基于分簇的战术互联网安全关键技术研究
|
摘要
战术互联网是网络中心战在局部战场的体现,是现代化战争中保障数字化部队进行机动作战的战场信息基础设施。战术互联网的安全缺失将直接导致战役战斗的失败,战术互联网的安全是信息化战争体系安全中最直接最现实的部分。
战术互联网中命令控制、态势感知和语音协作等信息的流动具有整体纵向、局部横向的特点,节点具有目的性、协作性和策略性的组移动特点。以行动小组为基础进行分簇,可以使得网络结构不仅与部队实际编成相一致,而且能够减少局部子网间的通信量,并有利于安全子域的划分和安全技术的实现,从而提高网络的效率和安全性。
本文对基于行动小组进行分簇的战术互联网的安全框架及其关键实现技术进行了研究,该安全框架是结合网络模型、信任模型和安全操作的分层次的综合实现方案。网络以行动小组为基础划分为若干簇,并以簇为单元建立簇内信任和簇间信任,簇内和簇间信任为安全管理、安全路由、保密通信等安全操作提供了信任基础。依据战术互联网干线网络和末端子网的应用特点,提出了在干线网络采用带冗余的CA集群和在末端子网采用分布式CA相结合的认证方案。末端子网中,由选定的簇首组建一个分布式CA作为簇间的认证基础,而在簇内通过预先共享密钥来实现快速认证。
因为战术互联网的分布性、动态性,不仅使得分布式CA在战术互联网安全问题的解决方案中占有重要的位置,同时也要求分布式CA的组成结构要适应网络的不断变化以保证CA服务的效率等。移动敌人的攻击迫使分布式CA不断地更换私钥,以保证自身安全。因此,分布式CA服务的响应时间、丢失概率、成功概率和自身的安全性是实际应用中不能不考虑的问题。本文从随机概率分析的角度对这些问题进行了研究,并在此基础上,以平均响应时间为优化目标,以服务成功概率、安全性概率和服务申请平均丢失概率为约束条件,建立了最优化模型,给出了相应的求解过程。
信任评估是网络安全活动的重要决策依据,其目的是通过排除内部的消极节点和恶意节点来提高网络的效率、可靠性和安全性等。在分析了基于小组分簇的战术互联网中信任管理的特点后,本文提取了数据转发、数据篡改、拒绝服务攻击和分布式CA证书服务作为信任值计算的依据,它们或者通过邻居节点监视或者通过对分布式CA服务节点提供的证书分量的鉴别来获得。提出了新的节点信任值评价模型,该模型以可拓综合评价方法和层次分析法为基础,并建立了适合基于小组分簇的战术互联网特点的关联函数和关联度计算方法。
分簇的初衷在于提高网络的效率和可扩充性,路由是与分簇紧密结合在一起的。因此,研究与基于小组的分簇网络结构和战术互联网业务信息传递特点、节点移动特点相适应的路由协议是战术互联网分簇的内在要求。路由的安全在无线网络中尤为重要,基于分簇结构的认证方案为保障路由信息的安全提供了必要的基础。结合应用于先应式和后应式路由协议的安全策略,本文提出了基于小组的安全分簇与路由协议,其基本思想是小组自然成簇并在簇内通过定期交换信息维持簇内拓扑信息以减少时延使之符合簇内语音协作信息传递的要求,而在簇间通过“有限洪泛”按需启动路由发现以减少消耗并提高网络的可扩展性,并通过簇内对称密钥来保护簇内定期交换信息和通过簇间分布式CA来保护路由请求、回复等消息的安全,达到保护路由维护信息的完整性和网络结构的隐秘性,为后续的保密通信提供坚实的基础。在NS2环境中实现了该协议,实验结果显示在与战术互联网相似的设定场景中具有较满意的性能。
Tactical internet is the application of network-centric warfare in local battlefield. In modern warfare, tactical internet is information infrastructure of local battlefield to ensure digital army to fight smoothly. The security defects of tactical internet will lead to being defeated in battle. The security of tactical internet is the directly reflect of the security of informationized war’s architecture.
In tactical internet, the flow of command control and situational awareness information charactized as vertical mobility in whole, while the flow of collaborating voice information charactized as horizontal mobility in local. Those nodes who have the same goal move as a team. Dividing the network into clusters will reduce traffic during the routing process. Clustering based on combat unit will not only make the network structure correspond with the formation of soldiers but also reduce the communication between clusters. It can be in favor of the realization of security technologies.
Researches of security framework and the key technologies of it for tactical internet, clustered based on combat unit, have been done in this paper. This security framework is an integrated realization scheme, which combined network model, trust model and secure operations in different levels. The network is clustered according to battle unit. Trust between nodes from the same cluster and different clusters are built up in different ways. The built trust provides the basement of security management, secure routing, secrete communication, and so on. According to the characters of trunk net and terminal subnet, an authentication scheme of tactical internet is presented in this paper. The main idea of this authentication scheme is that an assembly of redundant CA (Certificate Authority) is applied in trunk net and a distributed CA is applied in terminal subnets. In a terminal subnet, a distributed CA is built in a set of CHs (Cluster Heads) is the basement for authentication between clusters and a cluster-wide symmetric key is used to authenticate each other for nodes in the cluster.
Distributed CA is important for the scheme of tactical internet security for the reason that tactical internet is a distributed and dynamic net. On other hands, the construct of distributed CA needs to adapt the changes of tactical net. Distributed CA has to change their private key to resist mobile attackers. So, the mean response time, the loss probability and the service success probability of application from other nodes to distributed CA and secure probability of itself are very important for its application. In this paper, those problems are analyzed by random-probability analysis and based on these analyses an optimizing model is set up and resolved.
The purpose of trust evaluation is to improve the efficiency, reliability and security of tactical internet by getting rid of inactive and malevolence nodes. After the analysis of trust management applied in clustered tactical internet, the packet untransmitting and falsifying, denial of service attack, and the validity of distributed CA services are chosen as the proofs to compute the node’s trust value. A model is set up to evaluate the trust value, which is based on extension multi-factorial evaluation method. In this model, link functions are built to suit characters of tactical internet and the weights of factors are decided by analytic hierarchy process.
The routing protocol based on clustered network structure need to suit the flow of data and the movement of nodes in tactical internet. Security is especially important for wireless network. A new secure routing protocol, based on authentication scheme, is presented. In this secure routing protocol, nodes exchange their information at fixed period to refresh node topology inner clusters for transmitting of collaborating voice information and the on demand route discovery is used between clusters to suit the demand of reducing traffic. The exchanged information inner clusters can be protected by pre-shared symmetric key and routing information between clusters can be protected by distributed CA. The routing protocol is realized in NS2 and the result of experiments show that the performance is approving under the scene same as tactical internet.
战术互联网中命令控制、态势感知和语音协作等信息的流动具有整体纵向、局部横向的特点,节点具有目的性、协作性和策略性的组移动特点。以行动小组为基础进行分簇,可以使得网络结构不仅与部队实际编成相一致,而且能够减少局部子网间的通信量,并有利于安全子域的划分和安全技术的实现,从而提高网络的效率和安全性。
本文对基于行动小组进行分簇的战术互联网的安全框架及其关键实现技术进行了研究,该安全框架是结合网络模型、信任模型和安全操作的分层次的综合实现方案。网络以行动小组为基础划分为若干簇,并以簇为单元建立簇内信任和簇间信任,簇内和簇间信任为安全管理、安全路由、保密通信等安全操作提供了信任基础。依据战术互联网干线网络和末端子网的应用特点,提出了在干线网络采用带冗余的CA集群和在末端子网采用分布式CA相结合的认证方案。末端子网中,由选定的簇首组建一个分布式CA作为簇间的认证基础,而在簇内通过预先共享密钥来实现快速认证。
因为战术互联网的分布性、动态性,不仅使得分布式CA在战术互联网安全问题的解决方案中占有重要的位置,同时也要求分布式CA的组成结构要适应网络的不断变化以保证CA服务的效率等。移动敌人的攻击迫使分布式CA不断地更换私钥,以保证自身安全。因此,分布式CA服务的响应时间、丢失概率、成功概率和自身的安全性是实际应用中不能不考虑的问题。本文从随机概率分析的角度对这些问题进行了研究,并在此基础上,以平均响应时间为优化目标,以服务成功概率、安全性概率和服务申请平均丢失概率为约束条件,建立了最优化模型,给出了相应的求解过程。
信任评估是网络安全活动的重要决策依据,其目的是通过排除内部的消极节点和恶意节点来提高网络的效率、可靠性和安全性等。在分析了基于小组分簇的战术互联网中信任管理的特点后,本文提取了数据转发、数据篡改、拒绝服务攻击和分布式CA证书服务作为信任值计算的依据,它们或者通过邻居节点监视或者通过对分布式CA服务节点提供的证书分量的鉴别来获得。提出了新的节点信任值评价模型,该模型以可拓综合评价方法和层次分析法为基础,并建立了适合基于小组分簇的战术互联网特点的关联函数和关联度计算方法。
分簇的初衷在于提高网络的效率和可扩充性,路由是与分簇紧密结合在一起的。因此,研究与基于小组的分簇网络结构和战术互联网业务信息传递特点、节点移动特点相适应的路由协议是战术互联网分簇的内在要求。路由的安全在无线网络中尤为重要,基于分簇结构的认证方案为保障路由信息的安全提供了必要的基础。结合应用于先应式和后应式路由协议的安全策略,本文提出了基于小组的安全分簇与路由协议,其基本思想是小组自然成簇并在簇内通过定期交换信息维持簇内拓扑信息以减少时延使之符合簇内语音协作信息传递的要求,而在簇间通过“有限洪泛”按需启动路由发现以减少消耗并提高网络的可扩展性,并通过簇内对称密钥来保护簇内定期交换信息和通过簇间分布式CA来保护路由请求、回复等消息的安全,达到保护路由维护信息的完整性和网络结构的隐秘性,为后续的保密通信提供坚实的基础。在NS2环境中实现了该协议,实验结果显示在与战术互联网相似的设定场景中具有较满意的性能。
Tactical internet is the application of network-centric warfare in local battlefield. In modern warfare, tactical internet is information infrastructure of local battlefield to ensure digital army to fight smoothly. The security defects of tactical internet will lead to being defeated in battle. The security of tactical internet is the directly reflect of the security of informationized war’s architecture.
In tactical internet, the flow of command control and situational awareness information charactized as vertical mobility in whole, while the flow of collaborating voice information charactized as horizontal mobility in local. Those nodes who have the same goal move as a team. Dividing the network into clusters will reduce traffic during the routing process. Clustering based on combat unit will not only make the network structure correspond with the formation of soldiers but also reduce the communication between clusters. It can be in favor of the realization of security technologies.
Researches of security framework and the key technologies of it for tactical internet, clustered based on combat unit, have been done in this paper. This security framework is an integrated realization scheme, which combined network model, trust model and secure operations in different levels. The network is clustered according to battle unit. Trust between nodes from the same cluster and different clusters are built up in different ways. The built trust provides the basement of security management, secure routing, secrete communication, and so on. According to the characters of trunk net and terminal subnet, an authentication scheme of tactical internet is presented in this paper. The main idea of this authentication scheme is that an assembly of redundant CA (Certificate Authority) is applied in trunk net and a distributed CA is applied in terminal subnets. In a terminal subnet, a distributed CA is built in a set of CHs (Cluster Heads) is the basement for authentication between clusters and a cluster-wide symmetric key is used to authenticate each other for nodes in the cluster.
Distributed CA is important for the scheme of tactical internet security for the reason that tactical internet is a distributed and dynamic net. On other hands, the construct of distributed CA needs to adapt the changes of tactical net. Distributed CA has to change their private key to resist mobile attackers. So, the mean response time, the loss probability and the service success probability of application from other nodes to distributed CA and secure probability of itself are very important for its application. In this paper, those problems are analyzed by random-probability analysis and based on these analyses an optimizing model is set up and resolved.
The purpose of trust evaluation is to improve the efficiency, reliability and security of tactical internet by getting rid of inactive and malevolence nodes. After the analysis of trust management applied in clustered tactical internet, the packet untransmitting and falsifying, denial of service attack, and the validity of distributed CA services are chosen as the proofs to compute the node’s trust value. A model is set up to evaluate the trust value, which is based on extension multi-factorial evaluation method. In this model, link functions are built to suit characters of tactical internet and the weights of factors are decided by analytic hierarchy process.
The routing protocol based on clustered network structure need to suit the flow of data and the movement of nodes in tactical internet. Security is especially important for wireless network. A new secure routing protocol, based on authentication scheme, is presented. In this secure routing protocol, nodes exchange their information at fixed period to refresh node topology inner clusters for transmitting of collaborating voice information and the on demand route discovery is used between clusters to suit the demand of reducing traffic. The exchanged information inner clusters can be protected by pre-shared symmetric key and routing information between clusters can be protected by distributed CA. The routing protocol is realized in NS2 and the result of experiments show that the performance is approving under the scene same as tactical internet.
引文
[1]秦宜学.数字化战场[M].国防工业出版社, 2004. 305.
[2]Jubin J, Tornow J D. The DARPA Packet Radio Network Protocols[J]. Proceedings of the IEEE, 1987, 75(1): 21-32.
[3]何非常,周吉,李振帮等.军事通信—现代战争的神经网络[M]. 2000年2月ed.北京:国防工业出版社, 2000.
[4]陈鲁生,沈世镒.现代密码学[M].北京:科学出版社, 2002.
[5]Shamir A. How to share a secret[J]. Communications of the ACM, 1979, 22(11): 612-613.
[6]Frank Stajano R A. The resurrecting duckling:security issues for Ad-hoc wireless networks[C]. Springer-Verlag,Berlin Germany: 1999. 172-194.
[7]Stajano F. The Resurrecting Duckling—What Next?[C]. Springer-Verlag, Berlin, 2001: 2006. 204-214.
[8]Lee J, Stinson D R. Deterministic key predistribution schemes for distributed sensor networks[C]. Waterloo, Ont., Canada: Springer Verlag, Heidelberg, D-69121, Germany, 2005. 294-307.
[9]Eschenauer L, Gligor V D. A key-management scheme for distributed sensor networks[C]. Washington, DC, United States: Association for Computing Machinery, 2002. 41-47.
[10]Pirzada A A, Mcdonald C. Kerberos assisted Authentication in Mobile Ad-hoc Networks[C]. Dunedin, New Zealand: Australian Computer Society, Inc., 2004. 41-46.
[11]Bellovin S M, Merritt M. Encrypted key exchange: password-based protocols secure against dictionary attacks[C]. 1992. 72-84.
[12]Lamport L. Password authentication with insecure communication[J]. Communications of the ACM, 1981, 24(11): 770-772.
[13]Yi S, Kravets R. MOCA:Mobile Certificate Authority for Wireless Ad Hoc Networks[C]. Gaithersburg,Maryland: 2003. 65-79.
[14]Yi S, Kravets R. Key Management for Heterogeneous Ad Hoc Wireless Networks[C]. Washington, DC, USA: IEEE Computer Society, 2002. 202-205.
[15]Herzberg A, Jarecki S, Krawczyk H, et al. Proactive Secret Sharing Or: How to Cope With Perpetual Leakage[J]. Advances in Cryptology—CRYPT0’95, 1995, : 339-352.
[16]van Lidong Zhou R R E. COCA: A Secure Distributed On-line Certification Authority[J]. ACM Transactions on Computer Systems, 2002, 20(04): 329-368.
[17]Kong J, Zerfos P, Luo H, et al. Providing robust and ubiquitous security support for mobile ad-hoc networks [C]. United States: 2001. 251-260.
[18]Bechler M, Hof H J, Kraft D, et al. A cluster-based security architecture for ad hoc networks[C]. Hongkong, China: Institute of Electrical and Electronics Engineers Inc., Piscataway, NJ 08855-1331, United States, 2004. 2393-2403.
[19]Takaragi K, Miyazaki K, Takahashi M. A threshold digital signature issuing scheme withoutsecret communication[EB/OL]. Http://uper.ieee.org/groups/1363/StudyGroup/Threshold.html.
[20]Elhdhili M E, Azzouz L B, Kamoun F. A Totally Distributed Cluster Based Key Management Model for Ad hoc Networks[C]. Proc. Of the 3th Annual Mediterranean Ad Hoc Networking Workshop. 2004.
[21]Capkun S, Buttyan L, Hubaux J P. Self-organized public-key management for mobile ad hoc networks[J]. IEEE Transactions on Mobile Computing, 2003, 2(1): 52-64.
[22]Hubaux J P, Buttyan L, Capkun S. The quest for security in mobile ad hoc networks[C]. Long Beach, CA, United States: Association for Computing Machinery, 2001. 146-155.
[23]Shamir A. Identity-based Cryptosystems and Signature Schemes[C]. Proceeding of CRYPTO 84 on Advances in cryptology. Santa Barbara, California, United States. Spring-Verlag New York. 1984. 47-53.
[24]Khalili A, Katz J, Arbaugh W A. Toward secure key distribution in truly ad-hoc networks[C]. Applications and the Internet Workshops. 2003. 342-346.
[25]崔国华,金豪.基于IBE和秘密共享的分布式密钥管理和认证[J].信息安全与通信保密, 2005, (2): 53-55.
[26]Girault M. Self-certified public keys[C]. In Proceeding of Euroerypt’91. 1991.
[27]Audun J?sang R I C B. A Survey of Trust and Reputation Systems for Online Service Provision[J]. 2004.
[28]Guha R, Kumar R, Raghavan P, et al. Propagation of Trust and Distrust[C]. New York, NY, USA: Association for Computing Machinery New York, NY, USA, 2004. 403-412.
[29]Beth T, Borcherding M, Klein B. Valuation of trust in open networks[J]. Lecture Notes In Computer Science, 1994, 875: 3-18.
[30]Ngai E C H, Lyu M R. An authentication service based on trust and clustering in wireless ad hoc networks: Description and security evaluation[C]. 2006. 94-101.
[31]Ngai E C, Lyu M R. Trust- and clustering-based authentication services in mobile ad hoc networks[C]. Hachioji, Japan: Institute of Electrical and Electronics Engineers Inc., Piscataway, United States, 2004. 582-587.
[32]刘玉龙,曹元大.分布网络环境主观信任模型研究[J].北京理工大学学报, 2005, 25(6): 504-508.
[33]刘玉龙,曹元大,李剑.一种新型推荐信任模型[J].计算机工程与应用, 2004, 40(29): 47-49.
[34]Sun Y, Yu W, Han Z, et al. Trust modeling and evaluation in ad hoc networks[C]. St. Louis, MO, United States: Institute of Electrical and Electronics Engineers Inc., New York, NY 10016-5997, United States, 2005. 1862-1867.
[35]Sang A J. A metric for Security[J].
[36]Sang A J. The right type of trust for distributed systems[J].
[37]Stubblebine, Reiter M K, G S. Resilient authentication using path independence[J]. Computers, IEEE Transactions on, 1998, 47(12): 1351-1362.
[38]Johnson D B, Maltz D A. Dynamic Source Routing in Ad Hoc Wireless Networks[A]. Korth TI A H. Mobile Computing[M]. Kluwer Academic Publishers, 1996. 153-181.
[39]Tim Daniel Hollerung. The Cluster-Based Routing Protocol[R]. Project group‘mobile Ad-Hoc Networks Based on Wireless LAN’, University of Paderborn. 2004.
[40]徐金星,郑扣根,姚翔, et al.移动Ad hoc网络路由安全性研究[J].计算机应用研究, 2005, 22(9): 123-125.
[41]Hu Y C, Johnson D B, Perrig A. SEAD: Secure efficient distance vector routing for mobile wireless ad hoc networks[J]. Ad Hoc Networks, 2003, 1(1): 175-192.
[42]Liu J, Fu F, Xiao J, et al. Secure routing for mobile ad hoc networks[C]. Qingdao, China: Institute of Electrical and Electronics Engineers Computer Society, Piscataway, NJ 08855-1331, United States, 2007. 314-318.
[43]Hu Y C, Perrig A, Johnson D B. Ariadne: A secure on-demand routing protocol for ad hoc networks[J]. Wireless Networks, 2005, 11(1-2): 21-38.
[44]乔驰,胡访宇.一种基于信任值的Ad hoc密钥管理方案[J].学术研究, 2007, : 150-153.
[45]Rachedi A, Benslimane A. Trust and mobility-based clustering algorithm for secure mobile ad hoc networks[C]. Papeete, French Polynesia: Institute of Electrical and Electronics Engineers Computer Society, Piscataway, NJ 08855-1331, United States, 2006. 4041587.
[46]Molva R, Michiardi P. Security in Ad Hoc Networks[J]. PersonalWireless Communications, 2003, : 756-775.
[47]沈颖.移动自组网的安全风险分析[J].信息安全与通信保密, 2005, (08).
[48]Sass P. Communications networks for the Force XXI Digitized Battlefield[J]. Mobile Networks and Applications, 1999, 4(3): 139-155.
[49]Sharret I P. WIN-T-the Army's new tactical intranet[C]. Atlantic City, NJ, USA: 1999. 1383-1387.
[50]Welsh B, Rehn N, Vincent B, et al. Multicasting with the Near Term Digital Radio(NTDR) in the tactical internet[C]. Boston, MA, USA: 1998. 452-456.
[51]何兆祥.战术互联网分簇路由协议与仿真研究[D].大连理工大学, 2006.
[52]王喜焱.美国陆军战术互联网的现状与发展[J].火控雷达技术, 2002, (04): 44-47.
[53]王晓凯,侯朝桢.战术互联网的无线通信网络模型及网络管理策略[J].计算机工程, 2003, 29(15): 75-77.
[54]杨宝林.战术互联网及其体系结构研究[J].通信工程, 2006.
[55]刘传辉,周新力,刘宴涛.战术互联网络体系结构[J].海军航空工程学院学报, 2008, (01).
[56]周义.战术互联网网络结构和密钥管理研究[D].重庆:重庆大学;, 2007.
[57]王海涛,刘晓明.战术互联网的主要装备、关键技术和未来发展[J].航空电子技术, 2005, 36(01).
[58]王寒凝,王亚弟,韩继红.战术互联网关键技术研究[J].计算机应用与软件, 2007, (09).
[59]Edlund E. Tactical ad-hoc networks[R]. STOCKHOLM: Swedish Defence Materiel Administration, Royal Institute of Technology, 2003.
[60]郑少仁,王海涛,赵志峰, et al. Ad Hoc网络技术[M].人民邮电出版社, 2005.
[61]Khalili A, Katz J, Arbaugh W A. Toward secure key distribution in truly ad-hoc networks[C].2003. 342-346.
[62]Lidong Z, Haas Z J. Securing ad hoc networks[J]. IEEE Network Magazine, 1999, 13(6): 24-30.
[63]Datko M J B. SUPPORTING SECURE, AD HOC JOINS FOR TACTICAL NETWORKS[R]. Annapolis, Maryland: United States Naval Academy, 2002.
[64]Toh C K, Lee E C, Ramos N A. Next-Generation Tactical Ad Hoc Mobile Wireless Networks[R]. Northrop Grumman Mission Systems, Tactical Systems Division. 2004.
[65]Kelsch G R. A COMMON TACTICAL INTERNET PERFORMANCE MODEL ARCHITECTURE[R]. IEEE Hughes Aircraft Company, 1997.
[66]李光松,韩文报.分簇Ad Hoc网络的密钥管理[J].计算机科学, 2006, 33(02).
[67]Stefano B. Distributed Clustering for Ad Hoc Networks[C]. Parallel Architectures, Algorithms, and Networks, International Symposium on. 1999. 310.
[68]Gerla M, Tzu-Chieh Tsai J. Multicluster, mobile, multimedia radio network[J]. Wireless Networks, 1995, 1(3): 255-265.
[69]Parekh, Abhay K. Selecting Routers in Ad-Hoc Wireless Networks[Z]. IBM T.J. Watson Research Center. 1994.
[70]Gerla, C R Lin. Adaptive Clustering for Mobile Wireless Networks[C]. 2000. 1265-1275.
[71]Mainak Chatterjee, Sajal k.Das, Damla Turgut. WCA:A Weighted Clustering Algorithm for Mobile Ad Hoc Networks[J]. 2002:193-204.
[72]A Prediction-Based Algorithm to Achieve Quality of Service in Multihop Ad hoc Networks[Z].
[73]Camp T, Boleng J, Davies V. A survey of mobility models for ad hoc network research[J]. Wireless Communications and Mobile Computing, 2002, 2(5): 483-502.
[74]Hong X, Gerla M, Pei G, et al. A Group Mobility Model for Ad HocWireless Network[C]. 1999. 53-60.
[75]Bettstetter C, Resta G, Santi P. The node distribution of the random waypoint mobility model for wireless ad hoc networks[J]. Mobile Computing, IEEE Transactions on, 2003, 2(3): 257-269.
[76]董超,杨盘龙,田畅.一种Ad Hoc网络组移动模型[J].系统仿真学报, 2006, 18(7): 1879-1884.
[77]Lee K H, Han S B, Suh H S, et al. Threshold authenticated key configuration scheme based on multi-layer clustering in mobile ad hoc[C]. Harbin, China: Springer Verlag, Heidelberg, D-69121, Germany, 2006. 321-329.
[78]Lee K H, Han S B, Suh H S, et al. Authentication based on multilayer clustering in ad hoc networks[J]. Eurasip Journal on Wireless Communications and Networking, 2005, 2005(5): 731-742.
[79]Li J H, Levy R, Yu M, et al. A scalable key management and clustering scheme for ad hoc networks[C]. Hong Kong, China: Association for Computing Machinery, New York, NY 10036-5701, United States, 2006. 1-10.
[80]吴芋,彭蔓蔓,李仁发.基于簇的移动自组网络信任管理模型[J].计算技术与自动化, 2006, 25(3): 85-87.
[81]Jin S, Park C, Choi D, et al. Cluster-based trust evaluation scheme in an ad hoc network[J]. ETRI Journal, 2005, 27(4): 465-468.
[82]冯建新.分簇结构移动ad hoc网络入侵检测技术的研究[D].沈阳:东北大学;, 2005.
[83]刘春娥.基于簇的移动Ad Hoc网络入侵响应机制研究[D].哈尔滨:哈尔滨工程大学, 2007.
[84]杨盘龙,田畅.分层分布式Ad Hoc网络拓扑模型的研究[J].系统仿真学报, 2005, 17(6): 1405-1407.
[85]Schez M, Manzoni P. ANEJOS: a Java based simulator for ad hoc networks[J]. 2001, 17(5): 573-583.
[86]董超,田畅,倪明放, et al.仿真在战术互联网效能评估中的应用[J].计算机仿真, 2007, (9).
[87]R Ostrovsky M Y. How to withstand mobile virus attacks[C]. Proc of the 10th ACM Symposium on Principles of Distributed Computing. 1991. 51-59.
[88]朱小锋. Ad Hoc网络移动模型的研究[D].大连:大连理工大学, 2006.
[89]张行文,孙宝林. Ad Hoc网络移动模型研究[J].计算机工程与应用, 2006, 42(29): 126-128.
[90]戴晖,于全,汪李峰.战术移动Ad hoc网络仿真中移动模型研究[J].系统仿真学报, 2007, 19(5): 1165-1169.
[91]Alparslan D N S K. A Generalized Random Mobility Model for Wireless Ad Hoc Networks and Its Analysis--One-Dimensional Case[J]. Networking, IEEE/ACM Transactions on, 2007, 15(3): 602-615.
[92]刘丰威.无线AdHoc网络连通性问题研究[D].杭州:浙江大学, 2007.
[93]马玉平,王元元,刘鹏, et al.无线Ad hoc网络的连通性与抗摧毁性[J].解放军理工大学学报:自然科学版, 2007, 8(2): 127-132.
[94]刘丰威,杨胜天,陈雁, et al.一维无线ad hoc网络的连通性[J].浙江大学学报:工学版, 2007, 41(8): 1335-1340.
[95]S. Yousefi M F E A. Improving connectivity in vehicular ad hoc networks--an analytical study[J]. an analytical study, Computer Communications, 2007.
[96]Barrett C L, Marathe M V, Engelhart D C, et al. Approximating the connectivity between nodes when simulating large-scale mobile ad hoc radio networks[J]. Journal of Systems and Software, 2004, 73(1 SPEC ISS): 63-74.
[97]穆海冰,张长伦,刘云.移动Ad Hoc网络分布式CA技术研究[J]. 2007, 29(4): 140-143.
[98]Ivo Adan J R. Queueing Theory[EB/OL]. http://www.cs.duke.edu/fishhai/misc/queue.pdf.
[99]孙荣恒,李建平.排队论基础[M].北京:科学出版社, 2002.
[100]刘次华.随机过程[M].华中理工大学出版社, 2000.
[101]Sheela B A R P. SWIFT - A new constrained optimization technique (Sequential Weight Increasing Factor Technique for nonlinear programming)[J]. Computer Methods in Applied Mechanics and Engineering, 1975, 6(3): 309-317.
[102]Marti S, Giuli T J, Lai K, et al. Mitigating routing misbehavior in mobile ad hoc networks[C]. 2000. 255-265.
[103]Yang H, Shu J, Meng X, et al. SCAN-Self-organized network-layer security in mobile ad hoc networks[J]. IEEE Journal on Selected Areas in Communications, 2006, 24(2): 261-273.
[104]Pietro Michiardi R M. Core:A collaborative reputation mechanism to enforce node coperation in Mobile Ad Hoc Networks[C]. Publisher Kluwer, B.V. Deventer, The Netherlands, The Netherlands , 2002. 107-121.
[105]叶阿勇.移动Ad Hoc网络节点协作性的安全研究[D].福建师范大学;, 2005.
[106]杜栋,庞庆华.现代综合评价方法与案例精选[M].北京:清华大学出版社, 2005.
[107]李志林.可拓综合评价方法及其应用特色[J].广东工业大学学报, 2000, 17(2): 105-108.
[108]赵焕臣.层次分析法[M].北京:科学出版社, 1986.
[109]蔡文,杨春燕,林伟初, et al.可拓论及其应用研究[Z].广东工业大学, 2004.
[2]Jubin J, Tornow J D. The DARPA Packet Radio Network Protocols[J]. Proceedings of the IEEE, 1987, 75(1): 21-32.
[3]何非常,周吉,李振帮等.军事通信—现代战争的神经网络[M]. 2000年2月ed.北京:国防工业出版社, 2000.
[4]陈鲁生,沈世镒.现代密码学[M].北京:科学出版社, 2002.
[5]Shamir A. How to share a secret[J]. Communications of the ACM, 1979, 22(11): 612-613.
[6]Frank Stajano R A. The resurrecting duckling:security issues for Ad-hoc wireless networks[C]. Springer-Verlag,Berlin Germany: 1999. 172-194.
[7]Stajano F. The Resurrecting Duckling—What Next?[C]. Springer-Verlag, Berlin, 2001: 2006. 204-214.
[8]Lee J, Stinson D R. Deterministic key predistribution schemes for distributed sensor networks[C]. Waterloo, Ont., Canada: Springer Verlag, Heidelberg, D-69121, Germany, 2005. 294-307.
[9]Eschenauer L, Gligor V D. A key-management scheme for distributed sensor networks[C]. Washington, DC, United States: Association for Computing Machinery, 2002. 41-47.
[10]Pirzada A A, Mcdonald C. Kerberos assisted Authentication in Mobile Ad-hoc Networks[C]. Dunedin, New Zealand: Australian Computer Society, Inc., 2004. 41-46.
[11]Bellovin S M, Merritt M. Encrypted key exchange: password-based protocols secure against dictionary attacks[C]. 1992. 72-84.
[12]Lamport L. Password authentication with insecure communication[J]. Communications of the ACM, 1981, 24(11): 770-772.
[13]Yi S, Kravets R. MOCA:Mobile Certificate Authority for Wireless Ad Hoc Networks[C]. Gaithersburg,Maryland: 2003. 65-79.
[14]Yi S, Kravets R. Key Management for Heterogeneous Ad Hoc Wireless Networks[C]. Washington, DC, USA: IEEE Computer Society, 2002. 202-205.
[15]Herzberg A, Jarecki S, Krawczyk H, et al. Proactive Secret Sharing Or: How to Cope With Perpetual Leakage[J]. Advances in Cryptology—CRYPT0’95, 1995, : 339-352.
[16]van Lidong Zhou R R E. COCA: A Secure Distributed On-line Certification Authority[J]. ACM Transactions on Computer Systems, 2002, 20(04): 329-368.
[17]Kong J, Zerfos P, Luo H, et al. Providing robust and ubiquitous security support for mobile ad-hoc networks [C]. United States: 2001. 251-260.
[18]Bechler M, Hof H J, Kraft D, et al. A cluster-based security architecture for ad hoc networks[C]. Hongkong, China: Institute of Electrical and Electronics Engineers Inc., Piscataway, NJ 08855-1331, United States, 2004. 2393-2403.
[19]Takaragi K, Miyazaki K, Takahashi M. A threshold digital signature issuing scheme withoutsecret communication[EB/OL]. Http://uper.ieee.org/groups/1363/StudyGroup/Threshold.html.
[20]Elhdhili M E, Azzouz L B, Kamoun F. A Totally Distributed Cluster Based Key Management Model for Ad hoc Networks[C]. Proc. Of the 3th Annual Mediterranean Ad Hoc Networking Workshop. 2004.
[21]Capkun S, Buttyan L, Hubaux J P. Self-organized public-key management for mobile ad hoc networks[J]. IEEE Transactions on Mobile Computing, 2003, 2(1): 52-64.
[22]Hubaux J P, Buttyan L, Capkun S. The quest for security in mobile ad hoc networks[C]. Long Beach, CA, United States: Association for Computing Machinery, 2001. 146-155.
[23]Shamir A. Identity-based Cryptosystems and Signature Schemes[C]. Proceeding of CRYPTO 84 on Advances in cryptology. Santa Barbara, California, United States. Spring-Verlag New York. 1984. 47-53.
[24]Khalili A, Katz J, Arbaugh W A. Toward secure key distribution in truly ad-hoc networks[C]. Applications and the Internet Workshops. 2003. 342-346.
[25]崔国华,金豪.基于IBE和秘密共享的分布式密钥管理和认证[J].信息安全与通信保密, 2005, (2): 53-55.
[26]Girault M. Self-certified public keys[C]. In Proceeding of Euroerypt’91. 1991.
[27]Audun J?sang R I C B. A Survey of Trust and Reputation Systems for Online Service Provision[J]. 2004.
[28]Guha R, Kumar R, Raghavan P, et al. Propagation of Trust and Distrust[C]. New York, NY, USA: Association for Computing Machinery New York, NY, USA, 2004. 403-412.
[29]Beth T, Borcherding M, Klein B. Valuation of trust in open networks[J]. Lecture Notes In Computer Science, 1994, 875: 3-18.
[30]Ngai E C H, Lyu M R. An authentication service based on trust and clustering in wireless ad hoc networks: Description and security evaluation[C]. 2006. 94-101.
[31]Ngai E C, Lyu M R. Trust- and clustering-based authentication services in mobile ad hoc networks[C]. Hachioji, Japan: Institute of Electrical and Electronics Engineers Inc., Piscataway, United States, 2004. 582-587.
[32]刘玉龙,曹元大.分布网络环境主观信任模型研究[J].北京理工大学学报, 2005, 25(6): 504-508.
[33]刘玉龙,曹元大,李剑.一种新型推荐信任模型[J].计算机工程与应用, 2004, 40(29): 47-49.
[34]Sun Y, Yu W, Han Z, et al. Trust modeling and evaluation in ad hoc networks[C]. St. Louis, MO, United States: Institute of Electrical and Electronics Engineers Inc., New York, NY 10016-5997, United States, 2005. 1862-1867.
[35]Sang A J. A metric for Security[J].
[36]Sang A J. The right type of trust for distributed systems[J].
[37]Stubblebine, Reiter M K, G S. Resilient authentication using path independence[J]. Computers, IEEE Transactions on, 1998, 47(12): 1351-1362.
[38]Johnson D B, Maltz D A. Dynamic Source Routing in Ad Hoc Wireless Networks[A]. Korth TI A H. Mobile Computing[M]. Kluwer Academic Publishers, 1996. 153-181.
[39]Tim Daniel Hollerung. The Cluster-Based Routing Protocol[R]. Project group‘mobile Ad-Hoc Networks Based on Wireless LAN’, University of Paderborn. 2004.
[40]徐金星,郑扣根,姚翔, et al.移动Ad hoc网络路由安全性研究[J].计算机应用研究, 2005, 22(9): 123-125.
[41]Hu Y C, Johnson D B, Perrig A. SEAD: Secure efficient distance vector routing for mobile wireless ad hoc networks[J]. Ad Hoc Networks, 2003, 1(1): 175-192.
[42]Liu J, Fu F, Xiao J, et al. Secure routing for mobile ad hoc networks[C]. Qingdao, China: Institute of Electrical and Electronics Engineers Computer Society, Piscataway, NJ 08855-1331, United States, 2007. 314-318.
[43]Hu Y C, Perrig A, Johnson D B. Ariadne: A secure on-demand routing protocol for ad hoc networks[J]. Wireless Networks, 2005, 11(1-2): 21-38.
[44]乔驰,胡访宇.一种基于信任值的Ad hoc密钥管理方案[J].学术研究, 2007, : 150-153.
[45]Rachedi A, Benslimane A. Trust and mobility-based clustering algorithm for secure mobile ad hoc networks[C]. Papeete, French Polynesia: Institute of Electrical and Electronics Engineers Computer Society, Piscataway, NJ 08855-1331, United States, 2006. 4041587.
[46]Molva R, Michiardi P. Security in Ad Hoc Networks[J]. PersonalWireless Communications, 2003, : 756-775.
[47]沈颖.移动自组网的安全风险分析[J].信息安全与通信保密, 2005, (08).
[48]Sass P. Communications networks for the Force XXI Digitized Battlefield[J]. Mobile Networks and Applications, 1999, 4(3): 139-155.
[49]Sharret I P. WIN-T-the Army's new tactical intranet[C]. Atlantic City, NJ, USA: 1999. 1383-1387.
[50]Welsh B, Rehn N, Vincent B, et al. Multicasting with the Near Term Digital Radio(NTDR) in the tactical internet[C]. Boston, MA, USA: 1998. 452-456.
[51]何兆祥.战术互联网分簇路由协议与仿真研究[D].大连理工大学, 2006.
[52]王喜焱.美国陆军战术互联网的现状与发展[J].火控雷达技术, 2002, (04): 44-47.
[53]王晓凯,侯朝桢.战术互联网的无线通信网络模型及网络管理策略[J].计算机工程, 2003, 29(15): 75-77.
[54]杨宝林.战术互联网及其体系结构研究[J].通信工程, 2006.
[55]刘传辉,周新力,刘宴涛.战术互联网络体系结构[J].海军航空工程学院学报, 2008, (01).
[56]周义.战术互联网网络结构和密钥管理研究[D].重庆:重庆大学;, 2007.
[57]王海涛,刘晓明.战术互联网的主要装备、关键技术和未来发展[J].航空电子技术, 2005, 36(01).
[58]王寒凝,王亚弟,韩继红.战术互联网关键技术研究[J].计算机应用与软件, 2007, (09).
[59]Edlund E. Tactical ad-hoc networks[R]. STOCKHOLM: Swedish Defence Materiel Administration, Royal Institute of Technology, 2003.
[60]郑少仁,王海涛,赵志峰, et al. Ad Hoc网络技术[M].人民邮电出版社, 2005.
[61]Khalili A, Katz J, Arbaugh W A. Toward secure key distribution in truly ad-hoc networks[C].2003. 342-346.
[62]Lidong Z, Haas Z J. Securing ad hoc networks[J]. IEEE Network Magazine, 1999, 13(6): 24-30.
[63]Datko M J B. SUPPORTING SECURE, AD HOC JOINS FOR TACTICAL NETWORKS[R]. Annapolis, Maryland: United States Naval Academy, 2002.
[64]Toh C K, Lee E C, Ramos N A. Next-Generation Tactical Ad Hoc Mobile Wireless Networks[R]. Northrop Grumman Mission Systems, Tactical Systems Division. 2004.
[65]Kelsch G R. A COMMON TACTICAL INTERNET PERFORMANCE MODEL ARCHITECTURE[R]. IEEE Hughes Aircraft Company, 1997.
[66]李光松,韩文报.分簇Ad Hoc网络的密钥管理[J].计算机科学, 2006, 33(02).
[67]Stefano B. Distributed Clustering for Ad Hoc Networks[C]. Parallel Architectures, Algorithms, and Networks, International Symposium on. 1999. 310.
[68]Gerla M, Tzu-Chieh Tsai J. Multicluster, mobile, multimedia radio network[J]. Wireless Networks, 1995, 1(3): 255-265.
[69]Parekh, Abhay K. Selecting Routers in Ad-Hoc Wireless Networks[Z]. IBM T.J. Watson Research Center. 1994.
[70]Gerla, C R Lin. Adaptive Clustering for Mobile Wireless Networks[C]. 2000. 1265-1275.
[71]Mainak Chatterjee, Sajal k.Das, Damla Turgut. WCA:A Weighted Clustering Algorithm for Mobile Ad Hoc Networks[J]. 2002:193-204.
[72]A Prediction-Based Algorithm to Achieve Quality of Service in Multihop Ad hoc Networks[Z].
[73]Camp T, Boleng J, Davies V. A survey of mobility models for ad hoc network research[J]. Wireless Communications and Mobile Computing, 2002, 2(5): 483-502.
[74]Hong X, Gerla M, Pei G, et al. A Group Mobility Model for Ad HocWireless Network[C]. 1999. 53-60.
[75]Bettstetter C, Resta G, Santi P. The node distribution of the random waypoint mobility model for wireless ad hoc networks[J]. Mobile Computing, IEEE Transactions on, 2003, 2(3): 257-269.
[76]董超,杨盘龙,田畅.一种Ad Hoc网络组移动模型[J].系统仿真学报, 2006, 18(7): 1879-1884.
[77]Lee K H, Han S B, Suh H S, et al. Threshold authenticated key configuration scheme based on multi-layer clustering in mobile ad hoc[C]. Harbin, China: Springer Verlag, Heidelberg, D-69121, Germany, 2006. 321-329.
[78]Lee K H, Han S B, Suh H S, et al. Authentication based on multilayer clustering in ad hoc networks[J]. Eurasip Journal on Wireless Communications and Networking, 2005, 2005(5): 731-742.
[79]Li J H, Levy R, Yu M, et al. A scalable key management and clustering scheme for ad hoc networks[C]. Hong Kong, China: Association for Computing Machinery, New York, NY 10036-5701, United States, 2006. 1-10.
[80]吴芋,彭蔓蔓,李仁发.基于簇的移动自组网络信任管理模型[J].计算技术与自动化, 2006, 25(3): 85-87.
[81]Jin S, Park C, Choi D, et al. Cluster-based trust evaluation scheme in an ad hoc network[J]. ETRI Journal, 2005, 27(4): 465-468.
[82]冯建新.分簇结构移动ad hoc网络入侵检测技术的研究[D].沈阳:东北大学;, 2005.
[83]刘春娥.基于簇的移动Ad Hoc网络入侵响应机制研究[D].哈尔滨:哈尔滨工程大学, 2007.
[84]杨盘龙,田畅.分层分布式Ad Hoc网络拓扑模型的研究[J].系统仿真学报, 2005, 17(6): 1405-1407.
[85]Schez M, Manzoni P. ANEJOS: a Java based simulator for ad hoc networks[J]. 2001, 17(5): 573-583.
[86]董超,田畅,倪明放, et al.仿真在战术互联网效能评估中的应用[J].计算机仿真, 2007, (9).
[87]R Ostrovsky M Y. How to withstand mobile virus attacks[C]. Proc of the 10th ACM Symposium on Principles of Distributed Computing. 1991. 51-59.
[88]朱小锋. Ad Hoc网络移动模型的研究[D].大连:大连理工大学, 2006.
[89]张行文,孙宝林. Ad Hoc网络移动模型研究[J].计算机工程与应用, 2006, 42(29): 126-128.
[90]戴晖,于全,汪李峰.战术移动Ad hoc网络仿真中移动模型研究[J].系统仿真学报, 2007, 19(5): 1165-1169.
[91]Alparslan D N S K. A Generalized Random Mobility Model for Wireless Ad Hoc Networks and Its Analysis--One-Dimensional Case[J]. Networking, IEEE/ACM Transactions on, 2007, 15(3): 602-615.
[92]刘丰威.无线AdHoc网络连通性问题研究[D].杭州:浙江大学, 2007.
[93]马玉平,王元元,刘鹏, et al.无线Ad hoc网络的连通性与抗摧毁性[J].解放军理工大学学报:自然科学版, 2007, 8(2): 127-132.
[94]刘丰威,杨胜天,陈雁, et al.一维无线ad hoc网络的连通性[J].浙江大学学报:工学版, 2007, 41(8): 1335-1340.
[95]S. Yousefi M F E A. Improving connectivity in vehicular ad hoc networks--an analytical study[J]. an analytical study, Computer Communications, 2007.
[96]Barrett C L, Marathe M V, Engelhart D C, et al. Approximating the connectivity between nodes when simulating large-scale mobile ad hoc radio networks[J]. Journal of Systems and Software, 2004, 73(1 SPEC ISS): 63-74.
[97]穆海冰,张长伦,刘云.移动Ad Hoc网络分布式CA技术研究[J]. 2007, 29(4): 140-143.
[98]Ivo Adan J R. Queueing Theory[EB/OL]. http://www.cs.duke.edu/fishhai/misc/queue.pdf.
[99]孙荣恒,李建平.排队论基础[M].北京:科学出版社, 2002.
[100]刘次华.随机过程[M].华中理工大学出版社, 2000.
[101]Sheela B A R P. SWIFT - A new constrained optimization technique (Sequential Weight Increasing Factor Technique for nonlinear programming)[J]. Computer Methods in Applied Mechanics and Engineering, 1975, 6(3): 309-317.
[102]Marti S, Giuli T J, Lai K, et al. Mitigating routing misbehavior in mobile ad hoc networks[C]. 2000. 255-265.
[103]Yang H, Shu J, Meng X, et al. SCAN-Self-organized network-layer security in mobile ad hoc networks[J]. IEEE Journal on Selected Areas in Communications, 2006, 24(2): 261-273.
[104]Pietro Michiardi R M. Core:A collaborative reputation mechanism to enforce node coperation in Mobile Ad Hoc Networks[C]. Publisher Kluwer, B.V. Deventer, The Netherlands, The Netherlands , 2002. 107-121.
[105]叶阿勇.移动Ad Hoc网络节点协作性的安全研究[D].福建师范大学;, 2005.
[106]杜栋,庞庆华.现代综合评价方法与案例精选[M].北京:清华大学出版社, 2005.
[107]李志林.可拓综合评价方法及其应用特色[J].广东工业大学学报, 2000, 17(2): 105-108.
[108]赵焕臣.层次分析法[M].北京:科学出版社, 1986.
[109]蔡文,杨春燕,林伟初, et al.可拓论及其应用研究[Z].广东工业大学, 2004.
© 2004-2018 中国地质图书馆版权所有 京ICP备05064691号 京公网安备11010802017129号 地址:北京市海淀区学院路29号 邮编:100083 电话:办公室:(+86 10)66554848;文献借阅、咨询服务、科技查新:66554700 |