Certification-based trust models in mobile ad hoc networks: A survey and taxonomy

A mobile ad hoc network is a wireless communication network which does not rely on a pre-existing infrastructure or any centralized management. Securing the exchanges in such network is compulsory to guarantee a widespread development of services for this kind of networks. The deployment of any security policy requires the definition of a trust model that defines who trusts who and how. There is a host of research efforts in trust models framework to securing mobile ad hoc networks. The majority of well-known approaches is based on public-key certificates, and gave birth to miscellaneous trust models ranging from centralized models to web-of-trust and distributed certificate authorities. In this paper, we survey and classify the existing trust models that are based on public-key certificates proposed for mobile ad hoc networks, and then we discuss and compare them with respect to some relevant criteria. Also, we have developed analysis and comparison among trust models using stochastic Petri nets in order to measure the performance of each one with what relates to the certification service availability.     

Content-centric wireless networking: A survey

Content-Centric Networking (CCN) is a candidate future Internet architecture that gives favourable promises in distributed wireless environments. The latter ones seriously call into question the capability of TCP/IP to support stable end-to-end communications, due to lack of centralized control, node mobility, dynamic topologies, intermittent connectivity, and harsh signal propagation conditions. The CCN paradigm, relying on name-based forwarding and in-network data caching, has great potential to solve some of the problems encountered by IP-based protocols in wireless networks.In this paper, we examine the applicability of CCN principles to wireless networks with distributed access control, different degrees of node mobility and resource constraints. We provide some guidelines for readers approaching research on CCN, by highlighting points of strength and weaknesses and reviewing the current state of the art. The final discussion aims to identify the main open research challenges and some future trends for CCN deployment on a large scale.     

移动自组网路由协议DSR性能评价

研究移动自组网的难点之一是开发能够跟随网络拓扑变化,在移动节点之间快速找到有效路径的路由协议。DSR协议作为一种简洁有效的按需机制路由协议,成为IETF的MANET工作组提出的草案之一。本文利用MANET工作小组推荐的Ns2仿真软件对DSR进行模拟,从源节点个数、分组发送频率、移动速度、节点密度、节点个数五个方面分析DSR的性能,指出对DSR性能影响最大的因素。分析随分组频率降低协议性能下降是由于它的路径缓存策略引起,提出将针对DSR路径缓存,搜索,抛弃策略进行改进。     

移动自组织网络中一种有效的广播技术

基于最小连通支配集（MCDS）的广播路由方法是一个很好的路由方法,它将路由过程简化到MCDS生成的较小的子网中。然而这一方法没有考虑网络中的节点的多样性和复杂性。针对实际情况中移动自组织网络中节点的复杂性问题,该文提出了一种基于极大权的最小连通支配集（MWMCDS）的有效广播途径。仿真结果表明,它能确保性能强的节点担任网关节点的角色,能更好地协调管理网络中其他的节点,从而保持MCDS的相对稳固性并为全网中的广播路由操作提供一个高效的通信基础。该算法能在保证生成权和极大的连通支配集的同时也确保它的极小性,因此是一种有效的广播路由算法。     

Clairvoyance: A framework to integrate shared displays and mobile computing devices

Supporting formal and informal meetings with digital information and ubiquitous software systems every day becomes increasingly mandatory. These meetings require that the integration of devices participating in the meeting and the information flow among them should be done as seamless as possible to avoid jeopardizing the natural interactions among participants. Trying to contribute to address such a challenge, this article presents a framework that allows devices integration and smooth information flow. This framework, named Clairvoyance, particularly integrates mobile computing devices and large-screen TVs through a mobile ad hoc network, and thus it eases the implementation of shared displays intended to be used in formal and informal meetings. Clairvoyance provides a set of services through an API, which can be used to develop ubiquitous applications that support meetings in particular scenarios. The preliminary evaluation of this framework considered its usage to implement a ubiquitous system that supports social meetings among friends or relatives. According to developers, the framework is easy to use and it provided all required services for such an application. The solution obtained was then utilized by end-users in simulated meetings. The evaluation results indicate that the Clairvoyance services were suitable to support the informal meetings, and that the devices integration and information flow were transparent for the end-users.     

Traffic encounters and Hocman: Associating motorcycle ethnography with design

Brief encounters between acquainted and unacquainted motorcyclists are enjoyable moments. This truly mobile form of social interaction is difficult to study through traditional ethnographic fieldwork. However, the method is applicable when integrated into a design approach where the participants collaborate to integrate the field study, the design, and the evaluation. This has made it possible to generate a novel mobile service. The service, named Hocman, is a peer-to-peer application with mobile wireless ad hoc networking for PDAs. It enhances brief traffic encounters between bikers by playing a sound clip and automatically exchanging personal HTML pages. We have positively demonstrated through performance tests and field trials that it is successful in doing this, and that bikers enjoy such added value to biking, especially hearing the sound clip when meeting other bikers.     

A scalable publish/subscribe system for large mobile ad hoc networks

Since nodes that compose mobile ad hoc networks (MANETs) does not have any prior knowledge about other nodes in many cases, the publish/subscribe communication paradigm that has the decoupling and asynchrony properties can be useful to share information between nodes. Existing publish/subscribe services for MANETs can be categorized into document flooding (DF), destination-based routing (DBR), and content-based routing (CBR). Although those approaches may work well when the size of network is small, all of them suffer from the performance decline as the size of the network increases. In this paper, we compare those approaches, and then propose a scalable publish/subscribe communication scheme in large MANETs by combining DF and CBR hierarchically. Our approach is to cluster all nodes in networks and to exploit CBR and DF for the intra- and inter-cluster communication, respectively. By using this approach, we can effectively utilize benefits of both approaches. Then, we present performance evaluation results which validate our idea with respect to system performance and scalability.     

可扩展的MAODV协议

随着近年来人们对移动Ad hoc网络和多播兴趣的日益增加,出现了许多适用于MANET上的多播路由协议.该文综述了这些移动Ad hoc网络上的多播协议,介绍了MAODV协议,提出了一种新的多播路由可扩展性解决方案.模拟结果显示,采用提出的技术增强了多播路由协议的性能和可扩展性.     

A stability-considered density-adaptive routing protocol in MANETs

Due attention has been paid to design stable and efficient routing protocols in mobile ad hoc networks by both researchers and manufacturers. However, few of those proposed routing protocols concern about the impact of network density on the quality of routing. In this paper, we propose a stability considered density adaptive routing protocol not only to support the stable routing, but to guarantee the efficiency of routing process in order to reduce the overhead caused by control messages generated in the routing process. According to different density values of vicinity, our proposal adopts the corresponding routing tactics to guarantee the stability and efficiency of routing process. The performance simulation analysis confirms the availability and superiority of our routing protocol.     

基于移动Agent的拓扑发现策略及性能仿真

网络拓扑发现技术的研究具有重要的意义。尤其在拓扑高度变化的移动自组网中拓扑发现的策略决定了路由选择、服务质量、功率控制的性能。基于移动代理的拓扑发现策略以较少的流量负载满足了拓扑发现的需求,同时,各种自适应的技术能够满足移动自组网的无线信道特性和动态特性。该文通过仿真的手段对该策略进行了详细的分析。     

A comparative evaluation of intrusion detection architectures for mobile ad hoc networks

Mobile Ad Hoc Networks (MANETs) are susceptible to a variety of attacks that threaten their operation and the provided services. Intrusion Detection Systems (IDSs) may act as defensive mechanisms, since they monitor network activities in order to detect malicious actions performed by intruders, and then initiate the appropriate countermeasures. IDS for MANETs have attracted much attention recently and thus, there are many publications that propose new IDS solutions or improvements to the existing. This paper evaluates and compares the most prominent IDS architectures for MANETs. IDS architectures are defined as the operational structures of IDSs. For each IDS, the architecture and the related functionality are briefly presented and analyzed focusing on both the operational strengths and weaknesses. Moreover, methods/techniques that have been proposed to improve the performance and the provided security services of those are evaluated and their shortcomings or weaknesses are presented. A comparison of the studied IDS architectures is carried out using a set of critical evaluation metrics, which derive from: (i) the deployment, architectural, and operational characteristics of MANETs; (ii) the special requirements of intrusion detection in MANETs; and (iii) the carried analysis that reveals the most important strengths and weaknesses of the existing IDS architectures. The evaluation metrics of IDSs are divided into two groups: the first one is related to performance and the second to security. Finally, based on the carried evaluation and comparison a set of design features and principles are presented, which have to be addressed and satisfied in future research of designing and implementing IDSs for MANETs.     

移动Ad hoc网络路由协议安全研究

移动ad hoc网络是一种完全由移动主机构成的网络,其主要特点为网络拓扑易变,带宽、能源有限。这些特点使得适应于固定网络的安全策略在移动ad hoc网络上不能很好地发挥作用,需要设计一些针对其特点的解决方案.该文介绍了针对移动ad hoc网络路由协议安全方面的最新研究进展,首先介绍了移动ad hoc网络的安全弱点和攻击类型,其后时一些典型方案进行了说明,分析了各种方案的优点和缺点,并进行了综合比较。文中分析了目前协议存在的一些问题并提出了相应的改进方法,最后指出了下一步研究方向。     

移动自组网性能评价参数的研究及仿真分析

在移动自组网中,路由协议是影响网络性能的关键因素,因而对协议性能评价指标的研究非常重要.目前,对协议性能的评价主要是通过网络仿真平台来进行,在网络仿真中衡量一个协议优劣的重要标准是网络性能评价参数.文中根据移动自组网络的固有特性详细分析了网络性能评价参数,给出了各参数的计算方法.介绍了GloMoSim仿真器,并分析了Glo-MoSim仿真器的结构;给出了各参数在GloMoSim仿真环境下的计算和评价方法,并对DSR、AODV和WRP三个协议进行了仿真与结果分析.     

一种针对AODV协议黑洞攻击的检测策略

无线自组织网络是由若干个移动节点组成的网络,当一个节点需要和另一个节点通信时,它们通过中间节点将数据转发,因此网络中每个节点既是独立的终端设备,也能作为路由器使用。黑洞攻击是无线自组织网络一种常见的攻击,恶意节点利用协议机制向其他节点广播自己具有到达目的节点的最短路径,导致所有的数据将会流向这些恶意节点。这些恶意节点通过丢弃数据发动拒绝服务攻击,或者将数据重定向到伪装的目的节点。基于AODV(Ad Hoc On-Demand Distance Vector Routing)协议,提出一种针对其黑洞攻击的检测策略。通过NS-2的仿真实验,分析关于无线Ad Hoc网络的三个性能指标,分组投递率,端到端的平均时延和归一化的路由开销,实验结果表明该检测策略能够增强AODV路由协议的安全性。     

Collaborative joins in a pervasive computing environment

We present a collaborative query processing protocol based on the principles of Contract Nets. The protocol is designed for pervasive computing environments where, in addition to operating on limited computing and battery resources, mobile devices cannot always rely on being able to access the wired infrastructure. Devices, therefore, need to collaborate with each other in order to obtain data otherwise inaccessible due to the nature of the environment. Furthermore, by intelligently using answers cached by peers, devices can reduce their computation cost. We show the effectiveness of our approach by evaluating performance of devices querying for data while moving in a citylike environment.Received: 28 July 2003, Accepted: 26 March 2004, Published online: 8 July 2004Edited by: K. Ramamritham     

一种新的移动Ad Hoc网络的安全解决方案

基于自发证书的移动Ad Hoc网络(MANET)安全解决方案采用的证书选择算法只能从概率统计上保证获得一条证书链、要求节点具备较高的存储能力和计算能力、缺乏证书管理机制。文章结合自发证书和证书链思想,提出了一种新的MANET安全解决方案,从改进证书管理、获取目的节点可信公钥、提出基于质询－签名机制双向身份认证方法和保障安全通信4方面加强其安全性。     

移动Ad hoc网络与相关网络技术的比较

介绍了移动ad hoc网络的体系结构和特点,并论述了与Internet、移动IP和无线局域网3种相关网络技术的区别与联系。     

Location aware, dependable multicast for mobile ad hoc networks

This paper introduces dynamic source multicast (DSM), a new protocol for multi-hop wireless (i.e., ad hoc) networks for the multicast of a data packet from a source node to a group of mobile nodes in the network. The protocol assumes that, through the use of positioning system devices, each node knows its own geographic location and the current (global) time, and it is able to efficiently spread these measures to all other nodes. When a packet is to be multicast, the source node first locally computes a snapshot of the complete network topology from the collected node measures. A Steiner (i.e., multicast) tree for the addressed multicast group is then computed locally based on the snapshot, rather than maintained in a distributed manner. The resulting Steiner tree is then optimally encoded by using its unique Pr

Full-size image

u" height="11" width="9">fer sequence and is included in the packet header as in, and extending the length of the header by no more than, the header of packets in source routing (unicast) techniques. We show that all the local computations are executed in polynomial time. More specifically, the time complexity of the local operation of finding a Steiner tree, and the encoding/decoding procedures of the related Prüfer sequence, is proven to be O(n²), where n is the number of nodes in the network. The protocol has been simulated in ad hoc networks with 30 and 60 nodes and with different multicast group sizes. We show that DSM delivers packets to all the nodes in a destination group in more than 90% of the cases. Furthermore, compared to flooding, DSM achieves improvements of up to 50% on multicast completion delay.     

移动Ad Hoc网中一种路由DoS攻击的分布式防御机制

在移动AdHoc网中,路由安全值得关注。恶意路由泛洪攻击会造成对正常节点的DoS攻击以及对网络资源的消耗。路由请求泛洪攻击是一类易于发起的典型泛洪攻击,但由于恶意节点除了进行路由发现的次数比其他节点频繁以外,其他操作与正常节点没有大的差别,所以这种攻击很难被检测出来。提出了一种分布式的过滤机制来减轻网络性能的下降,防御这一类的DoS攻击。本方案对于已有的路由结构和功能只需要做较小的修改,且不需要额外的网络带宽。     

移动自组网中一种基于最稳路径的QoS路由

该文提出了一种基于预测机制的QoS路由协议。该协议在移动预测的机制下，通过选取满足QoS条件（链路带宽和传感延时）的最稳传输路径来实现，模拟结果表明这种方案在自组网中可获得较好的网络性能和较低的控制开销，能有效支持具有QoS需求的多媒体信息的传输。