ad hoc network means the location of the critical control information in that network with respect to time. The following main types of critical control information distribution can be identified: o Trust information (e.g. keys, certicates, signatures), o Routing information, o Mobile entity identity information, and o Packet forwarding information.

Security metrics can be developed from heuristics that compare the actual critical control information distribution to a posteriori knowledge of the most secure distribution of such information. The most secure distribution is the distribution the implements best the security goals. It is possible to develop predictive methods based on a posteriori knowledge.

In mobile ad hoc networks the cryptographic strength has tight cross-relationships with trust management, and often with other critical information management. There are various ways of describing cryptographic algorithm metrics, e.g. [ 4 ]: o Key length metric: the security of a symmetric cryptosystem is a function of the length of the key. However, adding an extra bit does not always exactly double the effort required to break public key algorithms; o Attack steps metric: attack steps is defined as the number of steps required to perform “the best known attack”; o Attack time metric: attack time is defined as the time required to perform the fastest known attack; o Rounds metric: rounds are important to the strength of some ciphers; o Algorithm strength metric: Jorstad and Landgrave [ 4 ] use algorithm strength as a name of a scale developed for expressing the overall measurement of a cryptographic algorithm’s strength.

Generally, the most unexplored and the most critical field in security is the human user behaviour. Human factors have an enormous impact on the global security level of mobile ad hoc networks too.

An important consideration from the human user point of view is user acceptance, or, from a reverse perspective, user resistance to the systems with which they must interact. The user resistance manifests itself in various ways, including improper use of the security mechanisms [ 8 ].

When the technological solutions for routing. mobility and trust management become more mature, the effect of product quality will have more emphasis on the overall security level of mobile ad hoc networks. With mature technology we can investigate implementation vulnerabilities. Product quality metrics can be seen as a general framework for measuring mature solutions.

In our estimation approach the key elements of the architecture are a Measurement Entity (ME) attached to each node, and a Voting Entity (VE). A Countermeasure Entity (CME) is also used for the Intrusion Detection functionality. The estimation is carried out in a mobile ad hoc network by co-operation between MEs and VEs.

A Voting Entity (VE) contains the same functionality as ME. In addition, it has an organizer role in case that that several MEs are going to make decisions concerning the security level and trustworthiness of a node. In an ad hoc network, certain trusted nodes can act as VEs.

A Countermeasure Entity (CME) acts on the results obtained from the voting process. Certain trusted nodes can act as CMEs.

Because critical information is distributed among MEs, VEs, and CMEs, a trust establishment and distribution mechanism is needed to enable the estimation and voting processes.

The basic node-level estimation process is carried out continuously by the ME of the node. The ME uses the data stored in its metrics and reputation repository to estimate the current level of security from its own node point of view.

The critical information is updated in the reputation repositories of the MEs to support their estimation of the security level in the network. A VE can obtain update information from other VEs located in different parts of the network. General-level security updates to the MEs’ metrics repositories can also be delivered using the VEs as a communication link.

At node level, MEs support the decision processes of the node, that use the security level information as an input. For example, the trustworthiness of a service may be assessed using the security level monitoring of ME.

There are a lot of situations where democratic voting can be used to support decisions to be made about the security level. For instance, if an ME detects a node with suspicious activity in the vicinity, voting can be used to justify countermeasures.

An ME can also inform a VE about its own security level estimates of an object. A voting process can be used to compare other MEs’ observations of the same object.

Mobile ad hoc networks are intrinsically resourceconstrained, which makes our approach difficult to implement using the current technology. However, as the required level of security is often higher in cases where there are better memory and computation resources in use, the introduced approach is possible.

The selection of voting entities and countermeasure entities is also a problem in cases where complete selforganization of the network is a goal. Suitable trust establishment procedures are needed to select these trusted entities from a group of nodes. Trust management is also needed to enable the communication between the VEs, MEs and CMEs.

Suitable estimation algorithms should be developed for the metrics framework. This is a challenging task and requires a rigorous analysis of the metrics to be used.

As a long-time goal, general-level statistical knowledge has to be collected on: security algorithms, network products, user behaviour, applications, experiences from virus and worm attacks, etc. – about all critical issues contributing to the overall level of security.