共查询到19条相似文献,搜索用时 195 毫秒
1.
2.
组密钥管理通过为组成员生成、发送和更新组密钥来满足加密认证等安全需求,许多应用于军事战场、紧急救灾等场合的移动自组网络需要安全组通信支持.然而节点的移动性、链路的不稳定性以及缺乏可信中心等特点使移动自组网络组密钥管理面临巨大的挑战.基于可验证秘密分享机制和门限密码术,提出了一种安全的分布式组密钥管理方案VGK.方案能有效地抵制主动攻击和恶意节点的合谋攻击,而且具有鲁棒性和自适应性的特点.模拟实验表明,敌对环境下该方案中组密钥的更新效率和成功率均优于其它提出的协议. 相似文献
3.
4.
相对于传统有线网络集中化组密钥管理协议和算法,门限秘密共享技术能很好地适应移动自组网(MANET)的特点,提供高效可靠的安全保证。为了防止退出节点合谋重构组私钥威胁组通信安全,安全高效的组密钥更新算法是关键。在对合谋问题进行深入分析的基础上,本文提出了基于邻居节点权值的可验证的组密钥更新算法。该算法在保持组
私钥不变的情况下主动更新组成员的私钥份额,有效地解决了节点合谋、更新通信量大、恶意节点参与更新等问题。 相似文献
私钥不变的情况下主动更新组成员的私钥份额,有效地解决了节点合谋、更新通信量大、恶意节点参与更新等问题。 相似文献
5.
移动自组网是一种无固定网络基础设施、能量和计算资源有限的分布式动态网络,由于其无线传输链路的开放性,使得它非常需要一种计算和通信开销较小的密钥协商方案.本文基于椭圆曲线上双线性配对的概念,提出了一种适用于移动自组网的可认证密钥协商方案,既实现了邻居节点组成员身份认证的匿名性,也实现了需建立会话的节点之间的可认证密钥协商.分析表明,我们所提出的方案计算和通信开销比较小,安全性较好,非常适合于资源有限的移动自组网. 相似文献
6.
移动自组网络组密钥管理框架 总被引:17,自引:0,他引:17
许多应用于军事、紧急救灾等场合的移动自组网络需要安全组通信支持,然而节点的移动性、链路不可靠以及多跳通信延迟等特点使移动自组网络的组密钥管理面临巨大的挑战。基于秘密共享机制和RSA非对称机密体制提出了一种新的移动自组网络组密钥管理框架DGKMF,该框架具有不依赖网络拓扑结构、组密钥局部生成以及有效维护组密钥的一致性的特点。模拟实验表明,DGKMF在组密钥更新成功率和延迟等方面均优于其他协议和算法。 相似文献
7.
8.
针对移动自组网与Internet互连时网关带宽瓶颈问题,提出将域内有线节点视为移动自组网内部的互连节点的模型.从而把互连问题转化为含有有线节点的移动自组网路由协议的扩展问题,进而提出了支持与Internet互连的AODV扩展协议iAODV (Internet-AODV).通过结合多个互连节点和扩展AODV路由协议,iAODV把互连节点切换与移动节点之间的路由协议相统一,可以有效缓解互连节点的带宽瓶颈.NS2模拟实验表明,该协议可以为移动自组网提供比较稳定的Internet接入性能,且结合有线链路减小了互连延迟时间和系统开销、提高了包递交率,性能优于AODV. 相似文献
9.
10.
随着多媒体应用日益普及,在移动自组网中提供QoS成为了一个重要的研究领域。提出一种移动自组网中分段式的节点不相交的多路径QoS路由协议。该协议将一条路径划分为多段,在每个段中建立满足多QoS约束的多条节点不相交路径,并在每个段中独立地进行路由维护。模拟研究表明该路由协议具有开销小和路径成功率高的特点。 相似文献
11.
《Information Security Journal: A Global Perspective》2013,22(5):248-256
ABSTRACT A mobile ad-hoc network (MANET) is an autonomous system of mobile nodes connected by wireless links in which nodes cooperate by forwarding packets for each other thereby enabling communication beyond direct wireless transmission range. Example applications include battlefield communication, disaster recovery operations, and mobile conferencing. The dynamic nature of ad-hoc networks makes them more vulnerable to security attacks compared with fixed networks. Providing security in mobile ad-hoc networks has been a major issue in recent years. Most of the secure routing protocols proposed by researchers need a centralized authority or a trusted third party to provide authentication. This destroys the self-organizing nature of ad-hoc networks. Black Hole attack is one of the routing attacks that occur in MANETs. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In this article, we propose an enhanced certificate based authentication mechanism, where nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. The proposed scheme uses Multicast Ad-hoc On Demand Distance Vector Routing (MAODV) protocol as a support for certification. The effectiveness of our mechanism is illustrated by simulations conducted using network simulator ns-2. 相似文献
12.
13.
Qing Chen Zubair Md. Fadlullah Xiaodong Lin Nei Kato 《Journal of Network and Computer Applications》2011,34(6):1827-1835
Wireless mobile ad hoc networks (MANETs) do not have centralized infrastructure and it is difficult to provide authentication services. In this paper, we apply Certificate Graph (CG) and identity-based security in designing an admission control scheme for MANETs. We first use one-hop message exchange to build CG at each mobile node. Then we select maximum clique nodes in CG as distributed Certificate Authorities (CAs). We use identity-based key agreement from pairings to protect each session. Then we prove the security by Canetti–Krawczyk (CK) model-based analysis. We demonstrate the effectiveness and feasibility of our protocol through computer simulations. 相似文献
14.
Vanesa Daza Paz Morillo Carla Rfols 《Electronic Notes in Theoretical Computer Science》2007,171(1):33
Identity-Based cryptography has been proposed in mobile ad-hoc networks (MANETs) to provide security. However, the figure of the Private Key Generator (PKG) is not adequate in the MANET setting, since it may not be reachable by all nodes, can fail during the life-time of the protocol or can even be attacked, compromising the whole system. Previous works distribute the task of the PKG among a set of nodes by means of a secret sharing scheme.In this paper we propose an efficient solution to emulate in a dynamic and distributed way the role of the PKG in so that even new nodes joining the network are able to issue shares of the master key of an Identity-Based scheme. In this way, the distributed PKG spreads dynamically among the nodes as the network increases. Furthermore, the techniques we propose may be suitable for other protocols over MANETs. 相似文献
15.
16.
Ying-Hong Wang 《Information Sciences》2006,176(2):161-185
Mobile Ad Hoc Networks (MANETs), which provide data networking without infrastructure, represent one kind of wireless networks. A MANET is a self-organizating and adaptive wireless network formed by the dynamic gathering of mobile nodes. Due to the mobility of mobile nodes, the topology of a MANET frequently changes and thus results in the disability of originally on-the-fly data transmission routes. The dynamic properties of MANETs are therefore challenging to protocol design. To cope with the intrinsic properties of MANETs, Dynamic Backup Routes Routing Protocol (DBR2P), a backup node mechanism for quick reconnection during link failures, is proposed in this paper. DBR2P is an on-demand routing protocol and it can set up many routes to reach a destination node in a given period. Even when a link fails, those routes from the source node to the destination node can be analyzed to obtain backup routes to sustain quick reconnection. The information of backup routes can be saved in a specific on-the-route node and enables backup routes to be found immediately in situation regarding disconnection. As a result, DBR2P could more thoroughly improve the quality of routing protocol than those proposed in the past. 相似文献
17.
无线传感器网络(WSN)中的移动节点缺乏可信性验证,提出一种物联网(IoT)环境下移动节点可信接入认证协议。传感器网络中移动汇聚节点(Sink节点)同传感器节点在进行认证时,传感器节点和移动节点之间完成相互身份验证和密钥协商。传感器节点同时完成对移动节点的平台可信性验证。认证机制基于可信计算技术,给出了接入认证的具体步骤,整个过程中无需基站的参与。在认证时利用移动节点的预存的假名和对应公私钥实现移动节点的匿名性,并在CK(Canetti-Krawczyk)模型下给出了安全证明。在计算开销方面与同类移动节点认证接入方案相比,该协议快速认证的特点更适合物联网环境。 相似文献
18.
Kaiping Xue Changsha Ma Peilin Hong Rong Ding 《Journal of Network and Computer Applications》2013,36(1):316-323
Wireless sensor network (WSN) can be deployed in any unattended environment. With the new developed IoT (Internet of Things) technology, remote authorized users are allowed to access reliable sensor nodes to obtain data and even are allowed to send commands to the nodes in the WSN. Because of the resource constrained nature of sensor nodes, it is important to design a secure, effective and lightweight authentication and key agreement scheme. The gateway node (GWN) plays a crucial role in the WSN as all data transmitted to the outside network must pass through it. We propose a temporal-credential-based mutual authentication scheme among the user, GWN and the sensor node. With the help of the password-based authentication, GWN can issue a temporal credential to each user and sensor node. For a user, his/her temporal credential can be securely protected and stored openly in a smart card. For a sensor node, its temporal credential is related to its identity and must privately stored in its storage medium. Furthermore, with the help of GWN, a lightweight key agreement scheme is proposed to embed into our protocol. The protocol only needs hash and XOR computations. The results of security and performance analysis demonstrate that the proposed scheme provides relatively more security features and high security level without increasing too much overhead of communication, computation and storage. It is realistic and well adapted for resource-constrained wireless sensor networks. 相似文献