基于椭圆曲线的Ad hoc网络门限身份认证研究

移动Ad hoc网络是一种拥有自组织、自愈能力而且复杂分布式的网络,Ad hoc网络由能够移动无线节点构成,具有网络拓扑动态变化特性。根据这些特点,安全隐患是Ad hoc网络最主要的缺陷,尤其身份认证作为整个Ad hoc网络达到安全稳定的前提,不言而喻在移动Ad hoc网络中至关重要。提出基于椭圆曲线的Ad hoc网络门限身份认证思想,利用椭圆曲线数字签名算法建立子密钥和群密钥,通过子证书的合成并且进行身份验证,使算法具有极强的安全性、高效率,而且降低了计算难度,满足自组移动的Ad hoc网络特性。     

适合ad hoc网络无需安全信道的密钥管理方案

密钥管理问题是构建ad hoc安全网络系统首要解决的关键问题之一.针对ad hoc网络特点,提出了一个无需安全信道的门限密钥管理方案.该方案中,可信中心的功能由局部注册中心和分布式密钥生成中心共同实现,避免了单点失效问题;通过门限技术,网络内部成员相互协作分布式地生成系统密钥;利用基于双线性对的公钥体制实现了用户和分布式密钥生成中心的双向认证;通过对用户私钥信息进行盲签名防止攻击者获取私钥信息,从而可以在公开信道上安全传输.分析表明该方案达到了第Ⅲ级信任,具有良好的容错性,并能抵御网络中的主动和被动攻击,在满足ad hoc网络安全需求的情况下,极大地降低了计算和存储开销.     

ad hoc网络中数据管理与传输算法的研究

数据的管理与有效传输是ad hoc网络资源能否得到最大化利用,实现网络的最优化运行的一个关键因素.本文利用数据管理的方法,实现相关数据的有效传输以及对数据的有效调度,解决了网络资源浪费问题,并减少了单个节点执行多个任务花费的时间.     

一种解决ad hoc网络中自私节点安全问题的方法

移动ad hoc网络（MANET）路由和分组转发功能需要节点间的相互合作，自私节点为节约能量而不参与合作，将会影响网络的正常工作．因此本文将针对自私节点危害和解决方法展开分析，并提出一种改进解决方法——基于可信任中心服务器和邻居监测的合作增强机制，该方法不但能够激励节点间的相互合作，而且有效地解决了自私节点改变用户身份的欺骗攻击．最后，仿真结果表明这种合作增强机制对自私节点安全问题是有效的，并且易于实用化．     

在ad hoc网络中一种新的节能路由切换模型

提出了一种基于能量消耗的路由切换模型(ERHM),它在路由维护中利用切换技术来使路由的能量消耗最小.仿真结果表明采用切换技术的ERHM模型的能量节省量要比不采用切换技术节约1.5～7.5倍,且节点的移动性越大,能量节约越多.     

无线ad hoc网络中基于最坏干扰的最大网络容量研究

无线ad hoc网络中,提高网络容量的一个重要的方法是增加网络的空间复用。增加网络的空间复用主要有两种途径:减小节点的发送功率和增大节点的载波监听阈值。但是减少发送功率和增大载波监听阈值分别使得接收到的信号强度降低和累积干扰水平增高,使得接收节点处的信噪比(SINR)降低,从而导致数据传输率降低影响了网络的空间复用。文章首先建立合理的干扰模型,该模型能够检测到所有的隐藏终端。并结合香农定理,建立了网络空间复用同节点发送功率和载波监听阈值的数学模型。当传输距离为200m,路径衰减指数为3时,发送功率/载波监听阈值=1.7×108,网络的容量达到最大。     

采用方向性天线的ad hoc网络路由协议研究

为了降低方向性天线扫描路由发现的开销和代价,有效利用方向性天线的高空间复用度和高传输能力,提出一种采用方向性天线的ad hoc网络位置信息辅助的按需距离矢量路由协议DLAODV,协议以按需方式获取网络节点的位置信息,结合泛洪、受限泛洪、路由压缩、位置信息修正的贪婪转发策略以及分区桥接策略,充分利用方向性天线优势,有效提高路由发现效率,路由区分维护策略有效降低了路由维护开销.仿真结果显示,DLAODV能够使得网络获得高吞吐率、低时延和开销性能,相比采用全向天线的AODV协议性能获得了明显提升.     

移动ad hoc网络安全综述

移动ad hoc网络是由移动节点自组织形成的网络,由于其动态拓扑、无线通信的特点,容易遭受各种安全威胁.该文介绍了移动ad hoc网络安全研究的最新研究进展.首先从传输信道、移动节点、动态拓扑、安全机制、路由协议几方面,分析了移动ad hoc网络的安全弱点,然后将移动ad hoc网络安全方面的研究分为三个方向:密钥分配与管理、入侵检测、增强合作.对每个方向内一些典型安全方案也进行了分类论述,同时分析了各种方案的优点和缺点,并进行了综合比较.文中阐明了目前协议存在的一些问题并提出了相应的改进方法,最后指出了下一步研究方向.     

基于带宽估计的ad hoc网络拥塞控制机制

针对ad hoc网络提出了一种基于带宽估计的拥塞控制机制.该机制通过实时的监测无线节点链路的工作状态,来估计节点的可用带宽,从而获得节点的拥塞程度指标,根据包的类型进行拥塞控制.由于带宽估计不需要与其他节点进行状态信息交换,降低了系统开销.同时拥塞控制机制缓解了无线网络的拥塞状态,提高了网络性能.     

无线ad hoc网络中多路径负载平衡性能分析

提出了一种新颖的分析模型来计算无线ad hoc网络中多路径情况下的负载。该模型考虑到多路径的数目、路由的选取方法以及网络中节点的密度等条件，能够对不同网络条件下的负载进行较好的分析与理论计算。仿真结果与理论计算有良好的一致性，结果表明在无线ad hoc网络中简单地使用多路径路由并不能有效地平衡网络负载。这一结论与目前普遍认定的结论（在无线ad hoc网络中使用多路径路由和在有线网络中使用多路径路由一样，可以很好地平衡网络负载、增加网络的吞吐量）是不一致的。     

An improved EAAP scheme for vehicular ad hoc networks

Recently, Maria Azees et al proposed an “EAAP: efficient anonymous authentication with conditional privacy‐preserving scheme for Vehicular Ad Hoc Networks.” Their scheme is mainly to solve the problem of high computation time of anonymous certificate and signature authentication, as well as the tracking problem of malicious vehicles. However, some improvements are needed in the protection of anonymous identity and the effective tracking of malicious vehicles. In this paper, our scheme realizes mutual authentication between OBU and RSU, and the RSU is authenticated without using certificate. In order to prevent the anonymous identity of the vehicles from being monitored and tracked, we use the negotiated short‐time key to encrypt the anonymous identity in the vehicle certificates. In addition, our scheme uses a new tracking method for malicious vehicles. Then, we prove the scheme through BAN logic, and it has the properties of authentication, anonymity, unlinkability, privacy protection, and traceability. Finally, we compare the computation cost and communication cost with other schemes, and the scheme has been greatly improved.     

Research on pairing-free certificateless batch anonymous authentication scheme for VANET

To solve the problem of security and efficiency of anonymous authentication in vehicular ad hoc network,a pairing-free certificateless batch anonymous authentication scheme was proposed.The public and private keys and pseudonyms were jointly generated by the trusted third party and vehicle,so the system security didn't depend on the tamper device.The scheme can realize authentication,anonymity,traceability,unforgeability,forward or backward security,and so on.Furthermore,under the random oracle model,the scheme can resist Type I and Type II attacks.Because there is no need to use certificates during authentication,the system storage load is effectively reduced.At the same time,the scheme realizes the batch message authentication on the basis of pairing-free operation,so the authentication efficiency is improved.Therefore,the scheme has important theoretical significance and application value in the resource-limited internet of things or embedded environment.     

车载自组织网络中基于椭圆曲线零知识证明的匿名安全认证机制

依据车载自组织网络的特点,提出了一种基于椭圆曲线零知识证明的匿名安全认证机制,利用双向匿名认证算法避免消息收发双方交换签名证书,防止节点身份隐私在非安全信道上泄露;利用基于消息认证码的消息聚合算法,通过路边单元协助对消息进行批量认证,提高消息认证速度,避免高交通密度情形下大量消息因得不到及时认证而丢失。分析与仿真实验表明,该机制能实现车辆节点的隐私保护和可追踪性,确保消息的完整性。与已有车载网络匿名安全认证算法相比,该机制具有较小的消息延迟和消息丢失率,且通信开销较低。     

Ad hoc空间网络密钥管理与认证方案

为了使一组卫星动态配置成一个具有灵活的分布式体系结构的集成网络信息系统，可以采用ad hoc组网方式，这种卫星网络的组网方式带来了新的安全挑战。提出了一个灵活的安全方案，设计了公钥基础设施和认证策略。基于完全分布式的认证中心，可以直接采用几乎所有的标准公钥认证协议。当空间节点的计算能力有限时，设计了一个轻型的基于对称密钥算法和单向散列函数的认证协议，在提供保密性和数据完整性的同时大大减小了计算量。     

Multifold node authentication in mobile ad hoc networks

An ad hoc network is a collection of nodes that do not need to rely on a predefined infrastructure to keep the network connected. Nodes communicate amongst each other using wireless radios and operate by following a peer‐to‐peer network model. In this article, we propose a multifold node authentication approach for protecting mobile ad hoc networks. The security requirements for protecting data link and network layers are identified and the design criteria for creating secure ad hoc networks using multiple authentication protocols are analysed. Such protocols, which are based on zero‐knowledge and challenge‐response techniques, are presented through proofs and simulation results. Copyright © 2007 John Wiley & Sons, Ltd.     

在椭圆曲线域中基于身份认证的移动ad hoc密钥管理框架

提出一种建立在椭圆曲线域上的基于双向身份认证的移动adhoc密钥管理框架。框架中的门限方案增强了系统的健壮性，基于身份的双向认证方案确保了交互节点身份的真实性，从而能将恶意仿冒节点和恶意发送虚假信息节点快速从系统中分离出来。     

A secure mutual authentication scheme with non‐repudiation for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) have been a research focus in recent years. VANETs are not only used to enhance the road safety and reduce the traffic accidents earlier but also conducted more researches in network value‐added service. As a result, the security requirements of vehicle communication are given more attention. In order to prevent the security threat of VANETs, the security requirements, such as the message integrity, availability, and confidentiality are needed to be guaranteed further. Therefore, a secured and efficient verification scheme for VANETs is proposed to satisfy these requirements and reduce the computational cost by combining the asymmetric and symmetric cryptology, certificate, digital signature, and session key update mechanism. In addition, our proposed scheme can resist malicious attacks or prevent illegal users' access via security and performance analysis. In summary, the proposed scheme is proved to achieve the requirements of resist known attacks, non‐repudiation, authentication, availability, integrity, and confidentiality. Copyright © 2015 John Wiley & Sons, Ltd.     

Anonymous authentication scheme of trusted mobile terminal under mobile Internet

In order to solve the contradictions between user privacy protection and identity authentication, an anonymous authentication scheme under mobile Internet is proposed, which is based on the direct anonymous attestation of trusted computing and uses the encrypting transfer and signature validation for its implementation. Aiming at two access mode of trusted mobile terminal under mobile Internet, self access and cross-domain access, the authentication process of each mode is described in details. The analysis shows that the scheme implements anonymous authentication on mobile Internet and is correct, controllable and unforgeable.     

Privacy‐preserving authentication schemes for vehicular ad hoc networks: a survey

Vehicular ad hoc networks (VANETs) are expected in improving road safety and traffic conditions, in which security is essential. In VANETs, the authentication of the vehicular access control is a crucial security service for both inter‐vehicle and vehicle–roadside unit communications. Meanwhile, vehicles also have to be prevented from the misuse of the private information and the attacks on their privacy. There is a number of research work focusing on providing the anonymous authentication with preserved privacy in VANETs. In this paper, we specifically provide a survey on the privacy‐preserving authentication (PPA) schemes proposed for VANETs. We investigate and categorize the existing PPA schemes by their key cryptographies for authentication and the mechanisms for privacy preservation. We also provide a comparative study/summary of the advantages and disadvantages of the existing PPA schemes. Lastly, the open issues and future objectives are identified for PPA in VANETs. Copyright © 2014 John Wiley & Sons, Ltd.