基于信任度模型的Ad Hoc网络安全路由
|
摘要
Ad Hoc网络由一群可移动装置临时组成,不需固定基础设施,能够快速、动态、简单组网并相互沟通,在诸如军事设施、Ad Hoc移动会议、医疗以及日常生活等诸多方面都有广泛应用。同时,Ad Hoc网络的固有特性使其易于遭受攻击,因此安全是Ad Hoc网络能够获得更广泛使用的关键。其中,路由安全则是Ad Hoc安全的基础。
如果能够有效地区分并隔离恶意节点,显然可以大大提高Ad Hoc路由的安全。本论文拟采用信任度评价方法来区分恶意节点,在广泛使用的路由协议(AODV)中引入信任度模型来弥补其设计上的安全漏洞,并提出一个以信任度为基础的安全路由协议(TAODV)。本协议利用节点的通信历史记录,包括邻居节点间通信成功与通信失败的次数,计算其对邻居节点的信任度。在路由过程中,利用此信任度来计算路径信任度,路径选择则以路径信任度最大为准则,并用信任度来限制对应邻居节点的行为。当邻居节点信任度低于设定阈值时,则判为恶意节点。在路由过程中避开这些恶意节点,以减少恶意节点的影响,增强路由的安全性。本文分析了该协议在常见攻击下的行为及其对攻击的抵抗能力,与已有算法(ARAN/SAODV)相比具有较高的安全性和较高的网络性能。
同时进行了模拟实验,以仿真工具NS2来评估TAODV在遭受攻击的情况下,网络传输的整体性能。与ARAN/SAODV协议相比较,实验结果表明,TAODV能够降低恶意节点的攻击,在网络的性能上具有较高的分组投递率和较小的网络延迟及网络负载。
Ad Hoc network is comprised of a number of mobile devices, and can be quickly, dynamically and easily set up without fixed network infrastructure, and it has various applications in many fields, e.g. military facilities, mobile Ad Hoc meeting, medical care, and other aspects of daily life. But due to its intrinsic characteristics, Ad Hoc network is vulnerable to various malicious attacks. Thus, security is the key basement that Ad Hoc can be widely deployed, and routing security is fundamental to Ad Hoc network security.
Apparently, recognizing and isolating malicious nodes will certainly enhance the security of Ad Hoc network. This paper takes advantage of trust measurement to recognize and segregate malicious nodes, introduces the idea of trust measurement to widely-acceptable routing protocol (i.e. AODV) to make up its secure routing design defects and proposes a secure routing protocol based on trust measurement (called as TAODV in short). Here, each node determines its neighbor’s trust measurement according to the success probability of previous communications. Based on it, the paper also defines a route’s trust measurement which is employed as a criterion to choose a route, and limit neighbor nodes’actions by their corresponding trust measurements. A node will be regarded as malicious when its trust measurement is below a previously-determined threshold. And by this way, those malicious nodes determined will be kept away during routing request and reply so that its malicious attack can be avoided. The paper discusses and analyzes the resistance ability of the proposed protocol when facing various familiar attacks and shows it is more secure and has better routing performances compared to previous secure routing.
The paper also takes some simulating experiments. Here, use the network simulation tool NS2 to estimate performance of network transmission of TAODV under attacks. The experimental results show that compared to SAODV and ARAN protocols, TAODV has a higher Packet delivery Ratio, a smaller End-to-End Delay and network routing loads besides reducing the impact from malicious nodes.
如果能够有效地区分并隔离恶意节点,显然可以大大提高Ad Hoc路由的安全。本论文拟采用信任度评价方法来区分恶意节点,在广泛使用的路由协议(AODV)中引入信任度模型来弥补其设计上的安全漏洞,并提出一个以信任度为基础的安全路由协议(TAODV)。本协议利用节点的通信历史记录,包括邻居节点间通信成功与通信失败的次数,计算其对邻居节点的信任度。在路由过程中,利用此信任度来计算路径信任度,路径选择则以路径信任度最大为准则,并用信任度来限制对应邻居节点的行为。当邻居节点信任度低于设定阈值时,则判为恶意节点。在路由过程中避开这些恶意节点,以减少恶意节点的影响,增强路由的安全性。本文分析了该协议在常见攻击下的行为及其对攻击的抵抗能力,与已有算法(ARAN/SAODV)相比具有较高的安全性和较高的网络性能。
同时进行了模拟实验,以仿真工具NS2来评估TAODV在遭受攻击的情况下,网络传输的整体性能。与ARAN/SAODV协议相比较,实验结果表明,TAODV能够降低恶意节点的攻击,在网络的性能上具有较高的分组投递率和较小的网络延迟及网络负载。
Ad Hoc network is comprised of a number of mobile devices, and can be quickly, dynamically and easily set up without fixed network infrastructure, and it has various applications in many fields, e.g. military facilities, mobile Ad Hoc meeting, medical care, and other aspects of daily life. But due to its intrinsic characteristics, Ad Hoc network is vulnerable to various malicious attacks. Thus, security is the key basement that Ad Hoc can be widely deployed, and routing security is fundamental to Ad Hoc network security.
Apparently, recognizing and isolating malicious nodes will certainly enhance the security of Ad Hoc network. This paper takes advantage of trust measurement to recognize and segregate malicious nodes, introduces the idea of trust measurement to widely-acceptable routing protocol (i.e. AODV) to make up its secure routing design defects and proposes a secure routing protocol based on trust measurement (called as TAODV in short). Here, each node determines its neighbor’s trust measurement according to the success probability of previous communications. Based on it, the paper also defines a route’s trust measurement which is employed as a criterion to choose a route, and limit neighbor nodes’actions by their corresponding trust measurements. A node will be regarded as malicious when its trust measurement is below a previously-determined threshold. And by this way, those malicious nodes determined will be kept away during routing request and reply so that its malicious attack can be avoided. The paper discusses and analyzes the resistance ability of the proposed protocol when facing various familiar attacks and shows it is more secure and has better routing performances compared to previous secure routing.
The paper also takes some simulating experiments. Here, use the network simulation tool NS2 to estimate performance of network transmission of TAODV under attacks. The experimental results show that compared to SAODV and ARAN protocols, TAODV has a higher Packet delivery Ratio, a smaller End-to-End Delay and network routing loads besides reducing the impact from malicious nodes.
引文
[1] Hongmei Deng, Wei Li, and Dharma P. Agrawal. (2002). Routing Security in Wireless Ad Hoc Networks. IEEE Communications Magazine, vol. 40, no. Issue 10, 70-75.
[2] Charles E. Perkins, Elizabeth M. Belding-Royer, and Ian Chakeres.“Ad Hoc On Demand Distance Vector (AODV) Routing." IETF Internet draft, draft-perkins-manet-aodvbis-00.txt, Oct 2003 (Work in Progress)
[3] D.B.Johnson, D.A Maltz and Y.C.Hu ,“The Dynamic Source Routing protocol for Mobile Ad-hoc Networks(DSR)”,IETF Internet Draft(work in progress), July 2004
[4] Kimaya Sanzgiri, Daniel LaFlamme, Bridget Dahill,etal,“Authenticated routing for ad hoc networks”, IEEE Journal on Selected Areas in Communication, special issue on Wireless Ad hoc Networks, March 2005
[5] Asad Amir Pirzada and Chris McDonald,“Secure Routing with AODV Protocol”, 2005 Asia-Pacific Conference on Communications, 3-5 October 2005, pp. 57-61.
[6] R Anderson, F Stajano,“The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks”, 3rd AT&T Software Symposium, Middletown, NJ, October 1999
[7] S.Marti, T.Giuli, K.Lai, and M.Baker,“Mitigating routing misbehavior in mobile ad hoc networks”, in Proceedings of The Sixth International Conference on Mobile Computing and Networking 2000, Boston, Ma, Aug.2000
[8] Sonja Buchegger and Jean-Yves Le Boudec. IBM Research Report:“The Selfish Node: Increasing Routing Security in Mobile Ad Hoc Networks”, 2001, RR 3354
[9] P,Michiardi, R,Molva,“Game theoretic analysis of security in mobile ad Hoc networks”, Research Report RR-02-070,Institute Eurecom
[10] Levente Butty an and Jean-Pierre Hubaux,“Enforcing Service Availability in Mobile Ad-Hoc WANs”, In Proceedings of IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing(Mobi-HOC), Boston, MA, USA, August 2000
[11] P.Papadimitratos,Z.Hass,“secure routing for mobile ad hoc network”, Proceedings of the SCS Communication Networks and Distributed Systems Modeling and Simulation Conference,pp.27-31,San Antonio,TX,2002
[12] Kimaya Sanzgiri, Bridget Dahill, Brian Neil Levine, Clay Shields, Elizabeth M. Belding-Royer.“A Secure Routing Protocol for Ad Hoc Networks”, In Proceedings of 2002 IEEE International Conference on Network Protocols (ICNP). November 2002.
[13] Sanzgiri K, Dahill B, Levine B N, Clay Shields, Elizabeth M. Belding-Royer.“A Secure Routing Protocol for Ad Hoc Networks”. In Proceedings of 2002 IEEE International Conference on Network Protocols(ICNP), Paris, France, 2002-02
[14] Ting Yao,Jiang, Qing-Hua Li,“A secure routing protocol for mobile ad-hoc networks”,Proceedings of 2004 International Conference ,Aug 2004
[15] Patroklos G, Argyroudis and Donal O’Mahony ,“Mobile Ad Hoc Networks”, IEEE Communications Surveys&Tutorials, Third Quarter 2005
[16] Perrig A, Hu Y C, Johnson D B.“Packet Leashes: A Defense Against Wormhole Attacks in Wireless Network”, Proceedings of IEEE, Infocom’03, 2003.
[17] Y.-C. Hu, A. Perrig, and D. B. Johnson,“Rushing attacks and defense in wireless ad hoc network routing protocols”, in ACM Workshop on Wireless Security (WiSe), 2003.
[18] Ko Y B, Vaidya N H.“Loaction Aided Routing(LAR) in Mobile Ad Hoc Networks”, ACM/Baltzer WI 2 NET J,2000,6(4):307-321
[19] Karp B N.Kung H T.“Greedy Perimeter Staleless Routing for Wireless Networks”[C] .Proc 6th Annual ACM/IEEE Int Conf Mobile Comp Net, Boston ,MA ,2000(8):243-254
[20] C.C.Chiang, M.Gerla, and L.Zhang,“Adaptive Sherd Tree Multicast in Mobile Wireless Networks”, Proc. IEEE GLOBECOM’98, Nov.1998
[21] L Zhou, and Z.J.Hass,“secure ad hoc networks”, IEEE Networks, Nov.1999
[22] Yuxia Lin, A.Hamed Rad, Vincent W.S.Wong, Experimental Comparisons between SAODV and AODV Routing Protocols,WNUNeP’05,October 13,2005
[23] J.Kong, X.Hong, Y.Yi etal,“A Secure Ad-hoc Routing Approach using Localized Self-Healing Communities”, in Proc of ACM MobiHoc’05,UrbanaChampaign,May 2005
[24] Re snick, Paul, Zeckhauser,“Reputation systems, Communications of the ACM, 2000,
[25] The Network Simulator, http://www.isi.edu/nsnam/ns
[26]于宏毅等,无线移动自组网,人民邮电出版社,2005年4月
[27]徐雷鸣,庞博,赵耀,《NS与网络模拟》,人民邮电出版社,2003年11月
[28]李詰,刘军,基于AODV协议的自组网络安全机制的研究,电子学报,2006年2月
[29]沈军,曹元大,张树东,移动Ad Hoc网络中基于预测及适时更新的位置信息服务[J ] .北京理工大学学报,2005 ,25 (12) :1 052 - 1 056.
[30]洪亮,洪帆,彭冰等,一种基于邻居信任评估的虫洞防御机制,计算机科学,2006,Vol 33
[31]陈晶,崔国华,杨木祥等,一种Ad Hoc网络中安全的网格路由协议,计算机学报,2004年9月
[32]周兴峰,基于信任度的Ad Hoc网络入侵检测系统模型研究,南京理工大学研究生毕业论文,2005年
[33] ]白翔,Ad Hoc网络中路由协议的安全问题及认证式路由协议,现代传输,2006年3月
[34]陈天池,王培康,MANET路由与路由安全问题,无线电工程,2006年第36卷
[35]戴紫珊,孙磊,MANET网络中基于ID签名算法的安全路由协议研究,计算机工程与应用,2006年9月
[36]朱道飞,汪东艳,陈前斌等,移动ad hoc网络安全路由协议综述,计算机工程与应用,2005年7月
[37]张险峰,蒋凡,移动自组网络路由协议的安全性研究,电子技术应用,2006年10月
[38]李玲娟,王汝传,一种基于移动代理的MANET IDS模型,计算机工程与应用,2005
[39]祁建军,李增智,魏玲,开放分布系统安全中的Bayes信任模型,微电子学与计算机,2005年10月
[40]冯建新,唐加福,王光兴,移动网络中的以后总信任评估模型,东北大学学报,2007年3月
[41]杨清,李方敏,移动网络入侵检测研究,计算机工程,2007年2月
[42]杨光,无线传感器网络安全路由算法研究与设计,哈尔滨工程大学研究生毕业论文,2007年
[2] Charles E. Perkins, Elizabeth M. Belding-Royer, and Ian Chakeres.“Ad Hoc On Demand Distance Vector (AODV) Routing." IETF Internet draft, draft-perkins-manet-aodvbis-00.txt, Oct 2003 (Work in Progress)
[3] D.B.Johnson, D.A Maltz and Y.C.Hu ,“The Dynamic Source Routing protocol for Mobile Ad-hoc Networks(DSR)”,IETF Internet Draft(work in progress), July 2004
[4] Kimaya Sanzgiri, Daniel LaFlamme, Bridget Dahill,etal,“Authenticated routing for ad hoc networks”, IEEE Journal on Selected Areas in Communication, special issue on Wireless Ad hoc Networks, March 2005
[5] Asad Amir Pirzada and Chris McDonald,“Secure Routing with AODV Protocol”, 2005 Asia-Pacific Conference on Communications, 3-5 October 2005, pp. 57-61.
[6] R Anderson, F Stajano,“The Resurrecting Duckling: Security Issues for Ad-hoc Wireless Networks”, 3rd AT&T Software Symposium, Middletown, NJ, October 1999
[7] S.Marti, T.Giuli, K.Lai, and M.Baker,“Mitigating routing misbehavior in mobile ad hoc networks”, in Proceedings of The Sixth International Conference on Mobile Computing and Networking 2000, Boston, Ma, Aug.2000
[8] Sonja Buchegger and Jean-Yves Le Boudec. IBM Research Report:“The Selfish Node: Increasing Routing Security in Mobile Ad Hoc Networks”, 2001, RR 3354
[9] P,Michiardi, R,Molva,“Game theoretic analysis of security in mobile ad Hoc networks”, Research Report RR-02-070,Institute Eurecom
[10] Levente Butty an and Jean-Pierre Hubaux,“Enforcing Service Availability in Mobile Ad-Hoc WANs”, In Proceedings of IEEE/ACM Workshop on Mobile Ad Hoc Networking and Computing(Mobi-HOC), Boston, MA, USA, August 2000
[11] P.Papadimitratos,Z.Hass,“secure routing for mobile ad hoc network”, Proceedings of the SCS Communication Networks and Distributed Systems Modeling and Simulation Conference,pp.27-31,San Antonio,TX,2002
[12] Kimaya Sanzgiri, Bridget Dahill, Brian Neil Levine, Clay Shields, Elizabeth M. Belding-Royer.“A Secure Routing Protocol for Ad Hoc Networks”, In Proceedings of 2002 IEEE International Conference on Network Protocols (ICNP). November 2002.
[13] Sanzgiri K, Dahill B, Levine B N, Clay Shields, Elizabeth M. Belding-Royer.“A Secure Routing Protocol for Ad Hoc Networks”. In Proceedings of 2002 IEEE International Conference on Network Protocols(ICNP), Paris, France, 2002-02
[14] Ting Yao,Jiang, Qing-Hua Li,“A secure routing protocol for mobile ad-hoc networks”,Proceedings of 2004 International Conference ,Aug 2004
[15] Patroklos G, Argyroudis and Donal O’Mahony ,“Mobile Ad Hoc Networks”, IEEE Communications Surveys&Tutorials, Third Quarter 2005
[16] Perrig A, Hu Y C, Johnson D B.“Packet Leashes: A Defense Against Wormhole Attacks in Wireless Network”, Proceedings of IEEE, Infocom’03, 2003.
[17] Y.-C. Hu, A. Perrig, and D. B. Johnson,“Rushing attacks and defense in wireless ad hoc network routing protocols”, in ACM Workshop on Wireless Security (WiSe), 2003.
[18] Ko Y B, Vaidya N H.“Loaction Aided Routing(LAR) in Mobile Ad Hoc Networks”, ACM/Baltzer WI 2 NET J,2000,6(4):307-321
[19] Karp B N.Kung H T.“Greedy Perimeter Staleless Routing for Wireless Networks”[C] .Proc 6th Annual ACM/IEEE Int Conf Mobile Comp Net, Boston ,MA ,2000(8):243-254
[20] C.C.Chiang, M.Gerla, and L.Zhang,“Adaptive Sherd Tree Multicast in Mobile Wireless Networks”, Proc. IEEE GLOBECOM’98, Nov.1998
[21] L Zhou, and Z.J.Hass,“secure ad hoc networks”, IEEE Networks, Nov.1999
[22] Yuxia Lin, A.Hamed Rad, Vincent W.S.Wong, Experimental Comparisons between SAODV and AODV Routing Protocols,WNUNeP’05,October 13,2005
[23] J.Kong, X.Hong, Y.Yi etal,“A Secure Ad-hoc Routing Approach using Localized Self-Healing Communities”, in Proc of ACM MobiHoc’05,UrbanaChampaign,May 2005
[24] Re snick, Paul, Zeckhauser,“Reputation systems, Communications of the ACM, 2000,
[25] The Network Simulator, http://www.isi.edu/nsnam/ns
[26]于宏毅等,无线移动自组网,人民邮电出版社,2005年4月
[27]徐雷鸣,庞博,赵耀,《NS与网络模拟》,人民邮电出版社,2003年11月
[28]李詰,刘军,基于AODV协议的自组网络安全机制的研究,电子学报,2006年2月
[29]沈军,曹元大,张树东,移动Ad Hoc网络中基于预测及适时更新的位置信息服务[J ] .北京理工大学学报,2005 ,25 (12) :1 052 - 1 056.
[30]洪亮,洪帆,彭冰等,一种基于邻居信任评估的虫洞防御机制,计算机科学,2006,Vol 33
[31]陈晶,崔国华,杨木祥等,一种Ad Hoc网络中安全的网格路由协议,计算机学报,2004年9月
[32]周兴峰,基于信任度的Ad Hoc网络入侵检测系统模型研究,南京理工大学研究生毕业论文,2005年
[33] ]白翔,Ad Hoc网络中路由协议的安全问题及认证式路由协议,现代传输,2006年3月
[34]陈天池,王培康,MANET路由与路由安全问题,无线电工程,2006年第36卷
[35]戴紫珊,孙磊,MANET网络中基于ID签名算法的安全路由协议研究,计算机工程与应用,2006年9月
[36]朱道飞,汪东艳,陈前斌等,移动ad hoc网络安全路由协议综述,计算机工程与应用,2005年7月
[37]张险峰,蒋凡,移动自组网络路由协议的安全性研究,电子技术应用,2006年10月
[38]李玲娟,王汝传,一种基于移动代理的MANET IDS模型,计算机工程与应用,2005
[39]祁建军,李增智,魏玲,开放分布系统安全中的Bayes信任模型,微电子学与计算机,2005年10月
[40]冯建新,唐加福,王光兴,移动网络中的以后总信任评估模型,东北大学学报,2007年3月
[41]杨清,李方敏,移动网络入侵检测研究,计算机工程,2007年2月
[42]杨光,无线传感器网络安全路由算法研究与设计,哈尔滨工程大学研究生毕业论文,2007年