减少MANET网络密钥管理自我恢复过程数据包规模方法研究

针对MANET网络动态拓扑和节点处理能力弱等情况,提出了适合MANET网络环境并具有自我恢复功能的密钥管理方法,该方法有效降低系统通信负荷,并可降低数据包的规模,这对通信信道非常有限的MANET网络非常有用;同时对该方法的系统安全性给出了分析和证明,说明了该方法对MANET网络密钥管理的适用性。     

一种基于身份标识的MANET组密钥协商协议

组密钥是安全组通信中实现信息机密性和完整性的关键.适应于MANET有限的计算、通信资源,MANET组密钥管理协议应具有较少的计算量,较低的运算强度.分析了MANET组密钥管理方案所应具备的性质;结合固定网络环境下具有最小通信量的组密钥协商协议STR协议及基于身份标识的公钥密码技术,提出了一个基于身份标识的贡献式MANET组密钥协商管理协议CEAGKP,具有较小的通信量、较强的安全性与可扩展性,能够很好地适应MANET环境的要求.仿真结果证明了CEAGKP具有较好的伸缩性.     

移动Ad Hoc网络的密钥管理机制

移动 Ad　Hoc 网络(MANET)是一种具有全新概念的无线网络,不依赖于任何固定的物理基础设施和集中式的组织管理机构,通过无线链路实现移动节点之间的通信。然而,Ad　Hoc 网络的固有特性使其更易遭受各种安全威胁,因此实用有效的密钥管理机制是保障网络安全的一个关键。本文提出了几种信任模型,结合这些模型对现有的密钥管理方案进行了分析讨论,指出了其中存在的问题,并就今后的研究方向给出一些看法。     

基于二叉树和自组织思想的密钥管理技术在MANET中的应用

提出了基于二叉树和自组织公钥体制的密钥管理方案在MANET中的应用;给出了子图选择和最佳路径选择算法,根据最佳路径算法提出了星形最佳路径选择算法,在没有中心控制节点控制下实现安全密钥交换;仿真结果证明,该方案具有比较灵活的扩展性和更高的性能。     

基于MANET接入Internet的动态 网关布局与选取规划模型

 本文以实现MANET接入Internet为应用背景,考虑到动态网关在整个网络接入过程中的重要作用,提出了一种新的适用于MANET接入Internet的动态网关的布局与选取的三层规划模型.该模型通过引入具有协调控制功能的节点(即决策节点)来对接入网络中的网关和路径的使用情况进行调控,通过上下层的交互决策协调网络整体利益和节点局部利益之间的关系,并以此作为配置网关的依据,从而优化网关布局.仿真结果表明,引入该模型后网络的延迟、开销以及吞吐率等性能指标得到了改善,验证了该模型的有效性.     

基于车队行进场景的MANET移动模型研究

针对特定场景研究移动Ad Hoc网络(MANET)是当前研究的重点,而移动模型是研究MANET的基础,因此如何选择或建立更贴近实际应用场景的移动模型成为了研究MANET的关键环节。通过对现有典型移动模型的研究和分析,提出了一种模拟车队行进场景的移动模型,并利用NS2软件在此移动模型基础上对MANET性能进行仿真与分析,仿真结果表明,与传统的移动模型相比,该模型能更好地贴近车队行进场景。     

WSN中同构模型下动态组密钥管理方案

研究了同构网络模型的组密钥管理问题,首次给出了一个明确的、更完整的动态组密钥管理模型,并提出了一种基于多个对称多项式的动态组密钥管理方案。该方案能够为任意多于2个且不大于节点总数的节点组成的动态多播组提供密钥管理功能,解决了多播组建立、节点加入、退出等所引发的与组密钥相关的问题。该方案支持节点移动,具有可扩展性,并很好地解决了密钥更新过程中多播通信的不可靠性。组成员节点通过计算获得组密钥,只需要少量的无线通信开销,大大降低了协商组密钥的代价。分析比较认为,方案在存储、计算和通信开销方面具有很好的性能,更适用于资源受限的无线传感器网络。     

基于稳定闭域的异构无线网络混合路由策略

分析了异构的网络模型,并提出了一种基于MANET稳定闭域的混合路由策略,使得基于该路由策略设计的路由协议能够实时地根据本地拓扑状态进行转换,在稳定闭域内使用AODV提高路由转发的效率。当数据分组转发到闭域边界后,将转换为改进的Prophet路由继续在非连通区域内寻路,以充分利用MANET与DTN路由的优势。仿真实验证明了该路由策略的可行性,通过比较多种路由算法验证了在特定的异构网络环境下该路由策略的高效性。     

基于双向散列链具有撤销能力的自愈组密钥分发机制

提出了一种MANET中基于双向散列链具有撤销能力的自愈组密钥分发机制.通过建立会话密钥之间的冗余关联,实现了在不增加管理节点负担的情况下,合法节点利用当前广播信息和自身秘密信息自主恢复由于网络原因遗失会话的组密钥.利用撤销多项式管理者实现了对节点的撤销能力,此外赋予节点与其生命期相对应的秘密掩码值集合.安全分析和效率分析表明在保证安全属性的前提下,降低了通信开销和存储开销.     

一种新的移动Ad Hoc网络门限式密钥共享认证方案

门限式密钥共享认证已成为目前MANET的分布式认证技术的热点所在。深入分析了当前主流的几种门限式密钥共享认证方案，通过分析比较各自的优劣特性，得出了一种全新的认证体系。新的方案不仅弥补了原有方案的不完全分布式特性，更通过周期性密钥更新进一步提高了系统安全性。仿真结果表明，该方案具有高效率的性能和较高的安全级别，并具有良好的可扩展性。     

无线传感器网络中自修复密钥颁布机制中滑动窗口的动态性探讨

在很多自修复密钥颁布机制中,滑动窗口大小影响着密钥的修复性能和通信开销.本文利用概率知识,首次建立了滑动窗口和丢包率对节点密钥同步性能、组安全关联性能和安全服务性能的数学模型.设计了适应链路动态变化特性的滑动窗口选择机制,采用查找表方式优化了计算和存储开销.仿真验证了该机制具有动态适应性,可以高概率的保证网络的安全服务性能.与已有机制相比,所提机制显著降低了通信开销,具有可行性和高效性,进一步推动了自修复密钥颁布机制的实际应用.     

Minimum energy hierarchical dynamic source routing for Mobile Ad Hoc Networks

In this paper, Minimum Energy Dynamic Source Routing (MEDSR) and Hierarchical Minimum Energy Dynamic Source Routing (HMEDSR) protocols for Mobile Ad Hoc Networks (MANET) are proposed. The objective of MEDSR protocol is to reduce energy consumption in MANET while maintaining connectivity in the network. The objective of HMEDSR is to reduce the overhead of MEDSR. The overall result is that energy spent in transmitting overhead packets is reduced. This reduction allows more energy in transmitting data packets. The Dynamic Source Routing (DSR) protocol is modified to implement both MEDSR and HMEDSR protocols, and these implementations are tested with a network simulator (Network Simulator (NS-2)). The simulation results show that both MEDSR and HMEDSR protocols reduce energy consumption per data packet by 25% compared to DSR, but HMESDR further reduces energy consumption by 12% compared to MEDSR by controlling overhead packets.     

One-way hash chain-based self-healing group key distribution scheme with collusion resistance capability in wireless sensor networks

In order to resolve the collusion resistance problem in the one-way hash chain-based self-healing group key distribution schemes and improve the performance of previous self-healing group key distribution schemes, we propose a self-healing group key distribution scheme based on the revocation polynomial and a special one-way hash key chain for wireless sensor networks (WSNs) in this paper. In our proposed scheme, by binding the time at which the user joins the group with the capability of recovering previous group session keys, a new method is addressed to provide the capability of resisting the collusion attack between revoked users and new joined users, and a special one-way hash chain utilization method and some new methods to construct the personal secret, the revocation polynomial and the key updating broadcast packet are presented. Compared with existing schemes under same conditions, our proposed scheme not only supports more revoked users and sessions, but also provides a stronger security. Moreover, our proposed scheme reduces the communication overhead, and is especially suited for a large scale WSN in bad environments where a strong collusion attack resistance capability is required and many users will be revoked.     

Design issues and performance analysis for DSR routing with reclaim‐based caching in MANETs

Mobile ad hoc networks (MANETs) have been positioned as one of the most important emerging wireless communication scenarios. Temporally formed by a collection of wireless mobile hosts, a MANET does not require the aid of any centralized administration. From this stems a suite of challenges in achieving an efficient MANET routing and content delivery in order to make the best use of precious resources and reduce the routing overhead at each MANET host. One of the reported approaches for solving the issue is the use of caching, which is expected to minimize the routing overhead by taking advantage of the limited memory at each mobile host. This paper introduces a novel scheme for addressing the above issue, called Reclaim‐Based Caching (RBC) policy, which dynamically utilizes a cache replacement mechanism of reclaiming stale routes to efficiently verify and validate a recoverable caching mechanism in Dynamic Source Routing. The main design purposes of RBC are to reduce the routing control overhead, lower the end‐to‐end routing delay, enhance the packet delivery ratio, and obtain a higher throughput for improving routing performance and accelerating the Route Discovery process due to low temporary link failure and high cache utilization. Hence, we can gather all feasible and historical route information into the cache library to be reclaimed as a threshold of efficient routing control. Consequently, the proposed RBC of this paper can be used in the universal wireless network environment to achieve better routing performance and to provide a more flexible real‐time application. Copyright © 2009 John Wiley & Sons, Ltd.     

一种基于中心代理的移动Ad—Hoc网络接入方法

本文针对已有接入方法所存在的缺点,提出一种以移动节点间相互竞争出现的中心节点作为移动代理,利用移动IP协议实现MANET接入Internet的新方法,并对中心代理节点的选取、MANET整体移动接入等问题进行了探讨。该方法具有开销小、接入灵活、不需对移动IP做大的改动等优点。     

一种抑制MANET网关洪泛策略

在MANET子网互连架构中,其网关发现采用洪泛通告报文的方式,所形成的广播风暴引起较大控制开销。由此提出一种动态自适应网关发现协议,该协议可根据MANET的移动节点信息自适应设置网关通告报文GWADV的TTL值和发送间隔,同时采用基于距离门限的动态计数DDC网关洪泛通告报文抑制策略。仿真结果表明,该协议可以有效地应对网关洪泛通告报文的问题,在保持较高分组投递率的同时,能够减小时延和控制开销。     

面向群组移动的轻型位置服务研究

针对现实应用中大规模MANET网络节点呈现的群组移动特性,提出了面向群组移动的轻型位置服务协议GHLLS。G-HLLS协议将HLLS协议框架与分簇机制相结合,从而保证位置更新及请求机制适应群组移动特性。基于OPNET的仿真实验,从负载、服务成功率、存储开销多个方面对G-HLLS协议性能进行了分析,验证了G-HLLS协议在大规模群组移动网络中表现出的优越性能。     

DEBH: detecting and eliminating black holes in mobile ad hoc network

Security in mobile ad hoc network (MANET) is one of the key challenges due to its special features e.g. hop-by-hop communications, dynamic topology, and open network boundary that received tremendous attention by scholars. Traditional security methods are not applicable in MANET due to its special properties. In this paper, a novel approach called detecting and eliminating black holes (DEBH) is proposed that uses a data control packet and an additional black hole check table for detecting and eliminating malicious nodes. Benefiting from trustable nodes, the processing overhead of the security method decreases by passing time. Ad hoc on-demand distance vector (AODV) routing protocol is used as the routing protocol in our design. After finding the freshest path using AODV, our design checks the safety of selected path. In case of detecting any malicious node, it is isolated from the entire network by broadcasting a packet that contains the ID of malicious nodes. Simulation results show that DEBH increases network throughput and decreases packet overhead and delay in comparison with other studied approaches. Moreover, DEBH is able to detect all active malicious nodes which generates fault routing information.     

无线传感器网络中自治愈的群组密钥管理方案

 群组密钥管理的自治愈机制是保证无线传感器网络在不可靠信道上进行安全群组通信的重要 手段.基于采用双方向密钥链的群组密钥分发与撤销方法,提出了一个无线传感器网络中具有撤销能力的自治愈群组密钥管理方案.该方案实现了群组密钥的自治愈功能和节点撤销能力, 能够满足在较高丢包率的无线通信环境下传感器网络群组密钥管理的安全需求,确保了群组密钥保密性、前向保密性和后向保密性等安全属性.性能分析表明,该方案具有较小的计算和通信开销,能够适用于无线传感器网络.