一种基于多域安全信任的访问控制模型

访问控制是一种可同时服务于用户与资源的安全机制。安全域通过使用访问控制机制为用户访问资源提供方便,同时亦对用户行为进行监视与控制。然而,由于P2P网络缺乏集中控制,现有的访问控制技术无法对P2P网络的网络节点进行控制,特别是网络中节点行为缺乏指导和约束。基于当前P2P网络访问控制中存在的不足,提出一种基于多域安全信任的访问控制模型：MDTBAC。MDTBAC模型通过扩展多级安全机制来实现访问控制,将信任算法计算所得的节点信任度作为访问级别划分标准,根据各个节点的信任度来分配相应的访问控制级别,不同的访问控制级别拥有不同的权限。     

面向仓储系统的自动化WSAN“感知一控制”模型研究

建立正确的“感知一控制”模型是实现基于RFID和WSAN的物流仓储系统的关键。研究执行器节点自主移动环境下的多维事件协作检测和跟踪算法;研究基于合同网协议和多竞价拍卖算法的多执行器节点实时任务分配方法,并利用WSAN动态拓扑度相关性和网络同步能力的关系研究执行器的牵制控制策略;同时,基于神经网络模型和竞合博弈模型设计执行器节点的移动控制策略和编队控制策略。模型的有效性可利用扩展的UML建模方法和XMSF集成框架来评估。     

面向仓储系统的自动化WSAN“感知-控制”模型研究

建立正确的"感知-控制"模型是实现基于RFID和WSAN的物流仓储系统的关键。研究执行器节点自主移动环境下的多维事件协作检测和跟踪算法;研究基于合同网协议和多竞价拍卖算法的多执行器节点实时任务分配方法,并利用WSAN动态拓扑度相关性和网络同步能力的关系研究执行器的牵制控制策略;同时,基于神经网络模型和竞合博弈模型设计执行器节点的移动控制策略和编队控制策略。模型的有效性可利用扩展的UML建模方法和XMSF集成框架来评估。     

非结构化P2P网络中的动态信任模型研究

有效的非结构化Peer-to-Peer网络中的信任模型有利于提高P2P网络的安全性能和服务质量。提出了动态信任模型的概念。该模型主要解决诸如节点在线时间不规律、提供善意文件不稳定性的问题,是一种基于节点在线时间和真实服务能力的动态信任模型,对节点在线时间的评价是动态评价,对节点的真实服务能力也是进行动态评价,通过仿真实验证明了该模型能有效提高P2P网络的安全性能及服务质量。     

无线传感器/执行器网络中的定向简单竞拍聚合协议

在无线传感器/执行器网络(WSAN)中,移动执行器(actor)节点之间需要通过协商进行任务分配来响应产生的服务请求,其目标是尽可能减少协商时的通信开销和对事件的响应时间。现有的解决方案中,基于市场竞拍的分布式简单竞拍聚合协议(SAAP)比较适合资源受限的WSAN网络。在SAAP的基础上提出了一种定向的竞拍聚合协议DSAAP,该协议根据方向信息对下一跳子节点进行筛选,同时限制回传的信息,以减少竞拍过程中的消息转发。通过实验与现有的SAAP进行比较,发现该协议在最优节点发现率和选出节点与最优节点距离比这两个参数性能不降低的前提下降低了通信开销。     

基于Chord的P2P路由模型

针对现有P2P路由模型存在逻辑拓扑与物理拓扑失配和没有考虑节点异构性的不足,基于Chord提出了一种新的路由模型。该模型利用IPv6的地址聚类性,通过分段哈希节点IP,构建具有层次特性的节点标识符,实现逻辑拓扑与物理拓扑的有效结合;根据网络规模动态调整聚类级别,将节点映射到多层Chord环上,实现聚类内部自治;考虑节点的性能差异,让性能好的节点承担更多的路由任务。模拟实验表明,该模型能保持与Chord接近的平均跳数,但降低了存储开销和查询时延。     

基于P2P的流媒体系统资源定位机制研究

针对P2P流媒体系统资源定位问题,本文提出一种改进的P2P无结构网络模型及相应的搜索算法。网络模型中根据节点能力把节点分成不同级别,文件信息发布按照低级节点向高级节点逐级汇报的方向进行,减少了查询延迟时间和消息冗余;同时,根据节点兴趣把节点分为不同的兴趣域,查询消息在兴趣域内传播,提高了搜索效率和搜索成功率。仿真实验证明了网络模型和搜索算法的有效性。     

生物启发的无线传感执行网络协同方法

本文针对无线传感执行网络(wireless sensor and actor network,WSAN),在昆虫生物种群协作机理的启发下,提出了一种WSAN协同方法,以改善网络传输可靠性、节能与执行效率.首先,针对传感器节点与执行器节点之间的协作,提出以信息传递能耗和剩余能量衡量中继节点选择概率的效能协同机制,以及包含区域中继、影响因子和学习因子3个保障单元的组织协同机制.进而,针对执行器--执行器间的协作,引入学习因子作为组织协同机制中的一个保障单元.最后,给出了算法执行的流程,并通过仿真验证了方法的优越性.仿真结果表明,采用本文提出的协同机制,不但优化了WSAN信息传递路径,而且在执行器节点间协作中选择优势节点参与信息处理和决策,降低了网络能耗,同时提高了网络执行效率.     

一种电力通信网络重要节点识别模型

针对目前电力通信网络重要节点识别时存在识别精度低、考虑片面的问题，提出了一种多层节点重要性识别模型。通过将电力通信网络分为物理拓扑层、传输层和服务层三层结构，建立不同层中节点重要性度量指标。提出了自适应的基本度量可信度指标，从而计算不同层的基本测度可信度与节点综合临界度。实验结果表明，与APT、ASI、AST、TOPSIS等模型相比，所提多层节点重要性识别模型可综合考虑物理拓扑层、传输层、服务层中各节点重要性度量，从而高质量确定电力通信网络中重要节点。仿真结果符合实际情况，验证了所提模型的有效性和实用性。     

一种新型的WSAN两层协作路由协议

在WSN网络中引入执行器节点构成WSAN网络,并依据WSAN网络特性提出一种新的协作路由协议——基于动态分簇的角度转发路由协议AFRPDC(Angle Forwarding Routing Protocol base on Dynamic Clustering)。AFRPDC协议由2部分算法组成:基于接收信号强度RSSI(Received Signal Strength Indication)的动态分簇算法BRCA(Based on RSSI Dynamic Clustering Algorithm)和角度转发路由协议AFRP(Angle Forwarding Routing Protocol)。BRCA算法保证传感器节点形成较为稳定的拓扑,实现传感器节点与簇头节点的协作;AFRP协议利用簇头节点的角度信息转发事件报告,实现簇头节点与执行器节点的协作通信。仿真结果表明,AFRPDC协议中节点分簇有较好的稳定性,同时AFRPDC较基于链路状态分簇的定向扩散协议DDLSC在降低平均时延和节点能耗方面有更好的表现,可满足WSAN网络对实时性、可靠性和低能耗的要求。     

浅析WSN的网络安全管理机制

多数WSN的应用都是以节点位置信息为基础,其所监测的事件与节点的物理位置信息存在着密切的联系,若无位置信息,监测数据也就无意义,而节点的位置信息又与网络安全息息相关,因此,WSN的网络安全管理至关重要。本文简单阐述了WSN的特征与应用,分析了WSN的网络安全特征与需求,并探讨了WSN的密钥管理与安全定位两种网络安全管理机制。     

无线传感器网络的密钥管理方案

无线传感器网络常用于军事目标追踪、环造监测、病人病情跟踪等方面,,当其部署在一个敌对的环境中,会受到不同类型的恶意攻击,保障其安全性显得极为重要.传感器节点的资源严格受限,传统网络安全机制不适用于无线传感器网络.保障无线传感器网络安全的常用方法是对传输数据进行加密,文章介绍并分析适用于该类型网络的典型密钥管理方案.     

基于无线传感器网络的安全网络运行环境构建

无线传感器网络被广泛应用到了军事和民用领域,安全问题始终是无线传感器网络需要突破的重要瓶颈,目前安全机制主要针对单一的攻击行为或针对攻击的某个阶段进行防护,没有形成一套完整的计算环境的安全保护机制。针对上述问题,提出了一种无线传感器网络安全运行环境构建方案,充分考虑无线传感器节点的计算能力及能耗,静态度量和动态度量相结合,主、被动相结合保障无线传感器网络组网和运行过程中计算环境的安全。仿真实验表明,该方案可以有效识别恶意节点,能耗较低,能够确保少量节点遭到攻击时全网仍能正常运转。     

基于物联网的无线传感器网络安全性研究

传感器网络是物联网的一种应用,传感器网络的节点部署在恶劣的环境中,随着受资源约束的环境条件引起了许多类型的安全威胁或攻击。许多未解决的无线传感器网络的安全问题仍是目前最热门的研究课题之一,传感器节点之间的安全通信对无线传感器网络的安全服务提出一个根本性的挑战。分析基于物联网的无线传感器网络的安全问题和在不同的WSN分层体系结构的攻击类型,给出防御措施以及未来研究的主要方向。     

Design and performance evaluation of a multi-agent-based dynamic lifetime security scheme for AODV routing protocol

Ad hoc networks are becoming an important research aspect due to the self-organization network, dynamically changing topology, temporary network life and equal relationship among member of nodes. However, all the characters of ad hoc network make the security problem more serious. Network security and trustworthiness become the key problems of the network. Denial-of-service and Black hole attacks are the two puzzles in the security of ad hoc network. There are not satisfied solutions to solve the problem. A novel multi-agent-based dynamic lifetime intrusion detection and a response scheme are proposed to combat the two types of attacks. Multi-agents are related to one route request (RREQ)–route reply (RREP) stream. One agent monitors the nodes in three-hop zone. Agent can periodically update itself by the trustworthiness of the neighbor nodes. It can efficiently improve trustworthiness, decrease computing complexity and save energy consumption for network securities. Agent security specifications have been extracted from the feature of the attacks. Multi-agents can trace RREQ and RREP messages, stream to aggregate the key information to link list and MAC-IP control table and analyze them by intrusion detection algorithm. Different security metrics are proposed to quantitatively evaluate network security performance under different attacks. Ns2 simulator is expanded to validate the security scheme. Simulation results show that a multi-agent-based dynamic lifetime security scheme is highly effective to detect and block the two kinds of attacks.     

分层渗透深度下隐马尔科夫风险评估模型

网络的脆弱渗透图中的节点之间存在安全依赖关系，计算三重依赖关系可以得到节点之间的依赖关系，利用节点之间的依赖关系构造转换矩阵，最后利用HMM模型给出不同渗透深度的情况下的弱点风险结果。实验表明，该方法能更准确更全面地表示出弱点的实际安全风险。     

Adaptive security design with malicious node detection in cluster-based sensor networks

Distributed wireless sensor networks have problems on detecting and preventing malicious nodes, which always bring destructive threats and compromise multiple sensor nodes. Therefore, sensor networks need to support an authentication service for sensor identity and message transmission. Furthermore, intrusion detection and prevention schemes are always integrated in sensor security appliances so that they can enhance network security by discovering malicious or compromised nodes. This study provides adaptive security modules to improve secure communication of cluster-based sensor networks. A dynamic authentication scheme in the proposed primary security module enables existing nodes to authenticate new incoming nodes, triggering the establishment of secure links and broadcast authentication between neighboring nodes. This primary security design prevents intrusion from external malicious nodes using the authentication scheme. For advanced security design, the proposed intrusion detection module can exclude internal compromised nodes, which contains alarm return, trust evaluation, and black/white lists schemes. This study adopts the two above mentioned modules to achieve secure communication in cluster-based sensor networks when the network lifetime is divided into multiple cluster rounds. Finally, the security analysis results indicate that the proposed design can prevent and detect malicious nodes with a high probability of success by cluster-based and neighbor monitor mechanisms. According to the performance evaluation results, the proposed security modules cause low storage, computation, and communication overhead to sensor nodes.     

试论Ad hoc网络的安全策略

Ad hoc是一种完全由无线连接的移动节点所构成的网络。相比于传统的网络,Ad Hoc网络更易受到各种安全威胁和攻击,用于传统网络的安全解决方案不能直接应用于Ad hoc网络,现存的用于Ad hoc网络的大多协议和提案也没有很好解决安全,本文对Ad hoc网络的安全问题、策略和机制进行了一些有益的探讨。     

JANUS: A Framework for Scalable and Secure Routing in Hybrid Wireless Networks

Hybrid networks consisting of cellular and Wi-Fi networks were proposed as a high-throughput architecture for cellular services. In such networks, devices equipped with cellular and Wi-Fi network cards access Internet services through the cellular base station. The Wi-Fi interface is used to provide a better service to clients that are far away from the base station, via multihop ad hoc paths. The modified trust model of hybrid networks generates a set of new security challenges as clients rely on intermediate nodes to participate effectively in the resource reservation process and data forwarding. In this paper, we introduce JANUS, a framework for scalable, secure, and efficient routing for hybrid cellular and Wi-Fi networks. JANUS uses a scalable routing algorithm with multiple channel access, for improved network throughput. In addition, it provides protection against selfish nodes through a secure crediting protocol and protection against malicious nodes through secure route establishment and data forwarding mechanisms. We evaluate JANUS experimentally and show that its performance is 85 percent of the optimum algorithm, improving with a factor greater than 50 percent over previous work. We evaluate the security overhead of JANUS against two types of attacks: less aggressive, but sufficient for some applications, selfish attacks and purely malicious attacks.     

Robust self-keying mobile ad hoc networks

Pairwise key establishment in mobile ad hoc networks allows any pair of nodes to agree upon a shared key. This is an important security service needed to secure routing protocols, and in general to facilitate secure communication among the nodes of the network.We present two self-keying mechanisms for pairwise key establishment in mobile ad hoc networks which do not require any centralized support. The mechanisms are built using the well-known technique of threshold secret sharing, and are robust and secure against a collusion of up to a certain number of nodes. We evaluate and compare the performance of both the mechanisms in terms of the node admission and pairwise key establishment.