移动自组网的主观信任建模与仿真

不同于以往只考虑最短路径或只依靠转发行为评价信任或基于推荐机制的传统路由算法,提出了一种兼顾通信可靠性和路径长度的主观信任路由模型.通过引入属性相似度概念将邻居选择、信任评估、数据转发等路由环节紧密相连,进一步建立一种新的动态包转发规则,并给出了一种计算属性相似度的推荐方法.实验结果表明主观信任路由模型较传统的DSR(...     

BHQRSM: Binary Hex Quadratic Residue Security Model to Enhance the Trust in MANETs

Mobile adhoc network (MANET) possesses various security challenges mainly due to its varying network topology. As central coordination is not possible in MANETs, sharing of keys between nodes is a difficult task. In this paper, we present a Binary Hex Quadratic Residue Security Model that does not require any kind of key distribution between the nodes in MANETs. We use a stream of equal weighted hex codes of decimal numbers and Ex-OR operations to generate a security vector which facilitates matching of code words and also determine the active and malicious nodes in the network. Our approach also saves energy as it requires less computational analysis when compared to existing approaches. We validate our approach through simulations results.     

On the Security of Route Discovery in MANETs

Mobile ad hoc networks (MANETs) are collections of wireless mobile devices with restricted broadcast range and resources, and no fixed infrastructure. Communication is achieved by relaying data along appropriate routes that are dynamically discovered and maintained through collaboration between the nodes. Discovery of such routes is a major task, both from efficiency and security points of view. Recently, a security model tailored to the specific requirements of MANETs was introduced by Acs, Buttyan, and Vajda. Among the novel characteristics of this security model is that it promises security guarantee under concurrent executions, a feature of crucial practical implication for this type of distributed computation. A novel route discovery algorithm called endairA was also proposed, together with a claimed security proof within the same model. In this paper, we show that the security proof for the route discovery algorithm endairA is flawed, and moreover, this algorithm is vulnerable to a hidden channel attack. We also analyze the security framework that was used for route discovery and argue that composability is an essential feature for ubiquitous applications. We conclude by discussing some of the major security challenges for route discovery in MANETs.     

Trust for Ubiquitous,Transparent Collaboration

In this paper, trust-based recommendations control the exchange of personal information between handheld computers. Combined with explicit risk analysis, this enables unobtrusive information exchange, while limiting access to confidential information. The same model can be applied to a wide range of mobile computing tasks, such as managing personal address books and electronic diaries, to automatically provide an appropriate level of security. Recommendations add structure to the information, by associating categories with data and with each other, with degrees of trust belief and disbelief. Since categories also in turn confer privileges and restrict actions, they are analogous to rôles in a Rôle-Based Access Control system, while principals represent their trust policies in recommendations. Participants first compute their trust in information, by combining their own trust assumptions with others' policies. Recommendations are thus linked together to compute a considered, local trust assessment. Actions are then moderated by a risk assessment, which weighs up costs and benefits, including the cost of the user's time, before deciding whether to allow or forbid the information exchange, or ask for help. By unifying trust assessments and access control, participants can take calculated risks to automatically yet safely share their personal information.     

Markov Chain Trust Model for Trust-Value Analysis and Key Management in Distributed Multicast MANETs

To increase efficiency in mobile ad hoc networks (MANETs), the multicast MANET is proposed for a sender that sends packets to several receivers through a multicast session. In MANETs, multicast group members frequently change due to node mobility; thus, supporting secure authentication and authorization in a multicast MANET is more critical than that in a wired network with a centralized certificate authentication (CA) server. This paper thus proposes a two-step secure authentication approach for multicast MANETs. First, a Markov chain trust model is proposed to determine the trust value (TV) for each one-hop neighbor. A node's TV is analyzed from its previous trust manner that was performed in this group. The proposed trust model is proven as an ergodic continuous-time Markov chain model. Second, the node with the highest TV in a group will be selected as the CA server. To increase reliability, the node with the second highest TV will be selected as the backup CA server that will take over CA when CA fails. The procedures of the secure authentication for group management are detailed. The security analysis of each procedure is analyzed to guarantee that the proposed approach achieves a secure reliable authentication in multicast MANETs. In addition, several famous attacks have been analyzed and discussed. Numerical results indicate that the analytical TV of each mobile node is very close to that of simulation under various situations. The speed of the convergence of the analytical TV shows that the analyzed result is independent of initial values and trust classes. This is a good feature of analytical models.     

网际安全与可信逻辑

2005年美国总统信息技术顾问委员会给布什总统的《网际安全-优先项目危机》报告,提出了网际安全以构建可信系统为主要内容;从2005年开始在我国开展的“交     

Trust Modeling for Networked Organizations Using Reputation and Collaboration Estimates

The main motivation for organizations and individuals to collaborate is to enable knowledge and resource sharing in order to effectively fulfil a joint business opportunity. This correspondence focuses on virtual organizations (VOs) and virtual teams (VTs), whose strengths lie in the range of competencies of their members, offered jointly through collaboration. One of the difficulties in VO and VT creation is partner selection using partners' mutual trust as one of the selection criteria. This correspondence provides an analysis of trust relationships based on the principal-agent theory, and proposes an approach to hierarchical multiattribute decision-support-based trust estimation applied to a network of collaborating organizations (VO) and a network of collaborating individuals (VT). The correspondence presents two case studies, one using a questionnaire-based approach and the other using automated reputation and collaboration estimation from data gathered by Web crawling     

Integrated Context-Based Mitigation Framework for Enforcing Security against Rendezvous Point Attack in MANETs

Wireless Personal Communications - Reliable communication in ad hoc networks necessitates mobile nodes to synchronize among themselves for cooperation. The cooperation in ad hoc networks...     

A Novel Efficient Traffic Estimation Strategy Using Hello Messaging Through Local Link Connectivity in MANETs

Wireless Personal Communications - Network traffic estimation under random mobility of network nodes is one of the key challenges for effective communication in mobile ad hoc networks (MANETs)....     

多播同步协作的动态安全机制

分析了多播同步协作应用的安全问题,提出了一种比较实用的安全机制方案。并据此实现了一个多播视频会议的安全管理模块。     

网格环境下信任体系结构建模

为了提高网格的安全性,针对网格环境的动态特点,首先给出网格环境下信任和信任关系等概念的基本定义,在此基础上提出信任评价和动态信任的概念,并构建了一个基于动态信任的信任体系结构模型,同时设计了该体系结构所涉及的4个基于信任的安全算法。最后,通过仿真分析验证了该模型能够增强网格系统的安全。     

一种基于信任模型的安全度量及安全路由算法设计

针对网络路由的攻击普遍且后果严重。目前的研究大多是采用数字签名,消息验证和入侵检测等机制来提高路由控制信息的安全,基本没有考虑机密应用数据的路由安全问题。该文通过分析通信实体的安全机制和安全威胁来测量链路和节点的信任度,建立节点间的信任关系,并基于该信任模型定义和量化一种新的安全度量SM(Security Metric),提出以SM为选路标准的安全路由算法SMRA(Security Metric based Routing Algorithm)。仿真表明,网络存在攻击时,SMRA算法比OSPF算法有更好的包传输率和路由安全性能。     

无线传感器网络中的信任管理研究现状

无线传感器网络是一种新型的无基础设施的无线网络,具有与传统网络不同的特点,且与应用高度相关.传统网络中的安全机制不能有效应用于无线传感器网络,需要建立信任管理模型来保证网络的安全性.本文首先介绍了无线传感器网络的特点和建立信任管理模型需要考虑的关键问题,然后分析了一些较为典型的信任管理模型.最后,总结了无线传感器网络中...     

Establishing Trust Through Anonymous and Private Information Exchange Over Personal Networks

Security and privacy in Personal Networks constitute a major challenge for designers and implementers. The deployment of novel services over a collaborative environment where users share their resources and profiles create higher demands on security and privacy requirements. In this paper, the authors address the issue of privacy-enabled, secure personal information exchange among participants of a Personal Networks federation, in order to establish trust. The paper proposes a novel model based on the separation of user ID information from personal preferences and user status information. The proposed model is able to ensure privacy through anonymity over personal data exchange, while it incorporates mechanisms for the detection and confronting of malicious behavior, and resilience against attacks. A proof of concept based on an actual implementation is provided. Further, discussion is presented on the issues that need to be tackled in order to incorporate the proposed model in a standard PN architecture.     

一种基于IBC的零信任安全解决方案

传统IT网络安全架构基于内网安全的假设,安全边界一旦被突破,传统网络安全防护就可能失效,导致网络系统受到严重破坏.为解决上述问题,设计了一种基于标识密码的零信任安全方案.在防护网络中,所有用户和设备都被赋予唯一访问标识,基于国产密码体系搭建标识密钥基础设施,构建统一身份认证体系,对系统主体及客体实施身份认证和加密传输,...     

Bandwidth-Satisfied Multicast Trees in MANETs

Previous quality-of-service (QoS) routing/multicasting protocols in mobile ad hoc networks determined bandwidth-satisfied routes for QoS applications. However, they suffer from two bandwidth-violation problems, namely, the hidden route problem (HRP) and the hidden multicast route problem (HMRP). HRP may arise when a new flow is permitted and only the bandwidth consumption of the hosts in the neighborhood of the route is computed. Similarly, HMRP may arise when multiple flows are permitted concurrently. Not considering the bandwidth consumption of two-hop neighbors is the reason that the two problems are introduced. In this paper, a novel algorithm that can avoid the two problems is proposed to construct bandwidth-satisfied multicast trees for QoS applications. Furthermore, it also aims at minimizing the number of forwarders so as to reduce bandwidth and power consumption. Simulation results show that the proposed algorithm can improve the network throughput.     

Collaboration IoT-Based RBAC with Trust Evaluation Algorithm Model for Massive IoT Integrated Application

With the recent advances in ubiquitous communications and the growing demand for low-power wireless technology, smart IoT device (SID) to access various Internet of Things (IoT) resources through Internet at any time and place alternately. There are some new requirements for integration IoT servers in which each one is individually gathering its local resources in Internet, which cooperatively supports SID to get some flexibility or temporary contract(s) and privileges in order to access their corresponding desired service(s) in a group of collaboration IoT servers. However, traditional access control schemes designed for a single server are not sufficient to handle such applications across multiple collaboration IoT servers to get rich services in IoT environments. It does not take into account both security and efficiency of IoT servers, which securely share their resources. Therefore, the collaboration IoT-based RBAC (Role-based Access Control) with trust evaluation (TE) algorithm model to reducing internal security threats in intra-server and inter server for the massive IoT integrated application is proposed in this paper. Finally, the three trust evaluation algorithms including a local trust evaluation algorithm, a virtual trust evaluation algorithm and a cooperative trust evaluation algorithm in the proposed collaboration IoT-based RBAC model, which are designed and presented for reducing internal security threats in collaborative IoT servers.

     

开放分布系统安全中的Bayes信任模型

为了解决开放分布系统的安全问题,本文提出了一个Bayes信任模型.借鉴人类的信任概念,该模型根据直接经验和推荐信息可以计算出一个实体对其他实体的信任值.在该模型中,把实体间交互成功的概率作为信任的重要指标,选择Beta分布作为其先验分布,通过对实体间4种不同关系的分析,获得相应的成功交互概率的估计.最终可形成实体的相对稳定的交互系统,为是否和别的实体交互提供依据.该模型考虑了影响信任的主观因素和客观因素,且具有统计基础,为解决开放分布系统的安全问题提供了新方法.     

基于节点信任值的安全层次路由协议

由于无线传感器网络容易受到攻击,所以保证无线传感器在网络数据传输过程中的路由安全是必要的,文中提出一种基于节点信任值、节点度和距离的簇头选举算法,进行路由主干节点的可信选举,建立安全可信的层次路由。仿真结果表明,该算法可有效评估节点的信任值,解决了节点失效或被俘获所导致的层次路由安全问题。