路由信息的攻击对AODV协议性能的影响分析

AODV协议是移动自组网络中一种按需反应的表驱动路由协议。在移动自组网中，每个节点既是计算机又是路由器，容易遭受基于路由信息的网络攻击，而现今的路由协议基本没有考虑到该问题。本文在分析移动自组网中针对路由信息主要攻击方法的基础上，建立了主动性和自私性两个攻击模型，并且在AODV协议中扩充实现了这两类攻击行为。通过对模拟结果的分析和比较，讨论了路由信息的攻击对AODV协议性能的影响，并进一步探讨了针对基于路由信息攻击的防御措施。     

无线网络中一种高QoS保证的路由协议研究

随着多媒体及实时应用的普及,在移动自组网中为业务流提供服务质量保证现已成为研究热点.提出一种在大规模移动自组网中提供服务质量保证的分段式路由协议.该协议采用直线逼近的方法,逐段建立满足带宽要求且延迟小的路径,并选择到源节点和目的节点连线距离最近的节点作为转发节点.通过分段、独立地维护路由,减小了路由维护的代价,提高了可扩展性.模拟结果表明该路由协议具有路由成功率高、路径短和延迟小等特点.     

一种不可信环境下的匿名位置辅助路由激励机制

不可信环境下的路由性能问题,是移动自组织网(mobile ad-hoc networks,MANET)匿名路由协议面临的主要问题之一.本文为在不可信环境下通过对自私节点进行高效的协作激励,提高匿名路由协议的性能,提出了一种基于哈希链的匿名位置辅助路由激励机制.该机制利用哈希链在计算上的高效性和安全上的不可逆性,达成了对匿名数据转发节点的即时激励;通过基于支付代价的路由选择机制,优化了现有位置辅助路由机制的路由发现过程.匿名性分析证明,该机制能保证参与路由节点的匿名性.效率评价表明,在数据传输总量较大时,该机制对路由性能的影响很小,且该机制在较小规模的网络中有更好的性能.     

移动自组网络中多径路由的匿名安全

多路径为移动自组网络提供的容错、负载均衡与QoS支持较单路径更有效可行,所以在战术无线自组网等类似系统中采用多径路由策略更能满足系统的实际需求.另外,这类系统对安全性的要求除了基本的通信内容机密、完整与可用等特性外,还要求通信者的身份与位置对敌人保密,为通信者及其使命提供保护.鉴于现有的移动自组网络的匿名路由协议都不是实用的多径路由协议,且未能有效防御被动攻击、拜占庭行为以及匿名的不充分性,本文设计了一种新型安全匿名的多径路由协议,其特点是:在移动自组网络中采用单私钥多公钥密码体制、Bloom Filter与轻型洋葱盲化算法,来实现通信者身份匿名、位置隐藏与路由不可追踪;为源节点提供充分的路由信息,基于充分的信息使用强化学习算法来提高系统抵御被动攻击与拜占庭攻击等路由安全攻击的能力,并增强数据传输的可靠性.通过仿真与分析,显示了算法有较好的性能并达到了所定义的匿名安全要求.     

基于AODV协议的自组网络安全机制的研究

路由协议的安全性是移动自组网络安全中最重要的一环,AODV路由协议因简单和控制开销小而广泛用于自组网络,但其没有任何安全机制保障,为此,本文探讨了AODV路由协议存在的主要安全隐患,对协议进行必要的改进,增加攻击检测功能,并为网络中节点建立信誉机制,二者相互作用共同完成协议安全性保障.利用NS进行仿真,结果表明改进后的算法能够检测到网络中节点的恶意行为并迅速做出反应,实现对网络内部及外部攻击的防范.     

MANET路由与路由安全问题

移动自组网MANET(Mobile Ad Hoc Networks)是一种新型的无线移动网络,由于它具有开放的媒质、动态的拓扑、分布式合作以及网络能力受限等特点,因此特别容易受到攻击。路由安全是MANET安全中的重要一环。介绍了移动自组网的路由协议以及面临的路由安全问题,重点分析了AODV路由协议的寻路过程以及其存在的安全问题之一———黑洞。在分析了一些已有解决方案存在的缺点的基础上,提出了一种新的解决方案,该方案有效地解决了黑洞问题,并消除了已有方案存在的漏洞。     

异构环境下基于移动代理的主动自组网构架

分析了移动自组网的异构性、路由协议和能量保护问题,应用移动代理和主动网络技术,给出了一个开放的、扩展性强的基于移动代理的主动自组网构架,该构架通过分群策略,使多个路由协议能在异构环境下并行工作,而且也满足移动节点能量保护的需求。     

移动自组网组播路由协议的分析

移动自组网是无中心、自组织、可快速展开、可移动的对等式网络,组播作为群组服务在移动自组网中应用广泛。移动自组网具有节点移动频繁、能源和带宽有限等特点,它要求组播协议能在节点频繁移动下具备良好的健壮性,传统的组播协议已不适用。文章介绍了移动自组网组播路由协议,描述了几种组播路由协议的基本运行过程,并对其性能进行了分析和比较,最后论述了组播协议在能源、安全、组播服务(QOS)、利用位置信息等方向的应用前景及面临的问题。     

对MANET AODV路由协议攻击效果分析

移动无线自组织网络(Mobile Ad Hoc Network,MANET)具有抗毁性强、组网灵活的特点,战场通信环境是其很重要的应用背景,基于距离向量的按需路由协议(Ad-hoc On-demand Vector Routing,AODV)在移动无线自组织网络中具有广泛的应用。针对移动无线自组网AODV路由协议,在分析其工作原理的基础上,建立网络流量的分析模型。从网络发起泛搜索路由引起网络流量变化的角度,分析不同的协议攻击方法对网络的影响。     

一种改进的链路容量优化路由策略

设计能够适应高移动环境下的空基自组网路由协议是目前研究的重点方向。提出了基于负载均衡的优化路由协议,该协议在获得位置信息的前提下,首先预测出通信链路的有效时间,然后在满足数据的时延、带宽以及链路有效性等多约束条件下,路由协议以均衡节点负载为优化目标,使得网络节点都能合理承担数据传输任务。仿真结果表明,设计的路由协议能够保证网络节点合理分担传输任务,充分利用链路资源,提高网络的吞吐量。     

移动Ad Hoc网络安全按需路由协议

Ad Hoc网络的安全性问题越来越引起人们的关注,如何确保Ad Hoc网络路由协议的安全成为Ad Hoc研究的一项关键技术。提出一种适用于移动Ad Hoc网络的安全按需源路由协议,利用移动节点之间的会话密钥和基于散列函数的消息鉴别码HMAC一起来验证路由发现和路由应答的有效性。提出的邻居节点维护机制通过把MAC地址和每个节点的ID绑定来防御各种复杂的攻击如虫洞攻击。NS-2仿真表明该协议能有效地探测和阻止针对Ad Hoc网络的大部分攻击。     

Integrating Heterogeneous Wireless Technologies: A Cellular Aided Mobile Ad Hoc Network (CAMA)

A mobile ad hoc network is a collection of wireless terminals that can be deployed rapidly. Its deficiencies include limited wireless bandwidth efficiency, low throughput, large delays, and weak security. Integrating it with a well-established cellular network can improve communication and security in ad hoc networks, as well as enrich the cellular services. This research proposes a cellular-aided mobile ad hoc network (CAMA) architecture, in which a CAMA agent in the cellular network manages the control information, while the data is delivered through the mobile terminals (MTs). The routing and security information is exchanged between MTs and the agent through cellular radio channels. A position-based routing protocol, the multi-selection greedy positioning routing (MSGPR) protocol, is proposed. At times due to the complicated radio environment, the position information is not precise. Even in these cases, the MT can still find its reachable neighbors (the association) by exchanging hello messages. This association is used in complement with the position information to make more accurate routing decisions. Simulation results show that the delivery ratio in the ad hoc network is greatly improved with very low cellular overhead. The security issues in the proposed architecture and the corresponding solutions are addressed. The experimental study shows that CAMA is much less vulnerable than a pure ad hoc network.     

Secure interconnection protocol for integrated Internet and ad hoc networks

Integration of ad hoc networks with the Internet provides global Internet connectivity for ad hoc hosts through the coordination of mobile IP and ad hoc protocols. In a pure ad hoc network, it is difficult to establish trust relationship between two ad hoc hosts due to lack of infrastructure or centralized administration. In this paper, an infrastructure‐supported and distributed authentication protocol is proposed to enhance trust relationships amongst ad hoc hosts. In addition, an effective secure routing protocol (SRP) is discussed to protect the multi‐hop route for Internet and ad hoc communication. In the integrated ad hoc networks with Internet accessibility, the ad hoc routing security deployed with the help of infrastructure has a fundamental impact on ad hoc hosts in term of Internet access, integrity, and authentication. Both analysis and simulation results demonstrate the effectiveness of the proposed security protocol. Copyright © 2007 John Wiley & Sons, Ltd.     

FPN‐SAODV: using fuzzy petri nets for securing AODV routing protocol in mobile Ad hoc network

In this paper, we use fuzzy Petri nets (FPNs) to propose a secure routing protocol in mobile ad hoc network. The proposed method is based on secure ad hoc on‐demand distance vector (SAODV), which is named FPN‐SAODV. In FPN‐SAODV routing protocol, for each packet delivery or firing each transition, a type of bidirectional node‐to‐node fuzzy security verification is conducted that can be carried out with five security threshold levels. This inference uses four fuzzy variables that have been selected to well represent the malicious behaviors of some public attacks in mobile ad hoc network. Furthermore, a through route security verification has been used for selecting the most secure route among each candidate path through source node to destination. Both of these verifications utilize FPN inherent features for their operation. For evaluation purpose, we used the metrics such as packet delivery ratio, end‐to‐end delay, average security level of the nodes, and percentage of true/false detector nodes. These metrics have been used for investigating the inner operation of FPN‐SAODV as determining the proper level of security threshold level in node‐to‐node security verification module. Also, these are used for comparison of FPN‐SAODV performance versus the original AODV. Copyright © 2015 John Wiley & Sons, Ltd.     

Invincible AODV to detect black hole and gray hole attacks in mobile ad hoc networks

Today's communication world is majorly driven by mobile nodes that demand wireless systems for their data relay. One such network is mobile ad hoc network, which is a purely wireless network with which communication is feasible instantly without any aid of preexisting infrastructure; due to this magnificent feature, it has a wide variety of applications. Mobile ad hoc network hinges on cooperative nature of the mobile nodes for relaying data. But at the same time, nodes relaying data for others may compromise, leading to various security attacks. Two main security attacks that drastically bring down the performance of mobile ad hoc network are black hole and gray hole attacks. In this paper, we propose 2 versions of invincible Ad hoc On‐Demand Distance Vector protocol to detect black hole and gray hole nodes that have bypassed preventive mechanism during route discovery process. First is the basic version, which is based on node‐to‐node frame check sequence tracking mechanism, and second is the enhanced version, which is based on signed frame check sequence tracking mechanism. They create a deterrent environment addressing all kinds of black and gray hole attacks. They also provide reliable data transmission to all the nonmalicious nodes in the network by using end‐to‐end authentication mechanism. Simulation results show better performance in packet delivery ratio when compared with other contemporary solutions while addressing all kinds of black and gray hole attacks. It shows significant improvement in end‐to‐end delay and normalized routing load over Ad hoc On‐Demand Distance Vector under black hole or gray hole attacks and also shows better throughput and packet delivery ratio than the existing solution.     

Authenticated routing for ad hoc networks

Initial work in ad hoc routing has considered only the problem of providing efficient mechanisms for finding paths in very dynamic networks, without considering security. Because of this, there are a number of attacks that can be used to manipulate the routing in an ad hoc network. In this paper, we describe these threats, specifically showing their effects on ad hoc on-demand distance vector and dynamic source routing. Our protocol, named authenticated routing for ad hoc networks (ARAN), uses public-key cryptographic mechanisms to defeat all identified attacks. We detail how ARAN can secure routing in environments where nodes are authorized to participate but untrusted to cooperate, as well as environments where participants do not need to be authorized to participate. Through both simulation and experimentation with our publicly available implementation, we characterize and evaluate ARAN and show that it is able to effectively and efficiently discover secure routes within an ad hoc network.     

基于朋友机制的移动ad hoc网络路由入侵检测模型研究

从如何有效检测移动ad hoc网络路由入侵行为、如何准确地响应并将恶意路由节点移除网络,提供可信路由环境的角度进行分析,提出了一种基于朋友机制的轻量级移动ad hoc网络入侵检测模型,并以典型的黑洞攻击为例,通过OPNET网络建模仿真及实验分析,验证了该模型的可行性和有效性。     

ARMR: Anonymous routing protocol with multiple routes for communications in mobile ad hoc networks

A mobile ad hoc network consists of mobile nodes that communicate in an open wireless medium. Adversaries can launch analysis against the routing information embedded in the routing message and data packets to detect the traffic pattern of the communications, thereby obtaining sensitive information of the system, such as the identity of a critical node. In order to thwart such attacks, anonymous routing protocols are developed. For the purposes of security and robustness, an ideal anonymous routing protocol should hide the identities of the nodes in the route, in particular, those of the source and the destination. Multiple routes should be established to increase the difficulty of traffic analysis and to avoid broken paths due to node mobility. Existing schemes either make the unrealistic and undesired assumption that certain topological information about the network is known to the nodes, or cannot achieve all the properties described in the above. In this paper, we propose an anonymous routing protocol with multiple routes called ARMR, which can satisfy all the required properties. In addition, the protocol has the flexibility of creating fake routes to confuse the adversaries, thus increasing the level of anonymity. In terms of communication efficiency, extensive simulation is carried out. Compared with AODV and MASK, our ARMR protocol gives a higher route request success rate under all situations and the delay of our protocol is comparable to the best of these two protocols.     

A Secure Path Selection Scheme for Mobile Ad Hoc Network

Mobile ad hoc network is open medium, infrastructure-less and easy to install. Despite these features, mobile ad hoc network is vulnerable to various security attacks. Black hole and gray hole security attacks outrank among all security attacks. This paper proposes a distributed delegation-based scheme, namely, a secure path selection scheme. The proposed scheme identifies and allows only trusted nodes to become part of active path. The simulation results revealed that proposed scheme improved the packet delivery ratio, packet loss rate, throughput by 8% and routing overhead by 5% as compared to other system.