ad hoc网络的可生存性问题及设计挑战

本文介绍了ad hoc网络可生存性面临的问题和挑战,特别强调了军事需求.其中从三个方面探讨了ad hoc网络的可生存性问题:可生存的网络连接、可生存的通信服务及可生存性技术,尤其是对可生存性技术进行了较全面的剖析.     

适合ad hoc网络无需安全信道的密钥管理方案

密钥管理问题是构建ad hoc安全网络系统首要解决的关键问题之一.针对ad hoc网络特点,提出了一个无需安全信道的门限密钥管理方案.该方案中,可信中心的功能由局部注册中心和分布式密钥生成中心共同实现,避免了单点失效问题;通过门限技术,网络内部成员相互协作分布式地生成系统密钥;利用基于双线性对的公钥体制实现了用户和分布式密钥生成中心的双向认证;通过对用户私钥信息进行盲签名防止攻击者获取私钥信息,从而可以在公开信道上安全传输.分析表明该方案达到了第Ⅲ级信任,具有良好的容错性,并能抵御网络中的主动和被动攻击,在满足ad hoc网络安全需求的情况下,极大地降低了计算和存储开销.     

ad hoc网络组播对于DoS攻击畦抵抗策略分析

与固定有线网络相比,无线ad hoc网络动态的拓扑结构、脆弱的无线信道、网络有限的通信带宽以及节点兼备主机和路由功能等特点,使得网络容易遭受拒绝服务（DOS）攻击。文章针对ad hoc网络的组播应用在抵御DoS攻击方面的不足,提出外部和内部两种组播DoS泛洪攻击模型,同时针对ad hoc网络组播组内的攻击提出相应的两种抵抗策略和具体实现步骤。     

基于朋友机制的移动ad hoc网络路由入侵检测模型研究

从如何有效检测移动ad hoc网络路由入侵行为、如何准确地响应并将恶意路由节点移除网络,提供可信路由环境的角度进行分析,提出了一种基于朋友机制的轻量级移动ad hoc网络入侵检测模型,并以典型的黑洞攻击为例,通过OPNET网络建模仿真及实验分析,验证了该模型的可行性和有效性。     

ad hoc网络中一种基于信任模型的机会路由算法

由于ad hoc网络具有缺乏足够的物理保护、拓扑结构动态变化、采用分布式协作、节点的带宽和计算能力有限等特点,导致传统的路由安全机制不再适合ad hoc网络路由协议的设计。最近当前研究热点之一的机会路由能够在链路不可靠的情况下充分利用无线广播和空间多样性的特性提高网络的吞吐量。因此,考虑在机会路由中引入信任相似性概念设计信任机会路由,建立了基于节点信任度和最小成本的信任机会转发模型,提出了最小成本的机会路由算法MCOR,并对算法进行了理论上的分析和证明。最后采用仿真实验对该算法进行验证,又与经典机会路由协议ExOR以及其他经典的信任路由协议TAODV和Watchdog-DSR进行性能对比。仿真结果表明,MCOR算法能够防范恶意节点的攻击,在吞吐量、端到端时延、期望转发次数(ETX)和成本开销等方面都比其他3种协议表现出性能上的优势。     

一种基于位置和DHT的移动ad hoc网络服务发现方案

移动ad hoc网络中要求各节点问在缺乏预备知识的情况下进行相互通讯和协作，因此，对网络中各种服务的自动发现成为了其中的一个关键问题。将各节点的位置信息和DHT技术结合起来．提出了一种高效的面向移动ad hoc网络的服务发现方案。首先直接基于网络的物理拓扑结构来构建一种分布式哈希表．从而有效地消除了现有DHT方案的拓扑结构不匹配问题。然后提出了一种维度映射的方案．以将多维的服务描述信息映射到二维的哈希键值空间上。最后提出一种区域搜索算法，以高效地支持对服务的条件查询。     

适于ad hoc网络安全通信的新签密算法

首先提出了一个基于身份的新签密算法,并对其安全性和效率进行了分析及证明;结果表明,该算法在随机预言机模型下是可证明安全的,而且与已有基于身份的签密算法相比,其计算量和传输代价小,特别适合用于ad hoc网络的密钥管理、安全路由等通信安全协议.最后,以ad hoc网络分布式门限密钥管理中各服务节点所拥有的系统密钥份额的更新为例,说明了将新签密算法用于ad hoc网络安全协议的方法及其意义.     

移动ad hoc网络安全综述

移动ad hoc网络是由移动节点自组织形成的网络,由于其动态拓扑、无线通信的特点,容易遭受各种安全威胁.该文介绍了移动ad hoc网络安全研究的最新研究进展.首先从传输信道、移动节点、动态拓扑、安全机制、路由协议几方面,分析了移动ad hoc网络的安全弱点,然后将移动ad hoc网络安全方面的研究分为三个方向:密钥分配与管理、入侵检测、增强合作.对每个方向内一些典型安全方案也进行了分类论述,同时分析了各种方案的优点和缺点,并进行了综合比较.文中阐明了目前协议存在的一些问题并提出了相应的改进方法,最后指出了下一步研究方向.     

Ad_hoc网络动态密钥管理

阐述了当前ad　hoc网络中有关认证和密钥管理的研究概况,特别论述了SecurePebblenets方法中密钥管理节点的生成,对节点加入和退出处理进行更详细分析,并补充了节点变化对簇的影响,对于ad　hoc网络密钥管理的研究具有一定参考价值。     

盲区环境下集成移动蜂窝和ad hoc网络的系统性能分析

首先介绍了一种在盲区环境下集成移动蜂窝和ad hoc网络的系统结构,接着分析了在这种环境下集成系统可获得中继节点的概率。然后结合这个概率,建立了集成移动蜂窝和ad hoc网络系统的解析模型,并且在这个模型的基础上,通过数学解析方法分别得到了传统蜂窝和集成网络系统的会话丢弃概率。最后通过数值仿真比较了在盲区环境中2种系统的性能,并分析了各种系统参数对集成移动蜂窝和ad hoc网络系统性能产生的影响。     

Information theoretic framework of trust modeling and evaluation for ad hoc networks

The performance of ad hoc networks depends on cooperation and trust among distributed nodes. To enhance security in ad hoc networks, it is important to evaluate trustworthiness of other nodes without centralized authorities. In this paper, we present an information theoretic framework to quantitatively measure trust and model trust propagation in ad hoc networks. In the proposed framework, trust is a measure of uncertainty with its value represented by entropy. We develop four Axioms that address the basic understanding of trust and the rules for trust propagation. Based on these axioms, we present two trust models: entropy-based model and probability-based model, which satisfy all the axioms. Techniques of trust establishment and trust update are presented to obtain trust values from observation. The proposed trust evaluation method and trust models are employed in ad hoc networks for secure ad hoc routing and malicious node detection. A distributed scheme is designed to acquire, maintain, and update trust records associated with the behaviors of nodes' forwarding packets and the behaviors of making recommendations about other nodes. Simulations show that the proposed trust evaluation system can significantly improve the network throughput as well as effectively detect malicious behaviors in ad hoc networks.     

Secure interconnection protocol for integrated Internet and ad hoc networks

Integration of ad hoc networks with the Internet provides global Internet connectivity for ad hoc hosts through the coordination of mobile IP and ad hoc protocols. In a pure ad hoc network, it is difficult to establish trust relationship between two ad hoc hosts due to lack of infrastructure or centralized administration. In this paper, an infrastructure‐supported and distributed authentication protocol is proposed to enhance trust relationships amongst ad hoc hosts. In addition, an effective secure routing protocol (SRP) is discussed to protect the multi‐hop route for Internet and ad hoc communication. In the integrated ad hoc networks with Internet accessibility, the ad hoc routing security deployed with the help of infrastructure has a fundamental impact on ad hoc hosts in term of Internet access, integrity, and authentication. Both analysis and simulation results demonstrate the effectiveness of the proposed security protocol. Copyright © 2007 John Wiley & Sons, Ltd.     

A fuzzy‐based trust model for flying ad hoc networks (FANETs)

The use of unmanned aerial vehicles has significantly increased for forming an ad hoc network owing to their ability to perform in exciting environment such as armed attacks, border surveillance, disaster management, rescue operation, and transportation. Such types of ad hoc networks are popularly known as flying ad hoc networks (FANETs). The FANET nodes have 2 prominent characteristics—collaboration and cooperation. Trust plays an important role in predicting the behavior of such nodes. Researchers have proposed various methods (direct and indirect) for calculation of the trust value of a given node in ad hoc networks, especially in mobile ad hoc networks and vehicular ad hoc networks. The major characteristic that differentiates a FANET from other ad hoc networks is the velocity of the node; as a result, there are frequent losses in connection and topology change. Therefore, the existing methods of trust calculation are not efficient and effective. In this paper, a fuzzy‐based novel trust model has been proposed to handle the behavioral uncertainty of FANET nodes. Nodes are classified using a multicriteria fuzzy classification method based on node's behavior and performance in the fuzzy and complex environment. Quality of service and social parameter (recommendation) are considered for evaluating the trust value of each node to segregate the selfish and malicious nodes. With the node classification, FANET nodes are rewarded or punished to transform node behavior into a trust value. Compared with the existing trust techniques, the simulation results show that the proposed model has better adaptability, accuracy, and performance in FANETs.     

Honeypot Based Black-Hole Attack Confirmation in a MANET

Many solutions are proposed to identify or prevent the attacks in a Mobile Ad hoc Network. However, sometimes these systems detect false attacks. This could lead to loss of resources in a mobile ad hoc network and cause a downgrade in quality of service. Hence mobile ad hoc networks need a system to confirm the attack before taking further actions. In our work presented in this paper, we propose an attack confirm system for a malicious attacker, called the Black-hole attacker. We present our Black-hole attack Confirmation System, which identifies and confirms the black-hole attack in a mobile ad hoc network using honeypot. The honeypot intelligently identifies all the possible types of black-hole attack using the Black-hole Attack tree, and confirms the attack using the Attack History Database. Together, the Black-hole Attack tree, and Attack History Database aid the honeypot in reducing the false alarms in the mobile ad hoc network. We have simulated the proposed system in several mobile ad hoc network environments of varying sizes of nodes and applications. On several occasions the results have demonstrated that the proposed system is efficient in confirming the black-hole attack and saving the resources and minimizing the path re-establishment.     

An Impregnable Lightweight Device Discovery (ILDD) Model for the Pervasive Computing Environment of Enterprise Applications

The worldwide use of handheld devices (personal digital assistants, cell phones, etc.) with wireless connectivity will reach 2.6 billion units this year and 4 billion by 2010. More specifically, these handheld devices have become an integral part of industrial applications. These devices form pervasive ad hoc wireless networks that aide in industry applications. However, pervasive computing is susceptible and vulnerable to malicious active and passive snoopers. This is due to the unavoidable interdevice dependency, as well as a common shared medium, very transitory connectivity, and the absence of a fixed trust infrastructure. In order to ensure security and privacy in the pervasive environment, we need a mechanism to maintain a list of valid devices that will help to prevent malicious devices from participating in any task. In this paper, we will show the feasibility of using a modified human- computer authentication protocol in order to prevent the malicious attacks of ad hoc networks in industrial applications. We will also present two separate models for both large and small networks, as well as several possible attack scenarios for each network.     

ATP: a reliable transport protocol for ad hoc networks

Existing works have approached the problem of reliable transport in ad hoc networks by proposing mechanisms to improve TCP's performance over such networks, In this paper, we show through detailed arguments and simulations that several of the design elements in TCP are fundamentally inappropriate for the unique characteristics of ad hoc networks. Given that ad hoc networks are typically stand-alone, we approach the problem of reliable transport from the perspective that it is justifiable to develop an entirely new transport protocol that is not a variant of TCP. Toward this end, we present a new reliable transport layer protocol for ad hoc networks called ATP (ad hoc transport protocol). We show through ns2-based simulations that ATP outperforms default TCP as well as TCP-ELFN and ATCP.     

Wormhole attacks in wireless networks

As mobile ad hoc network applications are deployed, security emerges as a central requirement. In this paper, we introduce the wormhole attack, a severe attack in ad hoc networks that is particularly challenging to defend against. The wormhole attack is possible even if the attacker has not compromised any hosts, and even if all communication provides authenticity and confidentiality. In the wormhole attack, an attacker records packets (or bits) at one location in the network, tunnels them (possibly selectively) to another location, and retransmits them there into the network. The wormhole attack can form a serious threat in wireless networks, especially against many ad hoc network routing protocols and location-based wireless security systems. For example, most existing ad hoc network routing protocols, without some mechanism to defend against the wormhole attack, would be unable to find routes longer than one or two hops, severely disrupting communication. We present a general mechanism, called packet leashes, for detecting and, thus defending against wormhole attacks, and we present a specific protocol, called TIK, that implements leashes. We also discuss topology-based wormhole detection, and show that it is impossible for these approaches to detect some wormhole topologies.     

An Adaptive and Predictive Security Model for Mobile Ad hoc Networks

Mobile ad hoc networks are infrastructure-free, pervasive and ubiquitous in nature, without any centralized authority. These unique characteristics coupled with the growing concerns for security attacks demand an immediate solution for securing the ad hoc network, prior to its full-fledged deployment in commercial and military applications. So far, most of the research in mobile ad hoc networks has been primarily focused on routing and mobility aspects rather than securing the ad hoc networks themselves. Due to ever increasing security threats, there is a need to develop schemes, algorithms, and protocols for a secured ad hoc network infrastructure. To realize this objective, we have proposed a practical and effective security model for mobile ad hoc networks. The proposed predictive security model is designed using a fuzzy feedback control approach. The model is based on identifying critical network parameters that are affected by various types of attacks and it continuously monitors those parameters. Once we measure the relative change in these parameter values, we could detect the type of attack accurately and protect the system, without compromising its effectiveness. Experimental results of the model simulated for selected packet mistreatment attacks and routing attacks are very promising.     

Impact of Denial of Service Attacks on Ad Hoc Networks

Significant progress has been made towards making ad hoc networks secure and DoS resilient. However, little attention has been focused on quantifying DoS resilience: Do ad hoc networks have sufficiently redundant paths and counter-DoS mechanisms to make DoS attacks largely ineffective? Or are there attack and system factors that can lead to devastating effects? In this paper, we design and study DoS attacks in order to assess the damage that difficult-to-detect attackers can cause. The first attack we study, called the JellyFish attack, is targeted against closed-loop flows such as TCP; although protocol compliant, it has devastating effects. The second is the Black Hole attack, which has effects similar to the JellyFish, but on open-loop flows. We quantify via simulations and analytical modeling the scalability of DoS attacks as a function of key performance parameters such as mobility, system size, node density, and counter-DoS strategy. One perhaps surprising result is that such DoS attacks can increase the capacity of ad hoc networks, as they starve multi-hop flows and only allow one-hop communication, a capacity-maximizing, yet clearly undesirable situation.