基于信任的移动Ad Hoc网络AODV路由协议研究

移动AdHoc网络是一种无基础设施的移动自组织网络,具有动态拓扑、无线通信的特点。由于在移动AdHoc网络中每个节点既是主机又是路由器,所以容易遭受针对路由信息的攻击。对移动AdHoc网络的AODV路由协议安全性进行分析,结合节点间的信任机制,提出了一种基于局部声誉的安全AODV路由协议。     

一种新的移动Ad hoc网络安全路由协议

Buttyan L等指出了移动Ad hoc网络典型安全路由协议Aridane的缺陷，并提出了一种自称可以抵御ac-tive-1-y（y≥1）型攻击的路由协议EndairA^[A]。文章通过分析发现EndairA不能抵御一种active-0-1型攻击，即中间人攻击，并据此提出了一种新的安全路由协议EndairALoc。分析表明EndairALoc不仅保持了EndairA原有的安全性，而且还能够抵御中间人攻击和虫洞攻击。另外该协议采用对称密钥机制替代了EndairA中使用的公钥签名机制，降低了安全路由所需的能耗。     

移动ad hoc网络安全路由协议综述

移动adhoc网络路由协议对于各种针对路由协议的攻击无能为力,因为路由协议并未考虑安全因素,攻击者肆意利用路由协议中的安全隐患来破坏网络。论文综述了移动adhoc网络安全路由协议研究方面的一些最新工作,对该领域各种安全路由协议进行了研究分析,并描述了移动adhoc网络安全路由协议所面临的安全挑战。     

一种安全的Ad Hoc网络路由协议SGSR

Ad Hoc网络作为一种无线移动网络,其安全问题,特别是路由协议的安全备受关注。针对现有适合移动Ad Hoc网络的链路状态路由协议GSR无法防范恶意节点伪造、篡改、DoS攻击的现状,本文提出了一种在移动Ad Hoc网络中抵抗单个节点恶意攻击的安全路由协议SGSR,给出了认证协议的形式化证明,并对路由协议进行仿真和性能分析。     

基于信任保留的移动Ad Hoc网络安全路由协议TPSRP

Ad Hoc网络的移动特性是安全路由中不能忽略的一个重要因素.在一个频繁变化甚至高速移动的网络中,目前大部分安全路由协议难以完成可信通信方的认证,从而无法建立起安全的路由通道.这是由于认证过程是一个连续的消息交互过程,移动特性使得这个连续交互无法保证.文中在链路状态路由协议OLSR的基础上提出了基于信任保留的安全路由协议TPSRP,该协议采用信任保留的方式对节点进行认证,解决高速移动网络中节点认证问题.TPSRP还针对目前信任评估方法缺少有效的自适应性提出了一种新的信任评估手段,使得节点可以通过综合的信任信息,自我辨别并限制内部背叛节点的恶意行为,同时有效地检测与抵抗Ad Hoc网络中的协作攻击,如虫洞攻击等.最后的仿真显示,在网络移动特性增强的情况下,TPSRP的认证性能要优于传统认证协议,并能够有效孤立攻击节点.     

MANET中基于声誉机制的安全路由协议

移动自组网是一种特殊的对等式网络,由于拓扑动态变化、无线信道完全开放、没有固定基础设施等特性,易遭受各种攻击,因此移动自组网的安全性显得尤其重要.在分析现有安全路由协议的基础上,设计了一种由节点直接声誉值和间接声誉值组成的声誉评价机制,对于间接声誉值更注重于由近期的交互所获得的声誉值.并在此基础上提出了安全路由协议SR-DSR,选择路径声誉值与路径长度比值最大的路由来发送数据包,提高了数据包传输的可靠度.通过仿真实验表明,在网络遭受恶意节点攻击时,SR-DSR比DSR在包到达率和网络吞吐量方面具有更好的性能.     

利用类型推理验证Ad Hoc安全路由协议

提出一种基于类型推理的移动Ad-Hoc网络安全路由协议的形式化验证方法.定义了一种邻域限制通信演算NCCC(neighborhood-constrained communication calculus),包括演算的语法和基于规约的操作语义,在类型系统中描述了移动Ad-Hoc网络路由协议的安全属性,定义了近似攻击消息集用以精简Dolev-Yao攻击模型.还给出了该方法的一个协议验证实例.基于类型推理,该方法不仅能够验证协议的安全性,也可以得出针对协议的攻击手段.因为攻击集的精简,有效地缩减了推理空间.     

基于数据链路监视的Ad Hoc网络攻击检测机制

移动Ad hoc网络由于其动态拓扑、无线信道的特点,特别容易受到各种攻击的威胁。该文在安全路由协议的基础上,针对流量模式类攻击,提出一种基于数据链路监视的攻击检测机制。数据传输链路上的节点在获得可靠路由信息基础上,互相监视上下游节点的行为,从而保证数据传输链路的安全,理论分析和仿真结果验证了该机制的有效性。     

基于MCPK的移动网络安全路由方案

针对移动Ad Hoc网络易受虫洞攻击的问题,提出一种基于最佳链路路由协议的MSRP安全路由协议,其中包括邻居检测、身份认证与通信密钥协商过程,探讨在平衡安全和性能的情况下解决OLSR协议中存在的安全问题。采用基于MCPK的安全路由协议,通过在OLSR邻居探测阶段引入安全验证机制来预防虫洞攻击。实验结果表明,随着加密通道长度的增加,虫洞攻击检测率明显上升,该协议能较好地预防和检测虫洞攻击。     

一个高效的Ad Hoc网络匿名路由协议

提出了一个新型高效的适用于小型AdHoc网络的匿名路由协议。该协议建立了一种源节点和目的节点间伪名同步机制,并引入移动代理来防止恶意节点对网络的攻击。利用哈希链性质实现了节点身份的匿名和跳数控制。与一般的需要公钥加密的匿名协议相比,具有较低的网络延迟和更高的运算效率。     

一种基于TPM增强的ARAN安全路由协议

安全路由协议设计是Ad hoc网络安全研究的重要组成部分。当前研究主要集中在采用经典密码学中的方法来保证路由安全。结合可信计算中的TPM和典型的安全路由协议ARAN,提出了一种新的安全路由协议TEARAN,该协议不再采用集中式的公钥证书分发中心PKI,而是采用TPM中的DAA(Directed Anonymous Attestation)方式来进行节点的身份认证,以及软安全中可信阂值来监测部居节点的行为,从而进行公钥可信分发,同时确保了无恶意节点加入网络,另外,也采用公钥签名、会话密钥加密来保证端到端通信的保密性、完整性和不可否认性。理论证明了提出的TEARAN协议能够实现网络的匿名安全,防范当前常见的攻击方式,达到了很好的安全保证效果。     

基于信任评估的Ad hoc网络安全路由协议

针对Ad hoc网络的路由安全问题,提出一种基于信任评估的Ad hoc网络安全路由协议,采用改进的信任评估模型,每个节点维护一张信任表,在路由过程中结合信任表并通过路由请求和路由回复,双向判断上一跳和下一跳节点的可信性,并且在路径选择时综合路径信任值和跳数值2个因素,使得信任评估和路由协议紧密地结合.通过NS2仿真实验进行验证,结果表明,该协议可以较好地避开自私节点,保证路由安全,提高路由性能.     

移动Ad hoc网络中基于模糊逻辑的信任预测模型

为了增强Ad Hoc网络的安全性,提出了一种动态信任预测模型。该模型综合考虑了影响信任的两个因素：节点的历史行为和节点提供服务的能力,引入了时间衰减函数来精确地估计节点的直接信任值,并通过模糊逻辑规则预测方法来评估节点的当前信任值。最后,为了验证该模型的有效性,将该模型应用于AODV路由协议中,定义为FTAODV路由协议,并利用NS-2仿真软件对两种协议进行比较。仿真结果表明：FTAODV路由协议能够有效地监测恶意节点,从而提高了分组投递率,降低了平均端到端时延和路由包开销。     

Trust-based minimum cost opportunistic routing for Ad hoc networks

Recently, opportunistic routing has received much attention as a new design direction. It can exploit the wireless broadcast and more highly reliable opportunistic forwarding, so as to substantially increase the throughput of network. Due to dynamic topology, distributed collaboration, limited bandwidth and computing ability, the absence of enough physical protection in Ad hoc networks, opportunistic routing is vulnerable to attacks by malicious nodes. In order to alleviate the malicious behaviors, we incorporate the concept of trust to Ad hoc networks, build a simple trust model to evaluate neighbors’ forwarding behavior and apply this model to opportunistic routing for Ad hoc networks. A new trusted opportunistic forwarding model is proposed by choosing the trusted and highest priority candidate forwarder, then a trusted minimum cost routing algorithm (MCOR) is formally formulated, the correctness and effectiveness of this algorithm from theoretical analysis are also approved. Finally, MCOR algorithm is verified by simulation using nsclick software and compared its performance with the classic protocols: ExOR, TAODV and Watchdog-DSR. The simulation results show that MCOR scheme can detect and mitigate node misbehaviors. Furthermore, MCOR scheme outperforms the other protocols in terms of: throughput, delay, Expected ETX, security-gains and cost of routing.     

基于动态令牌托管的Ad hoc网络安全路由机制

作为Ad hoc网络大规模应用的先决条件,安全问题必须得到解决.为了加强节点间认证的安全性以及对合法路由的保护,提出一种基于动态令牌托管DTE(Dynamic Token Escrow)的Ad hoc网络安全路由机制,引入带有生存期的令牌控制网络实体间的信任关系,通过托管集实现本地化认证.仿真结果表明,在不安全的网络环境下,本文机制减少了认证消息交互,提高了路由建立的效率.     

A light-weight trust-based QoS routing algorithm for ad hoc networks

In a mobile ad hoc network (MANET), the lack of a trusted infrastructure makes secure and reliable packet forwarding very challenging, especially for providing QoS guarantee for multimedia applications. In this paper, we firstly introduce the concept of trust and QoS metric estimation into establishing a trust-based QoS model. In this model, we estimate the trust degree between nodes from direct trust computation of direct observation and indirect trust computation by neighbors’ recommendations. On the other hand, due to the NP-completeness of the multi-QoS constraints problem, we only take into account link delay as the QoS constraint requirement. Then, we design a trust-based QoS routing algorithm (called TQR) from the trade-off between trust degree and link delay. At last, by using NS2 we implement this algorithm based on AODV (Ad hoc On-demand Distance Vector). We compare its performance with AODV, Watchdog-DSR and QAODV. The simulation results show that TQR scheme can prevent attacks from malicious nodes and improve the security performance of the whole network, especially in terms of packet delivery ratio, average end-to-end delay, routing packet overhead and detection ratio of malicious nodes.     

支持自愈恢复的WMPLS安全自组网路由协议

基于WMPLS协议体系,结合无线移动自组网的特点,同时考虑路由的安全性,提出了一种支持自愈恢复的WMPLS信令建立标签交换路径的安全自组网路由协议SA-WMPLS。该协议不仅提高了选路的性能,简化了转发机制,而且能够快速恢复中断的链路。通过构建adhoc网络仿真模型,仿真分析了SA-WMPLS路由协议的性能,验证了协议的安全特性。     

Trust-based security for the OLSR routing protocol

The trust is always present implicitly in the protocols based on cooperation, in particular, between the entities involved in routing operations in Ad hoc networks. Indeed, as the wireless range of such nodes is limited, the nodes mutually cooperate with their neighbors in order to extend the remote nodes and the entire network. In our work, we are interested by trust as security solution for OLSR protocol. This approach fits particularly with characteristics of ad hoc networks. Moreover, the explicit trust management allows entities to reason with and about trust, and to take decisions regarding other entities.In this paper, we detail the techniques and the contributions in trust-based security in OLSR. We present trust-based analysis of the OLSR protocol using trust specification language, and we show how trust-based reasoning can allow each node to evaluate the behavior of the other nodes. After the detection of misbehaving nodes, we propose solutions of prevention and countermeasures to resolve the situations of inconsistency, and counter the malicious nodes. We demonstrate the effectiveness of our solution taking different simulated attacks scenarios. Our approach brings few modifications and is still compatible with the bare OLSR.     

Ad hoc网络安全技术简介

Ad hoc网络是一种没有有线基础设施支持的移动网络,网络中的节点均由移动主机构成。由于节点的移动性导致网络拓扑结构不断变化,节点通信完全依靠无线链路,相对于有线网络在安全性上面临更大的挑战。本文根据Ad hoc网络面临的安全问题,分析了Ad hoc网络中常见的攻击方式,并集中讨论了Ad hoc网络的安全路由、密钥管理等关键问题。     

TEA-CBRP: Distributed cluster head election in MANET by using AHP

Mobile Ad hoc Network consists of a set of mobile nodes that are communicating in a wireless channel. In this network, the number of nodes and their mobility have an impact on the routing performance. In order to improve the routing performance of large scale Mobile Ad Hoc Networks, clustering is one of the solution. When clustering is implemented, an unconditional cooperation among the intra cluster and inter cluster nodes is necessary. In the event where a malicious or selfish node is elected as a cluster head, the routing performance gets significantly affected. In this paper, the key decision factors such as the trust value, remaining energy, and the time of availability of the mobile node is explored to elect a cluster head. Further, these three decision factors are incorporated into the Analytical Hierarchy Process technique in order to elect the most cooperative node as the cluster head. An enhancement to the existing Cluster based Routing Protocol, is proposed in this paper and then enhanced work, is termed as Trust Energy Availability based Cluster Based Routing Protocol. A network based on the proposed protocol is simulated. The important routing performance parameters such as packet delivery ratio, end to end latency, routing packet overhead, and the number of times cluster head changes are discussed for the simulated network and the results are compared with AODV and CBRP routing protocols. The simulation results have shown that the proposed cluster based routing protocol improves the network performance by eliminating malicious and selfish nodes from being elected as cluster head.