Reliable and fully distributed trust model for mobile ad hoc networks

A mobile ad hoc network (MANET) is a wireless communication network which does not rely on a pre-existing infrastructure or any centralized management. Securing the exchanges in MANETs is compulsory to guarantee a widespread development of services for this kind of networks. The deployment of any security policy requires the definition of a trust model that defines who trusts who and how. Our work aims to provide a fully distributed trust model for mobile ad hoc networks. In this paper, we propose a fully distributed public key certificate management system based on trust graphs and threshold cryptography. It permits users to issue public key certificates, and to perform authentication via certificates' chains without any centralized management or trusted authorities. Moreover, thanks to the use of threshold cryptography; our system resists against false public keys certification. We perform an overall evaluation of our proposed approach through simulations. The results indicate out performance of our approach while providing effective security.     

基于门限完全分布式密钥管理方案

adhoc网络作为一种无线移动网络正成为网络研究中的热点之一。针对移动adhoc网络的特性和对目前已有的移动adhoe网络密钥管理方案的分析,提出了一种基于信任图和门限密码技术的全分布、自组织的移动adhoc网络密钥管理新方案。该方案允许节点发布公钥证书并且通过证书链实施认证,有效地解决了网络节点之间的信任,同时又阻止恶意节点发布错误公钥证书欺骗认证服务。该方案具有较高的可靠性、扩展性和安全性,适用于大规模移动ad hoc网络。     

Network trust management in emergency situations

We study the unique trust management, and more precisely reputation management and revocation of malicious nodes in the context of ad hoc networks used for emergency communications.Unlike in centralized systems, reputation management and revocation in ad hoc networks is non-trivial. This difficulty is due to the fact that the nodes have to collaboratively calculate the reputation value of a particular node and then revoke the node if the reputation value goes below a threshold. A major challenge in this scheme is to prevent a malicious node from discrediting other genuine nodes. The decision to revoke a node has to be communicated to all the nodes of the network. In traditional ad hoc networks the overhead of broadcasting the message throughout the network may be very high. We solve the problem of reputation management and node revocation in ad hoc networks of cell phones by using a threshold cryptography based scheme. Each node of the network would have a set of anonymous referees, which would store the reputation information of the node and issue reputation certificates to the node with timestamps. The misbehavior of a particular cell phone is reported to its anonymous referees, who issue certificates which reflect the positive and negative recommendations.     

基于绝对信任模型的Ad Hoc网络自组织公钥管理机制

传统网络中的身份认证工作一般都是由证书权威(CA)来完成,但在分布式的移动AdHoc网络中很难实现这种集中式的身份认证机制,引入这样的中心机构会带来潜在的安全威胁,一旦中心机构遭到破坏,将导致整个网络瘫痪,所以只能寻找其它更合适的方式来进行认证.本文提出一种基于绝对信任模型的自组织公钥管理方案,通信实体自己产生公私钥并颁发证书,不需要任何信任第三方以及认证服务器,信任关系按照自然人的可信关系得到可信传播,相对传统的自组织公钥管理,具备更短的平均认证路径长度以及较高的认证通过率,更重要的是,绝对信任证书模型更加符合实际中通信主机之间的信任需求.     

Ad Hoc无线网络及其路由选择协议

AdHoc无线网络是一组无线移动主机组成的一个没有任务建立好的基础调和或集中管理设备的临时网络。文中介绍了adhoc无线网络的特点和设计，并根据表驱动和按需路由两大类重点介绍了adhoc无线网络的路由选择协议。     

基于表驱动的最佳动态路由代理MANET路由算法

MANET(mobileadhocnetworks)是由无线移动节点动态地构成的一个临时网络,它不需要任何固定的网络基础设施或网络管理中心。由于无线传输的范围有限,因此,一个节点要和另一个节点交换信息可能通过多跳的方式跨越另一个网络。文章在基于路由表驱动的基础上,针对MANET提出了一个提高带宽利用率,适应网络拓扑结构动态变化的路由算法,并与DSDV,GSR做了对比。     

A new authentication model for ad hoc networks

A new trust model for authentication in ad hoc networks is proposed. The model differentiates between the identity-based and public-key-based trusts for issuing the validity certificates that bind public keys to real-world identifiers. It includes a model for combining these trusts and a technique for computing the public-key-based trust. In this composite trust model, without or with recommendation, a new algorithm for node authentication on the basis of arbitrary graphs of previously issued validity certificates is developed. It is called the validity propagation algorithm and is computationally feasible even for large networks. In general, the proposed method is applicable to any public-key infrastructure, distributed or hierarchical, with or without certification authorities.     

Adaptive Threat Modeling for Secure Ad Hoc Routing Protocols

Secure routing protocols for mobile ad hoc networks provide the required functionality for proper network operation. If the underlying routing protocol cannot be trusted to follow the protocol operations, additional trust layers, such as authentication, cannot be obtained. Threat models drive analysis capabilities, affecting how we evaluate trust. Current attacker threat models limit the results obtained during protocol security analysis over ad hoc routing protocols. Developing a proper threat model to evaluate security properties in mobile ad hoc routing protocols presents a significant challenge. If the attacker strength is too weak, we miss vital security flaws. If the attacker strength is too strong, we cannot identify the minimum required attacker capabilities needed to break the routing protocol. In this paper we present an adaptive threat model to evaluate route discovery attacks against ad hoc routing protocols. Our approach enables us to evaluate trust in the ad hoc routing process and allows us to identify minimum requirements an attacker needs to break a given routing protocol.     

RETENTION: A reactive trust-based mechanism to detect and punish malicious nodes in ad hoc grid environments

In ad hoc grid environments, resources are not always available since nodes can spontaneously connect and disconnect at any time. Thus, these environments demand the correct execution of tasks to guarantee good performance. However, there are malicious users that affect the normal operation of these grids. These users modify tasks results and even cheat security mechanisms. Therefore, to assure high performance in these grid computing scenarios, it is essential to use punishment procedures based on trust models. These solutions have been used in wireless ad hoc networks, but not in the context of ad hoc grid computing. Thus, in this paper, we first present an analysis of mathematical trust models in ad hoc grid scenarios, using different ways to treat detection information passed on by other nodes. Then, we provide a comparison and a performance evaluation of these models using a grid simulator platform. Besides that, we choose the most accurate trust model among the evaluated ones to propose RETENTION: a reactive trust-based mechanism to detect and punish malicious nodes in ad hoc grid environments. Simulation results demonstrate the effectiveness of the proposed approach in detecting and punishing up to 100% of malicious nodes without generating false-positives. The results can be a valuable tool for network designers in planning trust models in ad hoc grid network deployments.     

Service discovery in mobile ad hoc networks: A field theoretic approach

Service discovery in mobile ad hoc networks is challenging because of the absence of any central intelligence in the network. Traditional solutions as used in the Internet are hence not well suited for mobile ad hoc networks. In this paper, we present a novel decentralized service discovery mechanism for ad hoc networks. The basic idea is to distribute information about available services to the network neighborhood. We achieve this by using the analogy of an electrostatic field: A service is modelled by a (positive) point charge, and service request packets are seen as (negative) test charges which are attracted by the service instances. In our approach, we map the physical model to a mobile ad hoc network in a way where each network element calculates a potential value and routes service requests towards the neighbor with the highest potential, hence towards a service instance. Our approach allows for differentiation of service instances based on their capacity. We define the required protocols and methods which we implemented in a network simulator. Using extensive simulations, we evaluate the performance and robustness of the mechanisms. The results indicate good performance and convergence even in highly mobile environments. We believe that this technique can and should be further exploited, e.g., as a routing protocol in mobile ad hoc networks.     

Ad Hoc网络多路径需求路由及路径熵选择算法

无线移动Ad Hoc网络是一种不依赖任何固定基础设施的移动无线多跳网络.由于其动态性和资源的限制,在Ad Hoc网络中提供多路径路由是一个重要的研究课题.描述了一种Ad Hoc网络中基于信息熵选择的稳定多路径路由算法(stability multipath on-demand routing,简称SMDR),提出了路径熵的度量参数,并利用路径熵来选择稳定的、长寿命的多路径,减少了重构路由的次数,从而在网络拓扑频繁变化的Ad Hoc网络环境中较好地提供QoS保证和提高数据传输率.仿真结果表明,SMDR协议改进了分组传输率、端到端时延和路由负载率.SMDR协议为解决动态的Ad Hoc网络多路径传输提供了一种新的有效途径.     

Modeling and analysis of trust management with trust chain optimization in mobile ad hoc networks

We develop and analyze a trust management protocol for mission-driven group communication systems in mobile ad hoc networks using hierarchical modeling techniques based on stochastic Petri nets. Trust among mobile nodes is crucial for team collaborations with new coalition partners without prior interactions for mission-driven group communication systems in battlefield situations. In addition, ensuring a certain level of trust is also critical for successful mission completion. Our work seeks to identify the optimal length of a trust chain among peers in a trust web that generates the most accurate trust levels without revealing risk based on a tradeoff between trust availability and path reliability over trust space. We define a trust metric for mission-driven group communication systems in mobile ad hoc networks to properly reflect unique characteristics of trust concepts and demonstrate that an optimal trust chain length exists for generating the most accurate trust levels for trust-based collaboration among peers in mobile ad hoc networks while meeting trust availability and path reliability requirements.     

Efficient Communication Strategies for Ad Hoc Wireless Networks

An ad hoc wireless network is a collection of wireless mobile hosts forming a temporary network without the aid of any established infrastructure or centralized administration. This type of network is of great importance in situations where it is very difficult to provide the necessary infrastructure, but it is a challenging task to enable fast and reliable communication within such a network. In this paper we model and analyze the performance of so-called power-controlled ad hoc wireless networks: networks where the mobile hosts are able to change their transmission power. We concentrate on finding schemes for routing arbitrary permutations in these networks. In general, it is NP-hard even to find an n ^1-ε -approximation for any constant ε to the fastest possible strategy for routing a given permutation problem on n mobile hosts. However, we demonstrate here that if we allow ourselves to consider slightly less general problems, efficient solutions can be found. We first demonstrate that there is a natural class of distributed schemes for handling node-to-node communication on top of which online route selection and scheduling strategies can be constructed such that the performance of this class of schemes can be exploited in a nearly optimal way for routing permutations in any static power-controlled ad hoc network. We then demonstrate that if we restrict ourselves to the important case of routing between nodes distributed randomly in a Euclidean space, we can route in a time that is asymptotically optimal for any routing scheme. Received in final form January 31, 2000. Online publication October 10, 2000.     

一种移动自组网中信任评估模型的设计

移动自组网不依赖于任何固定的网络设施,节点间的相互信任对网络的可靠运行和安全保障具有重要意义.提出一个用于度量网络服务间信任关系的信任评估模型.模型采用证据理论来评价服务信任和综合多方推荐的经验;引入观察帧体现出经验的时间性;提出一个低开销的邻居共享机制用于节点间交换经验信息;采用模糊贴近度来量化描述推荐信任.与几个现有的工作相比,设计一个较完整的信任评估模型,并强调其动态适应能力、鲁棒性和资源的最小开销,信任评估模型可为节点间的协同和安全决策提供依据.     

Inter-Cluster Routing Authentication for Ad Hoc Networks by a Hierarchical Key Scheme

Dissimilar to traditional networks, the features of mobile wireless devices that can actively form a network without any infrastructure mean that mobile ad hoc networks frequently display partition due to node mobility or link failures. These indicate that an ad hoc network is difficult to provide ou-llne access to a trusted authority server. Therefore, applying traditional Public Key Infrastructure （PKI） security framework to mobile ad hoc networks will cause insecurities. This study proposes a scalable and elastic key management scheme integrated into Cluster Based Secure Routing Protocol （CBSRP） to enhance security and non-repudiation of routing authentication, and introduces an ID-Based internal routing authentication scheme to enhance the routing performance in an internal cluster. Additionally, a method of performing routing authentication between internal and external clusters, as well as inter-cluster routing authentication, is developed. The proposed cluster-based key management scheme distributes trust to an aggregation of cluster heads using a threshold scheme faculty, provides Certificate Authority （CA） with a fault tolerance mechanism to prevent a single point of compromise or failure, and saves CA large repositories from maintaining member certificates, making ad hoc networks robust to malicious behaviors and suitable for numerous mobile devices.     

基于移动保持时间的无线自组网分簇算法

无线自组网不依赖固定的基础设施,其最主要的特点是无中心结构和高度的动态变化。本文提出一种新的节点移动保持时间计算方法,并在此基础上开发了最大稳定性加权分簇算法MSWCA,在稳定性、能耗、负载平衡等因素权衡中,侧重考虑簇结构的稳定性,从而进一步提高网络可靠性,有利于更大规模网络的组建。最后探讨了进一步的需要进行研究和改进的问题。     

Robust self-keying mobile ad hoc networks

Pairwise key establishment in mobile ad hoc networks allows any pair of nodes to agree upon a shared key. This is an important security service needed to secure routing protocols, and in general to facilitate secure communication among the nodes of the network.We present two self-keying mechanisms for pairwise key establishment in mobile ad hoc networks which do not require any centralized support. The mechanisms are built using the well-known technique of threshold secret sharing, and are robust and secure against a collusion of up to a certain number of nodes. We evaluate and compare the performance of both the mechanisms in terms of the node admission and pairwise key establishment.     

移动Ad Hoc网络路由协议的性能分析与比较

移动Ad Hoe网络是由一组无线移动主机组成的一个没有任何建立好的基础设施或集中管理设备的临时网络.网络拓扑易变、带宽、能源有限是移动Ad Hoe网络的主要特点.分析表驱动路由协议DSDV和按需路由协议DSR、AODV和TO-RA,并利用NS2软件进行了仿真实验,通过改变节点的暂停时间和移动速度这两个参数来比较这两个参数对这四种协议性能的影响.仿真结果表明,按需路由协议在分组投递率、端到端的平均时延、路由开销方面都表现出较好的性能.但同时结合表驱动路由协议的特点,为进一步在综合考虑以上两类路由协议特点的基础上研究新的路由协议提供很好的参考.     

Ad Hoc网络中一种基于环状分层结构的组密钥协商协议

移动ad hoc网络是一种新型的移动多跳无线网络.其自身的特征,如网络规模庞大、动态的拓扑结构、有限的计算、通信和存储能力等,使得传统的密钥分配和管理机制无法直接应用于该网络.提出了一种新的适用于移动 ad hoc网络的组密钥协商协议.该协议在环状分层结构上基于多线性映射进行组密钥的协商和分配,使得节点在密钥协商过程中具有低计算开销与低通信开销的优势,较好地解决了在移动ad hoc网络中进行组密钥协商时所遇到的节点能量受限问题,适用于移动ad hoc网络.     

基于椭圆曲线的Ad hoc网络门限身份认证方案

Ad hoc网络作为一种无线移动网络正成为网络研究中的热点之一。由于其灵活方便的组网方式,Ad hoc网络在军事领域受到广泛的重视,并正在逐步应用于商业领域。但是,安全问题始终是Ad hoc网络的一个弱点,而身份认证对于无线移动自组的Ad hoc网络特别重要,是实现整个Ad hoc网络安全机制的首要步骤。论文提出一种基于椭圆曲线的门限身份认证方案,利用拉格朗日定理生成群密钥并利用椭圆曲线数字签名算法生成子证书并合成,该算法的安全性、高效率以及低计算复杂度特别适合Ad hoc网络移动自组的特点。