ad hoc网络中多项式组密钥管理方案

在ad hoc网络中,节点存在拓扑结构动态变化以及存储和计算能力相对低下等特点。提出了基于STR树状结构的组密钥管理方案,利用对称密码学原理以及对多项式赋值的运算方式,有效地降低了每个节点所需存贮的空间以及运算量,使该类型的树状结构适用于ad hoc网络。同时,该密钥管理方案也考虑到了当成员发生变化时的各种情况,使其在安全性与高效性上达到统一。     

A scalable key management and clustering scheme for wireless ad hoc and sensor networks

This paper describes a scalable key management and clustering scheme for secure group communications in ad hoc and sensor networks. The scalability problem is solved by partitioning the communicating devices into subgroups, with a leader in each subgroup, and further organizing the subgroups into hierarchies. Each level of the hierarchy is called a tier or layer. Key generation, distribution, and actual data transmissions follow the hierarchy. The distributed, efficient clustering approach (DECA) provides robust clustering to form subgroups, and analytical and simulation results demonstrate that DECA is energy-efficient and resilient against node mobility. Comparing with most other schemes, our approach is extremely scalable and efficient, provides more security guarantees, and is selective, adaptive and robust.     

ad hoc网络具有撤销机制的密钥管理方案

分析了现有ad hoc网络基于身份的密钥管理方案,针对用户密钥泄漏,异常等情况,提出了一种具有密钥撤销机制的密钥管理方案,并在此基础上给出了用户签名方案。在文本中,用户可以通过注销泄漏密钥,防止攻击者用窃取的密钥伪造用户签名,即使攻击者成功伪造了用户签名,用户还可以通过系统签名注销消息来证明伪造的签名无效。方案在门限密码学的基础上以完全分布化方式建立系统密钥,具有良好的容错性,能抵御网络的主动和被动攻击。和以往的方案相比具有更高的安全性。     

A virtual subnet scheme on clustering algorithms for mobile ad hoc networks

Resolving the broadcast storm problem is an important issue in mobile ad hoc networks (MANETs). In this paper, we propose an approach for constructing a virtual subnet whose nodes are logically related. The virtual subnet can be spread upon clusters of a MANET. An intelligent agent with a routing filtering table is proposed to assist the best known clustering algorithms, the original Least ID algorithm and the original Highest Connection Cluster (HCC) algorithm, to improve group communication efficiency. Our simulation covers the network factors of hop count, deprave rate, and delay time. The simulation results show that when the proposed intelligent agent is used with the HCC algorithm, the delay time was reduced by 81.84% as compared with flooding, and by 49.25% as compared with the Ad Hoc On-Demand Distance Vector (AODV) routing algorithm. The delay time for the Least ID algorithm assisted by the proposed agents reduced by 81.84% compared to that of flooding and by 50% compared to that of AODV.     

Secure and efficient key management in mobile ad hoc networks

In mobile ad hoc networks, due to unreliable wireless media, host mobility and lack of infrastructure, providing secure communications is a big challenge. Usually, cryptographic techniques are used for secure communications in wired and wireless networks. Symmetric and asymmetric cryptography have their advantages and disadvantages. In fact, any cryptographic means is ineffective if its key management is weak. Key management is also a central aspect for security in mobile ad hoc networks. In mobile ad hoc networks, the computational load and complexity for key management are strongly subject to restriction by the node's available resources and the dynamic nature of network topology. We propose a secure and efficient key management (SEKM) framework for mobile ad hoc networks. SEKM builds a public key infrastructure (PKI) by applying a secret sharing scheme and using an underlying multi-cast server groups. We give detailed information on the formation and maintenance of the server groups. In SEKM, each server group creates a view of the certificate authority (CA) and provides certificate update service for all nodes, including the servers themselves. A ticket scheme is introduced for efficient certificate service. In addition, an efficient server group updating scheme is proposed. The performance of SEKM is evaluated through simulation.     

A distributed group mobility adaptive clustering algorithm for mobile ad hoc networks

This paper proposes a distributed group mobility adaptive (DGMA) clustering algorithm for mobile ad hoc networks (MANETs) on the basis of a revised group mobility metric, linear distance based spatial dependency (LDSD), which is derived from the linear distance of a node’s movement instead of its instantaneous speed and direction. In particular, it is suitable for group mobility pattern where group partitions and mergence are prevalent behaviors of mobile groups. The proposed clustering scheme aims to form more stable clusters by prolonging cluster lifetime and reducing the clustering iterations even in highly dynamic environment. Simulation results show that the performance of the proposed framework is superior to two widely referenced clustering approaches, the Lowest-ID clustering scheme and the mobility based clustering algorithm MOBIC, in terms of average clusterhead lifetime, average resident time, average number of clusterhead changes, and average number of cluster reaffiliations.     

Cost-effective mobile ad hoc networks management

As there are more and more mobile devices in use, different mobile networking models such as ad hoc or mesh are attracting a large research interest. Self-organizing mobile ad hoc networks (MANET) allow devices to share their services and resources without any central administration or Internet support. In this respect they can become the backbone of the wireless grid or the gateway to existing grids. To achieve these goals, MANET management must be as effective as that of wired networks. This is, however, a challenging task due to network features like mobility, heterogeneity, limited resources of hosts and feeble communication. This paper presents a set of simple, cost-effective and resilient procedures for the basic tasks of MANET creation and management.     

基于地理区域的Ad hoc网络组密钥管理方案*

由于Ad hoc网络拓扑结构的动态性、无线传输媒体的开放性等特点,使得网络容易受到各种安全威胁。提出一种新的密钥协商算法MGDH,并且结合MGDH提出一种可扩展的基于地理区域的组密钥管理方案(RGKM)。方案中无须可信赖的第三方,从而解决了单点失效问题,通过引入反向路由的思想,在保证安全性的同时减少了网络的通信量,有效实现了网络的能量平衡。     

An efficient clustering scheme for large and dense mobile ad hoc networks (MANETs)

Large and dense MANETs often face scalability problem and need to achieve performance guarantee with the help of a hierarchical structure, typically a cluster control structure. In this paper, an efficient clustering scheme (ECS) is proposed for large and dense MANETs. Mechanisms for cluster formation and cluster maintenance are described and studied in detail. ECS can eliminate the frozen period requirement for cluster formation, reduce cluster overlapping and prolongs the cluster lifetime without producing excessive clustering overheads. The performance of ECS is compared with random competition-based clustering (RCC) and a modified version of highest connectivity clustering (HCC) in terms of clustering overheads, clusterhead lifetime, cluster number and cluster size. Simulation results show that ECS successfully achieves its targets at reducing the cluster overlapping, maintaining a stable cluster structure as well as producing moderate clustering overheads.     

适合移动Ad hoc网络基于群签名认证的弹性组密钥管理方案*

针对移动Ad hoc网络中的安全组通信系统,提出了一个基于群签名认证的分布式组密钥管理方案。该方案利用门限密码技术并借鉴了PKI证书管理的第三方签名认证思想,在提高认证可信度的同时,极大地减少了密钥协商过程中所需的认证开销。分析表明,该方案具有良好的容错性;达到了第3级信任;能够抵抗网络中典型的主动和被动攻击;具备完美的前向和后向保密性;极大地降低了计算和通信开销。     

Improved group-based cooperative caching scheme for mobile ad hoc networks

Data caching is a popular technique that improves data accessibility in wired or wireless networks. However, in mobile ad hoc networks, improvement in access latency and cache hit ratio may diminish because of the mobility and limited cache space of mobile hosts (MHs). In this paper, an improved cooperative caching scheme called group-based cooperative caching (GCC) is proposed to generalize and enhance the performance of most group-based caching schemes. GCC allows MHs and their neighbors to form a group, and exchange a bitmap data directory periodically used for proposed algorithms, such as the process of data discovery, and cache placement and replacement. The goal is to reduce the access latency of data requests and efficiently use available caching space among MH groups. Two optimization techniques are also developed for GCC to reduce computation and communication overheads. The first technique compresses the directories using an aggregate bitmap. The second employs multi-point relays to develop a forwarding node selection scheme to reduce the number of broadcast messages inside the group. Our simulation results show that the optimized GCC yields better results than existing cooperative caching schemes in terms of cache hit ratio, access latency, and average hop count.     

Performance analysis of hierarchical group key management integrated with adaptive intrusion detection in mobile ad hoc networks

We develop a mathematical model to quantitatively analyze a scalable region-based hierarchical group key management protocol integrated with intrusion detection to deal with both outsider and insider security attacks for group communication systems (GCSs) in mobile ad hoc networks (MANETs). Our proposed adaptive intrusion detection technique is based on majority voting by nodes in a geographical region to cope with collusion of compromised nodes, with each node preloaded with anomaly-based or misuse-based intrusion detection techniques to diagnose compromised nodes in the same region. When given a set of parameter values characterizing operational and environmental conditions, we identify the optimal intrusion detection rate and the optimal regional area size under which the mean time to security failure of the system is maximized and/or the total communication cost is minimized for GCSs in MANET environments. The tradeoff analysis in performance versus security is useful in identifying and dynamically applying optimal settings to maximize the system lifetime for scalable mobile group applications while satisfying application-specific performance requirements.     

A fuzzy-based Power-aware management for mobile ad hoc networks

In recent years, people have become more dependent on wireless network services to obtain the latest information at any time anywhere. Wireless networks must effectively allow several types of mobile devices send data to one another. The Mobile Ad Hoc Network (MANET) is one important type of non-infrastructure mobile network that consists of many mobile hosts, usually cellular phones. The power consumption rate and bandwidth of each mobile host device becomes an important issue and needs to be addressed. For increasing the reliability of the manager in Hierarchical Cellular Based Management (HCBM), this paper proposed a Power-aware protocol to select a stable manager from mobile hosts by fuzzy based inference systems based on the factors of speed, battery power, and location. Further, our protocol can trigger a mobile agent to distribute the managerial workload.     

一种适用于移动自组网环境的密钥管理方案*

采用具有超大规模密钥管理优势的组合公钥密码体制,结合Shamir的(t,n)门限方案思想,提出了一种适用于移动自组网环境的部分分布式密钥管理方案,给出了一种服务节点私钥矩阵份额的更新方法,并对方案的公私钥种子钥矩阵生成进行了实现。分析表明,该方案具有高的安全性、小的计算量、强的扩展性和好的实用性,适用于移动自组网环境。     

Decentralized key generation scheme for cellular-based heterogeneous wireless ad hoc networks

With the support of cellular system a cellular-based mobile ad hoc network (MANET) offers promising communication scenarios while entails secure data exchange as other wireless systems. In this paper, we propose a novel decentralized key generation mechanism using shared symmetric polynomials in which the base stations (BSs) carry out an initial key generation by a symmetric polynomial in a distributed manner and then pass on the key material to mobile stations (MSs). Thereafter, our proposed key generation scheme enables each pair of MSs to establish a pairwise key without any intervention from the BS, thus reducing the management cost for the BS. The shared key between two MSs is computed without any interaction between them. In addition, the trust among MSs is derived from the cellular infrastructure, thus enjoying an equal security level as provided in the underlying cellular network. Simulations are done to observe the system performance and the results are very encouraging.     

一种无证书的移动Ad hoc网络密钥管理方案

结合无证书签密协议,提出一种分级移动Adhoc网络密钥管理方案。该方案不需要公钥证书,用户自己生成公钥,有效地降低了用户终端计算、存储能力的需求和系统密钥管理的通信开销;同时密钥生成中心为用户生成部分私钥,解决了基于身份密码体制中的密钥托管问题;分级的结构将网上节点分成一些相对独立的自治域,既提高了安全服务的可用性和可扩充性,也便于对某些紧急情况快速做出反应。     

Triangle-based routing for mobile ad hoc networks

Routing protocols for Mobile ad hoc networks (MANETs) have been studied extensively in the past decade. Routing protocols for MANETs can be broadly classified as reactive (on-demand), proactive, hybrid and position-based. Reactive routing protocols are attractive because a route between a source and a destination is established only when it is needed. Such protocols, unlike proactive protocols, do not have high overhead for route maintenance and are especially suitable for networks in which not all nodes communicate frequently. One problem with existing reactive routing protocols is the propagation of redundant route request messages during route discovery. In this paper, we present a low-overhead reactive routing protocol which reduces propagation of redundant route request messages. We also compare its performance with the well-known reactive routing protocol AODV.     

Neighborhood tracking for mobile ad hoc networks

In mobile ad hoc networks (MANETs), node mobility causes network topologies to change dynamically over time, which complicates such important tasks as broadcasting and routing. In a typical efficient localized approach, each node makes forwarding decisions based on a neighborhood local view constructed simply by collecting received “Hello” messages. That kind of neighborhood local view can become outdated and inconsistent, which induces a low-coverage problem for efficient broadcasting tasks and a low-delivery ratio problem for efficient routing tasks. In this paper, we propose a neighborhood tracking scheme to guarantee the accuracy of forwarding decisions. Based on historical location information, nodes predict the positions of neighbors when making a forwarding decision, and then construct an updated and consistent neighborhood local view to help derive more precise forwarding decisions. The inaccuracy factors of our scheme are also discussed and an accessory method is provided for possible usage. Simulation results illustrate the accuracy of our proposed tracking scheme. To verify the effectiveness of our scheme, we apply it to existing efficient broadcast algorithms. Simulation results indicate that our neighborhood tracking scheme can improve the protocols coverage ratio greatly.     

适用于大规模群组Ad hoc网络的组密钥管理方案*

提出一种适于大规模群组Ad hoc网络的组密钥管理方案。该方案基于地理位置建立了分层分组的网络模型,将大部分消息的传输距离限制在一个小组范围内,降低了通信开销,结合密钥分发和密钥协商的各自优点来生成、分发和更新组密钥,在避免单点失效的同时提高了效率;同时,椭圆曲线上的离散对数难题保证了方案的安全性。分析表明方案具有较强的可用性。     

Model checking mobile ad hoc networks

Modeling arbitrary connectivity changes within mobile ad hoc networks (MANETs) makes application of automated formal verification challenging. We use constrained labeled transition systems as a semantic model to represent mobility. To model check MANET protocols with respect to the underlying topology and connectivity changes, we introduce a branching-time temporal logic. The path quantifiers are parameterized by multi-hop constraints over topologies, to discriminate the paths over which the temporal behavior should be investigated; the paths that violate the multi-hop constraints are not considered. A model checking algorithm is presented to verify MANETs that allow arbitrary mobility, under the assumption of reliable communication. It is applied to analyze a leader election protocol.