A global security architecture for operated hybrid WLAN mesh networks

Hybrid Wireless Mesh Network (HWMN) is a new wireless networking paradigm. Unlike traditional wireless networks, in HWMNs, hosts may rely on each other to keep the network connected. Operators and wireless internet service providers are choosing HWMNs to offer Internet connectivity, as it allows fast, easy and affordable network deployments. One main challenge in design of these networks is their vulnerability to security attacks. In this paper, we investigate the main security issues focusing on the most vulnerable part of the hybrid WLAN mesh infrastructure which concerns the ad hoc network part. Through our proposed architecture, Security Architecture for Operator’s Hybrid WLAN Mesh Network (SATHAME), we identify the new challenges and opportunities posed by this emerging networking environment and explore approaches to secure users, data and communications. From the analysis of strengths and weaknesses of secured routing protocols, we designed a new robust routing structure called MacroGraph (MG). MG structure is extracted from the mesh ad hoc network for each communication to be established between a source and a destination. Especially, MG is a robust structure based on node-disjoint path routing scheme and dynamic trust management that can be adapted to respond to applications’ security requirements. We present a performance analysis of our efficient, robust and scalable multipath reactive secured routing protocol. We investigate the behavior of our proposed scheme under two attack scenarios: Packet Dropping and Route Error attacks in dense network configurations.     

移动Ad Hoc网络改进的Aran安全路由协议研究

移动Ad Hoc是没有网络基础设施的网络,具有无线传输、网络动态拓扑和终端自由移动的特点.现有的无线路由协议不能直接运用到Ad Hoc网络中,其中Aran（Authenticated Routing for Ad Hoc Networks）是比较成熟的Ad Hoc 网络安全路由协议,但不能抵抗合谋和重放等攻击.本文对移动Ad Hoc网络各种路由协议进行比较分析,提出改进的Aran安全路由协议,通过OPNET仿真平台进行试验与分析,具备更好的性能和安全性.     

一种新的Ad hoc网络安全路由方案

在移动Adhoc网络中,网络的自组织、动态拓扑以及无线接入等特点使得路由的安全性问题日益突出。论文提出了一种基于按需路由的高效、安全路由方案(ESAR),阐述了该方案的原理,路由发现和路由维护过程,并对其安全性能以及网络性能进行了分析,与同类型的方案进行了比较。该方案可以有效地防止对路由信息的伪装、篡改、路由重播、拒绝服务(DoS)等攻击,并且考虑了Adhoc网络资源有限的特点,使用对称密钥机制,降低网络资源的开销。     

无线传感器网络安全路由协议研究

由于无线传感器节点电量有限、计算能力有限、存储容量有限以及部署野外等特点,使得它极易受到各类攻击。目前,国内外学者提出了许多无线传感器网络路由协议,但是这些路由协议大都没有考虑到安全问题。因此,研究无线传感器网络安全路由协议具有极其重大的意义。对近年来的无线传感器网络安全路由协议进行了分析和总结。首先对传感器网络路由协议易受到的安全威胁和攻击进行了分类和总结;然后对无线传感器网络安全路由协议进行分类,之后详细描述了几种典型的安全路由协议;最后对各种安全路由协议的性能进行分析比较,并给出其亟待解决的问题及其未来的研究方向。     

Security threats and solutions in MANETs: A case study using AODV and SAODV

Mobile ad hoc network (MANET) security has become the focus of prolific research efforts. Driven by the unique and considerable difficulties of providing security arising from the dynamic nature of MANETs, many security schemes have been proposed. Rather than trying to encompass the entire field of MANET security, this paper focuses on networks using the popular Ad-hoc On-demand Distance Vector (AODV) protocol and a secure extension to AODV, the Secure AODV (SAODV) protocol. SAODV is representative of a number of secure versions of the AODV protocol in that it relies upon the use of cryptographic mechanisms to protect the routing control messages of AODV from being forged and/or altered by attackers. We conduct a vulnerability analysis of SAODV to identify unresolved threats to the algorithm, such as medium access control layer misbehaviour, resources depletion, blackholes, wormholes, jellyfish and rushing attacks. We then compare this vulnerability analysis to schemes that have been proposed to combat the identified threats. These proposals include multipath routing, incentive schemes, directional antennae, packet leashes, randomized route requests, localized self-healing communities and a reactive intrusion detection node blacklisting scheme.     

Prevention of Black Hole Attack in Multicast Routing Protocols for Mobile Ad-Hoc Networks Using a Self-Organized Public Key Infrastructure

ABSTRACT

A mobile ad-hoc network (MANET) is an autonomous system of mobile nodes connected by wireless links in which nodes cooperate by forwarding packets for each other thereby enabling communication beyond direct wireless transmission range. Example applications include battlefield communication, disaster recovery operations, and mobile conferencing. The dynamic nature of ad-hoc networks makes them more vulnerable to security attacks compared with fixed networks. Providing security in mobile ad-hoc networks has been a major issue in recent years. Most of the secure routing protocols proposed by researchers need a centralized authority or a trusted third party to provide authentication. This destroys the self-organizing nature of ad-hoc networks. Black Hole attack is one of the routing attacks that occur in MANETs. In this attack, a malicious node uses the routing protocol to advertise itself as having the shortest path to the node whose packets it wants to intercept. In this article, we propose an enhanced certificate based authentication mechanism, where nodes authenticate each other by issuing certificates to neighboring nodes and generating public key without the need of any online centralized authority. The proposed scheme uses Multicast Ad-hoc On Demand Distance Vector Routing (MAODV) protocol as a support for certification. The effectiveness of our mechanism is illustrated by simulations conducted using network simulator ns-2.     

一种安全的Ad Hoc网络路由协议SGSR

Ad Hoc网络作为一种无线移动网络,其安全问题,特别是路由协议的安全备受关注。针对现有适合移动Ad Hoc网络的链路状态路由协议GSR无法防范恶意节点伪造、篡改、DoS攻击的现状,本文提出了一种在移动Ad Hoc网络中抵抗单个节点恶意攻击的安全路由协议SGSR,给出了认证协议的形式化证明,并对路由协议进行仿真和性能分析。     

Secure and robust multipath routings for advanced metering infrastructure

A Smart Grid is the modernization of the electricity grid using communication technology with the prime goals of reducing energy consumption as well as cost increasing reliability and creating new services for all participants. It comprises key components such as the Advanced Metering Infrastructure (AMI), which includes Neighborhood area network (NAN). When multi-hopping is considered in wireless communication, especially in WiFi and ZigBee, the range of the communication can be extended to communicate with the gateway collector in AMI network. Wireless mesh AMI network may have smart meters, a NAN gateway, and fixed as well as mobile repeaters. Though many techniques have been developed to secure on-demand routing protocols in wireless multi-hop ad-hoc networks, these protocols have shortcomings. In this paper, we propose two robust and secure multipath routing protocols for wireless mesh AMI networks. We have analyzed their robustness to various attacks. The simulation results show that the proposed protocols are better than existing secure routing protocols.     

A survey of secure wireless ad hoc routing

Ad hoc networks use mobile nodes to enable communication outside wireless transmission range. Attacks on ad hoc network routing protocols disrupt network performance and reliability. The article reviews attacks on ad hoc networks and discusses current approaches for establishing cryptographic keys in ad hoc networks. We describe the state of research in secure ad hoc routing protocols and its research challenges.     

基于Ad Hoc的虫洞攻击与防御研究综述

本文在分析无线Ad Hoc网络路由协议研究现状的基础上,指出无线Ad Hoc网络路由协议存在的脆弱性及针对协议漏洞所发起的几种主要攻击形式。重点分析虫洞攻击的基本原理及其当前的防御方法和不足,为今后更进一步研究安全路由协议打下基础。     

HWMN中一种新的隐私感知安全路由协议

混合无线Mesh网络(hybrid wireless mesh network, HWMN)是最具实际应用前景的无线Mesh网(wireless mesh networks, WMNs)结构.然而,HWMN也面临着各种安全威胁,尤其是针对路由和隐私安全的内部攻击的威胁.针对这一问题,结合HWMN的特点,提出了基于动态信誉机制的隐私感知安全路由协议(dynamic reputation based privacy-aware secure routing protocol, RPASRP).RPASRP实现了动态信誉机制、分级密钥管理协议与路由协议的有机结合,并充分考虑了路由过程中的能量损耗.仿真结果表明,RPASRP能有效抵御内部攻击、实现隐私保护和减少路由能量损耗.     

无线传感器网络路由协议安全研究

路由算法是无线传感器网络（WirdessSensorNetworks,WSNs）感知信息传输和汇聚的基础,作为多跳网络,WSNs有其自身的特点,特别是在路由的安全性方面,需要进行深入的研究。文章对近年来的WSNs路由协议安全进行了分析和总结,首先介绍WSNs安全路由的基本概念,接着对路由协议易受到的安全威胁和攻击进行了分类对比,最后对WSNs中几种典型路由协议的安全陛进行了描述和分析。     

基于IEEE802.15.4e标准的工业物联网安全时间同步策略

IEEE802.15.4e是一个面向工业物联网应用的MAC层标准,其采用时间同步关键技术实现高可靠、低功耗的工业无线网络.网络空间中存在各式各样攻击,由于时间同步机制是工业无线网络中的核心支撑技术,其可能成为首选的攻击目标.假如攻击者对时间同步协议发起攻击,破坏节点之间的同步,将导致网络通信、节点定位以及数据融合等方面应用不能正常工作.针对基于IEEE802.15.4e标准的工业物联网中时间同步协议安全性不足问题,提出了一个安全时间同步策略.首先,提出了Sec_ASN算法保护单跳的ASN时间同步和TOF算法保护单跳的Device-to-Device时间同步;其次,提出了Rank-based入侵检测算法保护多跳时间同步;最后通过理论分析和实验测试证明,该安全时间同步策略具有时间同步精度高和开销低特点,并且能有效防御外部攻击和内部攻击.     

无线传感器网络的安全地理位置跨层协议

许多无线传感器网络(WSN)协议设计过程中,没有考虑到安全问题。提出一种安全地理位置跨层协议(Secure Geo-graphic Integrated Protocol,SGIP)。在安全协议的设计过程中,同时考虑了安全引导过程。首先改进了基于位置的密钥引导方案,使其不但充分利用地理信息,而且可以同时为广播包和单播包加密,并且转发区域内所有节点都与源节点有共享密钥。在此基础上,采用基于MAC层竞争的地理路由选择算法,并对不同数据包采用不同的加密方式,设计了安全的路由/MAC跨层协议。分析表明协议具有很好的安全性能,并且开销较小。     

Secure Node Discovery in Ad-hoc Networks and Applications

Designing secure protocols over ad-hoc networks has proved to be a very challenging task, due to various features of such networks, such as partial connectivity, node mobility, and resource constraints. Furthermore, their lack of physical infrastructures deprives their users of even basic network functions such as message routing, for which nodes are themselves responsible.In this paper we consider a very basic network function, node discovery, in ad-hoc networks, where a node with limited network information would like to establish a session with a given number of other nodes in the network (of which the node may not be aware about). We formally define correctness, security and efficiency properties of node discovery protocols, and investigate the problem of designing such protocols under appropriate network topology assumptions. Here, the security of these protocols is against Byzantine adversaries that can corrupt up to a limited number of nodes in the network and make them arbitrarily deviate from their protocol. After presenting some secure node discovery protocols, we show their application to secure service architectures in ad-hoc networks.     

一种无线传感器网络分布式安全成簇协议

分簇的层次型拓扑控制方式在无线传感器网络中得到广泛研究和应用.然而,由于传感器网络本身所具有的开放性和资源有限的特点,攻击者可以很容易对成簇协议实施有效的误用和破坏.因此,保证成簇协议安全性是其实际广泛应用的基本前提.针对成簇协议所面临的各种安全威胁,提出了一种分布式安全成簇协议,通过网络安全初始化、可信基站的随机数广播和单向密钥链技术来有效地抵御节点伪装和簇首占据攻击、簇成员恶意征募攻击和多重簇成员身份攻击.对协议的安全性和开销进行了广泛和深入的分析,证明了协议的安全性和有效性.     

基于事件逻辑的无线Mesh网络认证协议安全性证明

无线Mesh网络是一种结合无线局域网和移动自组织网络的新型多跳网络,无线网络的开放性和资源受限性使得无线网络容易遭受重放、伪装等攻击。事件逻辑是一种描述并发与分布式系统中状态迁移和算法的形式化方法,可用于证明网络协议的安全性。以事件逻辑为基础提出一系列性质,其中包含多组合信息交互、不叠加、事件匹配、去重复、去未来,以降低协议分析过程中的冗余度以及复杂度,提高协议分析效率。对无线Mesh网络客户端双向认证协议进行分析,证明该协议能够抵抗中间人发起的重放攻击,无线Mesh客户端双向认证协议是安全的。此理论适用于类似复杂无线网络协议形式化分析。     

无线传感器网络密钥种子管理和分配模型及应用

随机密钥种子预分配方案是实现安全的无线传感器网络应用的首选方案,该方案在无线传感器网络节点布置之前建立和分配某种密钥种子信息,在网络节点布置之后利用密钥种子信息建立或发现节点之间安全的通信链路.根据传感器网络的通信保密和节点认证需求,提出了通用密钥种子管理和分配模型(KSMA).该模型可用于预分配方案的安全分析,描述了预分配方案的5个安全属性.在KSMA模型中,基于单向累加器,定义了一类新的密钥种子结构,提出了新的密钥种子预分配方案和节点秘密共享发现协议,并在UC(universally composable)安全框架中对新的秘密共享发现协议进行了可证明安全分析.在新方案中说明了如何设定密钥池参数和节点密钥链参数的方法,该方法不仅保证了高概率的安全链路建立,而且可以通过节点身份证人确认机制实现节点之间身份认证,有效地防御传感器网络Sybil攻击.通过与其他方案的分析对比,新方案改善了网络安全弹性、综合性能良好.     

一类新的分布式随机验证无线传感网络节点克隆攻击检测

由于无线传感器网络节点的无人值守性,攻击者很容易捕获并复制节点,利用节点的安全证书把复制节点发布到无线传感器网络的各个角落,进而秘密发动各种攻击。提出一类新的分布式节点复制攻击检测协议,协议采用随机区域单元映射和域内随机线选验证相结合的方法进行攻击检测。仿真结果显示,协议的随机验证特性使网络能量消耗均匀,延长网络的生存周期。域内线选验证使协议的通信开销和储存开销较低并具有较高的检测率。