HiMAC:一种用于消息认证和加密的分层安全协议

为检测并阻止恶意节点伪装成新的可信节点攻击移动自组织网络,该文提出了一种用于消息认证和加密的分层安全协议(HiMAC)。该协议将分层消息认证码用于保护移动Ad-Hoc网络中的数据传播。在源和目标之间的由中间节点转发分组时动态地计算可信路由,在每个中间节点对数据包进行签名和加密,防止攻击者篡改数据包或修改其跳数,实现数据可信传输。在NS2模拟器中,运用Crypto++库中的RSA算法对HiMAC进行测试。结果表明:HiMAC可以检测和阻止对MANET节点和数据包的攻击;与原有的A-SAODV安全机制相比,HiMAC平均跳数减少了47.1%,平均队列长度减小了35.5%,节点数据包数量降低2.5倍,其性能明显优于A-SAODV。尽管HiMAC的密码操作给路由协议带来了额外的开销,但由于HiMAC采用基于信任机制动态建立安全路由,使得节点能够动态地选择路径上的下一个节点,不必始终保持安全路由,使得HiMAC中的增减开销可以相互抵消达到平衡。     

Ad Hoc网络中的地理路由机制

介绍了各种Ad Hoc路由协议,讨论了AdHoc网络的地理路由机制。地理路由使用节点的地理位置作为它们的地址来将数据包传向目的节展性并且点。节点仅须知道邻节点的位置,而且不需要有明确的路由建立,它具有很好的扩支持节点间通信的任意性。     

Trust-based security for the OLSR routing protocol

The trust is always present implicitly in the protocols based on cooperation, in particular, between the entities involved in routing operations in Ad hoc networks. Indeed, as the wireless range of such nodes is limited, the nodes mutually cooperate with their neighbors in order to extend the remote nodes and the entire network. In our work, we are interested by trust as security solution for OLSR protocol. This approach fits particularly with characteristics of ad hoc networks. Moreover, the explicit trust management allows entities to reason with and about trust, and to take decisions regarding other entities.In this paper, we detail the techniques and the contributions in trust-based security in OLSR. We present trust-based analysis of the OLSR protocol using trust specification language, and we show how trust-based reasoning can allow each node to evaluate the behavior of the other nodes. After the detection of misbehaving nodes, we propose solutions of prevention and countermeasures to resolve the situations of inconsistency, and counter the malicious nodes. We demonstrate the effectiveness of our solution taking different simulated attacks scenarios. Our approach brings few modifications and is still compatible with the bare OLSR.     

一种MANET网络的位置辅助路由协议

Ad-Hoc网络（即MANET）由于节点的移动，导致路由频繁变化．基于位置辅助路由协议（LAR1），本文提出了一种带路径优化的增强LAR1协议（ELAR1）．节点通过在接收到的路由请求包中获取其携带的其它转发节点位置信息，提高发起路由请求时预知目的节点位置的几率，降低网络内路由广播包的数量．针对路由路径中可能存在非最短路由，利用位置信息对获得的路由进行路径优化．仿真结果表明，ELAR1比LAR1有较低的路由请求开销、较高的包投递率和较低的端到端延迟．     

基于XYLS的TGPSR路由协议

如果目的节点的位置信息较准确,GPSR路由协议可以高效地发送数据包到目的节点。目的节点的位置信息不准确时,则会导致数据包的严重丢失。针对这个问题,提出了TGPSR（Two-hop Greedy Perimeter Stateless Routing）路由协议：每个节点维持两跳的邻居节点列表,显著增加了对目的节点位置信息的容忍度,在位置信息不够准确的情况下也可以把数据包发送到目的节点。基于XYLS（Column-Ron-Location Service）的TGPSR协议利用XYLS位置服务协议负载较小、可扩展性良好的特点将更多的带宽用于数据传输,进一步提高协议的性能。     

一种基于稳定簇的混合路由协议CBHRP

移动算组网是一种没有有线基础结构支持的移动网络,具有带宽有限和拓扑结构易变的特点。这些特点使得设计一个合适的路由协议具有一定的挑战性。该文针对移动自组网提出了一种基于稳定簇结构、按需路由和预先路由混合、支持单播和组播通信的路由协议CBHRP。CBHRP具有路由控制开销小、主机移动对拓扑结构改变的影响小、通信的初始延迟低和应用范围广的特点。     

Black Hole Attack Detection and Performance Improvement in Mobile Ad-Hoc Network

ABSTRACT

Security is an essential service for mobile network communications. Routing plays an important role in the security of mobile ad-hoc networks (MANETs). A wide variety of attacks targets the weakness of MANETs. By attacking the routing protocols, attackers can absorb network traffic, injecting themselves into the path between the source and destination. The black hole attack is one of the routing attacks where a malicious node advertise itself as having the shortest path to all nodes in the network by sending fake route reply. In this paper, a defense scheme for detecting black hole node is proposed. The detection is based on the timing information and destination sequence numbers maintained in the Neighborhood Route Monitoring Table. The table maintains the record of time of Reply. A black hole node will send a route reply message without checking the routing table as the legitimate node normally does. This reduced reply time is used to detect the black hole node. To improve the security further, the destination sequence number is checked with the threshold value, which is dynamically updated. The simulation results demonstrate that the protocol not only detects black hole attack but also improves the overall performance.     

A direction-based geographic routing scheme for intermittently connected mobile networks

In an intermittently connected mobile network, a complete routing path from a source to a destination cannot be guaranteed most of the time. Therefore, traditional routing methods for mobile ad hoc networks are not applicable in such a network. Current approaches for intermittently connected mobile networks are primarily based on redundant transmission and single-copy opportunistic routing. However, they incur either high overhead due to excessive transmissions, or long delay due to incorrect path choices during forwarding. In this paper, we propose a direction-based geographic (DIG) routing scheme for intermittently connected mobile networks. Relying on geographic location information, the packets are routed in a path approximately to the shortest path from the source node to the destination, which significantly reduces the overhead in redundant transmission and decreases the transmission delay in the single-copy opportunistic routing. Theoretical analysis and trace-driven experimental results show that DIG provides low transmission delay with low overhead in comparison with the schemes in the redundant transmission and single-copy opportunistic routing.     

Spray and forward:Efficient routing based on the Markov location prediction model for DTNs

Typical delay tolerant networks(DTNs)often suffer from long and variable delays,frequent connectivity disruptions,and high bit error rates.In DTNs,the design of an efficient routing algorithm is one of the key issues.The existing methods improve the accessibility probability of the data transmission by transmitting many copies of the packet to the network,but they may cause a high network overhead.To address the tradeoff between a successful delivery ratio and the network overhead,we propose a DTN routing algorithm based on the Markov location prediction model,called the spray and forward routing algorithm(SFR).Based on historical information of the nodes,the algorithm uses the second-order Markov forecasting mechanism to predict the location of the destination node,and then forwards the data by greedy routing,which reduces the copies of packets by spraying the packets in a particular direction.In contrast to a fixed mode where a successful-delivery ratio and routing overhead are contradictory,a hybrid strategy with multi-copy forwarding is able to reduce the copies of the packets efficiently and at the same time maintain an acceptable successful-delivery ratio.The simulation results show that the proposed SFR is efficient enough to provide better network performance than the spray and wait routing algorithm,in scenarios with sparse node density and fast mobility of the nodes.     

Game Theoretic Stochastic Routing for Fault Tolerance and Security in Computer Networks

We introduce the game-theoretic stochastic routing (GTSR) framework, a proactive alternative to today's reactive approaches to route repair. GTSR minimizes the impact of link and router failure by 1) computing multiple paths between source and destination and 2) selecting among these paths randomly to forward packets. Besides improving fault tolerance, the fact that GTSR makes packets take random paths from source to destination also improves security. In particular, it makes connection eavesdropping attacks maximally difficult as the attacker would have to listen on all possible routes. The approaches developed are suitable for network layer routing, as well as for application layer overlay routing and multipath transport protocols such as the stream control transmission protocol (SCTP). Through simulations, we validate our theoretical results and show how the resulting routing algorithms perform in terms of the security/fault-tolerant/delay/throughput trade-off. We also show that a beneficial side effect of these algorithms is an increase in throughput, as they make use of multiple paths.     

Enhanced reliable reactive routing (ER3) protocol for multimedia applications in 3D wireless sensor networks

Sensor networks designed especially for the multimedia applications require high data rate and better Quality of Service (QoS). Offering a reliable and energy efficient routing technique in a harsh and complex three-dimensional (3-D) environment for multimedia applications is a challenging job. Geo-routing and geometric routing have been efficient routing schemes for two-dimensional (2-D), but are unable to work properly for 3-D sensor networks. In order to enhance the resilience to link the dynamics in the 3-D sensor network, in this research an Enhanced Reliable Reactive Routing (ER3) is proposed. ER3 is an advancement to the existing reactive routing schemes, to provide energy efficient and reliable routing of data packets in the complex 3-D sensor networks for multimedia applications. The major attraction of ER3 is its backoff scheme, which occurs in the route discovery phase. In backoff scheme robust pilot paths formed between the source and destination are calculated to enable cooperative forwarding of the data packets. The data packets in ER3 are forwarded greedily to the destination from the source and doesn’t require any prior location information of the nodes. The encompassing simulations suggest that the ER3 outperforms the existing routing protocols on the basis of energy efficiency, low latency and high packet delivery ratio.

     

Routing security scheme based on reputation evaluation in hierarchical ad hoc networks

In this paper, we propose a new Routing Security Scheme based on Reputation Evaluation (RSSRE) to meet security requirements in hierarchical ad hoc networks. In this model, the reputation relationship is defined in consideration of the related node roles and functions, while the reputation evaluation mechanism is built based on the correlation among nodes that need to be evaluated. The dynamic reputation threshold is used to improve routing security with the precondition of usability. The reputation information of nodes is updated with different roles. We can reconstruct the route to solve attack problems in transmitting packets. Simulation results show that compared with traditional reputation evaluation models, the proposed model in this paper can more timely and accurately reflect security status and execute improved routing when there are malicious nodes in hierarchical Ad Hoc networks.     

DRRS-BC: Decentralized Routing Registration System Based on Blockchain

The border gateway protocol (BGP) has become the indispensible infrastructure of the Internet as a typical inter-domain routing protocol. However, it is vulnerable to misconfigurations and malicious attacks since BGP does not provide enough authentication mechanism to the route advertisement. As a result, it has brought about many security incidents with huge economic losses. Exiting solutions to the routing security problem such as S-BGP, So-BGP, Ps-BGP, and RPKI, are based on the Public Key Infrastructure and face a high security risk from the centralized structure. In this paper, we propose the decentralized blockchain-based route registration framework-decentralized route registration system based on blockchain (DRRS-BC). In DRRS-BC, we produce a global transaction ledge by the information of address prefixes and autonomous system numbers between multiple organizations and ASs, which is maintained by all blockchain nodes and further used for authentication. By applying blockchain, DRRS-BC perfectly solves the problems of identity authentication, behavior authentication as well as the promotion and deployment problem rather than depending on the authentication center. Moreover, it resists to prefix and subprefix hijacking attacks and meets the performance and security requirements of route registration.      

SEEM: Secure and energy-efficient multipath routing protocol for wireless sensor networks

A Wireless Sensor Network (WSN) is a collection of wireless sensor nodes forming a temporary network without the aid of any established infrastructure or centralized administration. In such an environment, due to the limited range of each node’s wireless transmissions, it may be necessary for one sensor node to ask for the aid of other sensor nodes in forwarding a packet to its destination, usually the base station. One important issue when designing wireless sensor network is the routing protocol that makes the best use of the severely limited resource presented by WSN, especially the energy limitation. Another import factor required attention from researchers is providing as much security to the application as possible. The proposed routing protocols in the literature focus either only on increasing lifetime of network or only on addressing security issues while consuming much power. None of them combine solutions to the two challenges. In this paper, we propose a new routing protocol called SEEM: Secure and Energy-Efficient multipath Routing protocol. SEEM uses multipath alternately as the path for communicating between two nodes thus prolongs the lifetime of the network. On the other hand, SEEM is effectively resistive to some specific attacks that have the character of pulling all traffic through the malicious nodes by advertising an attractive route to the destination. The performance of our protocol is compared to the Directed Diffusion protocol. Simulation results show that our protocol surpasses the Directed Diffusion protocol in terms of throughput, control overhead and network lifetime.     

支持域间分布式分组过滤的BGP扩展

可信任是下一代互联网的重要特征.目前,互联网的路由系统只按照分组的目的IP地址转发分组,携带虚假源IP地址的伪造分组也会被传输到目的地,这会在威胁接收方安全的同时,隐藏发送方的真实身份.可信任互联网的路由系统不仅需要能够正确地转发分组,而且能够验证分组来自正确的发送方.基于路由的域间分布式分组过滤是过滤伪造分组的有效方法.提出了BGP的路由选择通知功能扩展,为域间分组过滤提供过滤标准.在扩展的支持下,边界路由器能够鉴别进入本自治系统的分组的真实性,过滤掉伪造其他自治系统地址的分组.模拟结果表明,路由选择通知不会对BGP正常的路由功能产生负面影响,选择合理的路由选择时钟参数,可以在同时取得较小带宽开销和较快收敛速度的情况下,为域间分布式分组过滤提供支持.     

无线Ad Hoc网络中增强安全性的多路径路由算法

针对无线ad hoc网络的数据安全性问题,提出了一种增强安全性的多路径路由算法．该算法通过目标节点发送检测数据包的机制,动态维护多路径路由信息的有效性．源节点则根据收到检测包的信息自适应地更新当前的最优传输路径,充分利用路由寻找及维护过程中的信息建立多条可用路径,提供最优的路由方案,并增强了无线ad hoc网络数据传输的安全性．仿真结果表明此算法的数据传输安全性达到了合理的水平．     

MRABM:一种新的基于mesh结构的多径路由算法

针对移动AdHoc网络提出了一种新的基于mesh结构的多径路由算法MRABM(MultipathRoutingAlgorithmBasedonMeshStructure),该算法采用目的节点建立和更新mesh结构的机制。该算法不仅为每个源节点、中间节点提供了到目的节点最优路径,而且为每个节点建立了到目的节点的多条路径。当节点移动造成链路断开时,该算法能避开断开的链路,迅速沿其它路径转发数据,不需要路由修复和路由重建过程,从而降低了丢包率和端到端的延时。对大流量数据的传输,该算法能有效利用网络资源,减少网络拥塞。因此该算法能很好地适应网络拓扑结构的动态变化。     

Joint routing and location-based service in VANETs

Geographic routing protocols use location information when they need to route packets. In the meantime, location information are maintained by location-based services provided by network nodes in a distributed manner. Routing and location services are very related but are used separately. Therefore, the overhead of the location-based service is not considered when we evaluate the geographic routing overhead. Our aim is to combine routing protocols with location-based services in order to reduce communication establishment latency and routing overhead.     

A game theoretic framework for stochastic multipath routing in self-organized MANETs

In this paper we propose a game theoretic framework for stochastic multipath routing in mobile ad hoc networks (MANETs). In a MANET, intelligent and adaptive attackers may try to hijack, jam or intercept data packets traveling from source to destination. In our proposed game, at each stage the source node keeps track of the available multiple paths, the residual bandwidth of the paths and the strategy of the attackers from the information gathered during the previous stage. Based on these observations, the source node selects a path for data communication and switching strategy among the multiple established paths between the source node and the destination node. Accordingly, it selects an optimal routing strategy to send data packets to the destination at each stage of the game. Using minimax-Q learning, the selected routing strategy maximizes the expected sum of per stage discounted payoff, which is the utilization of residual bandwidth between a source–destination pair along with the probability that the path is safe. Performance analysis and numerical results show that our proposed scheme achieves significant performance gains in terms of residual bandwidth utilization, average end-to-end delay, packet delivery ratio, routing overhead and security.     

Route manipulation aware Software-Defined Networks for effective routing in SDN controlled MANET by Disney Routing Protocol

In MANET network management, the Software-Defined Networking (SDN) plays a vital role in terms of controller plane and data plane. It is always easy to manage the data communication over the MANET because of logically centralized control on the SDN. Since the dynamic route on MANET, are controls the packets and changes the route between the source to destination alternatively. Hence the maintenance of real-time SDN analysis-based application planes is a crucial process. To maintain the effective MANET communication over the Software-Defined Network, it essential to improve the control and data plane process on the SDN controlled MANET based OpenFlow switching procedure. Nevertheless, SDN allows for route interaction against security threads. In this research article, the four stages were suggested to preserve the security measures in packet-based data transmission that are conceived in MANET. In this article, an SDN controlled MANET based OpenFlow switching scenario for effective security threading is proposed. The major part played by an SDN controlled MANET in bringing about a result of being effective without wasting time and energy on routing. The proposed Distinct Network Yarning (DISNEY) routing protocol for SDN controlled MANET overcomes the congestion communication on MANET routing. To decrease performance degradation, efficient routing is maintained by the route matrix manipulation table. This routing scheme helps to find the optimal routing with a secure and intelligent manner. The proposed result was compared to existing approaches. As a result, the proposed illustration to be improved by routing and data transmission. In comparison to the proposed method achieves a better ratio for packet transmission delay, throughput, and data transmission rate.