WiMAX网络控制架构的研究

文中提出了几种安全的面向服务的Wimax的网络控制架构。为了设计这样的架构,笔者侧重考虑通信安全和满足Wimax潜在的业务需求这两个方面因素。提出的构架里包含两个基本元素：有服务意识,统一的路由配置。另外研究了Wimax建设的关键性技术。通过理论研究,可以为建立更安全更实际可靠的Wimax网络提供一些实际可行的指导意见。     

WiMAX networks: from access to service platform

Recently, WiMAX has been proposed as an attractive wireless communication technology for providing broadband access for metropolitan areas. Despite its salient features from the technical perspective, the success of the WiMAX network depends on its capability of providing cost-effective solutions for a variety of existing and potential services. To address this issue, we advocate the design of a new network layer that can support multihop communications efficiently in WiMAX networks and that can fully exploit the features of the WiMAX standards. In particular, we first identify services that are important for broadband wireless network providers and investigate the requirements for different services. We then discuss now to design WiMAX networks by considering issues of efficiency, security, and reliability. The key observation is that WiMAX can be properly complemented by advanced connection management and network coding techniques.     

基于媒体独立切换并提供QoS保证的跨UMTS和WiMAX无线异构网络的网络切换方案

The rapid growth and innovation of the various mobile communication technologies have caused a change in the paradigm of internet access. Wireless technologies such as WiMAX, WiFi and UMTS/LTE networks have shown great potential in dominating the wireless access markets. The existence of various access technologies requires a means for seamless internetworking to provide anywhere, anytime services without interruption in the ongoing session, especially in multimedia applications with rigid Quality of Services (QoS) requirements. The IEEE 802.21 Media Independent Handover (MIH) working group was formed to develop a set of mechanisms under a standard framework with the capability to support migration of mobile users across heterogeneous networks. Therefore, the implementation of handover is extremely important in the heterogeneous network environment. In order to guarantee various QoS requirements during handover execution especially in multimedia applications, in this paper we propose a novel MIH-based capacity estimation algorithm to execute handover with QoS provision supporting both horizontal and vertical handovers across UMTS and WiMAX networks. Simulation shows that the proposed mechanism achieves lower call dropping rate (highest approximate 3% ) and higher system throughput (average 92% ) than the basic handover method does.     

基于密码的云计算虚拟化网络安全研究

虚拟化网络技术是构建新一代的云计算数据中心,为云计算环境提供基础设施支撑的关键。在研究云计算数据中心典型架构与访问应用模式的基础上,从用户安全接入、通信隔离与机密性保护等方面分析了数据中心虚拟化网络的安全需求,提出了虚拟化网络安全技术框架,重点针对基于密码技术强化虚拟化网络安全,保障虚拟机之间的通信保护、信息隔离与安全交换等安全机制进行了分析与设计,提出了一种可供参考的解决方案。     

A heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks

A mobile ad hoc network does not require fixed infrastructure to construct connections among nodes. Due to the particular characteristics of mobile ad hoc networks, most existing secure protocols in wired networks do not meet the security requirements for mobile ad hoc networks. Most secure protocols in mobile ad hoc networks, such as secure routing, key agreement and secure group communication protocols, assume that all nodes must have pre‐shared a secret, or pre‐obtained public‐key certificates before joining the network. However, this assumption has a practical weakness for some emergency applications, because some nodes without pre‐obtained certificates will be unable to join the network. In this paper, a heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks is proposed to remedy this weakness. Several heterogeneous networks (such as satellite, unmanned aerial vehicle, or cellular networks) provide wider service areas and ubiquitous connectivity. We adopt these wide‐covered heterogeneous networks to design a secure certificate distribution scheme that allows a mobile node without a pre‐obtained certificate to instantly get a certificate using the communication channel constructed by these wide‐covered heterogeneous networks. Therefore, this scheme enhances the security infrastructure of public key management for mobile ad hoc networks. Copyright © 2006 John Wiley & Sons, Ltd.     

移动接入解决方案持续监测机制研究

针对处理机密信息的终端用户设备通过移动通信网安全接入相同保密等级的政府机构内部网络或政府合作企业内部网络的问题,美国国家安全局基于商用密码产品和安全产品给出了双层加密和持续监测的移动接入整体解决方案。解决方案提出了持续监测框架、监测点位置、监测数据收集方法,以及监测点选择、告警触发条件等实施要求。对各监测点网络流量特征、安全事件数据汇集手段、系统动态安全模型的分析,可为基于移动通信网等开放网络的虚拟私有专网整体监测方案设计提供参考。     

Resilient Security Mechanism for Wireless Ad hoc Network

A wireless multihop network is emerging as one of the most important technologies in the field of ubiquitous networking. However, a number of formidable challenges remain, several of the most crucial been associated with robustness and network security. In this paper, we introduce a comprehensive resilient security framework for wireless ad hoc networks that are using multipath routing. It deploys an integrated multisignatures scheme and uses a self-certified public keying technique to ensure secure route discovery. In addition, it uses the Schnorr signature scheme along with an information dispersal algorithm to ensure secure data transfer. We provide security analysis of the proposed approach and compare it with several existing popular schemes. It can be seen that the proposed approach is more secure than other existing schemes. We also evaluated the proposed approach by means of computer simulation and compared its performance to that of the existing popular schemes. The results are in favor of the proposed technique in terms of efficiency and effectiveness.     

Security in mobile ad hoc networks: challenges and solutions

Security has become a primary concern in order to provide protected communication between mobile nodes in a hostile environment. Unlike the wireline networks, the unique characteristics of mobile ad hoc networks pose a number of nontrivial challenges to security design, such as open peer-to-peer network architecture, shared wireless medium, stringent resource constraints, and highly dynamic network topology. These challenges clearly make a case for building multifence security solutions that achieve both broad protection and desirable network performance. In this article we focus on the fundamental security problem of protecting the multihop network connectivity between mobile nodes in a MANET. We identify the security issues related to this problem, discuss the challenges to security design, and review the state-of-the-art security proposals that protect the MANET link- and network-layer operations of delivering packets over the multihop wireless channel. The complete security solution should span both layers, and encompass all three security components of prevention, detection, and reaction.     

A design for secure and survivable wireless sensor networks

In this article, we present a study of the design of secure and survivable wireless sensor networks (WSN) that has yet to be addressed in the literature. Our goal is to develop a framework that provides the security and survivability features that are crucial to applications in a WSN, because WSNs are vulnerable to physical and network-based security attacks, accidents, and failures. To achieve such a goal, we first examine the security and survivability requirements. We then propose a security and survivability architecture in a WSN with heterogeneous sensor nodes. To understand the interactions between survivability and security, we also design and analyze a key management scheme. The results of the experiment show that a good design can improve both security and survivability of a WSN; however, in some situations, there is a trade off between security and survivability.     

Distributed cooperative MAC for multihop wireless networks

This article investigates distributed cooperative medium access control protocol design for multihop wireless networks. Cooperative communication has been proposed recently as an effective way to mitigate channel impairments. With cooperation, single-antenna mobile terminals in a multi-user environment share antennas from other mobiles to generate a virtual multipleantenna system that achieves more reliable communication with a higher diversity gain. However, more mobiles conscribed for one communication inevitably induces complex medium access interactions, especially in multihop wireless ad hoc networks. To improve the network throughput and diversity gain simultaneously, we investigate the issues and challenges in designing an efficient MAC scheme for such networks. Furthermore, based on the IEEE 802.11 DCF, a cross-layer designed cooperative MAC protocol is proposed. The MAC scheme adapts to the channel condition and payload length.     

无人机通信网络物理层安全传输技术

下一代通信网络可利用无人机的高移动性满足其高覆盖、低延迟等通信需求,但安全传输的问题也由于无线信道的广播特性与日益增加的通信节点数量亟待解决.因为无人机是资源受限的空中平台,上层加密技术难以在无人机通信网络中发挥同等有效的作用.物理层安全的本质是对信道进行人为设计从而实现合法信道与窃听信道的差异最大化,在无人机通信网络...     

量子通信网络发展概述

量子通信是基于量子力学原理的安全通信技术,能保证通信双方信息传输在理论上的绝对安全性。近年来,该项技术及其工程实现受到美国、欧盟、中国、日本等诸多国家和地区的重视。随着该技术实用化的推进,量子通信正在由点对点通信应用走向网络化应用,包括局域网和广域网应用。覆盖全球的广域量子通信网也在研发之中。详细分析了目前世界主要国家试行的量子通信网络,并简述了各国的量子通信卫星研发计划。     

Towards an Efficient Certificateless Access Control Scheme for Wireless Body Area Networks

Wireless body area networks have become popular due to recent technological developments in sensor technology. A sensor can be used to collect data from different environments of interest, process and communicate the data to other nodes in a network. By its very nature, a sensor node is limited in resource usage. Due to these limitations, numerous security challenges have emerged in their applications, hence the need for more efficient and secure cryptosystems. In this paper, we give an efficient certificateless pairing-free signcryption scheme then design a secure access control scheme that can satisfy both the properties of ciphertext authentication and public verifiability using the signcryption scheme. A formal security proof of our scheme in random oracle model is provided. In addition, we compare the efficiency of our access control scheme with other existing schemes that are based on signcryption scheme. The analysis reveals that our scheme achieves better trade-off for computational and communication cost.

     

基于国产密码算法的数控网络的认证与验证模型研究及安全评估

该文针对工业控制系统安全,提出面向数控系统(NCS)网络安全保护技术框架,选用国产密码系列算法中的SM2, SM3, SM4算法,设计并建立了数控网络(CNC)认证与验证模型(AUTH-VRF),分内外两层为数控网络提供安全防护。外层为数控网络设备间通信与传输进行安全认证实现网段隔离,内层验证通信协议完整性以确保现场设备接收运行程序的正确性与有效性;通过基于SM2, SM3, SM4算法设计和部署的外层防护装置,为分布式数控(DNC)设备与数控系统之间的通信提供身份认证与文件加密传输;同时针对工业控制网络的S7Comm工业通信协议数据,通过SM3算法验证专有工业协议数据完整性。通过网络攻击实验证明,AUTH-VRF模型可以为数控网络中工业生产数据提供有效的安全认证和资源完整性保护,为满足我国关键基础设施“国内、国外工业控制系统产品共同安全可控”和“安全技术深入工业控制系统各个层级”的需求提供了实际可行的技术参考方案。     

Securing ad hoc networks

Ad hoc networks are a new wireless networking paradigm for mobile hosts. Unlike traditional mobile wireless networks, ad hoc networks do not rely on any fixed infrastructure. Instead, hosts rely on each other to keep the network connected. Military tactical and other security-sensitive operations are still the main applications of ad hoc networks, although there is a trend to adopt ad hoc networks for commercial uses due to their unique properties. One main challenge in the design of these networks is their vulnerability to security attacks. In this article, we study the threats on ad hoc network faces and the security goals to be achieved. We identify the new challenges and opportunities posed by this new networking environment and explore new approaches to secure its communication. In particular, we take advantage of the inherent redundancy in ad hoc networks-multiple routes between nodes-to defend routing against denial-of-service attacks. We also use replication and new cryptographic schemes, such as threshold cryptography, to build a highly secure and highly available key management service, which terms the core of our security framework     

Topology control for service-oriented wireless mesh networks - [Service-oriented broadband wireless network architecture]

Topology control is one of the most critical design issues in multihop wireless networks. Topology control has been investigated extensively in the literature. Nevertheless, it is noted that most existing studies do not consider the requirements on upper layer applications or services. In this article we address the topology control issues on service-oriented wireless mesh networks. In particular, we provide a comprehensive survey of existing works on topology control from a service- oriented perspective. We then propose a general framework for topology control in service- oriented WMNs. To demonstrate the effectiveness of the framework, we conduct a case study in which the main objective is to maximize the overall throughput in a network with random unicast traffic. The performance of this topology control scheme is evaluated by numerical results. In addition, it is illustrated that the generated topology can support advanced technologies, including network coding and physical-layer network coding, which can significantly improve the throughput capacity of a network.     

BSMR: Byzantine-Resilient Secure Multicast Routing in Multihop Wireless Networks

Multihop wireless networks rely on node cooperation to provide multicast services. The multihop communication offers increased coverage for such services but also makes them more vulnerable to insider (or Byzantine) attacks coming from compromised nodes that behave arbitrarily to disrupt the network. In this work, we identify vulnerabilities of on-demand multicast routing protocols for multihop wireless networks and discuss the challenges encountered in designing mechanisms to defend against them. We propose BSMR, a novel secure multicast routing protocol designed to withstand insider attacks from colluding adversaries. Our protocol is a software-based solution and does not require additional or specialized hardware. We present simulation results that demonstrate that BSMR effectively mitigates the identified attacks.     

Enhancing the performance of secured handover protocols in UMTS-WiMAX interworking

Interworking UMTS and WiMAX networks offers global roaming and cost effective broadband wireless Internet access. Designing efficient Intra and Inter WiMAX handovers in the interworking architecture is a challenging problem. Handovers must be instantaneous and secure at the same time. We attempt to solve this problem by designing Intra and Inter WiMAX handover protocols which are capable of operating in the UMTS-WiMAX interworking architecture and perform mutual pre-authentication between the mobile station and the target network prior to handover. Due to the pre-authentication procedure, our proposed handover protocols outperform standard handover protocols by dispatching fewer handover signaling messages, experiencing less handover delay and preserving computation resources of critical nodes in the interworking architecture. Furthermore, our proposed handover protocols meet essential security requirements and defend against common attacks affecting handover protocols.     

Enhanced performance based on cross-layer design from physical to transport layers for multihop wireless networks

This paper puts forward a novel cognitive cross-layer design algorithms for multihop wireless networks optimization across physical,mediam access control(MAC),network and transport layers.As is well known,the conventional layered-protocol architecture can not provide optimal performance for wireless networks,and cross-layer design is becoming increasingly important for improving the performance of wireless networks.In this study,we formulate a specific network utility maximization(NUM)problem that we believe is appropriate for multihop wireless networks.By using the dual algorithm,the NUM problem has been optimal decomposed and solved with a novel distributed cross-layer design algorithm from physical to transport layers.Our solution enjoys the benefits of cross-layer optimization while maintaining the simplicity and modularity of the traditional layered architecture.The proposed cross-layer design can guarantee the end-to-end goals of data flows while fully utilizing network resources.Computer simulations have evaluated an enhanced performance of the proposed algorithm at both average source rate and network throughput.Meanwhile,the proposed algorithm has low implementation complexity for practical reality.