移动Ad Hoc网络安全按需路由协议

Ad Hoc网络的安全性问题越来越引起人们的关注,如何确保Ad Hoc网络路由协议的安全成为Ad Hoc研究的一项关键技术。提出一种适用于移动Ad Hoc网络的安全按需源路由协议,利用移动节点之间的会话密钥和基于散列函数的消息鉴别码HMAC一起来验证路由发现和路由应答的有效性。提出的邻居节点维护机制通过把MAC地址和每个节点的ID绑定来防御各种复杂的攻击如虫洞攻击。NS-2仿真表明该协议能有效地探测和阻止针对Ad Hoc网络的大部分攻击。     

A secure and trust based on-demand multipath routing scheme for self-organized mobile ad-hoc networks

A mobile ad hoc network (MANET) is a self-configurable network connected by wireless links. This type of network is only suitable for provisional communication links as it is infrastructure-less and there is no centralized control. Providing QoS and security aware routing is a challenging task in this type of network due to dynamic topology and limited resources. The main purpose of secure and trust based on-demand multipath routing is to find trust based secure route from source to destination which will satisfy two or more end to end QoS constraints. In this paper, the standard ad hoc on-demand multi-path distance vector protocol is extended as the base routing protocol to evaluate this model. The proposed mesh based multipath routing scheme to discover all possible secure paths using secure adjacent position trust verification protocol and better link optimal path find by the Dolphin Echolocation Algorithm for efficient communication in MANET. The performance analysis and numerical results show that our proposed routing protocol produces better packet delivery ratio, reduced packet delay, reduced overheads and provide security against vulnerabilities and attacks.     

Trust Based Detection and Elimination of Packet Drop Attack in the Mobile Ad-Hoc Networks

The mobile ad hoc network (MANET) is communication network of a mobile node without any prior infrastructure of communication. The network does not have any static support; it dynamically creates the network as per requirement by using available mobile nodes. This network has a challenging security problem. The security issue mainly contains a denial of service attacks like packet drop attack, black-hole attack, gray-hole attack, etc. The mobile ad-hoc network is an open environment so the working is based on mutual trust between mobile nodes. The MANETs are vulnerable to packet drop attack in which packets travel through the different node. The network while communicating, the node drops the packet, but it is not attracting the neighboring nodes to drop the packets. This proposed algorithm works with existing routing protocol. The concept of trusted list is used for secure communication path. The trusted list along with trust values show how many times node was participated in the communication. It differentiates between altruism and selfishness in MANET with the help of energy level of mobile components. The trust and energy models are used for security and for the differentiation between altruism and selfishness respectively.     

Invincible AODV to detect black hole and gray hole attacks in mobile ad hoc networks

Today's communication world is majorly driven by mobile nodes that demand wireless systems for their data relay. One such network is mobile ad hoc network, which is a purely wireless network with which communication is feasible instantly without any aid of preexisting infrastructure; due to this magnificent feature, it has a wide variety of applications. Mobile ad hoc network hinges on cooperative nature of the mobile nodes for relaying data. But at the same time, nodes relaying data for others may compromise, leading to various security attacks. Two main security attacks that drastically bring down the performance of mobile ad hoc network are black hole and gray hole attacks. In this paper, we propose 2 versions of invincible Ad hoc On‐Demand Distance Vector protocol to detect black hole and gray hole nodes that have bypassed preventive mechanism during route discovery process. First is the basic version, which is based on node‐to‐node frame check sequence tracking mechanism, and second is the enhanced version, which is based on signed frame check sequence tracking mechanism. They create a deterrent environment addressing all kinds of black and gray hole attacks. They also provide reliable data transmission to all the nonmalicious nodes in the network by using end‐to‐end authentication mechanism. Simulation results show better performance in packet delivery ratio when compared with other contemporary solutions while addressing all kinds of black and gray hole attacks. It shows significant improvement in end‐to‐end delay and normalized routing load over Ad hoc On‐Demand Distance Vector under black hole or gray hole attacks and also shows better throughput and packet delivery ratio than the existing solution.     

Interference Aware Route Discovery in Wireless Mobile Ad Hoc Networks

In this paper, we propose an interference aware expanding region search algorithm to locate a destination in mobile ad hoc networks. In the proposed approach, signal to interference plus noise ration (SINR) is used in place of TTL field of a route request packet. The source node initializes the search query with a threshold value of SINR. Each relay node forwards the packet if its SINR satisfies the threshold criteria provided by the source node in RREQ packet. As a result, the low SINR nodes are removed in route discovery phase prior to the establishment of routes. The simulation results show that proposed algorithm provides significant improvement in performance of reactive routing protocol in terms of reduced routing overhead, reduced energy consumption, and increased network throughput.

     

一种安全的Ad Hoc On-demand路由协议

由于Ad Hoc网络固有的弱点,设计安全、有效的Ad Hoc路由协议是困难的.本文从新的角度设计了一个简单、安全的On-demand路由协议.在路径请求和响应阶段,源节点和目的节点的身份分别被隐藏,只有那些位于目的节点选择的最优路径上的节点可以获得完整的路由信息,从而产生有效的前向和反向路径.同时,一个公开的单向Hash函数可以利用隐藏的路由信息构建单向Hash链用于路由信息的认证,从而不需要预先的共享密钥.在一次路由计算中,只有源节点和目的节点需要进行一次非对称密码运算.     

RMRPTS: a reliable multi-level routing protocol with tabu search in VANET

Vehicular ad hoc network (VANET), a subclass of mobile ad hoc networks (MANETs), is a promising approach for the intelligent transportation system (ITS). One of the main challenges in VANETs is establishment of vehicular communication and stable routing. Another problem of VANETs is their tendency of being trapped in a local optimum. In this paper, a reliable multi-level routing protocol based on clustering, RMRPTS has been introduced in VANETs. Even if this topology constantly changes, clustering based multi-level routing will create the possibility of self-organization and route maintaining; moreover, it will solve the problem of developing a trap in the local optimum using tabu search. At the first level, the proposed protocol is an extension of AODV routing protocol that has been improved using fuzzy logic in order to create reliable routing between cluster members. Tabu search has been used at a higher level for routing between cluster heads and destination. Tabu search is a meta-heuristic improved learning method used for solving hybrid optimization problems, and it uses cost function to select a solution among a set of possible solutions. The effective parameters used in the proposed method to select the best path include nodes distance, the velocity of nodes, node’s angle, link stability, and link reliability. The proposed protocol was simulated using an NS-2 simulator, and the results of its performance showed increased average packet delivery rate and decreased average end to end delays, number of packet losses compared with earlier protocols.     

Security and performance enhancement of AODV routing protocol

A mobile ad hoc networks (MANET) is a decentralized, self‐organizing, infrastructure‐less network and adaptive gathering of independent mobile nodes. Because of the unique characteristics of MANET, the major issues to develop a routing protocol in MANET are the security aspect and the network performance. In this paper, we propose a new secure protocol called Trust Ad Hoc On‐demand Distance Vector (AODV) using trust mechanism. Communication packets are only sent to the trusted neighbor nodes. Trust calculation is based on the behaviors and activities information of each node. It is divided in to trust global (TG) and trust local (TL). TG is a trust calculation based on the total of received routing packets and the total of sending routing packets. TL is a comparison between total received packets and total forwarded packets by neighbor node from specific nodes. Nodes conclude the total trust level of its neighbors by accumulating the TL and TG values. The performance of Trust AODV is evaluated under denial of service/distributed denial of service (DOS/DDOS) attack using network simulator NS‐2. It is compared with the Trust Cross Layer Secure (TCLS) protocol. Simulation results show that the Trust AODV has a better performance than TCLS protocol in terms of end‐to‐end delay, packet delivery ratio, and overhead. Next, we improve the performance of Trust AODV using ant algorithm. The proposed protocol is called Trust AODV + Ant. The implementation of ant algorithm in the proposed secure protocol is by adding an ant agent to put the positive pheromone in the node if the node is trusted. Ant agent is represented as a routing packet. The pheromone value is saved in the routing table of the node. We modified the original routing table by adding the pheromone value field. The path communication is selected based on the pheromone concentration and the shortest path. Trust AODV + Ant is compared with simple ant routing algorithm (SARA), AODV, and Trust AODV under DOS/DDOS attacks in terms of performance. Simulation results show that the packet delivery ratio and throughput of the Trust AODV increase after using ant algorithm. However, in terms of end‐to‐end delay, there is no significant improvement. Copyright © 2014 John Wiley & Sons, Ltd.     

A heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks

A mobile ad hoc network does not require fixed infrastructure to construct connections among nodes. Due to the particular characteristics of mobile ad hoc networks, most existing secure protocols in wired networks do not meet the security requirements for mobile ad hoc networks. Most secure protocols in mobile ad hoc networks, such as secure routing, key agreement and secure group communication protocols, assume that all nodes must have pre‐shared a secret, or pre‐obtained public‐key certificates before joining the network. However, this assumption has a practical weakness for some emergency applications, because some nodes without pre‐obtained certificates will be unable to join the network. In this paper, a heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks is proposed to remedy this weakness. Several heterogeneous networks (such as satellite, unmanned aerial vehicle, or cellular networks) provide wider service areas and ubiquitous connectivity. We adopt these wide‐covered heterogeneous networks to design a secure certificate distribution scheme that allows a mobile node without a pre‐obtained certificate to instantly get a certificate using the communication channel constructed by these wide‐covered heterogeneous networks. Therefore, this scheme enhances the security infrastructure of public key management for mobile ad hoc networks. Copyright © 2006 John Wiley & Sons, Ltd.     

Opportunistic media access control and routing for delay-tolerant mobile ad hoc networks

In delay-tolerant mobile ad hoc networks, motion of network nodes, network sparsity and sporadic density can cause a lack of guaranteed connectivity. These networks experience significant link delay and their routing protocols must take a store-and-forward approach. In this paper, an opportunistic routing protocol is proposed, along with its compatible media access control, for non-real-time services in delay-tolerant networks. The scheme is mobility-aware such that each network node needs to know its own position and velocity. The media access control employs a four-fold handshake procedure to probe the wireless channel and cooperatively prioritize candidate nodes for packet replication. It exploits the broadcast characteristic of the wireless medium to utilize long-range but unreliable links. The routing process seizes opportunities of node contacts for data delivery. It takes a multiple-copy approach that is adaptive with node movements. Numerical results in mobile ad hoc networks and vehicular ad hoc networks show superior performance of the proposed protocol compared with other routing protocols. The mobility-aware media access control and routing scheme exhibits relatively small packet delivery delay and requires a modest amount of total packet replications/transmissions.     

Secure interconnection protocol for integrated Internet and ad hoc networks

Integration of ad hoc networks with the Internet provides global Internet connectivity for ad hoc hosts through the coordination of mobile IP and ad hoc protocols. In a pure ad hoc network, it is difficult to establish trust relationship between two ad hoc hosts due to lack of infrastructure or centralized administration. In this paper, an infrastructure‐supported and distributed authentication protocol is proposed to enhance trust relationships amongst ad hoc hosts. In addition, an effective secure routing protocol (SRP) is discussed to protect the multi‐hop route for Internet and ad hoc communication. In the integrated ad hoc networks with Internet accessibility, the ad hoc routing security deployed with the help of infrastructure has a fundamental impact on ad hoc hosts in term of Internet access, integrity, and authentication. Both analysis and simulation results demonstrate the effectiveness of the proposed security protocol. Copyright © 2007 John Wiley & Sons, Ltd.     

Moralism: mobility prediction with link stability based multicast routing protocol in MANETs

In recent research, link stability is getting tremendous attention in mobile adhoc networks (MANETs), because of several impediments that occur in a reliable and robust network. Link stability metric is used to improve network performance in terms of end-to-end delay, data success delivery ratio (DSDR) and available route time (ART). Energy consumption, bandwidth and communication delay of major concern in ad hoc networks. A high mobility of MANET nodes reduces the reliability of network communication. In a dynamic networks, high mobility of the nodes makes it very difficult to predict the dynamic routing topology and hence cause route/link failures. Multicast in MANETs is an emerging trend that effectively improves the performance while lowering the energy consumption and bandwidth usage. Multicast routing protocol transmits a packet to multicast a group at a given time instant to achieve a better utilization of resources. In this paper, node mobility is considered to map better their movement in the network. So, the links with long active duration time can be identified as a stable link for route construction. Variation in signal strength is used to identify whether the direction of the node is towards or away from estimating node. We consider signal strength as QoS metric to calculate link stability for route construction. Efforts are made to identify the link with highly probable longer lifetime as the best suitable link between two consecutive nodes. We predict the movement time of nodes that define the route path to the node destination. Exata/cyber simulator is used for network simulation. The simulation results of the proposed routing protocol are compared with on-demand multicast routing protocol and E-ODMRP, which works on minimum hop count path. Analysis of our simulation results has shown improvement of various routing performance metrics such as DSDR, ART, routing overhead and packet drop ratio.     

AO2P: ad hoc on-demand position-based private routing protocol

Privacy is needed in ad hoc networks. An ad hoc on-demand position-based private routing algorithm, called AO2P, is proposed for communication anonymity. Only the position of the destination is exposed in the network for route discovery. To discover routes with the limited routing information, a receiver contention scheme is designed for determining the next hop. Pseudo identifiers are used for data packet delivery after a route is established. Real identities (IDs) for the source nodes, the destination nodes, and the forwarding nodes in the end-to-end connections are kept private. Anonymity for a destination relies on the difficulty of matching a geographic position to a real node ID. This can be enforced by the use of secure position service systems. Node mobility enhances destination anonymity by making the match of a node ID with a position momentary. To further improve destination privacy, R-AO2P is proposed. In this protocol, the position of a reference point, instead of the position of the destination, is used for route discovery. Analytical models are developed for evaluating the delay in route discovery and the probability of route discovery failure. A simulator based on ns-2 is developed for evaluating network throughput. Analysis and simulation results show that, while AO2P preserves communication privacy in ad hoc networks, its routing performance is comparable with other position-based routing algorithms.     

Urgency-based packet scheduling and routing algorithms for delay-sensitive data over MANETs

This paper proposes urgency-based packet scheduling and routing algorithms to effectively deliver delay-sensitive data over a multi-hop mobile ad hoc networks supporting IEEE 802.11 multi-rate service. First, packet urgency, node urgency, and route urgency are defined on the basis of the end-to-end delay requirement. Based on these urgency metrics and the estimated transmission delay of each packet by Kalman filter, the proposed packet scheduling algorithm determines the transmission order and drop policy to minimize the node urgency without unnecessary packet drop, and the proposed routing algorithm establishes a route to minimize the derivative of route urgency in order to maximize the number of packets delivered within the required end-to-end delay. Finally, experimental results are presented to evaluate the performance of the proposed joint working algorithms.     

Efficient on-demand routing for mobile ad hoc wireless access networks

In this paper, we consider a mobile ad hoc wireless access network in which mobile nodes can access the Internet via one or more stationary gateway nodes. Mobile nodes outside the transmission range of the gateway can continue to communicate with the gateway via their neighboring nodes over multihop paths. On-demand routing schemes are appealing because of their low routing overhead in bandwidth restricted mobile ad hoc networks, however, their routing control overhead increases exponentially with node density in a given geographic area. To control the overhead of on-demand routing without sacrificing performance, we present a novel extension of the ad hoc on-demand distance vector (AODV) routing protocol, called LB-AODV, which incorporates the concept of load-balancing (LB). Simulation results show that as traffic increases, our proposed LB-AODV routing protocol has a significantly higher packet delivery fraction, a lower end-to-end delay and a reduced routing overhead when compared with both AODV and gossip-based routing protocols.     

Multihop sensor network design for wide-band communications

This paper presents a master/slave cellular-based mobile ad hoc network architecture for multihop multimedia communications. The proposed network is based on a new paradigm for solving the problem of cluster-based ad hoc routing when utilizing existing wireless local area network (WLAN) technologies. The network architecture is a mixture of two different types of networks: infrastructure (master-and-slave) and ad hoc. In this architecture, the participating slave nodes (SNs) in each cluster communicate with each other via their respective master nodes (MNs) in an infrastructure network. In contrast to traditional cellular networks where the base stations are fixed (e.g., interconnected via a wired backbone), in this network the MNs (e.g., base stations) are mobile; thus, interconnection is accomplished dynamically and in an ad hoc manner. For network implementation, the IEEE 802.11 WLAN has been deployed. Since there is no stationary node in this network, all the nodes in a cluster may have to move together as a group. However, in order to allow a mobile node to move to another cluster, which requires changing its point of attachment, a handoff process utilizing Mobile IP version 6 (IPv6) has been considered. For ad hoc routing between the master nodes (i.e., MNs), the Ad hoc On-demand Distance Vector (AODV) Routing protocol has been deployed. In assessing the network performance, field test trials have been carried out to measure the proposed network performance. These measurements include packet loss, delays under various test conditions such as a change of ad hoc route, handoffs, etc.     

DEBH: detecting and eliminating black holes in mobile ad hoc network

Security in mobile ad hoc network (MANET) is one of the key challenges due to its special features e.g. hop-by-hop communications, dynamic topology, and open network boundary that received tremendous attention by scholars. Traditional security methods are not applicable in MANET due to its special properties. In this paper, a novel approach called detecting and eliminating black holes (DEBH) is proposed that uses a data control packet and an additional black hole check table for detecting and eliminating malicious nodes. Benefiting from trustable nodes, the processing overhead of the security method decreases by passing time. Ad hoc on-demand distance vector (AODV) routing protocol is used as the routing protocol in our design. After finding the freshest path using AODV, our design checks the safety of selected path. In case of detecting any malicious node, it is isolated from the entire network by broadcasting a packet that contains the ID of malicious nodes. Simulation results show that DEBH increases network throughput and decreases packet overhead and delay in comparison with other studied approaches. Moreover, DEBH is able to detect all active malicious nodes which generates fault routing information.     

一种基于跨层设计和蚁群优化的自组网负载均衡路由协议

针对大部分现有替代路径共同存在的替代路径老化和构建效率问题,本文提出了一种基于跨层设计和蚁群优化的负载均衡路由协议(CALRA),利用蚁群优化算法特有的信息素挥发方法实现对替代路径的老化问题,将蚁群优化和跨层优化方法结合起来解决自组网中的负载均衡问题,通过双向逐跳更新的方式较好的解决了替代路径构建效率问题,并将蚂蚁在所经过的各中间节点为路由表带来的信息素增量映射为蚂蚁离开源节点的距离、移动过程中所遇到的节点拥塞程度、节点当前信息素浓度和节点移动速度等各协议层的统计信息的函数,通过对各种信息所对应的参数赋予不同加权值的方法对概率路由表进行控制,改善了自组网中现有基于蚁群优化的路由协议中普遍存在的拥塞问题、捷径问题、收敛速度问题和引入的路由开销问题.仿真表明,CALRA在分组成功递交率、路由开销、端到端平均时延等方面具有优良性能,能很好地实现网络中的业务负载均衡.     

移动自组网中基于声誉机制的安全路由协议设计与分析

移动自组网是一种有特殊用途的对等式网络,具有无中心、自组织、可快速展开、可移动等特点,这些特点使得它在战场、救灾等特殊场合的应用日渐受到人们的重视.由于在移动自组网络中每节点既是主机又是路由器,所以容易遭受基于路由信息的攻击,而现今的路由协议基本没有考虑到该问题.本文在分析移动自组网络安全特性的基础上,综述了该方面的研究工作,建立了基于声誉机制评价体系,并给出了具体的评价方法和计算模型.在此基础上,提出了基于声誉机制的安全路由协议S-DSR.仿真结果表明在存在攻击节点的情况下S-DSR协议比DSR协议具有更好的包传输率、包丢失率等属性.     

Improving protocol robustness in ad hoc networks through cooperative packet caching and shortest multipath routing

A mobile ad hoc network is an autonomous system of infrastructure-less, multihop, wireless mobile nodes. Reactive routing protocols perform well in this environment due to their ability to cope quickly against topological changes. This paper proposes a new routing protocol named CHAMP (caching and multiple path) routing protocol. CHAMP uses cooperative packet caching and shortest multipath routing to reduce packet loss due to frequent route failures. We show through extensive simulation results that these two techniques yield significant improvement in terms of packet delivery, end-to-end delay and routing overhead. We also show that existing protocol optimizations employed to reduce packet loss due to frequent route failures, namely local repair in AODV and packet salvaging in DSR, are not effective at high mobility rates and high network traffic.