移动自组网典型路由协议研究

随着网络的发展,移动自组网已成为当前研究的热点,文中介绍了移动自组网与现有通信系统在路由上的区别,重点探讨了移动自组网DSDV、AODV、DSR等几类典型的路由协议,以及MANET路由协议今后的主要研究方向。     

无线 Mesh 网络中多路径路由算法的研究

针对无线 Mesh 网络中传统单径路由协议的不足,提出一种基于动态源路由协议(DSR)的多路径路由算法(IDSR).该算法通过在路由发现过程引入带宽和最大转发次数等限制条件,保证了多条路由请求信息的获取;通过在节点不相交的多径选择过程中引入多 QoS 路由代价函数,有效地实现多路径的选择;通过提供多 QoS 保障,使算法具有较高的求解效率,避免了单径路由的不稳定等特点.实验结果表明,IDSR 算法在无线 Mesh 网络的路由中具有更好的 QoS 性能.     

基于AODV协议的自组网络安全机制的研究

路由协议的安全性是移动自组网络安全中最重要的一环,AODV路由协议因简单和控制开销小而广泛用于自组网络,但其没有任何安全机制保障,为此,本文探讨了AODV路由协议存在的主要安全隐患,对协议进行必要的改进,增加攻击检测功能,并为网络中节点建立信誉机制,二者相互作用共同完成协议安全性保障.利用NS进行仿真,结果表明改进后的算法能够检测到网络中节点的恶意行为并迅速做出反应,实现对网络内部及外部攻击的防范.     

移动Adhoc网络中多径路由的研究

移动Adhoc网络（MANETs）中,因为节点是可以自由移动的,所以源节点到目的节点间的连接很不稳定。多径路由可以快速修复路由,也带来许多其它的好处。文章分类研究了多径路由在移ChAdhoc网络路由协议中的应用,并对应用多径路由前后的路由协议性能进行了比较。     

Ad Hoc网路由协议在常规靶场中的应用及仿真

在试验通信系统IP化改造的要求下,建设基于多跳路由协议的无线移动自组织(Ad Hoc)试验通信网是必然的选择。传统的试验通信系统多采用集中控制的点对多点星状网,而移动自组网属于网状网,采用完全不同的组网方式,其对特定试验保障通信业务的承载能力,以及路由协议的适应性目前尚没有试验数据可供参考。对自组网路由协议在试验通信中的应用进行研究,根据想定试验场景对网络性能进行仿真分析,分别仿真了4种路由协议的数据包成功递交率、平均吞吐量以及平均时延等网络性能。仿真结果表明,4种路由协议中有3种协议综合性能完全可以满足试验通信保障任务。     

一种Ad Hoc网络单径和多径路由的选择算法

主要分析了Ad Hoc网络中单径路由协议和多径路由协议的特点。从路由中断时所传输分组的丢失率角度考虑,提出了一种单径路由和多径路由的路由协议选择算法。该算法考虑了由于网络的动态拓扑导致链路频繁失效时,原有路由中各节点缓存的分组会被丢弃的特征,通过选择合适的路由协议,降低分组的丢失概率,提高网络效率。     

移动自组网路由恢复算法的研究

移动自组网是由一组带有无线收发装置的移动终端组成的自治通信系统.煤矿井下移动自组网可应用于矿井的监控管理系统、数据采集系统或者应急通信系统.移动自组网的路由方案主要包括表驱动(Proactive)和按需驱动(Reactive)两种,AODV是一种代表性的按需驱动算法.文中介绍了利用辅助路径基于AODV的一种矿井移动自组网的路由恢复算法,给出了辅助路由算法的性能测评方案.     

移动自组网基于地理位置信息的能量辅助路由协议

针对移动自组网网络生存时间较短、传统按需路由协议开销大且易断裂的问题,文中提出一种移动自组网基于地理位置信息的能量辅助路由协议LEAODV(Location-Energy-AODV).传统按需距离矢量协议以广播方式进行路由发现,路由开销大且未考虑节点能量耗尽而造成路由断裂问题.LEAODV路由协议考虑通信节点地理位置信...     

移动Adhoc网络中按需路由协议的安全性改进方案

在移动Adhoc网络中,安全性是保证其可用性的一个重要方面.文章提出了一种针对按需路由协议的安全性改进方案,这种方案采用了对邻居节点的身份即时认证、对远端节点按需认证、匿名寻找路由,逐跳加密传输的机制,能够有效地阻止恶意节点对网络的窃听、篡改等攻击,确保网络路由信息的安全.     

异构无线网络可控匿名漫游认证协议

分析传统的匿名漫游认证协议,指出其存在匿名不可控和通信时延较大的不足,针对上述问题,本文提出异构无线网络可控匿名漫游认证协议,远程网络认证服务器基于1轮消息交互即可完成对移动终端的身份合法性验证;并且当移动终端发生恶意操作时,家乡网络认证服务器可协助远程网络认证服务器撤销移动终端的身份匿名性.本文协议在实现匿名认证的同时,有效防止恶意行为的发生,且其通信时延较小.安全性证明表明本文协议在CK安全模型中是可证安全的.     

An Identity-Free and On-Demand Routing Scheme against Anonymity Threats in Mobile Ad Hoc Networks

Introducing node mobility into the network also introduces new anonymity threats. This important change of the concept of anonymity has recently attracted attentions in mobile wireless security research. This paper presents identity-free routing and on- demand routing as two design principles of anonymous routing in mobile ad hoc networks. We devise ANODR (ANonymous On-Demand Routing) as the needed anonymous routing scheme that is compliant with the design principles. Our security analysis and simulation study verify the effectiveness and efficiency of ANODR.     

一种支持悬赏的匿名电子举报方案的安全性分析及设计

 对Miao-Wang-Miao-Xiong匿名电子举报方案进行了安全性分析,指出其存在的安全性缺陷,该方案不满足其要求的举报信息机密性,以及不满足对举报人提供有效的激励机制.设计了破坏这两种性质的攻击方法.为设计满足要求的支持悬赏的匿名电子举报方案,利用安全的基于双线性对的举报受理者公钥加密方案、安全的指定验证者的环签名方案提出了一种支持悬赏的匿名电子举报方案设计模式.经安全性分析,设计模式是安全的.     

ARMR: Anonymous routing protocol with multiple routes for communications in mobile ad hoc networks

A mobile ad hoc network consists of mobile nodes that communicate in an open wireless medium. Adversaries can launch analysis against the routing information embedded in the routing message and data packets to detect the traffic pattern of the communications, thereby obtaining sensitive information of the system, such as the identity of a critical node. In order to thwart such attacks, anonymous routing protocols are developed. For the purposes of security and robustness, an ideal anonymous routing protocol should hide the identities of the nodes in the route, in particular, those of the source and the destination. Multiple routes should be established to increase the difficulty of traffic analysis and to avoid broken paths due to node mobility. Existing schemes either make the unrealistic and undesired assumption that certain topological information about the network is known to the nodes, or cannot achieve all the properties described in the above. In this paper, we propose an anonymous routing protocol with multiple routes called ARMR, which can satisfy all the required properties. In addition, the protocol has the flexibility of creating fake routes to confuse the adversaries, thus increasing the level of anonymity. In terms of communication efficiency, extensive simulation is carried out. Compared with AODV and MASK, our ARMR protocol gives a higher route request success rate under all situations and the delay of our protocol is comparable to the best of these two protocols.     

AOS: an anonymous overlay system for mobile ad hoc networks

Providing anonymous communications in mobile ad hoc networks (MANETs) is an effective countermeasure against malicious traffic analysis. This paper presents AOS, an Anonymous Overlay System for MANETs, which provides provably strong source and destination anonymity under a rather strong adversary model. AOS differs significantly from previous anonymous communication systems for MANETs mainly in three aspects. First, AOS is an overlay system independent of the underlying MANET protocol stack. Second, AOS resolves the conflict between anonymous communications and secure routing in MANETs and enables providing both at the same time. Last but not least, AOS can satisfy diverse anonymity requirements with different communication and computation overhead. AOS is the first system of its kind, and its efficacy and efficiency are confirmed by detailed qualitative and quantitative analysis.     

RFID匿名认证协议的设计

在分析RFID协议安全需求的基础上,基于通用可组合安全模型,设计了一个低成本的RFID匿名认证协议,在标准模型下证明了RFID匿名认证协议的安全性.设计的协议提供匿名、双向认证和并发安全,并且协议的实现对于一般的RFID结构都是切实可行的.     

Structural‐based tunneling: preserving mutual anonymity for circular P2P networks

Many methods are suggested to preserve anonymity of users for peer‐to‐peer (P2P) networks. Most of these methods, by relying on established anonymous solutions on client/server applications, are presented for unstructured P2P networks. However, structured overlays, by using distributed hash tables for their routing, do not resemble traditional paradigms. Therefore, current anonymous methods cannot be implemented for them easily. In this paper, we introduce structural‐based tunneling (SBT) to provide mutual anonymity for circular P2P structures. In this method, we get help from inherited features of network infrastructure to establish a standard way for making tunnels. SBT introduces a flexible design that is able to manage different parts of the tunnels on current infrastructures. For this purpose, we incorporate SBT with Chord to show how such design can be managed for real‐world applications. The results of applied method with simulations show that by managing critical features of SBT, a trade‐off can be made between stronger security and performance of the network. Copyright © 2015 John Wiley & Sons, Ltd.     

Privacy‐preserving multireceiver ID‐based encryption with provable security

Multireceiver identity (ID) based encryption and ID‐based broadcast encryption allow a sender to use the public identities of multiple receivers to encrypt messages so that only the selected receivers or a privileged set of users can decrypt the messages. It can be used for many practical applications such as digital content distribution, pay‐per‐view and multicast communication. For protecting the privacy of receivers or providing receiver anonymity, several privacy‐preserving (or anonymous) multireceiver ID‐based encryption and ID‐based broadcast encryption schemes were recently proposed, in which receiver anonymity means that nobody (including any selected receiver), except the sender, knows who the other selected receivers are. However, security incompleteness or flaws were found in these schemes. In this paper, we propose a new privacy‐preserving multireceiver ID‐based encryption scheme with provable security. We formally prove that the proposed scheme is semantically secure for confidentiality and receiver anonymity. Compared with the previously proposed anonymous multireceiver ID‐based encryption and ID‐based broadcast encryption schemes, the proposed scheme has better performance and robust security. Copyright © 2012 John Wiley & Sons, Ltd.     

匿名技术的研究进展

对匿名技术的研究情况进行了综述。统一给出了关联性、匿名性、假名等概念,探讨了Crowds、洋葱路由、Mix nets等匿名通信的实现机制,介绍了有关的研究进展,指出了匿名性度量、环签名和群签名等匿名签名算法、匿名应用中信赖的建立等技术中需要进一步研究的问题。     

基于代理签名的移动通信网络匿名漫游认证协议

随着无线移动终端的广泛应用,漫游认证、身份保密等问题显得日益突出。该文分析了现有的各种漫游认证协议在匿名性及安全性上存在的问题,指出现有协议都无法同时满足移动终端的完全匿名与访问网络对非法认证请求的过滤,进而针对性地提出了一种新的匿名认证协议。该协议基于椭圆曲线加密和代理签名机制,通过让部分移动终端随机共享代理签名密钥对的方式,实现了完全匿名和非法认证请求过滤。此外,协议运用反向密钥链实现了快速重认证。通过分析比较以及形式化验证工具AVISPA验证表明,新协议实现了完全匿名,对非法认证请求的过滤,双向认证和会话密钥的安全分发,提高了安全性,降低了计算负载,适用于能源受限的移动终端。     

多样化的可控匿名通信系统

随着网络通信技术的发展,Tor匿名通信系统在得到广泛应用的同时暴露出匿名性较弱等不安全因素,针对上述问题,基于节点的区域管理策略提出一种多样化的可控匿名通信系统(DC-ACS),DC-ACS中多样化匿名链路建立机制根据用户需求选择相应区域的节点完成匿名通信链路的建立,同时基于行为信任的监控机制实现对用户恶意匿名行为的控制,并且保证了发送者和接收者对匿名链路入口节点和出口节点的匿名性。通过与Tor匿名通信系统的比较,DC-ACS在具有匿名性的同时,具有更高的安全性和抗攻击的能力,解决了Tor匿名通信系统所存在的安全隐患。