移动Ad Hoc网络可认证安全匿名通信研究

传统的移动Ad Hoc网络匿名路由协议无法鉴别伪造的路由控制分组,并且公钥运算过多导致路由建立时间延长.提出一种基于邻居认证的安全匿名路由协议以解决上述问题,通过基于临时身份公钥的邻居匿名认证机制鉴定邻居节点合法性并动态协商密钥,路由发现过程中利用邻居协商密钥对路由控制消息进行逐跳的验证与处理.上述机制使得伪造路由分组可被有效鉴别,并且中间节点基于对称密钥运算处理分组降低了路由发现时延.理论分析和仿真结果表明,该协议可对抗基于伪造分组的DoS攻击,并且较传统协议具有更低的路由建立时间.     

基于双线性对的轻量级Ad Hoc网络匿名路由协议

为实现Ad Hoc网络节点的匿名性,一些匿名Ad Hoc网络协议被提出,但是这些协议中使用了大量的公钥计算,而公钥计算消耗了大量的时间和能量,这对于能量和计算能力均有限,同时移动速度很高的Ad Hoc网络节点很不适用。因此,提出一种新的轻量级的Ad Hoc网络匿名路由协议,在保证节点的一些安全特性以及匿名性的同时,更重要地是使用双线性对的算法进行密钥协商,很大程度地降低了计算时间,并减少了公钥的使用,从而提高了路由建立的效率。分析表明,与其他协议相比,所提协议更加高效。     

一个高效的Ad Hoc网络匿名路由协议

提出了一个新型高效的适用于小型AdHoc网络的匿名路由协议。该协议建立了一种源节点和目的节点间伪名同步机制,并引入移动代理来防止恶意节点对网络的攻击。利用哈希链性质实现了节点身份的匿名和跳数控制。与一般的需要公钥加密的匿名协议相比,具有较低的网络延迟和更高的运算效率。     

一个高效的双向无线Ad Hoc网络匿名路由协议

分析了Ad Hoc网络现有匿名路由协议的不足,提出了一个轻量级的,能提供良好匿名保护的基于反应式的源路由协议的匿名路由协议。该协议利用布隆过滤器实现了在ASR中定义的身份匿名、路由匿名和位置/拓朴匿名。它主要使用的是哈希运算,并在不破坏协议匿名性的前提下,通过控制路由请求包避免其在网络中传输时间过长而提高整个网络的效率。协议中建立起的匿名链路具有双向性,这也降低了匿名协议的耗费。仿真数据与分析证明了新协议的有效性与匿名性。     

一个高效的双向无线Ad Hoe网络匿名路由协议

分析了Ad Hoc网络现有匿名路由协议的不足,提出了一个轻量级的,能提供良好匿名保护的基于反应式的源路由协议的匿名路由协议。该协议利用布隆过滤器实现了在ASR中定义的身份匿名、路由匿名和位置／拓朴匿名。它主要使用的是哈希运算,并在不破坏协议匿名性的前提下,通过控制路由请求包避免其在网络中传输时间过长而提高整个网络的效率。协议中建立起的匿名链路具有双向性,这也降低了匿名协议的耗费。仿真数据与分析证明了新协议的有效性与匿名性。     

移动自组网中匿名通信方案

由于传统Ad hoc通信协议通常采用过多的公钥运算,导致路由建立时间延长。传统的基于公/私钥的签名方案暴露了节点的身份信息,不能满足匿名性的需求。针对以上问题提出了一种适用于小型Ad Hoc网络的可认证的匿名通信协议。通过移动代理对源节点和目标节点进行判别并对节点信息进行隐藏,降低了网络延迟。通过成员函数动态建立的路由控制信息,解决了单个节点的离线造成路径中断的问题。理论分析和仿真结果表明,该协议较传统协议在路由建立时间和信息投递率方面有较大的提高。另外该协议建立的匿名链接具有双向性,在一定程度上降低了协议损耗。     

车载自组织网络中一种有效的匿名认证方法

针对现有车载自组织网络（Vehicular Ad-hoc Network,VANET）匿名认证方案在网络规模较大时存在复杂性和执行效率方面的问题,提出了一种基于盲签名和组合公钥（Combined Public Key,CPK）算法的认证方案,并对该方案所包含的认证协议进行了详细描述。安全性和执行效率分析表明,与现有方案相比提出的匿名认证方案在保证用户匿名性的同时还具有较高的执行效率。     

一种改进的Ad-hoc路由协议的规范化设计与验证

Ad-hoc路由协议依据路由发现的不同分为主动路由策略和按需路由策略,根据实际网络特点,结合两类协议的优点,提出一种适合快速拓扑更新的无线路由协议。并采用SDL语言工具设计验证了这种小型高移动性无线网络的路由协议。     

Ad-Hoc 网络中一种改进多径路由协议

Ad-hoc网络路由主要研究从源和目的点之间找到一条连接的路由,经常忽略网络的QoS需求,如果数据流量超过了该网络所能承受的最大限度,Ad-hoc网络将不能保证数据流的传输质量。因此提出了一种改进的QoS-AOMDV路由协议,在AOMDV路由基础上增加了带宽、时延、跳数和优先级等约束条件,使得在路由发现和路由维护阶段满足一定的QoS需求。仿真结果显示,在多径路由协议可以保证通信服务质量。     

一种基于TPM增强的ARAN安全路由协议

安全路由协议设计是Ad hoc网络安全研究的重要组成部分。当前研究主要集中在采用经典密码学中的方法来保证路由安全。结合可信计算中的TPM和典型的安全路由协议ARAN,提出了一种新的安全路由协议TEARAN,该协议不再采用集中式的公钥证书分发中心PKI,而是采用TPM中的DAA(Directed Anonymous Attestation)方式来进行节点的身份认证,以及软安全中可信阂值来监测部居节点的行为,从而进行公钥可信分发,同时确保了无恶意节点加入网络,另外,也采用公钥签名、会话密钥加密来保证端到端通信的保密性、完整性和不可否认性。理论证明了提出的TEARAN协议能够实现网络的匿名安全,防范当前常见的攻击方式,达到了很好的安全保证效果。     

A lightweight anonymous routing protocol without public key en/decryptions for wireless ad hoc networks

More attention should be paid to anonymous routing protocols in secure wireless ad hoc networks. However, as far as we know, only a few papers on secure routing protocols have addressed both issues of anonymity and efficiency. Most recent protocols adopted public key Infrastructure (PKI) solutions to ensure the anonymity and security of route constructing mechanisms. Since PKI solution requires huge and expensive infrastructure with complex computations and the resource constraints of small ad hoc devices; a two-layer authentication protocol with anonymous routing (TAPAR) is proposed in this paper. TAPAR does not adopt public key computations to provide secure and anonymous communications between source and destination nodes over wireless ad hoc networks. Moreover, TAPAR accomplishes mutual authentication, session key agreement, and forward secrecy among communicating nodes; along with integration of non-PKI techniques into the routing protocol allowing the source node to anonymously interact with the destination node through a number of intermediate nodes. Without adopting PKI en/decryptions, our proposed TAPAR can be efficiently implemented on small ad hoc devices while at least reducing the computational overhead of participating nodes in TAPAR by 21.75%. Our protocol is certainly favorable when compared with other related protocols.     

洋葱路由包的封装技术研究

洋葱路由技术(Onion Routing)是为了阻止在公用网络上进行窃听和流量分析,在Internet上提供隐藏通信的一种基础设施,它可以在公开的计算机网络中隐藏通信双方的关系及通信目的,对通信内容进行有效地保护。文章针对洋葱包头的实现机制,利用加密和签名技术,结合分层和嵌套的组合,提出了洋葱包的四种封装方式,即分层加密和签名、分层加密与嵌套签名、嵌套加密与分层签名、嵌套加密和签名,在比较了它们优缺点的基础上提出了实现源路由技术的方案。     

浅议移动Ad-hoc网络路由协议中的安全性问题

移动Ad-hoc网络是一种新颖的无线对等网络,随着无线终端设备(便携式电脑、PDA等)的日益普及,Ad-hoc网络在军事、商业、个人区域网络(PAN)及分布式Ubiquitous计算环境下均有非常广泛的应用前景。路由协议的安全性问题是Ad-hoc网络成为实用性技术前必须妥善解决的关键问题之一。文章提出了一种新的基于网络安全环境的Ad-hoc网络分类方法,并以此为基础制定了强制协作式安全和激励式安全两类基本安全策略,建议Ad-hoc网络中的路由安全机制应该根据安全环境的分类采用相应的安全策略进行设计,而不是人为假设安全机制的前提条件。     

移动Ad-hoc网络安全

移动Ad-hoc网络是一种不依赖任何固定的基础设施的新型的无线网络。在网络中，节点之间的通信完全依赖无线链路，网络拓扑随着节点的移动频繁变化。移动Ad-hoc网络不同于有线网络的特性对于保证其安全性提出了新的挑战。本文在探讨移动Ad-hoc网络的安全需求的基础上，着重分析了移动Ad-hoc网络易于遭受的攻击，并集中了讨论移动Ad-hoc网络的路由安全、密钥管理等关键问题。     

一种基于OLSR的无人机网络适用路由算法

无人机自组网的高动态特性以及节点能量高度受限的特点,使得传统路由协议难以适用于无人机网络。针对该问题,在OLSR协议的基础上提出一种无人机网络适用路由（UAV-OLSR）算法。依据链路变化情况实现无人机集群状态感知,综合考虑节点能量、节点位置等因素进行节点质量评估。采用多径思想并通过特定的路径度量准则选择较优路径进行数据转发。仿真结果表明,与OLSR和AODV协议相比,UAV-OLSR具有更低的数据包平均传输延迟、更高的数据包投递率以及更好的能量均衡效果,可以延长无人机网络的生存时间。     

基于概率推理的Ad-hoc网络路径选择算法

针对Ad-hoc网络在路径选择上主要选择最短路径所出现的问题,从复杂适应系统理论的角度出发,将基于概率推理的路径选择算法加入到AODV(Ad hoc on-demand distance-vector)路由协议中,通过对节点的适应度进行概率推理来选择路径,有效地解决了Ad-hoc网络的拥塞和负载分配问题,改善了网络性能。采用面向对象的建模技术在OMNET++软件平台上进行仿真,结果证明该方法降低了延迟时间,提高了网络QoS,为Ad-hoc网络路由协议的发展提供了一个新思路。     

A secure anonymous routing protocol with authenticated key exchange for ad hoc networks

Anonymity and authenticated key exchange should be paid much more attention in secure mobile ad hoc routing protocols, especially in privacy-vital environment. However, as far as we know, few papers on secure routing protocols have addressed both the anonymity and authenticated key exchange. Therefore, in this paper, we present a new secure anonymous routing protocol with authenticated key exchange for ad hoc networks. In comparison with other previous secure routing protocols, our proposed protocol not only provides the anonymity to the route from the source to the destination, but also integrates the authenticated key exchange into the routing algorithm.     

Prevention of Black Hole Attack in Multicast Routing Protocols for Mobile Ad-Hoc Networks Using a Self-Organized Public Key Infrastructure

ABSTRACT

A mobile ad-hoc network (MANET) is an autonomous system of mobile nodes connected by wireless links in which nodes cooperate by forwarding packets for each other thereby enabling communication beyond direct wireless transmission range. Example applications include battlefield communication, disaster recovery operations, and mobile conferencing. The dynamic nature of ad-hoc networks makes them more vulnerable to security attacks compared with fixed networks. Providing security in mobile ad-hoc networks has been a major issue in recent years. Most of the secure routing protocols proposed by researchers need a centralized authority or a trusted third party to provide authentication. This destroys the self-organizing nature of ad-hoc networks. Black Hole attack is one of the routing attacks that occur in MANETs. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In this article, we propose an enhanced certificate based authentication mechanism, where nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. The proposed scheme uses Multicast Ad-hoc On Demand Distance Vector Routing (MAODV) protocol as a support for certification. The effectiveness of our mechanism is illustrated by simulations conducted using network simulator ns-2.     

Implementation of K-Means Algorithm and Dynamic Routing Protocol in VANET

With the growth of Vehicular Ad-hoc Networks, many services delivery is gaining more attention from the intelligent transportation system. However, mobility characteristics of vehicular networks cause frequent disconnection of routes, especially during the delivery of data. In both developed and developing countries, a lot of time is consumed due to traffic congestion. This has significant negative consequences, including driver stress due to increased time demand, decreased productivity for various personalized and commercial vehicles, and increased emissions of hazardous gases especially air polluting gases are impacting public health in highly populated areas. Clustering is one of the most powerful strategies for achieving a consistent topological structure. Two algorithms are presented in this research work. First, a k-means clustering algorithm in which dynamic grouping by k-implies is performed that fits well with Vehicular network’s dynamic topology characteristics. The suggested clustering reduces overhead and traffic management. Second, for inter and intra-clustering routing, the dynamic routing protocol is proposed, which increases the overall Packet Delivery Ratio and decreases the End-to-End latency. Relative to the cluster-based approach, the proposed protocol achieves improved efficiency in terms of Throughput, Packet Delivery Ratio, and End-to-End delay parameters comparing the situations by taking different number of vehicular nodes in the network.