可证明安全的节点不相交多路径源路由协议

多路径路由实现是移动ad hoc网络可靠运行的有效保证.针对多路径路由协议的安全性分析,建立了基于UC(universally composable)框架的可证明安全路由协议的新方法.基于攻陷的网络拓扑模型,扩展了可模糊路由概念,提出了多路径可模糊路由集合概念,用于描述攻陷网络拓扑结构的移动ad hoc网络多路径路由;基于UC安全模型,提出了基于UC-RP(universally composable security framework for ad hoc networks routing protocol)框架的路由协议形式化安全定义;针对MNDP(multiple node-disjoint paths)协议存在的安全问题,提出了新的移动ad hoc网络节点不相交多路径动态源路由协议(简记为SMNDP(security multiple node-disjoint paths)协议).将基于UC-RP框架的可证明安全路由协议的新方法应用于SMNDP协议的安全分析.SMNDP协议的可证明安全性可以归约为消息认证码和签名机制的安全性.SMNDP协议实现了路由发现协议的正确性、节点身份的认证性和路由消息的完整性.

Provably Secure Approach for Multiple Node-Disjoint Paths Source Routing Protocol

The multi-path routing scheme provides reliable guarantee for mobile ad hoc networks. This paper proposes a new method used to analyze the security of multi-path routing protocol within the framework of Universally Composable (UC) security. Based on the topological model that exist in adversarial nodes, the concept of plausible route is extended and the definition of plausible-route set is presented. Plausible-Route set is used to describe the multi-path routing for ad hoc networks, and a formal security definition based on UC-RP is given. A provably Security Multiple Node-Disjoint Paths source routing (SMNDP) is proposed and used to address secure fault issue of MNDP (multiple node-disjoint paths) in the active adversary model. The new approach shows that the security of SMNDP can be reduced to the security of the message authentication code and the digital signature. SMNDP implements the correctness of route discovery process, the authentication of nodes identifier and the integrality of route information.