Efficient Node Admission and Certificateless Secure Communication in Short-Lived MANETs

Decentralized node admission is an essential and fundamental security service in mobile ad hoc networks (MANETs). It is needed to securely cope with dynamic membership and topology as well as to bootstrap other important security primitives (such as key management) and services (such as secure routing) without the assistance of any centralized trusted authority. An ideal admission technique must involve minimal interaction among MANET nodes, since connectivity can be unstable. Also, since MANETs are often composed of weak or resource-limited devices, admission must be efficient in terms of computation and communication. Most previously proposed admission protocols are prohibitively expensive and require heavy interaction among MANET nodes. In this paper, we focus on a common type of MANET that is formed on a temporary basis, and present a secure, efficient, and a fully noninteractive admission technique geared for this type of a network. Our admission protocol is based on secret sharing techniques using bivariate polynomials. We also present a new scheme that allows any pair of MANET nodes to efficiently establish an on-the-fly secure communication channel.     

大规模移动自组网络安全技术综述

移动自组网络具有重要的军事价值和广阔的商业应用前景.其无中心控制、多跳等特征使移动自组网络安全问题更加严峻.特别是,当节点数增加时,网络的组成难度、可用性、安全性都会受到极大的影响.在对国内外有关移动自组网络研究现状综述的基础上,重点对大规模移动自组网络安全涉及的关键技术,如安全模型与安全方案、安全分簇技术、组密钥管理技术等方面的研究现状进行了深入分析与探讨;最后,指出了大规模移动自组网络安全技术的主要研究方向,即:大规模移动自组网络的安全组网技术、移动自组网络的协议安全证明技术、大规模移动自组网络的密钥管理技术、大规模移动自组网络模型模拟和安全性论证.     

基于信任的簇技术在MANET入侵检测中的应用

MANET（a Mobile Ad hoe Network）工作在没有固定设施的情况下，所以很具竞争优势。然而这种优势伴随着安全方面的巨大挑战，尤其对串通勒索攻击不具免疫能力。提出一种建立在簇和信任概念上的新的入侵检测机制来解决这个问题，这里的信任概念能弥补已经存在的能保证MANET安全的那些预防机制的缺陷。实验结果证明：通过簇内的信任机制，由勒索攻击者所造成的伪造指控和伪造警告问题可以被去除。     

Robust and secure routing scheme for wireless multihop network

Mobile ad hoc network (MANET) is an appealing technology that has attracted lots of research efforts. On-demand routing protocol such as AODV may suffer from frequent topological changes. Due to frequent communication failures, multipath MANET is preferred than single-path MANET in many applications as former is used for achieving robustness and load balancing and improving reliability. Although multipath MANET is attractive solution, there are still some major flaws that prevent commercial growth. Security is one of these main barriers; MANETs are known to be particularly vulnerable to security attack. The paper presents a design of robust and secure framework for multipath MANET. In this paper, we propose not only a robust multipath routing protocol but also an extended security scheme. We discuss security analysis for proposed security scheme. And we also conduct simulation to evaluate such a framework through different performance metrics. Results show that the proposed routing protocol achieves better performance in terms of various metrics than other protocols.     

Route manipulation aware Software-Defined Networks for effective routing in SDN controlled MANET by Disney Routing Protocol

In MANET network management, the Software-Defined Networking (SDN) plays a vital role in terms of controller plane and data plane. It is always easy to manage the data communication over the MANET because of logically centralized control on the SDN. Since the dynamic route on MANET, are controls the packets and changes the route between the source to destination alternatively. Hence the maintenance of real-time SDN analysis-based application planes is a crucial process. To maintain the effective MANET communication over the Software-Defined Network, it essential to improve the control and data plane process on the SDN controlled MANET based OpenFlow switching procedure. Nevertheless, SDN allows for route interaction against security threads. In this research article, the four stages were suggested to preserve the security measures in packet-based data transmission that are conceived in MANET. In this article, an SDN controlled MANET based OpenFlow switching scenario for effective security threading is proposed. The major part played by an SDN controlled MANET in bringing about a result of being effective without wasting time and energy on routing. The proposed Distinct Network Yarning (DISNEY) routing protocol for SDN controlled MANET overcomes the congestion communication on MANET routing. To decrease performance degradation, efficient routing is maintained by the route matrix manipulation table. This routing scheme helps to find the optimal routing with a secure and intelligent manner. The proposed result was compared to existing approaches. As a result, the proposed illustration to be improved by routing and data transmission. In comparison to the proposed method achieves a better ratio for packet transmission delay, throughput, and data transmission rate.     

一种安全的移动自组网链路状态路由协议：SOLSR

移动自组网是一种新型的无线移动网络，具有无中心、自组织、拓扑结构变化频繁以及开放式通讯信道等特性，因此移动自组网下的路由协议所面临的安全问题比有线网环境下更为严重。OLSR（Optimized Link State Routing）协议于2003年成为RFE3626草案，该协议首先假设网络中所有节点都是友好的，无恶意行为，同时认为安全问题可以利用IPSec来解决，但是，OLSR协议的通讯通常是“一对多”的广播形式，IPSec是针对端到端通讯的安全方案，故而单单依靠IPSec并不能完全解决OLSR的安全问题。由于OLSR自身还存在着机制上的漏洞，恶意节点针对这些漏洞进行攻击，可以导致路由协议无法正常工作，继而影响到整个网络的运行。本文在对OLSR的安全性分析的基础上，对协议进行了改进，加强了协议中对“邻居关系”的定义，同时引入了虫洞检测和身份认证机制，以及通讯报文的安全附加项，从而提出了安全链路状态路由协议——SOLSR来保证移动自组网中路由协议的正常运行。     

An Improved Multi-Objective Particle Swarm Optimization Routing on MANET

A Mobile Ad hoc Network (MANET) is a group of low-power consumption of wireless mobile nodes that configure a wireless network without the assistance of any existing infrastructure/centralized organization. The primary aim of MANETs is to extend flexibility into the self-directed, mobile, and wireless domain, in which a cluster of autonomous nodes forms a MANET routing system. An Intrusion Detection System (IDS) is a tool that examines a network for malicious behavior/policy violations. A network monitoring system is often used to report/gather any suspicious attacks/violations. An IDS is a software program or hardware system that monitors network/security traffic for malicious attacks, sending out alerts whenever it detects malicious nodes. The impact of Dynamic Source Routing (DSR) in MANETs challenging blackhole attack is investigated in this research article. The Cluster Trust Adaptive Acknowledgement (CTAA) method is used to identify unauthorised and malfunctioning nodes in a MANET environment. MANET system is active and provides successful delivery of a data packet, which implements Kalman Filters (KF) to anticipate node trustworthiness. Furthermore, KF is used to eliminate synchronisation errors that arise during the sending and receiving data. In order to provide an energy-efficient solution and to minimize network traffic, route optimization in MANET by using Multi-Objective Particle Swarm Optimization (MOPSO) technique to determine the optimal number of clustered MANET along with energy dissipation in nodes. According to the research findings, the proposed CTAA-MPSO achieves a Packet Delivery Ratio (PDR) of 3.3%. In MANET, the PDR of CTAA-MPSO improves CTAA-PSO by 3.5% at 30% malware.     

移动自组网络安全声誉机制的研究

移动自组网是一种特殊的无线移动通信网络，不依赖于存在的固定设施，网络结构具有快速展开、自治、多跳等特性，广泛应用在战场、救灾等需要临时、移动网络的特殊场合。移动自组网络除了要达到传统有线网络中的安全目标外，还有自身特殊的安全需求，而它的特性又使之容易遭受各种攻击。预防和侦测技术在移动自组网安全中已得到广泛的研究，而声誉机制是其中最主要的侦测技术之一。在全面分析了声誉机制在移动自组网的应用后，提出了一种新的安全声誉机制。     

A Novel Gradient Boosted Energy Optimization Model (GBEOM) for MANET

Mobile Ad Hoc Network (MANET) is an infrastructure-less network that is comprised of a set of nodes that move randomly. In MANET, the overall performance is improved through multipath multicast routing to achieve the quality of service (quality of service). In this, different nodes are involved in the information data collection and transmission to the destination nodes in the network. The different nodes are combined and presented to achieve energy-efficient data transmission and classification of the nodes. The route identification and routing are established based on the data broadcast by the network nodes. In transmitting the data packet, evaluating the data delivery ratio is necessary to achieve optimal data transmission in the network. Furthermore, energy consumption and overhead are considered essential factors for the effective data transmission rate and better data delivery rate. In this paper, a Gradient-Based Energy Optimization model (GBEOM) for the route in MANET is proposed to achieve an improved data delivery rate. Initially, the Weighted Multi-objective Cluster-based Spider Monkey Load Balancing (WMC-SMLB) technique is utilized for obtaining energy efficiency and load balancing routing. The WMC algorithm is applied to perform an efficient node clustering process from the considered mobile nodes in MANET. Load balancing efficiency is improved with a higher data delivery ratio and minimum routing overhead based on the residual energy and bandwidth estimation. Next, the Gradient Boosted Multinomial ID3 Classification algorithm is applied to improve the performance of multipath multicast routing in MANET with minimal energy consumption and higher load balancing efficiency. The proposed GBEOM exhibits ∼4% improved performance in MANET routing.     

一种新的基于DSR的移动自组网节能路由策略

移动自组网是由一组带有无线收发装置的移动节点组成的一个支持多跳的临时性的网络自治系统。由于移动自组网的大多数节点是由有限寿命的电池来提供的，因此能量保护策略成为制定路由协议的一个重要依据。该文提出了一种新的基于动态源路由协议的节能路由策略。仿真表明该策略有效地延长了网络的生存时间。并很好地均衡了节约能耗和保护网络传统性能的需求。     

一种安全的无线传感器网络结构设计方案

文章提出一种三层无线传感网的安全数据通讯结构,该结构使网络能在敌对的环境中正确地工作。为了确保网络的安全性,提出一个在整个网络中支持三种类型密钥的管理方案;考虑到能量和传感器节点硬件的限制,提出低复杂度的数据加密和证明法则。通过仿真,证明该方案具有良好的节能性和安全性。     

Prevention of Black Hole Attack in Multicast Routing Protocols for Mobile Ad-Hoc Networks Using a Self-Organized Public Key Infrastructure

ABSTRACT

A mobile ad-hoc network (MANET) is an autonomous system of mobile nodes connected by wireless links in which nodes cooperate by forwarding packets for each other thereby enabling communication beyond direct wireless transmission range. Example applications include battlefield communication, disaster recovery operations, and mobile conferencing. The dynamic nature of ad-hoc networks makes them more vulnerable to security attacks compared with fixed networks. Providing security in mobile ad-hoc networks has been a major issue in recent years. Most of the secure routing protocols proposed by researchers need a centralized authority or a trusted third party to provide authentication. This destroys the self-organizing nature of ad-hoc networks. Black Hole attack is one of the routing attacks that occur in MANETs. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In this article, we propose an enhanced certificate based authentication mechanism, where nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. The proposed scheme uses Multicast Ad-hoc On Demand Distance Vector Routing (MAODV) protocol as a support for certification. The effectiveness of our mechanism is illustrated by simulations conducted using network simulator ns-2.     

移动Ad hoc网络安全路由协议研究

移动Ad hoc网络是由一组移动终端组成的无线多跳自治系统,具有无中心、自组织、多跳路由、动态拓扑结构等特点。尽管有带宽受限等缺点,但无线Ad hoc网络具备灵活机动、组网迅速的优势,在军事通信、民用通信和各种临时通信中具有广阔的应用前景。近来其路由技术、QoS、安全性问题,尤其是路由协议的安全成为研究的热点。介绍了针对其路由协议的攻击,重点分析比较了典型的移动Ad hoc网络安全路由协议,最后指出下一步研究的方向。     

基于身份的Ad Hoc网密钥管理方案

鉴于Ad Hoc网络的可移动、自组织性等优点,提出了一种适用于Ad Hoc网络的基于身份的密钥管理方案,所提方案在门限密码学的基础上以完全分布化方式建立系统密钥。与已有的Ad Hoc网络密钥管理方案相比,它不需要固定的密钥服务节点组,密钥服务节点可以动态加入和撤离,而且系统密钥在密钥服务节点组内还可以动态更新。分析结果表明所提方案具有灵活、安全的特点,较好地适应了移动自组网(MANET)。     

移动自组网中安全高效的组密钥管理方案

以提供安全、可靠的保密通信为目标的组密钥管理方案是移动自组网安全研究领域中的一个热点.然而,固有的动态性、资源受限和无固定基础设施等特点使得目前已有组密钥管理方案不能很好地适用于MANET.针对MANET组密钥管理面临的诸多挑战,提出一种高效的安全组密钥管理方案(an efficient and secure group key management,ESGKM).ESGKM无需控制中心,所有成员通过协商共同生成组共享秘密密钥,提高了方案的安全性,并能很好地适应拓扑频繁变化的MANET环境.基于ECC和双线性对的密码体制提高了组密钥生成的效率,同时组成员能够对接收的子密钥份额和组密钥份额进行验证,进一步增加了方案的安全性.该方案还提出基于组密钥服务中心(group key ervice center,GKSC)的组密钥更新和一致性管理算法,有效减少了ESGKM通信开销和计算量,避免了组密钥不一致造成节点孤立.使用串空间模型对ESGKM方案进行了形式化分析,证明了其正确性和安全性.最后,通过与BD,A-GDH和TGDH协议比较,表明ESGKM能有效减少节点和网络资源消耗,很好地适用于动态的MANET环境,具有更...     

基于能量树的无线传感器网络密钥管理方案

有效的密钥管理方案是实现传感器网络安全通信的前提。针对分簇式无线传感器网络,提出一种基于能量树的密钥管理方案。将网络中节点按树型结构进行管理,并将每个节点的能量值作为树中各边的权值,树根按权值分发不同的秘密信息。簇头间通信密钥借助Blom矩阵的思想生成。分析表明,该方案有效地节省了节点的能量,并提供了较强的可扩展性、节点的抗捕获性和网络的可靠性等安全性能。     

Energy-efficient clustering in mobile ad-hoc networks using multi-objective particle swarm optimization

A mobile ad hoc network (MANET) is dynamic in nature and is composed of wirelessly connected nodes that perform hop-by-hop routing without the help of any fixed infrastructure. One of the important requirements of a MANET is the efficiency of energy, which increases the lifetime of the network. Several techniques have been proposed by researchers to achieve this goal and one of them is clustering in MANETs that can help in providing an energy-efficient solution. Clustering involves the selection of cluster-heads (CHs) for each cluster and fewer CHs result in greater energy efficiency as these nodes drain more power than noncluster-heads. In the literature, several techniques are available for clustering by using optimization and evolutionary techniques that provide a single solution at a time. In this paper, we propose a multi-objective solution by using multi-objective particle swarm optimization (MOPSO) algorithm to optimize the number of clusters in an ad hoc network as well as energy dissipation in nodes in order to provide an energy-efficient solution and reduce the network traffic. In the proposed solution, inter-cluster and intra-cluster traffic is managed by the cluster-heads. The proposed algorithm takes into consideration the degree of nodes, transmission power, and battery power consumption of the mobile nodes. The main advantage of this method is that it provides a set of solutions at a time. These solutions are achieved through optimal Pareto front. We compare the results of the proposed approach with two other well-known clustering techniques; WCA and CLPSO-based clustering by using different performance metrics. We perform extensive simulations to show that the proposed approach is an effective approach for clustering in mobile ad hoc networks environment and performs better than the other two approaches.     

A new trust-based mechanism for detecting intrusions in MANET

Providing security to Mobile Ad-hoc Networks (MANET) is a challenging and demanding task. It is important to secure the network against intrusions in MANET for assuring the development of services. For this purpose, some intrusion-detection systems (IDSs) have been developed in traditional works. However, these have some drawbacks, such as that there is no assurance for public key authentication, certificate validation between two nodes is not possible, and they require a large amount of time for processing. To overcome all these issues, a Trust-Based Authentication Routing with Bio-Inspired Intrusion Detection System (TRAB-IDS) is developed in this article. The main aim of this article is to provide security to the network against harmful intrusions. Here, the trust and deep packet inspection (DPI) concepts are integrated for improving the security. Moreover, the certificate authority generates a public and private key pair for initiating the route agent and authenticating the neighboring nodes. Based on the trust of the node, the packet is forwarded to the intermediate node by calculating a bogus key. Then, the DPI is initiated for extracting the packet features and the similarity between the features is estimated. If the packet is matched with the attacker, an error report will be forwarded to the certificate authority; otherwise, the packet will be forwarded to the other node. The experimental results evaluate the performance of the proposed TRAB-IDS in terms of delivery ratio, delay, security cost, and misdetection ratio.     

适合移动Ad hoc网络基于时限撤消的自愈组密钥分发方案的研究

提出一个新的MANET(mobile ad hoc network)中基于时限撤消具有自愈能力的组密钥分发方案,通过双向散列链DDHC(dual directional hash chains)和HBT(Hash binary tree)树结构实现了组密钥之间的冗余关联和访问控制;在没有管理节点协助的情况下,利用当前发布的会话密钥信息和自身秘密信息,合法用户节点可以自主恢复出历史组密钥;通过秘密撤消多项式实现了管理节点的撤消功能;接着,提出一个改进方案。安全性和性能分析表明,新方案能够抵御没有会话交集的用户节点同谋破解攻击;在满足MANET的安全需求前提下,有效地节省网络带宽和存储资源。     

Improved encryption protocol for secure communication in trusted MANETs against denial of service attacks

MANET(Mobile Adhoc Networks) possess the open system condition, absence of central server, mobile nodes that make helpless to security assault while conventional security components couldn’t meet MANET security prerequisites in view of restricted correspondence data transfer capacity, calculation power, memory and battery limit in addition to the vitality enabled environment. The trusted MANETs provide a reliable path and efficient communication but the secrecy of the trust values sometimes may be overheard by the masqueraders. Due to the need of the clustered MANETs the exchange of mathematical values remains to be a necessary part. In the proposed security of the trusted MANETs is focused so as to provide rigid and robust networks when additional resources are added. For clustering of the nodes LEACH protocol is suggested in which the CHs and CMs are fixed for the data transfer in the network. The energy is disseminated in the LEACH as to avoid the battery drain and network fatal. Hence to add resistance and to make an authentic network, the encryption and decoding is incorporated as a further supplementary to avoid the denial of service attacks, we have utilized DoS Pliancy Algorithm in which the acknowledgment based flooding attacks is focused. Likewise the encoded messages from the source node in one cluster can be recoded in the transmission stage itself to reproduce the messages. Contrasted with the past works, QoS of our proposed work has been made strides when tested with black hole and sink hole attacks. Simulation results shows that the DoS pliancy scheme works better and efficient when compared to the existing trust based systems.