一种适用于WIA-PA网络的安全路由机制

路由是WIA-PA网络通信的前提,路由安全是WIA-PA网络通信安全的基础,本文设计了一种集中式和分布式相结合的信任管理机制,提出了一种适用于WIA-PA网络的安全路由机制,能够在保证时延和能耗平衡的基础上有效的抵制选择性转发等内部攻击的入侵。     

基于路径到达率和动态广播时延的汇聚树协议

汇聚树路由协议(CTP)是目前无线传感器网络(WSN)中常用的数据采集路由协议。它是基于期望传输次数(ETX)的树型路由协议。但对多跳路径的衡量,简单的ETX相加往往无法良好刻画实际路径质量,致使该协议很难选出最优路径。本文提出了基于端到端的数据到达率(PDR)的CTP改进协议,能更好地衡量多跳路径的网络质量。据此选出的最优路径能构建更优的汇聚树,提高端到端数据传递的成功率,减少平均传递次数和平均传递时间,这样可以节省能耗,提高网络生存时间。同时,本文提出在建树过程中采取动态时延广播策略,可以有效减少建路由树时的广播次数,节省开销。     

应用于Ad Hoc网络的时延敏感自适应路由协议

针对Ad Hoc网络中实时业务对网络平均时延的要求，提出了一种应用于Ad Hoc网络的新型路由协议——时延敏感的自适应路由协议。该协议在保持“最少跳数”的最佳路由条件下，增加了“平均最短时延”的约束条件，从而不仅可以为实时业务(即时延敏感的业务)提供可靠的路由，同时还能根据网络节点当前的业务流量，动态地选择最佳路径，降低网络的平均时延。这是一种新型的有QoS保证的路由协议。仿真结果表明，该协议的确可以有效地改善网络的性能。     

双向报文交换同步的原子性约束与解决

针对经典的双向报文交换同步因存在原子性约束致使应用范围受限的问题,对双向报文变换机制提出了两处改进:对非同步期内由时钟飘移导致的误差进行补偿;对非同步期内由节点时间突变导致的误差进行补偿,从而突破了原子性约束,并结合实际的桥梁健康监测项目背景,针对线状拓扑的无线传感器网络,基于上述两处改进提出了线状传感器网络时间同等协议(TPLSN)。在全局可达智能接点(GAINs)上的实验表明,单跳同步精度可达10μs左右,同步误差随跳数的增长率为1μs/跳;同步一个长度为n的线状网络只需2n个报文,该值也是全程采用双向报文交换同步机制最少需要的报文数。     

无线传感器网络中LEACH协议的节能改进算法

分析了低功耗自适应分簇路由协议(LEACH)算法,对算法中簇头选举数目的随机性做了改进并且在簇头选举时加入了对节点剩余能量的考虑,同时提出采用欧式平面上两条曲线交叉概率很大的思想,在簇头与基站之间建立多跳链路,从而解决了原协议中簇头与基站单跳通信能量消耗过大的问题.性能分析和仿真实验表明:改进的协议有效均衡了节点能耗,提高了网络寿命.     

基于LEACH协议的改进路由算法

针对LEACH协议在簇头选择过程中消耗能量多和节点间能量消耗不均匀的问题,本文提出了一种基于时间的均匀分簇混合路由协议( ECHT)在簇头竞选阶段中,节点广播成为簇头的时间与其剩余能量成反比,越早广播的节点将成为簇头.在数据传输阶段中,采用多跳与单跳相结合的方式将数据传送到基站,并计算数据传送开销来修改节点能量以此确定网络生命周期.仿真结果显示,ECHT协议能有效地均衡网络节点的能量消耗和延长网络生命周期.     

基于安全Web服务的网络管理技术的性能研究

实现了基于安全Web服务(WS)的网络管理的原型.研究了在读取不同对象数的情况下,由于消息认证和加密而增加的计算负担对网络性能的影响,并获得了WS在不同的安全等级以及是否压缩的情况下性能与读取对象数之间的关系.同时,对安全WS和SNMPv3在带宽使用情况和往返时延方面的性能进行了深入研究,结果表明,WS由于加入了安全(认证和加密)机制而增加了计算负担,但是在读取大量对象数时,压缩的安全WS的性能优于SNMPv3的性能,而且安全功能所增加的负担并不会影响网络的正常运行.     

基于信誉评测机制的WSN安全路由协议研究

针对无线传感器网络(WSN)路由协议存在的安全问题,考虑到WSN节点能量低、资源有限的缺陷,提出了一种新型的WSN安全路由协议——VH-GEAR协议。VH-GEAR协议在地理位置能量感知路由(GEAR)协议的基础上引入了纵向(vertocal,V)和横向(horizontal,H)分析相结合的WSN节点信誉评测模型来提高路由协议的安全性,同时通过改进路由协议的信誉更新机制来减小能耗。基于NS2的仿真实验表明,VH-GEAR路由协议能有效识别网络中的恶意节点,减小对合法节点的误判,降低网络能耗,从而加强了网络的安全性,延长了网络的生命周期,提高了网络的整体性能。     

WSN多跳稀疏锚节点迭代定位算法

在无线传感器网络中,针对多跳稀疏节点网络导致定位性能较差的问题,文章提出多跳稀疏节点迭代定位算法。首先提取两个信号强度最大的单跳邻居锚节点,通过单跳邻居锚节点将未知节点与多跳锚节点建立数值关系,再对未知节点在单跳和多跳锚节点组成的三角形内进行内点判决,并采用锚节点的翻转点与质心迭代得到位置估计。对迭代算法设置预设精度,当终止迭代时,判定位置估计的性能。当低于预设精度时,对未知节点采用锚节点的翻转点与质心迭代求精以满足预设精度,并使得迭代收敛。数值结果表明稀疏锚节点迭代定位算法相对于相关定位算法提高了定位精度,并降低了算法的计算耗时。     

基于SIP的IMS安全性研究

对基于SIP的IMS网络安全性进行具体分析,介绍SIP常用的安全机制以及存在的问题。结合HTIP摘要认证和SIP协议的特点,通过扩展和丰富SIP消息头域的内容,对传统HTTP摘要认证作改进,设计一种新的SIP安全方案,初步实现Client和Server之间的双向身份认证、密钥协商、媒体流加解密与认证。     

E2-SCAN: an extended credit strategy-based energy-efficient security scheme for wireless ad hoc networks

Utilising the battery life and the limited bandwidth available in mobile ad hoc networks (MANETs) in the most efficient manner is an important issue, along with providing security at the network layer. The authors propose, design and describe E2-SCAN, an energy-efficient network layered security solution for MANETs, which protects both routing and packet forwarding functionalities in the context of the on demand distance vector protocol. E2-SCAN is an advanced approach that builds on and improves upon some of the state-of-the-art results available in the literature. The proposed E2-SCAN algorithm protects the routing and data forwarding operations through the same reactive approach, as is provided by the SCAN algorithm. It also enhances the security of the network by detecting and reacting to the malicious nodes. In E2-SCAN, the immediate one-hop neighbour nodes collaboratively monitor. E2-SCAN adopts a modified novel credit strategy to decrease its overhead as the time evolves. Through both analysis and simulation results, the authors demonstrate the effectiveness of E2-SCAN over SCAN in a hostile environment.     

An Intelligent Hybrid Mutual Authentication Scheme for Industrial Internet of Thing Networks

Internet of Things (IoT) network used for industrial management is vulnerable to different security threats due to its unstructured deployment, and dynamic communication behavior. In literature various mechanisms addressed the security issue of Industrial IoT networks, but proper maintenance of the performance reliability is among the common challenges. In this paper, we proposed an intelligent mutual authentication scheme leveraging authentication aware node (AAN) and base station (BS) to identify routing attacks in Industrial IoT networks. The AAN and BS uses the communication parameter such as a route request (RREQ), node-ID, received signal strength (RSS), and round-trip time (RTT) information to identify malicious devices and routes in the deployed network. The feasibility of the proposed model is validated in the simulation environment, where OMNeT++ was used as a simulation tool. We compare the results of the proposed model with existing field-proven schemes in terms of routing attacks detection, communication cost, latency, computational cost, and throughput. The results show that our proposed scheme surpasses the previous schemes regarding these performance parameters with the attack detection rate of 97.7 %.     

Cogent and Energy Efficient Authentication Protocol for WSN in IoT

Given the accelerating development of Internet of things (IoT), a secure and robust authentication mechanism is urgently required as a critical architectural component. The IoT has improved the quality of everyday life for numerous people in many ways. Owing to the predominantly wireless nature of the IoT, connected devices are more vulnerable to security threats compared to wired networks. User authentication is thus of utmost importance in terms of security on the IoT. Several authentication protocols have been proposed in recent years, but most prior schemes do not provide sufficient security for these wireless networks. To overcome the limitations of previous schemes, we propose an efficient and lightweight authentication scheme called the Cogent Biometric-Based Authentication Scheme (COBBAS). The proposed scheme is based on biometric data, and uses lightweight operations to enhance the efficiency of the network in terms of time, storage, and battery consumption. A formal security analysis of COBBAS using Burrows–Abadi–Needham logic proves that the proposed protocol provides secure mutual authentication. Formal security verification using the Automated Validation of Internet Security Protocols and Applications tool shows that the proposed protocol is safe against man-in-the-middle and replay attacks. Informal security analysis further shows that COBBAS protects wireless sensor networks against several security attacks such as password guessing, impersonation, stolen verifier attacks, denial-of-service attacks, and errors in biometric recognition. This protocol also provides user anonymity, confidentiality, integrity, and biometric recovery in acceptable time with reasonable computational cost.     

A Blockchain-Based Authentication Protocol for WLAN Mesh Security Access

In order to deploy a secure WLAN mesh network, authentication of both users and APs is needed, and a secure authentication mechanism should be employed. However, some additional configurations of trusted third party agencies are still needed on-site to deploy a secure authentication system. This paper proposes a new block chain-based authentication protocol for WLAN mesh security access, to reduce the deployment costs and resolve the issues of requiring key delivery and central server during IEEE 802.11X authentication. This method takes the user’s authentication request as a transaction, considers all the authentication records in the mesh network as the public ledger and realizes the effective monitoring of the malicious attack. Finally, this paper analyzes the security of the protocol in detail, and proves that the new method can solve the dependence of the authentication node on PKI and CA.     

LWDSA: light-weight digital signature algorithm for wireless sensor networks

The essential security mechanism in wireless sensor networks (WSNs) is authentication, where nodes can authenticate each other before transmitting a valid data to a sink. There are a number of public key authentication procedures available for WSN in recent years. Due to constraints in WSN environment there is a need for light-weight authentication procedure that consumes less power during computation. This proposed work aims at developing a light-weight authentication protocol using MBLAKE2b with elliptic curve digital signature algorithm (ECDSA). The proposed protocol is also tested using the protocol verification tool Scyther and found to be secure in all claims and roles. This proposed algorithm increases the network life time and reduces the computation time, which is essential for the constrained environment like WSNs.     

DHT系统的安全性优化方法研究

对分布式哈希表(DHT)系统的安全脆弱性问题进行了研究,提出了多种安全性优化策略,并给出了一个原型系统。进行了真实网络实验,实验数据表明,现有DHT网络易受索引毒害和路由污染攻击,产生的错误查询结果甚至会引发更大规模的网络安全事件。通过改进一个个DHT系统的节点ID生成机制、路由表更新机制和搜索路径选择机制,从系统运行的各个阶段提升其安全场,抵御攻击者共谋。基于上述方法设计的原型系统在保证平均查询跳数增加不到1跳的情况下,在共谋攻击节点占比60%的网络中,将系统查询成功率保持在65%以上,其方法适用于各种分布式哈希表结构,具有重要的实际应用前景。     

A comparative QoS survey of mobile ad hoc network routing protocols

A mobile ad hoc network (MANET) is a wireless, dynamic, infrastructure-less, self-organized, multi-hop, and decentralized network. Each node in MANET can act as a router as well as a work station. Many routing protocols have been developed to increase the efficiency of MANET. The primary objective of this paper is a detailed QoS comparison of reactive (AODV), proactive (DSDV), and hybrid (ZRP) routing protocols of MANET in order to find which routing protocol works best in a particular network scenario. The analysis was made for TCP-based traffic patterns. The performance differentials were analyzed on the basis of normalized routing overhead, packet loss, packet delivery ratio, control packets, end-to-end delay, packet received, and packet sent with a variation of nodes density and mobility. The results were obtained using the NS-2 simulator.     

A Lightweight Three-Factor User Authentication Protocol for the Information Perception of IoT

With the development of computer hardware technology and network technology, the Internet of Things as the extension and expansion of traditional computing network has played an increasingly important role in all professions and trades and has had a tremendous impact on people lifestyle. The information perception of the Internet of Things plays a key role as a link between the computer world and the real world. However, there are potential security threats in the Perceptual Layer Network applied for information perception because Perceptual Layer Network consists of a large number of sensor nodes with weak computing power, limited power supply, and open communication links. We proposed a novel lightweight authentication protocol based on password, smart card and biometric identification that achieves mutual authentication among User, GWN and sensor node. Biometric identification can increase the non-repudiation feature that increases security. After security analysis and logical proof, the proposed protocol is proven to have a higher reliability and practicality.