Secure communications for cluster-based ad hoc networks using node identities

Ad hoc networks are self-configurable networks with dynamic topologies. All involved nodes in the network share the responsibility for routing, access, and communications. The mobile ad hoc network can be considered as a short-lived collection of mobile nodes communicating with each other. Such networks are more vulnerable to security threats than traditional wireless networks because of the absence of the fixed infrastructure. For providing secure communications in such networks, lots of mechanisms have been proposed since the early 1990s, which also have to deal with the limitations of the mobile ad hoc networks, including high power saving and low bandwidth. Besides, public key infrastructure (PKI) is a well-known method for providing confidential communications in mobile ad hoc networks. In 2004, Varadharajan et al. proposed a secure communication scheme for cluster-based ad hoc networks based on PKI. Since the computation overheads of the PKI cryptosystem are heavy for each involved communicating node in the cluster, we propose an ID-based version for providing secure communications in ad hoc networks. Without adopting PKI cryptosystems, computation overheads of involved nodes in our scheme can be reduced by 25% at least.     

移动Ad Hoc网络中带路由机制的密钥管理

移动Ad Hoc网络是一种无中心自组织的多跳无线网络,有效的密钥管理是网络安全的关键。因此,本文提出了一个能够快速响应的密钥管理框架。这个框架通过应用可验证的秘密共享方案来建立PKI,并通过引入路由机制构造了一个快速响应的服务器组。服务器组可以对组内结点的私钥分量更新和所有结点的证书更新提供快速响应。为了验证框架的
的性能,本文通过仿真给出了实验结果。     

Improved migration for mobile computing in distributed networks

A mobile ad hoc network (MANET) is a special type of wireless network in which a collection of mobile nodes with wireless network interfaces may form a temporary network, without the aids of any fixed infrastructure. Security has become a hot research topic in mobile ad hoc networks. In 1998, Volker and Mehrdad proposed a tree-based key management and access control scheme for the mobile agents to manage rights to access its own resources for the visited mobile nodes. Latter, Huang et al. showed that Volker and Mehrdad's scheme needs a large amount of storage and costs for managing and storing secret keys. Huang et al. further proposed a new and efficient scheme based on the elliptic curve cryptosystems to reduce costs and gain better efficiency. However, there is a security leak inherent in Huang et al.'s scheme that the malicious node can overstep his authority to access unauthorized information. This paper will propose a secure, robust, and efficient hierarchical key management scheme for MANETs. Some practical issues and solutions about dynamic key management are also considered and proposed. As compared with Huang et al.'s scheme, our proposed scheme can provide better security assurance, while requiring smaller key-size, lower computational complexities, and constant key management costs which is independent on the number of the confidential files and the visited nodes.     

一种无线传感器网络的密钥管理方案

目前很多无线传感器网络的应用是建立在群组式通讯的模式之上,如何建立一个用以加密群组通讯的组密钥,来防范攻击者窃听无线传感器网络上的通讯,近年来引起广泛关注。为了在有限资源的无线传感器网络能安全进行群组通讯,本文只使用对称加密算法和单向哈希函数提出了一种具有有效性和扩充性的组密钥管理方案,并可满足前向和后向安全性。与目前现有的群组密钥相比,方案不仅具有较好的效率,并且更适合于无线传感器网络。     

Inter-Cluster Routing Authentication for Ad Hoc Networks by a Hierarchical Key Scheme

Dissimilar to traditional networks, the features of mobile wireless devices that can actively form a network without any infrastructure mean that mobile ad hoc networks frequently display partition due to node mobility or link failures. These indicate that an ad hoc network is difficult to provide ou-llne access to a trusted authority server. Therefore, applying traditional Public Key Infrastructure （PKI） security framework to mobile ad hoc networks will cause insecurities. This study proposes a scalable and elastic key management scheme integrated into Cluster Based Secure Routing Protocol （CBSRP） to enhance security and non-repudiation of routing authentication, and introduces an ID-Based internal routing authentication scheme to enhance the routing performance in an internal cluster. Additionally, a method of performing routing authentication between internal and external clusters, as well as inter-cluster routing authentication, is developed. The proposed cluster-based key management scheme distributes trust to an aggregation of cluster heads using a threshold scheme faculty, provides Certificate Authority （CA） with a fault tolerance mechanism to prevent a single point of compromise or failure, and saves CA large repositories from maintaining member certificates, making ad hoc networks robust to malicious behaviors and suitable for numerous mobile devices.     

A survey of secure wireless ad hoc routing

Ad hoc networks use mobile nodes to enable communication outside wireless transmission range. Attacks on ad hoc network routing protocols disrupt network performance and reliability. The article reviews attacks on ad hoc networks and discusses current approaches for establishing cryptographic keys in ad hoc networks. We describe the state of research in secure ad hoc routing protocols and its research challenges.     

移动自组网络安全分布式组密钥管理方案

组密钥管理通过为组成员生成、发送和更新组密钥来满足加密认证等安全需求,许多应用于军事战场、紧急救灾等场合的移动自组网络需要安全组通信支持.然而节点的移动性、链路的不稳定性以及缺乏可信中心等特点使移动自组网络组密钥管理面临巨大的挑战.基于可验证秘密分享机制和门限密码术,提出了一种安全的分布式组密钥管理方案VGK.方案能有效地抵制主动攻击和恶意节点的合谋攻击,而且具有鲁棒性和自适应性的特点.模拟实验表明,敌对环境下该方案中组密钥的更新效率和成功率均优于其它提出的协议.     

一种新的移动Ad Hoc网络的安全解决方案

基于自发证书的移动Ad Hoc网络(MANET)安全解决方案采用的证书选择算法只能从概率统计上保证获得一条证书链、要求节点具备较高的存储能力和计算能力、缺乏证书管理机制。文章结合自发证书和证书链思想,提出了一种新的MANET安全解决方案,从改进证书管理、获取目的节点可信公钥、提出基于质询－签名机制双向身份认证方法和保障安全通信4方面加强其安全性。     

Ad Hoc网络安全密钥管理服务

ad hoc网络是一种移动无线自组织网络，与传统有线网络和一般无线网络存在着很大区别。该文分析了ad hoc网络面临的主要安全问题，阐述了目前研究的ad hoc网络安全密钥管理方案，并比较了其优缺点、适用性。     

Certification-based trust models in mobile ad hoc networks: A survey and taxonomy

A mobile ad hoc network is a wireless communication network which does not rely on a pre-existing infrastructure or any centralized management. Securing the exchanges in such network is compulsory to guarantee a widespread development of services for this kind of networks. The deployment of any security policy requires the definition of a trust model that defines who trusts who and how. There is a host of research efforts in trust models framework to securing mobile ad hoc networks. The majority of well-known approaches is based on public-key certificates, and gave birth to miscellaneous trust models ranging from centralized models to web-of-trust and distributed certificate authorities. In this paper, we survey and classify the existing trust models that are based on public-key certificates proposed for mobile ad hoc networks, and then we discuss and compare them with respect to some relevant criteria. Also, we have developed analysis and comparison among trust models using stochastic Petri nets in order to measure the performance of each one with what relates to the certification service availability.     

Power-aware virtual base stations for wireless mobile ad hoc communications

In this paper, we propose a novel infrastructure formation scheme for wireless mobile ad hoc networks. The proposed architecture, namely, power-aware virtual base stations (PA-VBS), mimics and maintains the operation of the conventional fixed infrastructure in cellular networks. In the PA-VBS protocol, a mobile node is elected from a set of nominees to act as a temporary base station within its zone based on its residual battery capacity. We study the characteristics and performance of PA-VBS by means of simulation. It is shown that PA-VBS scales well to large networks of mobile stations, and that it outperforms other infrastructure-formation protocols in terms of load balancing. The PA-VBS architecture facilitates the development of a comprehensive and promising framework for quality of service (QoS) management in wireless mobile ad hoc networks once the proper integration of the MAC protocol with the routing and call admission control mechanisms is established. Moreover, it lays the groundwork for assigning bandwidth, and/or implementing priorities, and hence for QoS-based routing by conveying the quality of a path prior to call setup. To the authors’ best knowledge, this is the first time that energy is used as a basis for developing a wireless mobile infrastructure, and achieving load balancing.     

Reliable and fully distributed trust model for mobile ad hoc networks

A mobile ad hoc network (MANET) is a wireless communication network which does not rely on a pre-existing infrastructure or any centralized management. Securing the exchanges in MANETs is compulsory to guarantee a widespread development of services for this kind of networks. The deployment of any security policy requires the definition of a trust model that defines who trusts who and how. Our work aims to provide a fully distributed trust model for mobile ad hoc networks. In this paper, we propose a fully distributed public key certificate management system based on trust graphs and threshold cryptography. It permits users to issue public key certificates, and to perform authentication via certificates' chains without any centralized management or trusted authorities. Moreover, thanks to the use of threshold cryptography; our system resists against false public keys certification. We perform an overall evaluation of our proposed approach through simulations. The results indicate out performance of our approach while providing effective security.     

移动自组网中安全高效的组密钥管理方案

以提供安全、可靠的保密通信为目标的组密钥管理方案是移动自组网安全研究领域中的一个热点.然而,固有的动态性、资源受限和无固定基础设施等特点使得目前已有组密钥管理方案不能很好地适用于MANET.针对MANET组密钥管理面临的诸多挑战,提出一种高效的安全组密钥管理方案(an efficient and secure group key management,ESGKM).ESGKM无需控制中心,所有成员通过协商共同生成组共享秘密密钥,提高了方案的安全性,并能很好地适应拓扑频繁变化的MANET环境.基于ECC和双线性对的密码体制提高了组密钥生成的效率,同时组成员能够对接收的子密钥份额和组密钥份额进行验证,进一步增加了方案的安全性.该方案还提出基于组密钥服务中心(group key ervice center,GKSC)的组密钥更新和一致性管理算法,有效减少了ESGKM通信开销和计算量,避免了组密钥不一致造成节点孤立.使用串空间模型对ESGKM方案进行了形式化分析,证明了其正确性和安全性.最后,通过与BD,A-GDH和TGDH协议比较,表明ESGKM能有效减少节点和网络资源消耗,很好地适用于动态的MANET环境,具有更...     

移动自组网络组密钥管理框架

许多应用于军事、紧急救灾等场合的移动自组网络需要安全组通信支持，然而节点的移动性、链路不可靠以及多跳通信延迟等特点使移动自组网络的组密钥管理面临巨大的挑战。基于秘密共享机制和RSA非对称机密体制提出了一种新的移动自组网络组密钥管理框架DGKMF，该框架具有不依赖网络拓扑结构、组密钥局部生成以及有效维护组密钥的一致性的特点。模拟实验表明，DGKMF在组密钥更新成功率和延迟等方面均优于其他协议和算法。     

A global security architecture for operated hybrid WLAN mesh networks

Hybrid Wireless Mesh Network (HWMN) is a new wireless networking paradigm. Unlike traditional wireless networks, in HWMNs, hosts may rely on each other to keep the network connected. Operators and wireless internet service providers are choosing HWMNs to offer Internet connectivity, as it allows fast, easy and affordable network deployments. One main challenge in design of these networks is their vulnerability to security attacks. In this paper, we investigate the main security issues focusing on the most vulnerable part of the hybrid WLAN mesh infrastructure which concerns the ad hoc network part. Through our proposed architecture, Security Architecture for Operator’s Hybrid WLAN Mesh Network (SATHAME), we identify the new challenges and opportunities posed by this emerging networking environment and explore approaches to secure users, data and communications. From the analysis of strengths and weaknesses of secured routing protocols, we designed a new robust routing structure called MacroGraph (MG). MG structure is extracted from the mesh ad hoc network for each communication to be established between a source and a destination. Especially, MG is a robust structure based on node-disjoint path routing scheme and dynamic trust management that can be adapted to respond to applications’ security requirements. We present a performance analysis of our efficient, robust and scalable multipath reactive secured routing protocol. We investigate the behavior of our proposed scheme under two attack scenarios: Packet Dropping and Route Error attacks in dense network configurations.     

An efficient user authentication and key exchange protocol for mobile client–server environment

Considering the low-power computing capability of mobile devices, the security scheme design is a nontrivial challenge. The identity (ID)-based public-key system with bilinear pairings defined on elliptic curves offers a flexible approach to achieve simplifying the certificate management. In the past, many user authentication schemes with bilinear pairings have been proposed. In 2009, Goriparthi et al. also proposed a new user authentication scheme for mobile client–server environment. However, these schemes do not provide mutual authentication and key exchange between the client and the server that are necessary for mobile wireless networks. In this paper, we present a new user authentication and key exchange protocol using bilinear pairings for mobile client–server environment. As compared with the recently proposed pairing-based user authentication schemes, our protocol provides both mutual authentication and key exchange. Performance analysis is made to show that our presented protocol is well suited for mobile client–server environment. Security analysis is given to demonstrate that our proposed protocol is provably secure against previous attacks.     

A lightweight anonymous routing protocol without public key en/decryptions for wireless ad hoc networks

More attention should be paid to anonymous routing protocols in secure wireless ad hoc networks. However, as far as we know, only a few papers on secure routing protocols have addressed both issues of anonymity and efficiency. Most recent protocols adopted public key Infrastructure (PKI) solutions to ensure the anonymity and security of route constructing mechanisms. Since PKI solution requires huge and expensive infrastructure with complex computations and the resource constraints of small ad hoc devices; a two-layer authentication protocol with anonymous routing (TAPAR) is proposed in this paper. TAPAR does not adopt public key computations to provide secure and anonymous communications between source and destination nodes over wireless ad hoc networks. Moreover, TAPAR accomplishes mutual authentication, session key agreement, and forward secrecy among communicating nodes; along with integration of non-PKI techniques into the routing protocol allowing the source node to anonymously interact with the destination node through a number of intermediate nodes. Without adopting PKI en/decryptions, our proposed TAPAR can be efficiently implemented on small ad hoc devices while at least reducing the computational overhead of participating nodes in TAPAR by 21.75%. Our protocol is certainly favorable when compared with other related protocols.     

Ad Hoc网络中一种基于环状分层结构的组密钥协商协议

移动ad hoc网络是一种新型的移动多跳无线网络.其自身的特征,如网络规模庞大、动态的拓扑结构、有限的计算、通信和存储能力等,使得传统的密钥分配和管理机制无法直接应用于该网络.提出了一种新的适用于移动 ad hoc网络的组密钥协商协议.该协议在环状分层结构上基于多线性映射进行组密钥的协商和分配,使得节点在密钥协商过程中具有低计算开销与低通信开销的优势,较好地解决了在移动ad hoc网络中进行组密钥协商时所遇到的节点能量受限问题,适用于移动ad hoc网络.     

Wireless sensor network key management survey and taxonomy

Wireless sensor networks (WSN) are mobile ad hoc networks in which sensors have limited resources and communication capabilities. Secure communications in some wireless sensor networks are critical. Key management is the fundamental security mechanism in wireless sensor network. Many key management schemes have been developed in recent years.In this paper, we present wireless sensor network key management survey and taxonomy. We classify proposed wireless sensor network key management schemes into three categories based on the encryption key mechanism. We then divide each category into several subcategories based on key pre-distribution and key establishment.