物联网移动节点直接匿名漫游认证协议

无线网络下传统匿名漫游协议中远程域认证服务器无法直接完成对移动节点的身份合法性验证,必须在家乡域认证服务器的协助下才能完成,导致漫游通信时延较大,无法满足物联网感知子网的快速漫游需求.针对上述不足,提出可证安全的物联网移动节点直接匿名漫游认证协议,远程域认证服务器通过与移动节点间的1轮消息交互,可直接完成对移动节点的身份合法性验证.该协议在实现移动节点身份合法性验证的同时,具有更小的通信时延、良好的抗攻击能力和较高的执行效率.相较于传统匿名漫游协议而言,该协议快速漫游的特点更适用于物联网环境.安全性证明表明,该协议在CK安全模型下是可证安全的.     

一种无线局域网漫游接入认证

在无线mesh网络中,用户对快速漫游切换需求愈发突出,但现有的IEEE802.1s WLan Mesh认证协议并未对此进行定义,且初始接入认证过程中,信息交换次数较多,时延较高。在现有协议基础上提出了采用基于签名的身份认证方式,将认证转移到用户和路由节点之间,并且将用户向服务器注册与用户对路由节点认证过程并发执行,减少了认证的时延。分析结果表明,接入认证方式总体性能优于现有网络标准。     

移动式网络中快速认证方法设计与仿真

作为移动IP技术的新的发展方向,移动式网络技术是将节点移动性向网络移动性(NEMO)扩展的关键技术,降低移动式网络在注册和认证过程中的延时,能够提高移动式网络技术的实际应用.提出了新的基于Mobile IP/AAA模型的移动式网络认证方法,研究了AAAL与AAAH之间的距离以及本地切换率对认证延时的影响,并提交了NS2仿真试验结果和安全性分析.该方法能够实现低切换时延,并保证移动式网络注册和切换中的安全性.     

移动IPv6网络安全接入认证方案

对于移动IPv6网络,身份认证是网络安全的关键问题之一.针对移动IPv6网络的接入认证,提出了一种基于移动互联网双向认证方案.在移动切换过程中的接入认证和家乡注册,采用对家乡注册消息进行基于双私钥签名的方式,实现了家乡代理和移动节点分别对注册消息的签名,实现了接入认证与家乡注册的并发执行,移动用户和接入网络的一次交互实现了用户和接入域的有效双向认证.理论分析和数据结果表明,方案的认证总延时和切换延时要优于传统方法,有效地降低了系统认证的延时.安全性分析表明,框架中的基于双私钥的CPK方案满足双向接入认证安全,有效地解决了密钥托管问题.     

移动可信接入轻量级认证与评估协议

为增强移动终端可信网络接入认证与评估协议的可用性,降低网络通信负载及终端计算负载,提出一种轻量级的身份认证与平台鉴别评估协议。协议基于接入双方在首次接入时共享的认证密钥以及对方的可信平台配置信息,在不需要可信第三方参与的情况下,完成快速的身份认证与鉴别评估。协议减少了网络数据交换次数以及接入双方的计算工作量,在保证接入认证与评估所需的安全属性的同时,还增强了平台配置信息的机密性以及抵抗重放攻击的能力。安全性和性能分析表明,所提协议适合无线网络通信环境下的移动终端可信网络接入。     

SafeMesh: A wireless mesh network routing protocol for incident area communications

Reliable broadband communication is becoming increasingly important during disaster recovery and emergency response operations. In situations where infrastructure-based communication is not available or has been disrupted, an Incident Area Network needs to be dynamically deployed, i.e. a temporary network that provides communication services for efficient crisis management at an incident site. Wireless Mesh Networks (WMNs) are multi-hop wireless networks with self-healing and self-configuring capabilities. These features, combined with the ability to provide wireless broadband connectivity at a comparably low cost, make WMNs a promising technology for incident management communications. This paper specifically focuses on hybrid WMNs, which allow both mobile client devices as well as dedicated infrastructure nodes to form the network and provide routing and forwarding functionality. Hybrid WMNs are the most generic and most flexible type of mesh networks and are ideally suited to meet the requirements of incident area communications. However, current wireless mesh and ad-hoc routing protocols do not perform well in hybrid WMN, and are not able to establish stable and high throughput communication paths. One of the key reasons for this is their inability to exploit the typical high degree of heterogeneity in hybrid WMNs. SafeMesh, the routing protocol presented in this paper, addresses the limitations of current mesh and ad-hoc routing protocols in the context of hybrid WMNs. SafeMesh is based on the well-known AODV routing protocol, and implements a number of modifications and extensions that significantly improve its performance in hybrid WMNs. This is demonstrated via an extensive set of simulation results. We further show the practicality of the protocol through a prototype implementation and provide performance results obtained from a small-scale testbed deployment.     

A simulated annealing algorithm for router nodes placement problem in Wireless Mesh Networks

Mesh router nodes placement is a central problem in Wireless Mesh Networks (WMNs). An efficient placement of mesh router nodes is indispensable for achieving network performance in terms of both network connectivity and user coverage. Unfortunately the problem is computationally hard to solve to optimality even for small deployment areas and a small number of mesh router nodes. As WMNs are becoming an important networking infrastructure for providing cost-efficient broadband wireless connectivity, researchers are paying attention to the resolution of the mesh router placement problem through heuristic approaches in order to achieve near optimal, yet high quality solutions in reasonable time. In this work we propose and evaluate a simulated annealing (SA) approach to placement of mesh router nodes in WMNs. The optimization model uses two maximization objectives, namely, the size of the giant component in the network and user coverage. Both objectives are important to deployment of WMNs; the former is crucial to achieve network connectivity while the later is an indicator of the QoS in WMNs. The SA approach distinguishes for its simplicity yet its policy of neighborhood exploration allows to reach promising areas of the solution space where quality solutions could be found. We have experimentally evaluated the SA algorithm through a benchmark of generated instances, varying from small to large size, and capturing different characteristics of WMNs such as topological placements of mesh clients. The experimental results showed the efficiency of the annealing approach for the placement of mesh router nodes in WMNs.     

A simulated annealing algorithm for router nodes placement problem in Wireless Mesh Networks

Mesh router nodes placement is a central problem in Wireless Mesh Networks (WMNs). An efficient placement of mesh router nodes is indispensable for achieving network performance in terms of both network connectivity and user coverage. Unfortunately the problem is computationally hard to solve to optimality even for small deployment areas and a small number of mesh router nodes. As WMNs are becoming an important networking infrastructure for providing cost-efficient broadband wireless connectivity, researchers are paying attention to the resolution of the mesh router placement problem through heuristic approaches in order to achieve near optimal, yet high quality solutions in reasonable time. In this work we propose and evaluate a simulated annealing (SA) approach to placement of mesh router nodes in WMNs. The optimization model uses two maximization objectives, namely, the size of the giant component in the network and user coverage. Both objectives are important to deployment of WMNs; the former is crucial to achieve network connectivity while the later is an indicator of the QoS in WMNs. The SA approach distinguishes for its simplicity yet its policy of neighborhood exploration allows to reach promising areas of the solution space where quality solutions could be found. We have experimentally evaluated the SA algorithm through a benchmark of generated instances, varying from small to large size, and capturing different characteristics of WMNs such as topological placements of mesh clients. The experimental results showed the efficiency of the annealing approach for the placement of mesh router nodes in WMNs.     

适用于无线Mesh网络的双向认证和密钥交换协议*

在无线Mesh网络(WMN)通信模式下,认证和密钥交换对于其计费统计与安全连接起着十分重要的作用。在终端用户与Mesh路由器之间快速建立安全连接对于减少网络整体时延有着重要的帮助。MAKEP协议是为解决低功耗终端与高性能服务器之间的快速认证与密钥交换而提出的,但在非频繁加密业务连接下,认证协议的效率大大降低。针对WMN模式下的业务连接需求,提出了改进的MMAKEP协议,在降低业务连接时延的同时也提供了前向保密性。     

TEASE: A novel Tunnel-based sEcure Authentication SchemE to support smooth handoff in IEEE 802.11 wireless networks

With the growing popularity of WiFi-based devices, WiFi-based wireless networks have received a great deal of interest in the wireless networks community. However, due to the limited transmission range of WiFi-based networks, mobile users have to switch their associated access points constantly to maintain continuing communications during their movement. The process of switching access points is called handoff. Handoff management is a key service in mobile networks, because providing seamless roaming in wireless networks is mandatory for supporting real-time applications in a mobile environment, such as VoIP, online games, and eConference. Security is another important issue in network communications, and to prevent possible attacks, authentication is required during the handoff process to guarantee the reliability of mobile clients and access points. In this paper, we propose a novel authentication scheme to achieve a smooth handoff in WiFi-based networks, which we refer to as TEASE. A tunnel is introduced to forward data packets between the new access point and the original reliable access point. The processing of a complete secure authentication and the transmitting of data between mobile terminals and their correspondence nodes can go on simultaneously. The security of handoff is achieved without increasing overhead to authentication servers, and handoff latency can be minimized to support seamless roaming. Simulation results show that our proposed scheme reduces significantly the communication interruption time and generates low packet loss ratio, and our method is suitable to be used for secure handoff in real-time applications.     

Local search methods for efficient router nodes placement in wireless mesh networks

Wireless Mesh Networks (WMNs) are an important networking infrastructure for providing cost-efficient broadband wireless connectivity to a group of users. WMNs are increasingly being used in urban, metropolitan and municipal area networks for deployment of medical, transport, surveillance systems, etc. The performance and operability of WMNs largely depends on placement of mesh routers nodes in the geographical area to achieve network connectivity and stability. The objective is to find an optimal and robust topology of the mesh router network to support intelligent telecommunication services to clients such as adaptive and flexible wireless Internet access, mobile data, voice, video in addition to supporting other preferred client services. In this work, we propose and evaluate local search methods for intelligent placement of mesh routers in WMNs with a two fold objective: maximizing the size of the giant component in the network and user coverage. Given a grid area where to distribute a given number of mesh router nodes, which can have different radio coverage, and a number of fixed clients a priori distributed in the given area, local search methods explore different local movements and incrementally improve the quality of the router nodes placement in terms of network connectivity and user coverage. We have experimentally evaluated the proposed local search methods through a benchmark of generated instances of varying sizes. Moreover, different distributions of mesh clients (Uniform, Normal, Exponential and Weibull) are used. The experimental evaluation showed the good performance of local search methods for optimizing network connectivity and user coverage in WMNs.     

物联网中移动Sensor节点漫游的组合安全认证协议

物联网包含感知子网和传输骨干网,其感知子网中节点能力受限,往往利用移动的传感器节点跨区域访问来获取信息;而其传输骨干网络需要依托现有Internet的基础设施,并利用其提供的强大服务.在这种情况下,移动节点的漫游带来了新的安全问题,一方面移动节点在感知子网间跨区域漫游,虽和MANET中一样需要保证移动节点漫游时高效安全地加入新的拜访域,但因传感节点资源极端受限而对轻量级有更高数量级的要求;另一方面资源受限的感知子网间移动节点漫游仅能提供轻量级安全,但是在接入骨干传输网时,不可因此降低骨干网络已有的安全性,即轻量级的安全协议和传统骨干网协议综合运用时,需具有组合安全性.本文针对这种基于骨干传输网的移动节点漫游问题,提出了一个新的随机漫游认证协议(RMRAP),兼顾安全性和实际应用的可行性,实现了漫游的轻量级身份认证,保护了漫游节点的隐私,同时实现了具有前向安全性,会话密钥对;并针对衔接骨干网和感知子网的基站进行了组合安全性的认证测试,验证了RMRAP的安全性;最后,从理论分析和实验仿真两个方面,分析了RMRAP协议的性能,并和相近工作进行了对比,对比表明,具有组合安全性的RMRAP在计算、通信开销方面,依然具有和同类协议可比较的相近性能.     

一种新的基于移动IP外地代理分层结构的注册方案

为了在移动网络中运用IP协议,因特网工程任务组(IETF)制定了MobileIP协议。移动IP技术给人们带来极大便利的同时,也造成了许多安全隐患。本文提出一种基于移动IP外地代理分层结构的注册方案,该方案对现有外地代理分层结构的注册方案加以改进,使得移动IP快速切换能力得以提高,减少了注册时延,并提高了移动节点注册过程的安全性。     

基于DHCP的无线移动IPv6接入认证系统

随着越来越多的移动节点接入IPv6网络,目前主要的无线移动环境下的认证技术却难以适合移动IPv6需要。该文提出了一种无线移动IPv6接入认证系统,并详细描述了系统组成、工作流程、功能,最后给出了其在Linux下的实现。测试结果说明系统是高效、安全的。     

Performance evaluation for on-demand routing protocols based on OPNET modules in wireless mesh networks

In wireless networks, users expect to get access to the network securely and seamlessly to share the data flow of access points anytime and anywhere. However, either point-to-point or point-to-multipoint methods in traditional wireless networks make the network bandwidth decrease rapidly, which cannot meet the requirements of users. Recently, a new wireless broadband access network, wireless mesh networks (WMNs), has emerged. As one of the key technologies in WMNs, wireless routing protocols plays an important role in performance optimization of WMNs. Therefore, in this paper, we address the on-demand routing protocols by focusing on dynamic source routing (DSR) protocol and ad hoc on-demand distance vector (AODV) routing protocol in WMNs. Then, we use the OPNET modules to establish the simulation models of DSR and AODV protocols in WMNs. Simulation and results show that, DSR protocol that is based on the dynamic source routing is not suitable for wireless transmission, while AODV routing protocol that is based on the purpose-driven routing is suitable for wireless transmission with rapid change of network topology.     

身份签名技术在无线Mesh网络的接入应用

针对无线Mesh网络的特点和安全缺陷,提出将基于身份密码学机制应用到无线Mesh网络的思想,设计了IBS-EAP接入认证协议和IBS-RP漫游认证协议,实现快速接入,避免了多次认证;对新协议进行安全性分析和效率分析,证明了新协议的优越性。设计了IBS-EAP接入认证协议,实现了快速接入的目的,基于IBS签名技术完成双向认证,一个节点的公钥可以通过身份标识和IBS系统的公开参数直接获得,无需采用复杂的技术维护公钥证书和证书撤销列表CRL。     

USBKey辅助的无证书移动IP注册认证协议

移动IP中无线链路的开放性和节点的移动性,给移动节点的注册带来潜在的安全威胁。针对移动节点的注册安全问题,提出了一种USBKey辅助的注册认证协议。该协议通过USBKey保护移动节点的私钥以加强移动注册的安全性,结合数字信封技术与数字签名技术,实现相关协议实体的身份认证和注册信息的安全保护。分析结果表明,该协议可保证注册信息的完整性和机密性,可以有效抵御常见的安全攻击,保证移动节点的注册安全,并且比多数相关协议的注册认证迟延更小。     

安全高效的异构无线网络可控匿名漫游认证协议

分析传统的匿名漫游认证协议,指出其匿名不可控和通信时延较大的不足.针对上述不足,提出异构无线网络可控匿名漫游认证协议,远程网络认证服务器通过1轮消息交互即可完成对移动终端的身份合法性验证,当移动终端发生恶意操作时,家乡网络认证服务器可协助远程网络认证服务器撤销移动终端的身份匿名性.该协议在实现匿名认证的同时,还具有恶意匿名的可控性,有效防止了恶意行为的发生,且其通信时延较小.安全性证明表明,该协议在CK安全模型中是可证安全的.相对于传统漫游机制而言,该协议更适合于异构无线网络.     

MIPv6快速层次化切换的高效认证机制研究

针对移动IPv6（MIPv6）层次化切换中各节点之间的身份认证问题,提出一种新的基于MIPv6快速层次化切换的认证机制。利用改进的IBS签名方案和层次化的网络结构,从域间切换和域内切换两个角度分别论述了移动节点和新访问域之间的双向认证和切换性能的问题。分析结果表明基于MIPv6快速层次化切换的认证机制效率高,安全性好,仅需来回一次消息交互就能实现切换与接入认证和绑定更新的同步。     

一种层次化移动IP接入认证机制

提出一种基于MIP-RR协议的层次化接入认证机制。通过建立MIP-RR协议的认证框架,采用身份签名和数字信封技术实现每个相邻移动支持节点之间的双向认证,确保注册消息的完整性和机密性。相比基本移动IP协议的接入认证方法,该方法的加密强度和安全性更高,可以更有效地抵御常见的安全攻击。