移动自组网中匿名通信方案

由于传统Ad hoc通信协议通常采用过多的公钥运算,导致路由建立时间延长。传统的基于公/私钥的签名方案暴露了节点的身份信息,不能满足匿名性的需求。针对以上问题提出了一种适用于小型Ad Hoc网络的可认证的匿名通信协议。通过移动代理对源节点和目标节点进行判别并对节点信息进行隐藏,降低了网络延迟。通过成员函数动态建立的路由控制信息,解决了单个节点的离线造成路径中断的问题。理论分析和仿真结果表明,该协议较传统协议在路由建立时间和信息投递率方面有较大的提高。另外该协议建立的匿名链接具有双向性,在一定程度上降低了协议损耗。     

A secure anonymous routing protocol with authenticated key exchange for ad hoc networks

Anonymity and authenticated key exchange should be paid much more attention in secure mobile ad hoc routing protocols, especially in privacy-vital environment. However, as far as we know, few papers on secure routing protocols have addressed both the anonymity and authenticated key exchange. Therefore, in this paper, we present a new secure anonymous routing protocol with authenticated key exchange for ad hoc networks. In comparison with other previous secure routing protocols, our proposed protocol not only provides the anonymity to the route from the source to the destination, but also integrates the authenticated key exchange into the routing algorithm.     

An Analysis Study on Zone-Based Anonymous Communication in Mobile Ad Hoc Networks

A zone-based anonymous positioning routing protocol for ad hoc networks, enabling anonymity of both source and destination, is proposed and analyzed. According to the proposed algorithm, a source sends data to an anonymity zone, where the destination node and a number of other nodes are located. The data is then flooded within the anonymity zone so that a tracer is not able to determine the actual destination node. Source anonymity is also enabled because the positioning routing algorithms do not require the source ID or its position for the correct routing. We develop anonymity protocols for both routeless and route-based data delivery algorithms. To evaluate anonymity, we propose a "measure of anonymity," and we develop an analytical model to evaluate it. By using this model, we perform an extensive analysis of the anonymity protocols to determine the parameters that most impact the anonymity level.     

Anonymous Geo-Forwarding in MANETs through Location Cloaking

In this paper, we address the problem of destination anonymity for applications in mobile ad hoc networks where geographic information is ready for use in both ad hoc routing and Internet services. Geographic forwarding becomes a lightweight routing protocol in favor of the scenarios. Traditionally the anonymity of an entity of interest can be achieved by hiding it among a group of other entities with similar characteristics, i.e., an anonymity set. In mobile ad hoc networks, generating and maintaining an anonymity set for any ad hoc node is challenging because of the node mobility, consequently the dynamic network topology. We propose protocols that use the destination position to generate a geographic area called {em anonymity zone (AZ)}. A packet for a destination is delivered to all the nodes in the AZ, which make up the anonymity set. The size of the anonymity set may decrease because nodes are mobile, yet the corresponding anonymity set management is simple. We design techniques to further improve node anonymity and reduce communication overhead. We use analysis and extensive simulation to study the node anonymity and routing performance, and to determine the parameters that most impact the anonymity level that can be achieved by our protocol.     

Secure communications for cluster-based ad hoc networks using node identities

Ad hoc networks are self-configurable networks with dynamic topologies. All involved nodes in the network share the responsibility for routing, access, and communications. The mobile ad hoc network can be considered as a short-lived collection of mobile nodes communicating with each other. Such networks are more vulnerable to security threats than traditional wireless networks because of the absence of the fixed infrastructure. For providing secure communications in such networks, lots of mechanisms have been proposed since the early 1990s, which also have to deal with the limitations of the mobile ad hoc networks, including high power saving and low bandwidth. Besides, public key infrastructure (PKI) is a well-known method for providing confidential communications in mobile ad hoc networks. In 2004, Varadharajan et al. proposed a secure communication scheme for cluster-based ad hoc networks based on PKI. Since the computation overheads of the PKI cryptosystem are heavy for each involved communicating node in the cluster, we propose an ID-based version for providing secure communications in ad hoc networks. Without adopting PKI cryptosystems, computation overheads of involved nodes in our scheme can be reduced by 25% at least.     

高能量节点驱动的按需距离矢量路由协议

无线自组织网络中的按需距离矢量路由协议(AODV)没有考虑到能量消耗的均衡性和网络生命期的问题。针对AODV的这一缺点,提出了一种高能量节点驱动的AODV协议(HN-AODV)。此协议将高能量节点驱动的策略应用于按需路由发现过程,尽量选择能量较高的节点来承担转发任务,以此来平衡网络能耗。仿真结果显示,HN-AODV在基本不降低数据传输性能的前提下,显著提高了网络生命周期。这种高能量节点驱动的方案同样可以运用在其它类似的反应式路由协议中。     

基于对的无线Ad hoc网络可追踪邻居匿名认证方案

为解决传统无线Ad hoc网络邻居匿名认证方案容侵性不佳以及难以锁定恶意节点身份的问题,提出一种基于双线性对的无线Ad hoc网络可追踪邻居匿名认证方案。采用基于身份的公钥系统,节点随机选择私钥空间中的数作为临时私钥,与身份映射空间的节点公钥以及一个公开的生成元模相乘得到临时公钥,利用双线性映射的性质协商会话密钥并实现匿名认证。通过在随机预言机模型下的形式化分析,表明本方案在BCDH问题难解的假设下可对抗攻击者的伪装行为,同时利用认证过程中交互的临时公钥可有效锁定恶意节点真实身份。     

An anonymous distributed routing protocol in mobile ad-hoc networks

This paper proposes an efficient anonymous routing protocol for mobile ad hoc networks (MANETs). This protocol considers symmetric and asymmetric links during the wireless communication of MANETs. A MANET is one type of self-organized wireless network that can be formed by several wireless devices such as laptops, tablet PCs, and smartphones. Different wireless transmission ranges of different mobile devices lead to a special communication condition called an asymmetric link. Most research on this topic focuses on providing security and anonymity for the symmetric link without considering the asymmetric link. This paper proposes a novel distributed routing protocol beyond the symmetric and asymmetric links. This protocol guarantees the security, anonymity, and high reliability of an established route by avoiding unreliable intermediate nodes. The routes generated by the proposed protocol are shorter than previous research. The proposed protocol enhances MANET performance in assuring security and anonymity.     

Inter-Cluster Routing Authentication for Ad Hoc Networks by a Hierarchical Key Scheme

Dissimilar to traditional networks, the features of mobile wireless devices that can actively form a network without any infrastructure mean that mobile ad hoc networks frequently display partition due to node mobility or link failures. These indicate that an ad hoc network is difficult to provide ou-llne access to a trusted authority server. Therefore, applying traditional Public Key Infrastructure （PKI） security framework to mobile ad hoc networks will cause insecurities. This study proposes a scalable and elastic key management scheme integrated into Cluster Based Secure Routing Protocol （CBSRP） to enhance security and non-repudiation of routing authentication, and introduces an ID-Based internal routing authentication scheme to enhance the routing performance in an internal cluster. Additionally, a method of performing routing authentication between internal and external clusters, as well as inter-cluster routing authentication, is developed. The proposed cluster-based key management scheme distributes trust to an aggregation of cluster heads using a threshold scheme faculty, provides Certificate Authority （CA） with a fault tolerance mechanism to prevent a single point of compromise or failure, and saves CA large repositories from maintaining member certificates, making ad hoc networks robust to malicious behaviors and suitable for numerous mobile devices.     

移动自组网的匿名路由协议研究综述

移动自组网中的恶意节点对路由协议的安全和隐匿具有严重威胁.现在针对安全路由协议的研究很多,但是很少有人涉及匿名性问题,匿名路由协议能够实现节点身份、位置和通信关系的隐匿,在军事和其它机密通信领域中具有重要意义.首先对匿名路由协议面临的攻击行为进行分析,介绍其定义、分类和匿名性评价方法,然后概括性的介绍已有的典型匿名路由协议,比较其匿名性和安全性,最后对以后研究的问题和方向作了总结和展望.     

一种移动Ad Hoc网络中身份认证与地址分配方案

现有ad hoc网络协议都是假设节点进入网络时已经分配了IP地址,而且在节点进入网络时假设节点之间无条件信任,这种缺乏对安全性的考虑是无法在实际战场环境下使用的。该文提出一种新的安全的解决方案,它由建立路由前的节点间的相互身份认证和安全地址分配(公钥散列产生节点地址)两个部分组成。方案可以有效地防止各种相关的攻击,最后还进行了方案的效率分析。     

一种安全的Ad Hoc网络路由协议SGSR

Ad Hoc网络作为一种无线移动网络,其安全问题,特别是路由协议的安全备受关注。针对现有适合移动Ad Hoc网络的链路状态路由协议GSR无法防范恶意节点伪造、篡改、DoS攻击的现状,本文提出了一种在移动Ad Hoc网络中抵抗单个节点恶意攻击的安全路由协议SGSR,给出了认证协议的形式化证明,并对路由协议进行仿真和性能分析。     

一种双向认证Ad hoc安全路由协议的研究

由于网络拓扑的动态性、无线链路的多跳性，传统路由协议不能保证Adhoe网络的路由安全．文章提出一种双向认证Ad hoe安全路由协议——MASRP（mutual authenticated secure Ad hoc routing protocol）协议，通过在按需路由发现的同时实现端到端节点的身份认证和一次性会话密钥的交换，以保障路径发现的正确性和数据端到端传输的可靠性，提高路由协议的安全性．协议的安全性在BAN逻辑分析下得到证明．     

A survey of secure wireless ad hoc routing

Ad hoc networks use mobile nodes to enable communication outside wireless transmission range. Attacks on ad hoc network routing protocols disrupt network performance and reliability. The article reviews attacks on ad hoc networks and discusses current approaches for establishing cryptographic keys in ad hoc networks. We describe the state of research in secure ad hoc routing protocols and its research challenges.     

一个高效的Ad Hoc网络匿名路由协议

提出了一个新型高效的适用于小型AdHoc网络的匿名路由协议。该协议建立了一种源节点和目的节点间伪名同步机制,并引入移动代理来防止恶意节点对网络的攻击。利用哈希链性质实现了节点身份的匿名和跳数控制。与一般的需要公钥加密的匿名协议相比,具有较低的网络延迟和更高的运算效率。     

无线传感器网络路由协议的分析与比较

无线传感器网络的路由协议设计与传统的无线ad-hoc网络有很多不同,资源高度受限和结点失效频繁是其面临的两大挑战,相关技术研究已经成为无线传感器网络研究中的热点.对近年来无线传感器网络路由协议的研究成果进行归纳、分析和比较,介绍了无线传感器网络的特点以及影响其路由协议设计的关键因素.根据协议的实现特点将无线传感器网络路由协议分为5类,对每一类涉及的重要协议进行详细阐述与分析,最后对这些协议的特点进行归纳和比较,并展望了未来这一研究方向的发展趋势.     

对两个无线传感器网络中匿名身份认证协议的安全性分析

针对设计安全高效的无线传感器网络环境下匿名认证协议的问题,基于广泛接受的攻击者能力假设,采用基于场景的攻击技术,对新近提出的两个无线传感器网络环境下的双因子匿名身份认证协议进行了安全性分析。指出刘聪等提出的协议(刘聪,高峰修,马传贵,等.无线传感器网络中具有匿名性的用户认证协议.计算机工程,2012,38(22):99-103)无法实现所声称的抗离线口令猜测攻击,且在协议可用性方面存在根本性设计缺陷;指出闫丽丽等提出的协议(闫丽丽,张仕斌,昌燕.一种传感器网络用户认证与密钥协商协议.小型微型计算机系统,2013,34(10):2342-2344)不能抵抗用户仿冒攻击和离线口令猜测攻击,且无法实现用户不可追踪性。结果表明,这两个匿名身份认证协议都存在严重安全缺陷,不适于在实际无线传感器网络环境中应用。     

A cost matrix agent for shortest path routing in ad hoc networks

Wireless ad hoc networks do not rely on an existing infrastructure. They are organized as a network with nodes that act as hosts and routers to treat packets. With their frequent changes in topology, ad hoc networks do not rely on the same routing methods as for pre-established wired networks; they require routing methods for mobile wireless networks. To select a path from a source to a destination in dynamic ad hoc networks, an efficient and reliable routing method is very important. In this paper, we introduce a cost-matrix-based routing algorithm. An agent node creates topology information in the form of the adjacency-cost matrix which shows link costs of the network.Based on the adjacency-cost matrix, the minimum-cost matrix and the next-node matrices can be calculated. Based on the minimum-cost matrix and the next-node matrices, the minimum cost between source and destination nodes and between intermediate nodes on the minimum-cost paths can be calculated.The matrices are periodically distributed by the agent to the other nodes. Based on the minimum-cost matrix and the next-node matrices, each node decides the minimum-cost path to its destination. Because none of the nodes except the agent needs to gather network topology information, the control overhead of the proposed method is small compared with those of the general table-driven routing protocols.     

一种无线Ad Hoc网络动态混淆匿名算法

无线Ad Hoc网络的特殊性决定了它要受到多种网络攻击的威胁,现有的加密和鉴别机制无法解决流量分析攻击.在比较了抗流量分析的匿名技术基础上,提出混淆技术可以满足无线Ad Hoc网络的匿名需求,但现有的混淆算法在Ad Hoc网络下却存在安全与效率的问题.提出了一种动态混淆的RM(pseudo-random mix)算法,该算法主要对混淆器的管理部分进行重新设计.RM算法根据混淆缓冲区的情况进行决策,当缓冲区未满时采用时延转发方式,缓冲区满后采用随机数转发方式,这样既保证了无线Ad Hoc节点的匿名性,同时又解决了停等算法的丢包现象.对RM算法的安全性和效率进行了分析,仿真结果与理论分析相一致,表明RM算法在无线Ad Hoc网络下具有较好的自适应性和实用价值.     

M2ASR——新型多径匿名源路由协议*

针对无线Ad hoc网络通信的安全与效率问题,提出一个高效并有较好匿名能力的多径匿名源路由协议M2ASR。在DSR协议的基础上,使用标签机制,对源路由的工作过程进行了修改,实现了能够应用于大规模无线网络的多径匿名路由;并在协议中首次使用IDA算法,利用Ad hoc网络的节点转发和协议本身提供的多径性质,提高了无线Ad hoc的通信效率;从理论和仿真角度对M2ASR协议的匿名性和使用IDA算法之后所带来的效率进行了分析和总结。