Automating the security analysis process of secure ad hoc routing protocols

Conventional security property evaluation approaches for ad hoc network routing protocols do not provide an automated or exhaustive capability. This paper provides an automated process to evaluate security properties in the route discovery phase for on-demand source routing protocols. For a given network topology, model checking is used to exhaustively evaluate protocol abstractions against an attacker attempting to corrupt the route discovery process. Additionally, topology reduction techniques are developed to reduce computational requirements while maintaining exhaustive analysis results.     

基于SPI演算的移动自主网络安全路由协议分析

安全协议是许多分布式系统安全的基础,也是MANET网络的基础,确保MANET路由协议的安全运行是极为重要的。对于MANET的特点,设计一个可靠的安全路由协议是必须的,也是一个艰巨的任务,但大多数的安全路由协议都是通过模拟结果来进行解释的,缺乏严格形式化分析来确保其安全属性。在传统的安全属性中,加密协议已经被形式化分析许多年了,然而去形式化分析移动adhoc网路由协议的工作并没有出现已成熟的方法和理论的文献。论文针对SRP(secureroutingprotocol)协议模型用SPI演算做出形式化分析,在论文提出的攻击者进程模型下,可以推导出SRP产生一定的脆弱性。     

车载自组织网络路由协议的仿真研究

本文简要介绍了车载自组织网络和移动自组织网络中两个典型的路由协议:表驱动路由协议DSDV和按需路由协议AODV;还介绍了一个实用的移动模型,使仿真实验更加接近现实。在Linux下使用网络仿真工具NS2对这两个典型协议进行仿真,并对仿真结果进行分析比较和性能评价,得出:AODV和DSDV协议都不太适用于车辆自组织网络,所以设计适合车辆网路的协议是急需解决的问题。     

多跳无线移动Ad Hoc网络路由协议的研究分析

无线移动Ad Hoe网络(MANET)作为可移动分布式多跳无线网络，没有预先确定的网络拓扑或网络基础设施以及集中控制．为了在如此的网络中促进通信，路由协议主要用于在节点之间发现路径．Ad Hoe网络路由协议的主要目的是网络拓扑的动态变化、任意两个节点之间建立一个使得通信总费用和带宽消费最少的正确和有效的通信路径．描述了设计移动Ad Hoe网络路由协议所面临的问题以及对它们的评价，详细比较了七种典型无线移动AdHoe网络路由协议的特性和功能，即DSDV，CGSR，WRP，AODV，DSR，TORA和ABR，为进一步的研究提出了新的课题．     

一种安全的Ad Hoc网络路由协议SGSR

Ad Hoc网络作为一种无线移动网络,其安全问题,特别是路由协议的安全备受关注。针对现有适合移动Ad Hoc网络的链路状态路由协议GSR无法防范恶意节点伪造、篡改、DoS攻击的现状,本文提出了一种在移动Ad Hoc网络中抵抗单个节点恶意攻击的安全路由协议SGSR,给出了认证协议的形式化证明,并对路由协议进行仿真和性能分析。     

利用类型推理验证Ad Hoc安全路由协议

提出一种基于类型推理的移动Ad-Hoc网络安全路由协议的形式化验证方法.定义了一种邻域限制通信演算NCCC(neighborhood-constrained communication calculus),包括演算的语法和基于规约的操作语义,在类型系统中描述了移动Ad-Hoc网络路由协议的安全属性,定义了近似攻击消息集用以精简Dolev-Yao攻击模型.还给出了该方法的一个协议验证实例.基于类型推理,该方法不仅能够验证协议的安全性,也可以得出针对协议的攻击手段.因为攻击集的精简,有效地缩减了推理空间.     

移动自组网中一种面向群组移动性的位置服务协议

基于位置信息的路由协议被广泛认为是一种可扩展的移动自组网路由解决方案.大多数此类协议假定可通过位置服务协议获取结点的位置信息.研究人员现已提出多种位置服务协议.但是,它们在大规模网络环境中的可扩展性不好,或者在高动态网络环境中可靠性不高.本文提出了一种适用于大规模移动自组网的面向群组移动性的可扩展及可靠的位置服务协议.模拟结果表明此协议比SLURP协议更适合于具有群组移动性的大规模移动自组网.     

A secure anonymous routing protocol with authenticated key exchange for ad hoc networks

Anonymity and authenticated key exchange should be paid much more attention in secure mobile ad hoc routing protocols, especially in privacy-vital environment. However, as far as we know, few papers on secure routing protocols have addressed both the anonymity and authenticated key exchange. Therefore, in this paper, we present a new secure anonymous routing protocol with authenticated key exchange for ad hoc networks. In comparison with other previous secure routing protocols, our proposed protocol not only provides the anonymity to the route from the source to the destination, but also integrates the authenticated key exchange into the routing algorithm.     

按需式ad hoc移动网络路由协议的研究进展

Ad hoc移动网络是一种完全由移动主机构成的网络，网络拓扑易变，带宽，能源有限是ad hoc移动网络的主要特点，针对这些特点，目前设计的ad hoc路由协议大多采用按需查找方式，该文介绍了这方面研究的最新进展，对几种典型的按需路由协议进行了说明，分析和综合比较，文中分析了目前协议存在的一些问题并提出了相应的改进方法，最后指出了下一步研究方向。     

Trust-based security for the OLSR routing protocol

The trust is always present implicitly in the protocols based on cooperation, in particular, between the entities involved in routing operations in Ad hoc networks. Indeed, as the wireless range of such nodes is limited, the nodes mutually cooperate with their neighbors in order to extend the remote nodes and the entire network. In our work, we are interested by trust as security solution for OLSR protocol. This approach fits particularly with characteristics of ad hoc networks. Moreover, the explicit trust management allows entities to reason with and about trust, and to take decisions regarding other entities.In this paper, we detail the techniques and the contributions in trust-based security in OLSR. We present trust-based analysis of the OLSR protocol using trust specification language, and we show how trust-based reasoning can allow each node to evaluate the behavior of the other nodes. After the detection of misbehaving nodes, we propose solutions of prevention and countermeasures to resolve the situations of inconsistency, and counter the malicious nodes. We demonstrate the effectiveness of our solution taking different simulated attacks scenarios. Our approach brings few modifications and is still compatible with the bare OLSR.     

Backup path set selection in ad hoc wireless network using link expiration time

Topological changes in mobile ad hoc networks frequently render routing paths unusable. Such recurrent path failures have detrimental effects on quality of service. A suitable technique for eliminating this problem is to use multiple backup paths between the source and the destination in the network. Most of the proposed on-demand routing protocols however, build and rely on single route for each data session. Whenever there is a link disconnection on the active route, the routing protocol must perform a path recovery process. This paper proposes an effective and efficient protocol for backup and disjoint path set in an ad hoc wireless network. This protocol converges into a highly reliable path set very fast with no message exchange overhead. The paths selection according to this algorithm is beneficial for mobile ad hoc networks, since it produces a set of backup paths with much higher reliability. Simulations are conducted to evaluate the performance of our algorithm in terms of route numbers in the path set and its reliability. In order to acquire link reliability estimates, we use link expiration time (LET) between each two nodes.In another experiment, we save the LET of entire links in the ad hoc network during a specific time period, then use them as a data base for predicting the probability of proper operation of links.Links reliability obtains from LET. Prediction is done by using a multi-layer perceptron (MLP) network which is trained with error back-propagation error algorithm. Experimental results show that the MLP net can be a good choice to predict the reliability of the links between the mobile nodes with more accuracy.     

一种跨层移动自组网络安全路由协议

网络层安全是移动自组网安全的一个基本方面。过去,人们对移动自组网网络层安全的研究主要集中在使用密码体制来保护路由消息的真实性和完整性上。但是,密码学体制所带来的额外资源开销和延时比较大。因此,移动自组网需要一种轻权的网路层安全机制。本文提出了一种基于跨层的移动自组网安全路由协议,利用跨层信息来提高网络层的安全性。模拟实验表明,我们所提出的安全路由协议是有效的。     

E-ODMRP: Enhanced ODMRP with motion adaptive refresh

On-Demand Multicast Routing Protocol (ODMRP) is a multicast routing protocol for mobile ad hoc networks. Its efficiency, simplicity, and robustness to mobility render it one of the most widely used MANET multicast protocols. At the heart of the ODMRP’s robustness is the periodic route refreshing. ODMRP rebuilds the data forwarding “mesh” on a fixed interval and thus the route refresh interval is a key parameter that has critical impact on the network performance. If the route refresh rate is too high, the network will undergo too much routing overhead, wasting valuable resources. If it is too low, ODMRP cannot keep up with network dynamics, resulting in packet losses due to route breakages. In this paper, we present an enhancement of ODMRP with the refresh rate dynamically adapted to the environment. Simulation results show that the Enhanced ODMRP (E-ODMRP) reduces the packet overhead by up to a half yet keeping a packet delivery ratio comparable to that of the original ODMRP. E-ODMRP compares favorably with other published multicast schemes.     

Virtual-Force-Based Geometric Routing Protocol in MANETs

Routing is the foremost issue in mobile ad hoc networks (MANETs). To guarantee delivery and improve performance, most position-based routing protocols, e.g., greedy-face-greedy (GFG), forward a message in greedy routing mode until the message is forwarded to a local minimum where greedy forwarding is impossible. They then switch to a less efficient mode known as face routing. Face routing requires the underlying network to be a planar graph which makes geometric routing only theoretically feasible. To remove this constraint, this paper tackles the local minimum problem with two new methods. First, we construct a virtual small-world network by adding virtual long links to the network to reduce the number of local minima. Second, we use the virtual force method to recover from local minima without relying on face routing. Combining these two methods, we propose a purely greedy routing protocol, the small-world iterative navigation greedy (SWING+) routing protocol. Simulations are conducted to evaluate SWING+ against existing geometric routing protocols. Simulation results show that SWING+ guarantees delivery, and that its performance is comparable to that of the state-of-the-art greedy other adaptive face routing (GOAFR+) routing protocol.     

移动Ad hoc网络中的特殊攻击

目前关于移动Adhoc网络的研究大多集中在路由协议的提出和改进方面,但随着移动Adhoc网络的广泛应用,其固有的特性和安全漏洞带来了极大的安全隐患,各种类型的攻击越来越威胁正常的网络运行,安全问题日益成为这一领域的研究热点。针对移动Adhoc网络的弱点,介绍了4种特殊攻击及相应的处理方法。     

Scalability of routing methods in ad hoc networks

In an ad hoc network each host (node) participates in routing packets. Ad hoc networks based on 802.11 WLAN technology have been the focus of several prior studies. These investigations were mainly based on simulations of scenarios involving up to 100 nodes (usually 50 nodes) and relaxed (too unrealistic) data traffic conditions. Many routing protocols in such setting offer the same performance, and many potential problems stay undetected. At the same time, an ad hoc network may not want (or be able) to limit the number of hosts involved in the network. As more nodes join an ad hoc network or the data traffic grows, the potential for collisions and contention increases, and protocols face the challenging task to route data packets without creating high administrative load. The investigation of protocol behavior in large scenarios exposes many hidden problems. The understanding of these problems helps not only in improving protocol scalability to large scenarios but also in increasing the throughput and other QoS metrics in small ones. This paper studies on the example of AODV and DSR protocols the influence of the network size (up to 550 nodes), nodes mobility, nodes density, suggested data traffic on protocols performance. In this paper we identify and analyze the reasons for poor absolute performance that both protocols demonstrate in the majority of studied scenarios. We also propose and evaluate restructured protocol stack that helps to improve the performance and scalability of any routing protocol in wireless ad hoc networks.     

移动Ad hoc网络路由协议安全研究

移动ad hoc网络是一种完全由移动主机构成的网络,其主要特点为网络拓扑易变,带宽、能源有限。这些特点使得适应于固定网络的安全策略在移动ad hoc网络上不能很好地发挥作用,需要设计一些针对其特点的解决方案.该文介绍了针对移动ad hoc网络路由协议安全方面的最新研究进展,首先介绍了移动ad hoc网络的安全弱点和攻击类型,其后时一些典型方案进行了说明,分析了各种方案的优点和缺点,并进行了综合比较。文中分析了目前协议存在的一些问题并提出了相应的改进方法,最后指出了下一步研究方向。     

一种基于信誉机制的AdHoc网络安全路由

介绍了移动AdHoc网络的基本概念及其特点,针对目前移动AdHoc网络路由协议的各种攻击模型,分析了攻击对网络性能的影响,研究了一种基于信誉机制的AdHoc网络安全路由协议的设计原理,为移动AdHoc网络建立了一种比较灵活的、没有增加很多负载的安全路由机制。     

移动Ad Hoc网络多播路由协议的研究进展

移动AdHoc网络是一个自组织、移动节点通过无线链路组成的动态拓扑变化的网络.由于网络规模小、无基础设施、构建迅速等特点,从而广泛用于紧急事件、军事和民用领域以及多媒体应用等.随着网络应用规模的增长,在移动AdHoc网络中支持多播路由成为网络领域中一类重要的研究课题.该文综述了移动AdHoc网络多播路由方面的一些最新工作,论述了设计移动AdHoc网络多播路由协议的特性、问题和技术,详细描述和比较了目前典型的移动AdHoc网络多播路由协议,为进一步的应用和研究提出了新的课题.