共查询到20条相似文献,搜索用时 0 毫秒
1.
The vision of nomadic computing with its ubiquitous access has stimulated much interest in the mobile ad hoc networking (MANET) technology. However, its proliferation strongly depends on the availability of security provisions, among other factors. In the open, collaborative MANET environment, practically any node can maliciously or selfishly disrupt and deny communication of other nodes. In this paper, we propose the secure message transmission (SMT) protocol to safeguard the data transmission against arbitrary malicious behavior of network nodes. SMT is a lightweight, yet very effective, protocol that can operate solely in an end-to-end manner. It exploits the redundancy of multi-path routing and adapts its operation to remain efficient and effective even in highly adverse environments. SMT is capable of delivering up to 83% more data messages than a protocol that does not secure the data transmission. Moreover, SMT achieves up to 65% lower end-to-end delays and up to 80% lower delay variability, compared with an alternative single-path protocol––a secure data forwarding protocol, which we term secure single path (SSP) protocol. Thus, SMT is better suited to support quality of service for real-time communications in the ad hoc networking environment. The security of data transmission is achieved without restrictive assumptions on the network nodes’ trust and network membership, without the use of intrusion detection schemes, and at the expense of moderate multi-path transmission overhead only. 相似文献
2.
Colluding malicious insider nodes with no special hardware capability can use packet encapsulation and tunneling to create bogus shortcuts (in‐band wormholes) in routing paths and influence data traffic to flow through them. This is a particularly hard attack using which even a handful of malicious nodes can conduct data traffic analysis of packets or disrupt connections by dropping packets when needed. Simulation analysis shows that a disproportionately large amount of traffic goes through routes with wormholes even when a secure routing protocol (SRP) such as Ariadne is used. To mitigate such attacks and augment existing on demand SRPs, distributed packet filtering techniques based on statistical profiling of control packet propagation speeds are proposed. These techniques do not require network‐wide synchronized clocks or new packet transmissions and need only simple computations by the sources or the destinations of the connections. The proposed packet filters together with Ariadne are implemented in the Glomosim simulator and their effectiveness is evaluated. The simulation results indicate that the proposed packet filters can reduce the in‐band wormhole creation and their usage by a factor of 2‐‐10. Also, the false alarm rates of the proposed techniques are very low and have little impact on normal network throughput, making them practical for mobile ad hoc networks. Copyright © 2008 John Wiley & Sons, Ltd. 相似文献
3.
Increasing popularity and availability of portable wireless devices, which constitute mobile ad hoc networks, calls for scalable ad hoc routing protocols. On-demand routing protocols adapt well with dynamic topologies of ad hoc networks, because of their lower control overhead and quick response to route breaks. But, as the size of the network increases, these protocols cease to perform due to large routing overhead generated while repairing route breaks. We propose a multipath on-demand routing protocol (SMORT), which reduces the routing overhead incurred in recovering from route breaks, by using secondary paths. SMORT computes fail-safe multiple paths, which provide all the intermediate nodes on the primary path with multiple routes (if exists) to destination. Exhaustive simulations using GloMoSim with large networks (2000 nodes) confirm that SMORT is scalable, and performs better even at higher mobility and traffic loads, when compared to the disjoint multipath routing protocol (DMRP) and ad hoc on-demand distance vector (AODV) routing protocol. 相似文献
4.
热备份路由协议技术和应用 总被引:2,自引:0,他引:2
简略阐述了HSRP(hot standby routing protocol,热备份路由协议。给出了一个HSRP的应用实例和配置HSRP的一般步骤与原则。 相似文献
5.
We propose and investigate the SPREAD scheme as a complementary mechanism to enhance secure data delivery in a mobile ad hoc
network. The basic idea is to transform a secret message into multiple shares, and then deliver the shares via multiple paths
to the destination so that even if a certain number of message shares are compromised, the secret message as a whole is not
compromised. We present the overall system architecture and discuss three major design issues: the mathematical model for
the generation and reconstruction of the secret message shares, the optimal allocation of the message shares onto multiple
paths in terms of security, and the multipath discovery techniques in a mobile ad hoc network. Our extensive simulation results
justify the feasibility and the effectiveness of the SPREAD approach.
相似文献
| Yuguang Fang (Corresponding author)Email: |
6.
基于ARP协议的攻击原理分析 总被引:21,自引:0,他引:21
文章详细介绍了ARP协议的功能、分组格式和工作原理,分析了当前ARP协议所存在的安全性问题。重点讨论了利用ARP协议自身的安全缺陷进行网络攻击的多种实现方法以及这些攻击所带来的危害,其中包含了简单的IP地址冲突、窜改ARP缓冲等攻击方法和较为复杂的交换网络下的嗅探、截获连接、广泛的DOS等。最后,结合实际管理,给出了一些有效的安全防范措施并简单说明了它们的优缺点。 相似文献
7.
Qi Xie 《International Journal of Communication Systems》2012,25(1):47-54
The session initiation protocol (SIP) is an authentication protocol used in 3G mobile networks. In 2009, Tsai proposed an authenticated key agreement scheme as an enhancement to SIP. Yoon et al. later pointed out that the scheme of Tsai is vulnerable to off‐line password guessing attack, Denning–Sacco attack, and stolen‐verifier attack and does not support perfect forward secrecy (PFS). Yoon et al. further proposed a new scheme with PFS. In this paper, we show that the scheme of Yoon et al. is still vulnerable to stolen‐verifier attack and may also suffer from off‐line password guessing attack. We then propose several countermeasures for solving these problems. In addition, we propose a new security‐enhanced authentication scheme for SIP. Our scheme also maintains low computational complexity. Copyright © 2011 John Wiley & Sons, Ltd. 相似文献
8.
In large and dense mobile ad hoc networks, position-based routing protocols can offer significant performance improvement over topology-based routing protocols by using location information to make forwarding decisions. However, there are several potential security issues for the development of position-based routing protocols. In this paper, we propose a secure geographic forwarding (SGF) mechanism, which provides source authentication, neighbor authentication, and message integrity by using both the shared key and the TIK protocol. By combining SGF with the Grid Location Service (GLS), we propose a Secure Grid Location Service (SGLS) where any receiver can verify the correctness of location messages. We also propose a Local Reputation System (LRS) aiming at detecting and isolating both compromised and selfish users. We present the performance analysis of both SGLS and LRS, and compare them with the original GLS. Simulation results show that SGLS can operate efficiently by using effective cryptographic mechanisms. Results also show that LRS effectively detects and isolates message dropping attackers from the network. 相似文献
9.
10.
文章提出了一种通过匿名方式进行通信的E-Mail认证协议,该协议借助离线可信第三方(Off-line Trusted Third Party)传递电子邮件内容,既能保证邮件内容的私密性,又能保证通信主体的匿名性。协议分为主协议、取消协议和完成协议三部分,具有不可否认性、公平性和认证性等性质。 相似文献
11.
In recent years, a variety of new routing protocols for mobile ad hoc wireless NETworks (MANETs) have been developed. Performance evaluation and comparison of many of these routing protocols have been performed using detailed simulation models. Zone routing protocol (ZRP) is one of these routing protocols, which is a hybrid routing protocol that proactively maintains routing information for a local neighbourhood (routing zone), while reactively acquiring routes to destinations beyond the routing zone. The studies on ZRP have assumed homogeneous scenarios where all mobile nodes have uniform mobility and are statistically identical, lacking the studies on heterogeneous scenarios where mobile nodes move with non‐uniform mobilities in the same network. In this paper, we study the performance of ZRP in such scenarios. We propose an efficient scheme for ZRP to adapt to the non‐uniform mobilities scenario and study its performance for different mobility scenarios, network loads and network sizes. Copyright © 2003 John Wiley & Sons, Ltd. 相似文献
12.
Admission control (AC) is a mechanism for meeting bandwidth requirements of data transmissions. Early research on admission control for wireless mesh networks (WMNs) was centered around single-path routing. Compared to single-path routing, parallel multipath routing may offer more reliable network services and better load balancing. Applying admission control to multipath routing could further improve service quality, but it also faces a number of challenges. For example, transmission on one path may affect transmission on a neighboring path. Addressing these challenges, this paper presents an AC algorithm on parallel multipath routing for WMNs. In particular, we formulate an optimization problem for achieving the best service based on available bandwidth and bandwidth consumption of to-be-admitted data sessions. While solving this problem is a complex task, we devise an optimal algorithm for selecting two node-disjoint paths with rate allocation, and propose a distributed multipath routing and admission control protocol to achieve a near-optimal solution. Simulations show that MRAC is efficient and effective in meeting bandwidth requirements. 相似文献
13.
14.
15.
A routing framework for providing robustness to node failures in mobile ad hoc networks 总被引:2,自引:0,他引:2
Nodes in a mobile ad hoc network are often vulnerable to failures. The failures could be either due to fading effects, battery drainage, or as a result of compromised nodes that do not participate in network operations. Intermittent node failures can disrupt routing functionalities. As such, it is important to provide redundancy in terms of providing multiple node-disjoint paths from a source to a destination. In line with this objective, we first propose a modified version of the widely studied ad hoc on-demand distance vector routing protocol to facilitate the discovery of multiple node-disjoint paths from a source to a destination. We find that very few of such paths can be found. Furthermore, as distances between sources and destinations increase, bottlenecks inevitably occur and thus, the possibility of finding multiple paths is considerably reduced. We conclude that it is necessary to place what we call reliable nodes (in terms of both being robust to failure and being secure) in the network to support efficient routing operations. We propose a deployment strategy that determines the positions and the trajectories of these reliable nodes such that we can achieve a framework for reliably routing information. We define a notion of a reliable path which is made up of multiple segments, each of which either entirely consists of reliable nodes, or contains a preset number of multiple paths between the end points of the segment. We show that the probability of establishing a reliable path between a random source and destination pair increases tremendously even with a small number of reliable nodes when we use our algorithm to appropriately position these reliable nodes. 相似文献
16.
Salman Shamshad Muhammad Faizan Ayub Khalid Mahmood Saru Kumari Shehzad Ashraf Chaudhry Chien-Ming Chen 《Digital Communications & Networks》2022,8(2):150-161
With the advent of state-of-art technologies, the Telecare Medicine Information System (TMIS) now offers fast and convenient healthcare services to patients at their doorsteps. However, this architecture engenders new risks and challenges to patients' and the server's confidentiality, integrity and security. In order to avoid any resource abuse and malicious attack, employing an authentication scheme is widely considered as the most effective approach for the TMIS to verify the legitimacy of patients and the server. Therefore, several authentication protocols have been proposed to this end. Very recently, Chaudhry et al. identified that there are vulnerabilities of impersonation attacks in Islam et al.'s scheme. Therefore, they introduced an improved protocol to mitigate those security flaws. Later, Qiu et al. proved that these schemes are vulnerable to the man-in-the-middle, impersonation and offline password guessing attacks. Thus, they introduced an improved scheme based on the fuzzy verifier techniques, which overcome all the security flaws of Chaudhry et al.'s scheme. However, there are still some security flaws in Qiu et al.'s protocol. In this article, we prove that Qiu et al.'s protocol has an incorrect notion of perfect user anonymity and is vulnerable to user impersonation attacks. Therefore, we introduce an improved protocol for authentication, which reduces all the security flaws of Qiu et al.'s protocol. We also make a comparison of our protocol with related protocols, which shows that our introduced protocol is more secure and efficient than previous protocols. 相似文献
17.
We consider routing security in wireless sensor networks. Many sensor network routing protocols have been proposed, but none of them have been designed with security as a goal. We propose security goals for routing in sensor networks, show how attacks against ad-hoc and peer-to-peer networks can be adapted into powerful attacks against sensor networks, introduce two classes of novel attacks against sensor networks––sinkholes and HELLO floods, and analyze the security of all the major sensor network routing protocols. We describe crippling attacks against all of them and suggest countermeasures and design considerations. This is the first such analysis of secure routing in sensor networks. 相似文献
18.
19.
Proactive mitigation of impact of wormholes and sinkholes on routing security in energy-efficient wireless sensor networks 总被引:1,自引:0,他引:1
Sensor networks are deployed in a variety of environments for unattended operation. In a hostile terrain, sensor nodes are
vulnerable to node capture and cryptographic material compromise. Compromised nodes can be used for launching wormhole and
sinkhole attacks in order to prevent sensitive data from reaching intended destinations. Our objective in this paper is mitigating
the impact of undetected compromised nodes on routing. To this end, we develop metrics for quantifying risk of paths in a
network. We then introduce a novel routing approach: Secure-Path Routing (SPR) that uses expected path risk as a parameter
in routing. Quantified path risk values are used in routing to reduce traffic flow over nodes that have high expected vulnerability.
Selecting low risk routes may lead to the choice of energy-expensive routes. Thus, we develop algorithms for balancing risk
with other path selection parameters, including energy consumption. We conduct simulation experiments to evaluate the effectiveness
of our approach and study the tradeoff between security and energy. Simulation shows that SPR can be quite effective at increasing
traffic flow over legitimate routes and that the impact of SPR on network lifetime is negligible.
相似文献
| Eric D. ManleyEmail: |
20.
Internet中QoS路由算法研究现状及其展望 总被引:5,自引:0,他引:5
目前,许多有关支持QoS(服务质量)的研究主要着眼于调度、拥塞控制和资源预留,而对QoS路上研究得不多,文中先对QoS路由中的问题进行分类,再对当前研究的一些路由算法进行了归纳与分析,这些算法对于在Internet中实现QoS有着重要的指导意义。 相似文献