基于频率域多目标MANETs可信路由决策研究

移动Ad-hoc网络(MANETs)具有开放的媒质,动态的拓扑结构,分布式的合作和受限的网络能力等基本特点。网络中移动节点具有匿名性和高度自治的特点,网络通讯依靠在通信路径上的中间节点转发数据包,实现无线传输范围外节点间的正常通信。该文提出了一种独特的MANETs中基于频率下多目标可信路由决策算法,它和现在大多数路由算法都是在时间域下使用单一约束参数选择路由的方式截然不同。利用概率理论分析安全和可信路由,基于概率密度函数的时频相互转化,减小计算复杂度,解决MEANTs中节点间缺乏物理安全以及在低信任水平和节点相互勾结扰乱网络操作情况下,发现可信安全路由难的问题。实例分析证明了此算法的可行性。     

无线Mesh网络可信路由协议THWMP研究

为了使节点在网络中存在恶意节点和自私节点时能够选择安全可靠的路由,降低恶意节点和自私节点对无线Mesh网络带来的影响,文中通过对无线Mesh网络混合路由协议HWMP(Hybrid Wireless Mesh Protocol)和信任模型的研究,提出了基于主观逻辑信任模型的无线Mesh网络可信路由协议THWMP(Trusted HWMP),大大降低了因为信任的传递带来的网络开销,同时保证了路由的可信度。与HWMP路由协议相比较,在网络中存在恶意节点时,THWMP路由协议能够在增加有限的额外开销的情况下保证全网有较高的数据传递成功率和吞吐量。     

ad hoc网络中一种基于信任模型的机会路由算法

由于ad hoc网络具有缺乏足够的物理保护、拓扑结构动态变化、采用分布式协作、节点的带宽和计算能力有限等特点,导致传统的路由安全机制不再适合ad hoc网络路由协议的设计。最近当前研究热点之一的机会路由能够在链路不可靠的情况下充分利用无线广播和空间多样性的特性提高网络的吞吐量。因此,考虑在机会路由中引入信任相似性概念设计信任机会路由,建立了基于节点信任度和最小成本的信任机会转发模型,提出了最小成本的机会路由算法MCOR,并对算法进行了理论上的分析和证明。最后采用仿真实验对该算法进行验证,又与经典机会路由协议ExOR以及其他经典的信任路由协议TAODV和Watchdog-DSR进行性能对比。仿真结果表明,MCOR算法能够防范恶意节点的攻击,在吞吐量、端到端时延、期望转发次数(ETX)和成本开销等方面都比其他3种协议表现出性能上的优势。     

基于节点信任值的安全层次路由协议

由于无线传感器网络容易受到攻击,所以保证无线传感器在网络数据传输过程中的路由安全是必要的,文中提出一种基于节点信任值、节点度和距离的簇头选举算法,进行路由主干节点的可信选举,建立安全可信的层次路由。仿真结果表明,该算法可有效评估节点的信任值,解决了节点失效或被俘获所导致的层次路由安全问题。     

异构无线网络可信接入设计及实现

异构无线网络互连后的安全问题是当前网络安全研究的一个热点问题,为了解决异构网络互连后产生的接入安全问题,提出了一种基于信任模型的可信接入框架,该框架建立了异构无线网络间的信任评价体系,对接入异构无线网络用户除了进行身份验证,还必须进行用户信任度的验证,既拒绝了恶意节点接入,又确保了合法节点的安全接入,从而保证异构无线网络互连接入的安全和可信。     

An energy aware event-driven routing protocol for cognitive radio sensor networks

Cognitive radio sensor network (CRSN) is an intelligent and reasonable combination of cognitive radio technology and wireless sensor networks. It poses significant challenges to the design of topology maintenance techniques due to dynamic primary-user activities, which in turn decreases the data delivery performance of the network as well as it’s lifetime. This paper aims to provide a solution to the CRSN clustering and routing problem using an energy aware event-driven routing protocol (ERP) for CRSN. Upon detection of an event, the ERP determines eligible nodes for clustering according to local positions of CRSN nodes between the event and the sink and their residual energy levels. Cluster-heads are selected from the eligible nodes according to their residual energy values, available channels, neighbors and distance to the sink. In ERP, cluster formation is based on relative spectrum awareness such that channels with lower primary user appearance probability are selected as common data channels for clusters. For data routing, ERP employs hop-by-hop data forwarding approach through the CHs and primary/secondary gateways towards the sink. Through extensive simulations, we demonstrate that the proposed ERP provides with better network performances compared to those of the state-of-the-art protocols under a dynamic spectrum-aware data transmission environment.     

无线网状网中基于D-S证据理论的可信路由

结合Dempster-Shafer(D-S)证据理论,提出了一个信任评估模型;同时,在AODV的基础上,给出了一个可信的路由协议T-AODV,该路由协议根据节点的信任值选择可信的路由进行数据传输。仿真结果表明,所提机制能够有效地监测和隔离恶意节点,抵御攻击,能够提高网络的可靠性、顽健性以及安全性。     

Ad hoc网络安全综述

移动Adhoc网络是由一组自主的无线节点或终端相互合作而形成的网络,由于其动态拓扑、无线通信的特点,容易遭受各种安全威胁。从传输信道、移动节点、动态拓扑、安全机制、路由协议几方面,分析了移动AdHoc网络的安全弱点,然后结合其安全策略和机制,分析了FSR、SRP和AODV3种典型的路由协议的工作原理和优缺点。     

TIDS: threshold and identity-based security scheme for wireless ad hoc networks

As various applications of wireless ad hoc network have been proposed, security has received increasing attentions as one of the critical research challenges. In this paper, we consider the security issues at network layer, wherein routing and packet forwarding are the main operations. We propose a novel efficient security scheme in order to provide various security characteristics, such as authentication, confidentiality, integrity and non-repudiation for wireless ad hoc networks. In our scheme, we deploy the recently developed concepts of identity-based signcryption and threshold secret sharing. We describe our proposed security solution in context of dynamic source routing (DSR) protocol. Without any assumption of pre-fixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide key generation and key management services using threshold secret sharing algorithm, which effectively solves the problem of single point of failure in the traditional public-key infrastructure (PKI) supported system. The identity-based signcryption mechanism is applied here not only to provide end-to-end authenticity and confidentiality in a single step, but also to save network bandwidth and computational power of wireless nodes. Moreover, one-way hash chain is used to protect hop-by-hop transmission.     

Energy Efficiency Routing with Node Compromised Resistance in Wireless Sensor Networks

For the energy limited wireless sensor networks, the critical problem is how to achieve the energy efficiency. Many attackers can consume the limited network energy, by the method of capturing some legal nodes then control them to start DoS and flooding attack, which is difficult to be detected by only the classic cryptography based techniques with common routing protocols in wireless sensor networks (WSNs). We argue that under the condition of attacking, existing routing schemes are low energy-efficient and vulnerable to inside attack due to their deterministic nature. To avoid the energy consumption caused by the inside attack initiated by the malicious nodes, this paper proposes a novel energy efficiency routing with node compromised resistance (EENC) based on Ant Colony Optimization. Under our design, each node computes the trust value of its 1-hop neighbors based on their multiple behavior attributes evaluation and builds a trust management by the trust value. By this way, sensor nodes act as router to achieve dynamic and adaptive routing, where the node can select much energy efficiency and faithful forwarding node from its neighbors according to their remaining energy and trust values in the next process of data collection. Simulation results indicate that the established routing can bypass most compromised nodes in the transmission path and EENC has high performance in energy efficiency, which can prolong the network lifetime.     

TC-BAC: A trust and centrality degree based access control model in wireless sensor networks

Access control is one of the major security concerns for wireless sensor networks. However, applying conventional access control models that rely on the central Certificate Authority and sophisticated cryptographic algorithms to wireless sensor networks poses new challenges as wireless sensor networks are highly distributed and resource-constrained. In this paper, a distributed and fine-grained access control model based on the trust and centrality degree is proposed (TC-BAC). Our design uses the combination of trust and risk to grant access control. To meet the security requirements of an access control system with the absence of Certificate Authority, a distributed trust mechanism is developed to allow access of a trusted node to a network. Then, centrality degree is used to assess the risk factor of a node and award the access, which can reduce the risk ratio of the access control scheme and provide a certain protection level. Finally, our design also takes multi-domain access control into account and solves this problem by utilizing a mapping mechanism and group access policies. We show with simulation that TC-BAC can achieve both the intended level of security and high efficiency suitable for wireless sensor networks.     

A Cognitive Energy Efficient and Trusted Routing Model for the Security of Wireless Sensor Networks: CEMT

There are many smart applications evolved in the area of the wireless sensor networks. The applications of WSNs are exponentially increasing every year which creates a lot of security challenges that need to be addressed to safeguard the devices in WSN. Due to the dynamic characteristics of these resource constrained devices in WSN, there must be high level security requirements to be considered to create a high secure environments. This paper presents an efficient multi attribute based routing algorithm to provide secure routing of information for WSNs. The work proposed in this paper can decrease the energy and enhances the performance of the network than the currently available routing algorithm such as multi-attribute pheromone ant secure routing algorithm based on reputation value and ant-colony optimization algorithm. The proposed work secures the network environment with the improved detection techniques based on nodes’ higher coincidence rates to find the malicious behavior using trust calculation algorithm. This algorithm uses some QoS parameters such as reliability rate, elapsed time to detect impersonation attacks, and stability rate for trust related attacks, to perform an efficient trust calculation of the nodes in communication. The outcome of the simulation show that the proposed method enhances the performance of the network with the improved detection rate and secure routing service.

     

On a joint temporal-spatial multi-channel assignment and routing scheme in resource-constrained wireless mesh networks

Use of multiple orthogonal channels can significantly improve network throughput of multi-hop wireless mesh networks (WMNs). In these WMNs where multiple channels are available, channel assignment is done either in a centralized manner, which unfortunately shows a poor scalability with respect to the increase of network size, or in a distributed manner, where at least one channel has to be dedicated for exchanging necessary control messages or time synchronization has to be utilized for managing the duration of data packet transmission, causing excessive system overhead and waste of bandwidth resource. In this paper, we first formulate multi-channel assignment as a NP-hard optimization problem. Then a distributed, heuristic temporal-spatial multi-channel assignment and routing scheme is proposed, assuming every wireless node in the network is equipped with a single-radio interface. Here the gateway node is set to use all the channels sequentially in a round-robin fashion. This temporal scheme ensures all the nodes that need to directly communicate with the gateway node shall have a fair access to it. For those non-gateway nodes, a spatial scheme where channels are assigned based on their neighbors’ channel usage is adopted to exploit parallel communications and avoid channel interference among nodes. Furthermore, since the routing factors, including channel usage of neighbor nodes, node hop count, node memory size, and node communication history, are all considered along with the channel assignment, network performance, measured by packet delivery latency, channel usage ratio, and memory usage ratio, tends to be considerably enhanced. The simulation results have confirmed that, compared with a couple of well-known multi-channel assignment schemes, such as LCM [21] and ROMA [15], the proposed scheme shows substantial improvement in network throughput with a very modest collision level. In addition, the proposed scheme is highly scalable as the algorithm complexity is only linearly dependent on the total number of channels that are available in the network and the number of neighbors that a network node directly connects to.     

Trust Based Intrusion Detection Technique to Detect Selfish Nodes in Mobile Ad Hoc Networks

The applications and protocols conceived for mobile ad hoc networks rely on the assumption of cooperation amongst the mobile nodes because of lacking infrastructure. All nodes have to spend their precious resources (e.g. battery power, memory, computational power, and network bandwidth) for routing and packet forwarding operations for other nodes, in a cooperative way in the network. However, there are some nodes that may intentionally turn themselves to behave selfishly in order to conserve their valuable resources. The selfish behaviour of such nodes drastically reduces the desired degree of cooperation amongst the mobile nodes. Over the course of time, the non-cooperative activities of, such selfish nodes would paralyze the normal functioning of the whole network. Therefore, these types of nodes should be detected and isolated from the network, as soon as they begin to exhibit their selfish behaviour. In this paper, a dynamic trust based intrusion detection technique is presented to detect and isolate the selfish nodes from the network, where the direct trust degree based on direct communication interactions and indirect (recommended) trust degree based on the neighbours’ recommendations are taking into account to accurately judge the selfishness nature of the nodes. The results obtained throughout the simulation experiments clearly show the feasibility and effectiveness of the proposed intrusion detection technique.     

Network coding for multiple unicast sessions in multi-channel/interface wireless networks

Throughput limitation of wireless networks imposes many practical problems as a result of wireless media broadcast nature. The solutions of the problem are mainly categorized in two groups; the use of multiple orthogonal channels and network coding (NC). The networks with multiple orthogonal channels and possibly multiple interfaces can mitigate co-channel interference among nodes. However, efficient assignment of channels to the available network interfaces is a major problem for network designers. Existing heuristic and theoretical work unanimously focused on joint design of channel assignment with the conventional transport/IP/MAC architecture. Furthermore, NC has been a prominent approach to improve the throughput of unicast traffic in wireless multi-hop networks through opportunistic NC. In this paper we seek a collaboration scheme for NC in multi-channel/interface wireless networks, i.e., the integration of NC, routing and channel assignment problem. First, we extend the NC for multiple unicast sessions to involve both COPE-type and a new proposed scheme named as Star-NC. Then, we propose an analytical framework that jointly optimizes the problem of routing, channel assignment and NC. Our theoretical formulation via a linear programming provides a method for finding source–destination routes and utilizing the best choices of different NC schemes to maximize the aggregate throughput. Through this LP, we propose a novel channel assignment algorithm that is aware of both coding opportunities and co-channel interference. Finally, we evaluate our model for various networks, traffic models, routing and coding strategies over coding-oblivious routing.     

多跳无线网络中信道接入与分布式路由的结合

本文为多跳分布式无线网络(Ad Hoc网络)提出了一种信道多址接入与分布式路由相结合的方案.在该方案中,由扩频码实现多信道系统,各节点竞争公共信道,利用RTS/CTS对话形式来预约各业务信道,成功预约后的分组传输不会受到其他节点的干扰.并且该动态预约方法可以提供用于建立分布式路由机制的网络连通性信息.这种方案打破了信道接入层和网络层的分层概念,并以两者的结合带来了更高的带宽利用率和对网络拓扑变化的更快反应.     

无线异构网络的关键安全技术

异构网络的融合及协同工作在下一代公众移动网络中将是一个很普遍的问题,无线异构网络融合技术作为改善公众移动网络的覆盖和容量以及提供无处不在的通信能力、接入Internet的能力和无处不在的移动计算能力的有效手段,已引起广泛的关注,有着良好的应用前景。构建无线异构网络的安全防护体系,研究新型的安全模型、关键安全技术和方法,是无线异构网络发展过程中所必须关注的重要问题。无线异构网络中的关键安全技术包括安全路由协议、接入认证技术、入侵检测技术、节点间协作通信等。     

IDSDDIP: a secure distributed dynamic IP configuration scheme for mobile ad hoc networks

In IP‐based networks, IP address uniqueness is one of the most important requirements since a node has to participate in unicast communications and routing. Often nodes are assumed to have unique IP addresses configured a priori. However, this is not the case and cannot be achieved easily in mobile ad hoc networks (MANETs). Most of the existing dynamic address allocation schemes of MANET rely on network‐wide flooding for address solicitation and/or duplicate address detection. As a result, several types of security threats can be seen at the time of address allocation. In this paper, we present an ID‐based distributed dynamic IP configuration scheme that securely allocates IP addresses to the authorized nodes without flooding the entire network. Here each node acquires capability of generating unique IP addresses from its own IP address and can assign those addresses to the new nodes. The proposed scheme provides security against the associated threats with dynamic IP allocation protocol without the help of a trusted third party. It also efficiently handles the network partitioning and merging and reduces the chance of address conflicts. Performance analysis and simulation results are present to show that the proposed addressing scheme has low communication overhead and fairly low addressing latency with added security mechanisms compared to the similar existing dynamic address allocation schemes. Copyright © 2013 John Wiley & Sons, Ltd.     

On the Relationship Between Transmission Rate and Network Capacity in Multi-Radio Multi-Channel Wireless Mesh Networks

This paper quantitatively investigates the relationship between physical transmission rate and network capacity in multi-radio multi-channel wireless mesh networks by using mixed-integer linear programming to formulate the joint channel assignment and routing problem. The numerical results show that the rate lower than the highest available one can improve the network capacity due to increased connectivity. It is also shown that the lower transmission rate is able to utilize abundant channels more effectively due to the higher degree of freedom in channel assignment. Finally, it is shown that joint rate, channel assignment and routing improves the network capacity further.     

基于Beta分布的无线传感器网络分簇路由信任管理机制研究

信任管理机制为保障无线传感器网络安全提供了一种有效方案,通过对节点的行为进行评价,建立整个网络的信任管理机制,对判断的恶意节点采用相应的限制措施来保障安全。文章以Beta概率密度分布函数的期望值作为信任值,优化网络分簇路由协议,可在保障网络能量高效利用的同时,有效提升整个网络的安全性。