Prevention of Black Hole Attack in Multicast Routing Protocols for Mobile Ad-Hoc Networks Using a Self-Organized Public Key Infrastructure

ABSTRACT

A mobile ad-hoc network (MANET) is an autonomous system of mobile nodes connected by wireless links in which nodes cooperate by forwarding packets for each other thereby enabling communication beyond direct wireless transmission range. Example applications include battlefield communication, disaster recovery operations, and mobile conferencing. The dynamic nature of ad-hoc networks makes them more vulnerable to security attacks compared with fixed networks. Providing security in mobile ad-hoc networks has been a major issue in recent years. Most of the secure routing protocols proposed by researchers need a centralized authority or a trusted third party to provide authentication. This destroys the self-organizing nature of ad-hoc networks. Black Hole attack is one of the routing attacks that occur in MANETs. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In this article, we propose an enhanced certificate based authentication mechanism, where nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. The proposed scheme uses Multicast Ad-hoc On Demand Distance Vector Routing (MAODV) protocol as a support for certification. The effectiveness of our mechanism is illustrated by simulations conducted using network simulator ns-2.     

Secure lightweight password authenticated key exchange for heterogeneous wireless sensor networks

Several three-party password authenticated key exchange (3-PAKE) protocols have recently been proposed for heterogeneous wireless sensor networks (HWSN). These are efficient and designed to address security concerns in ad-hoc sensor network applications for a global Internet of Things framework, where a user may request access to sensitive information collected by resource-constrained sensors in clusters managed by gateway nodes. In this paper we first analyze three recently proposed 3-PAKE protocols and discuss their vulnerabilities. Then, based on Radio Frequency Identification technologies we propose a novel 3-PAKE protocol for HWSN applications, with two extensions for additional security features, that is provably secure, efficient and flexible.     

无线传感器网络密钥种子管理和分配模型及应用

随机密钥种子预分配方案是实现安全的无线传感器网络应用的首选方案,该方案在无线传感器网络节点布置之前建立和分配某种密钥种子信息,在网络节点布置之后利用密钥种子信息建立或发现节点之间安全的通信链路.根据传感器网络的通信保密和节点认证需求,提出了通用密钥种子管理和分配模型(KSMA).该模型可用于预分配方案的安全分析,描述了预分配方案的5个安全属性.在KSMA模型中,基于单向累加器,定义了一类新的密钥种子结构,提出了新的密钥种子预分配方案和节点秘密共享发现协议,并在UC(universally composable)安全框架中对新的秘密共享发现协议进行了可证明安全分析.在新方案中说明了如何设定密钥池参数和节点密钥链参数的方法,该方法不仅保证了高概率的安全链路建立,而且可以通过节点身份证人确认机制实现节点之间身份认证,有效地防御传感器网络Sybil攻击.通过与其他方案的分析对比,新方案改善了网络安全弹性、综合性能良好.     

Secure data aggregation in wireless sensor networks: A comprehensive overview

Wireless sensor networks often consists of a large number of low-cost sensor nodes that have strictly limited sensing, computation, and communication capabilities. Due to resource restricted sensor nodes, it is important to minimize the amount of data transmission so that the average sensor lifetime and the overall bandwidth utilization are improved. Data aggregation is the process of summarizing and combining sensor data in order to reduce the amount of data transmission in the network. As wireless sensor networks are usually deployed in remote and hostile environments to transmit sensitive information, sensor nodes are prone to node compromise attacks and security issues such as data confidentiality and integrity are extremely important. Hence, wireless sensor network protocols, e.g., data aggregation protocol, must be designed with security in mind. This paper investigates the relationship between security and data aggregation process in wireless sensor networks. A taxonomy of secure data aggregation protocols is given by surveying the current “state-of-the-art” work in this area. In addition, based on the existing research, the open research areas and future research directions in secure data aggregation concept are provided.     

一种无线传感器网络分布式安全成簇协议

分簇的层次型拓扑控制方式在无线传感器网络中得到广泛研究和应用.然而,由于传感器网络本身所具有的开放性和资源有限的特点,攻击者可以很容易对成簇协议实施有效的误用和破坏.因此,保证成簇协议安全性是其实际广泛应用的基本前提.针对成簇协议所面临的各种安全威胁,提出了一种分布式安全成簇协议,通过网络安全初始化、可信基站的随机数广播和单向密钥链技术来有效地抵御节点伪装和簇首占据攻击、簇成员恶意征募攻击和多重簇成员身份攻击.对协议的安全性和开销进行了广泛和深入的分析,证明了协议的安全性和有效性.     

Robust self-keying mobile ad hoc networks

Pairwise key establishment in mobile ad hoc networks allows any pair of nodes to agree upon a shared key. This is an important security service needed to secure routing protocols, and in general to facilitate secure communication among the nodes of the network.We present two self-keying mechanisms for pairwise key establishment in mobile ad hoc networks which do not require any centralized support. The mechanisms are built using the well-known technique of threshold secret sharing, and are robust and secure against a collusion of up to a certain number of nodes. We evaluate and compare the performance of both the mechanisms in terms of the node admission and pairwise key establishment.     

Prototype of a secure wireless patient monitoring system for the medical community

Many medical applications set new demands on sensor network designs. They often involve highly variable data rates, multiple receivers and security. Most existing sensor network designs do not adequately support these requirements, focusing instead on aggregating small amounts of data from nodes without security. In this paper, we present a software design for medical sensor networks. This framework provides a set of protocols and services specifically tailored for this application domain. It includes a secure communications model, an interface for periodic collection of sensor data, a dynamic sensor discovery protocol and protocols that monitor and save up to 70% of the energy of a node. The framework is built in TinyOS and a JAVA based user interface is provided to debug the framework and display the measured data. An extensive evaluation of the framework of a 6-node sensor test-bed is presented, measuring scalability and robustness as the number of sensors and the per node data rate are varied. The results show that the proposed framework is a scalable, robust, reliable and secure solution for medical applications.     

Efficient group key management for multi-privileged groups

Multi-privileged group communications containing multiple data streams have been studied in the traditional wired network environment and the Internet. With the rapid development of mobile and wireless networks and in particular mobile ad-hoc networks (MANETs), the traditional Internet has been integrated with mobile and wireless networks to form the mobile Internet. The multi-privileged group communications can be applied to the mobile Internet. Group users can subscribe to different data streams according to their interest and have multiple access privileges with the support of multi-privileged group communications. Security is relatively easy to be guaranteed in traditional groups where all group members have the same privilege. On the other hand, security has been a challenging issue and is very difficult to handle in multi-privileged groups. In this paper, we first introduce some existing rekeying schemes for secure multi-privileged group communications and analyze their advantages and disadvantages. Then, we propose an efficient group key management scheme called ID-based Hierarchical Key Graph Scheme (IDHKGS) for secure multi-privileged group communications. The proposed scheme employs a key graph, on which each node is assigned a unique ID according to access relations between nodes. When a user joins/leaves the group or changes its access privileges, other users in the group can deduce the new keys using one-way function by themselves according to the ID of joining/leaving/changing node on the graph, and thus the proposed scheme can greatly reduce the rekeying overhead.     

Secure and reliable clustering in wireless sensor networks: A critical survey

In the past few years, research interest has been increased towards wireless sensor networks (WSNs) and their application in both the military and civil domains. To support scalability in WSNs and increase network lifetime, nodes are often grouped into disjoint clusters. However, secure and reliable clustering, which is critical in WSNs deployed in hostile environments, has gained modest attention so far or has been limited only to fault tolerance. In this paper, we review the state-of-the-art of clustering protocols in WSNs with special emphasis on security and reliability issues. First, we define a taxonomy of security and reliability for cluster head election and clustering in WSNs. Then, we describe and analyze the most relevant secure and reliable clustering protocols. Finally, we propose countermeasures against typical attacks and show how they improve the discussed protocols.     

物联网中移动Sensor节点漫游的组合安全认证协议

物联网包含感知子网和传输骨干网,其感知子网中节点能力受限,往往利用移动的传感器节点跨区域访问来获取信息;而其传输骨干网络需要依托现有Internet的基础设施,并利用其提供的强大服务.在这种情况下,移动节点的漫游带来了新的安全问题,一方面移动节点在感知子网间跨区域漫游,虽和MANET中一样需要保证移动节点漫游时高效安全地加入新的拜访域,但因传感节点资源极端受限而对轻量级有更高数量级的要求;另一方面资源受限的感知子网间移动节点漫游仅能提供轻量级安全,但是在接入骨干传输网时,不可因此降低骨干网络已有的安全性,即轻量级的安全协议和传统骨干网协议综合运用时,需具有组合安全性.本文针对这种基于骨干传输网的移动节点漫游问题,提出了一个新的随机漫游认证协议(RMRAP),兼顾安全性和实际应用的可行性,实现了漫游的轻量级身份认证,保护了漫游节点的隐私,同时实现了具有前向安全性,会话密钥对;并针对衔接骨干网和感知子网的基站进行了组合安全性的认证测试,验证了RMRAP的安全性;最后,从理论分析和实验仿真两个方面,分析了RMRAP协议的性能,并和相近工作进行了对比,对比表明,具有组合安全性的RMRAP在计算、通信开销方面,依然具有和同类协议可比较的相近性能.     

大规模移动自组网络安全技术综述

移动自组网络具有重要的军事价值和广阔的商业应用前景.其无中心控制、多跳等特征使移动自组网络安全问题更加严峻.特别是,当节点数增加时,网络的组成难度、可用性、安全性都会受到极大的影响.在对国内外有关移动自组网络研究现状综述的基础上,重点对大规模移动自组网络安全涉及的关键技术,如安全模型与安全方案、安全分簇技术、组密钥管理技术等方面的研究现状进行了深入分析与探讨;最后,指出了大规模移动自组网络安全技术的主要研究方向,即:大规模移动自组网络的安全组网技术、移动自组网络的协议安全证明技术、大规模移动自组网络的密钥管理技术、大规模移动自组网络模型模拟和安全性论证.     

传感器网络的多重单向散列随机密钥预分配协议

首先借鉴Leighton Micali协议中的多重单向散列建立密钥思想,设计了一种基本的多重单向散列密钥分配协议。该协议能确保所有邻居节点能建立安全链路,但是安全性能差。然后结合多重单向散列与随机密钥预分配,提出了多重单向散列随机密钥预分配协议,并详细分析了性能。与现有的协议相比,该协议只需很少的单向散列运算,计算负载小,安全性能高,非常适用于传感器网络。     

On the distribution and revocation of cryptographic keys in sensor networks

Key management has two important aspects: key distribution, which describes how to disseminate secret information to the principals so that secure communications can be initiated, and key revocation, which describes how to remove secrets that may have been compromised. Key management in sensor networks face constraints of large scale, lack of a priori information about deployment topology, and limitations of sensor node hardware. While key distribution has been studied extensively in recent works, the problem of key and node revocation in sensor networks has received relatively little attention. Yet, revocation protocols that function correctly in the presence of active adversaries pretending to be legitimate protocol participants via compromised sensor nodes are essential. In their absence, an adversary could take control of the sensor network's operation by using compromised nodes which retain their network connectivity for extended periods of time. In this paper, we present an overview of key-distribution methods in sensor networks and their salient features to provide context for understanding key and node revocation. Then, we define basic properties that distributed sensor-node revocation protocols must satisfy and present a protocol for distributed node revocation that satisfies these properties under general assumptions and a standard attacker model.     

Secure and robust multipath routings for advanced metering infrastructure

A Smart Grid is the modernization of the electricity grid using communication technology with the prime goals of reducing energy consumption as well as cost increasing reliability and creating new services for all participants. It comprises key components such as the Advanced Metering Infrastructure (AMI), which includes Neighborhood area network (NAN). When multi-hopping is considered in wireless communication, especially in WiFi and ZigBee, the range of the communication can be extended to communicate with the gateway collector in AMI network. Wireless mesh AMI network may have smart meters, a NAN gateway, and fixed as well as mobile repeaters. Though many techniques have been developed to secure on-demand routing protocols in wireless multi-hop ad-hoc networks, these protocols have shortcomings. In this paper, we propose two robust and secure multipath routing protocols for wireless mesh AMI networks. We have analyzed their robustness to various attacks. The simulation results show that the proposed protocols are better than existing secure routing protocols.     

无线传感器网络密钥分布方案研究

无线传感器网络广泛应用于目标跟踪、环境监测、军事感应和地震活动测试等方面。网络安全是无线传感器网络应用的关键因素。在无线传感器网络安全结构中,节点的密钥分布是其中的重要一环。资源有限的大规模无线传感器网络的部署需要高效的节点密钥分布机制。高效的节点密钥分布方案能加强网络连通性、提高抵抗节点捕获攻击的能力、减小节点能量的消耗以及扩展节点通信范围。本文分析了密钥分布的安全要求,着重从密钥的产生、密钥连接的建立和性能方面描述了当前典型的密钥分布方案,并比较和分析了这些算法的特点和安全性能。最后结合该领域当前研究现状,指出无线传感器网络密钥分布未来可能的研究方向。     

Efficient Node Admission and Certificateless Secure Communication in Short-Lived MANETs

Decentralized node admission is an essential and fundamental security service in mobile ad hoc networks (MANETs). It is needed to securely cope with dynamic membership and topology as well as to bootstrap other important security primitives (such as key management) and services (such as secure routing) without the assistance of any centralized trusted authority. An ideal admission technique must involve minimal interaction among MANET nodes, since connectivity can be unstable. Also, since MANETs are often composed of weak or resource-limited devices, admission must be efficient in terms of computation and communication. Most previously proposed admission protocols are prohibitively expensive and require heavy interaction among MANET nodes. In this paper, we focus on a common type of MANET that is formed on a temporary basis, and present a secure, efficient, and a fully noninteractive admission technique geared for this type of a network. Our admission protocol is based on secret sharing techniques using bivariate polynomials. We also present a new scheme that allows any pair of MANET nodes to efficiently establish an on-the-fly secure communication channel.     

无线传感器网络中基于临时初始密钥的密钥管理协议

针对网络中相邻节点对通信、局部广播通信及新节点认证中的安全问题,提出无线传感器网络中基于临时初始密钥的密钥管理协议-PLA协议.该协议要求在网络部署的时候为每个节点分配唯一的标识符和一个临时初始密钥.节点基于临时初始密钥和相关信息建立用于节点对之间通信的密钥(Pairwise Key,简称点对密钥)、用于与其所有邻居节点同时通信的局部广播密钥(Local Broadcast Key,简称局部广播密钥)以及用于认证新加入节点的认证密钥(Authentication Key,简称认证密钥).与现有协议如LEAP协议和OTMK协议相比较,该协议降低了能耗,提高了安全性.     

A lightweight anonymous routing protocol without public key en/decryptions for wireless ad hoc networks

More attention should be paid to anonymous routing protocols in secure wireless ad hoc networks. However, as far as we know, only a few papers on secure routing protocols have addressed both issues of anonymity and efficiency. Most recent protocols adopted public key Infrastructure (PKI) solutions to ensure the anonymity and security of route constructing mechanisms. Since PKI solution requires huge and expensive infrastructure with complex computations and the resource constraints of small ad hoc devices; a two-layer authentication protocol with anonymous routing (TAPAR) is proposed in this paper. TAPAR does not adopt public key computations to provide secure and anonymous communications between source and destination nodes over wireless ad hoc networks. Moreover, TAPAR accomplishes mutual authentication, session key agreement, and forward secrecy among communicating nodes; along with integration of non-PKI techniques into the routing protocol allowing the source node to anonymously interact with the destination node through a number of intermediate nodes. Without adopting PKI en/decryptions, our proposed TAPAR can be efficiently implemented on small ad hoc devices while at least reducing the computational overhead of participating nodes in TAPAR by 21.75%. Our protocol is certainly favorable when compared with other related protocols.     

基于节点相似性和网络嵌入的复杂网络社区发现算法

社区发现算法对分析复杂网络的拓扑和层次结构、预测复杂网络的演化趋势等具有十分重要的意义.传统的社区发现算法划分精度不高,忽略了网络嵌入的重要性.针对这样的问题,提出了基于节点相似性和网络嵌入Node2Vec方法的无参数社区发现算法.首先,使用网络嵌入Node2Vec方法将网络节点映射成欧氏空间中低维向量表示的数据点,计...     

Secure clustering and routing for heterogeneous mobile wireless sensor networks with dynamic key management

In mobile wireless sensor networks, the process of offering security to the network after computing dynamic key may result in misuse of information by malicious node. All the messages exchanged during the inter-cluster routing also need to be protected by providing integrity and confidentiality. The proposed architecture includes heterogeneous backbone nodes (BNs) deployed in the network using particle swarm optimisation technique. They perform secure clustering process using exclusion basis system. The cluster head is chosen based on weight value that is estimated using parameters such as the node degree (ND), distance to BN, node velocity and virtual battery power. Once the clusters are formed, the cluster members estimate the cost value based on location, ND and virtual battery power. This cost value is used by the member nodes to calculate the dynamic key for its data communication. Since the parameters used for clustering are further used during dynamic key generation, security has to be provided to the clustering phase. When the node moves from one cluster to another, secure cluster maintenance is performed and when the data need to be transmitted from source to sink, secure route discovery is executed within the clusters. By simulation results, we show that the proposed technique is more secured and minimises the communication and storage overhead.