无线移动Ad hoc网络安全隐匿路由协议的研究
|
摘要
由于移动Ad hoc网络具有自配置和自维护的能力,所以在军事和民用系统中它的应用逐渐增多。许多应用是对安全敏感的,例如战场、安全家乡场景、法律执行和救援任务。因此,近来移动Ad hoc网络安全引起人们的强烈关注。
目前,存在许多Ad hoc安全路由协议,但是,数据加密只能保护节点之间交换的内容,而路由信息以明文的形式发送,这样,路由信息泄露了通信节点的身份和通信节点之间的关系,而通信节点的身份和通信关系在许多应用中需要向外界隐藏。
流量分析是一种安全攻击,攻击者对网络流量和内容进行观察和分析,获得通信方的身份和通信状态等重要信息,这些信息的泄露通常对安全敏感的场景是致命的。例如,军事网络中流量状况的异常变化预示着随即要发生一系列行动、一连串的命令或者网络变得警戒。这也可能暴露关键节点的位置,这样,攻击者就能对关键节点进行直接的物理攻击。流量分析是一种不可见的很难被发现的攻击。因此,设计对抗这种恶意流量分析攻击的措施是重要的。为了防御这种攻击,我们为Ad hoc网络设计了匿名路由协议。本文具体作了以下工作:
首先,介绍了移动Ad hoc网络技术、网络安全机制和匿名通信技术。
第二,介绍了现有的Ad hoc网络安全匿名路由协议,分析了它们的匿名性、协议计算开销和路由效率。在这个基础上,总结出为移动Ad hoc网络设计匿名路由协议的一般原则。
最后,根据配对(pairing)技术,为Ad hoc网络设计了新的安全匿名路由协议。新协议计算开销低,并在不暴露通信的节点身份信息的情况下完成路由任务。
Mobile Ad hoc networks (MANETs) are finding ever-increasing applications in both military and civilian systems due to their self-configuration and self-maintenance capabilities. Many of these applications are security scenarios, law enforcement, and rescue missions. As a result, security in MANETs has drawn intensive attention recently.
A lot of security routing protocols appear for Ad hoc networks, but data encryption can protect the content exchanged between nodes, and routing information may reveal the identities of communicating nodes and their relationships.
Traffic analysis is a security attack where an adversary observes network traffic in order to infer sensitive information about the identities of communicating parties and traffic patterns. The leakage of such information is often devastating in security-sensitive scenarios. For example, an unexpected change of the traffic pattern in a military network may indicate a forthcoming action, a chain of commands, or a state change of network alertness. It may also reveal the locations of command centers, which will enable the adversaries to launch the pinpoint attacks on them. Traffic analysis is“invisible”and difficult to detect. It is, therefore, important to design countermeasures against such malicious traffic analysis. This thesis includes three major contributions.
First, we introduce the mobile Ad hoc network technology and network security mechanism. In addition, we also present the anonymous communication technology and several attack models.
Second, this paper details the several anonymous routing protocols for MANETs and analyzes its anonymity property, evaluates the computational overhead and routing efficiency. Based on the comprehensive anonymity analysis, this paper abstracts a general principle of design on the anonymous routing protocols for MANETs.
Last, according to the pairing technique, we proposed the novel security anonymous routing protocols for mobile wireless Ad hoc networks. The new protocols nicely fulfill the routing task without disclosing the real identities of participaty nodes without the high overhead.
目前,存在许多Ad hoc安全路由协议,但是,数据加密只能保护节点之间交换的内容,而路由信息以明文的形式发送,这样,路由信息泄露了通信节点的身份和通信节点之间的关系,而通信节点的身份和通信关系在许多应用中需要向外界隐藏。
流量分析是一种安全攻击,攻击者对网络流量和内容进行观察和分析,获得通信方的身份和通信状态等重要信息,这些信息的泄露通常对安全敏感的场景是致命的。例如,军事网络中流量状况的异常变化预示着随即要发生一系列行动、一连串的命令或者网络变得警戒。这也可能暴露关键节点的位置,这样,攻击者就能对关键节点进行直接的物理攻击。流量分析是一种不可见的很难被发现的攻击。因此,设计对抗这种恶意流量分析攻击的措施是重要的。为了防御这种攻击,我们为Ad hoc网络设计了匿名路由协议。本文具体作了以下工作:
首先,介绍了移动Ad hoc网络技术、网络安全机制和匿名通信技术。
第二,介绍了现有的Ad hoc网络安全匿名路由协议,分析了它们的匿名性、协议计算开销和路由效率。在这个基础上,总结出为移动Ad hoc网络设计匿名路由协议的一般原则。
最后,根据配对(pairing)技术,为Ad hoc网络设计了新的安全匿名路由协议。新协议计算开销低,并在不暴露通信的节点身份信息的情况下完成路由任务。
Mobile Ad hoc networks (MANETs) are finding ever-increasing applications in both military and civilian systems due to their self-configuration and self-maintenance capabilities. Many of these applications are security scenarios, law enforcement, and rescue missions. As a result, security in MANETs has drawn intensive attention recently.
A lot of security routing protocols appear for Ad hoc networks, but data encryption can protect the content exchanged between nodes, and routing information may reveal the identities of communicating nodes and their relationships.
Traffic analysis is a security attack where an adversary observes network traffic in order to infer sensitive information about the identities of communicating parties and traffic patterns. The leakage of such information is often devastating in security-sensitive scenarios. For example, an unexpected change of the traffic pattern in a military network may indicate a forthcoming action, a chain of commands, or a state change of network alertness. It may also reveal the locations of command centers, which will enable the adversaries to launch the pinpoint attacks on them. Traffic analysis is“invisible”and difficult to detect. It is, therefore, important to design countermeasures against such malicious traffic analysis. This thesis includes three major contributions.
First, we introduce the mobile Ad hoc network technology and network security mechanism. In addition, we also present the anonymous communication technology and several attack models.
Second, this paper details the several anonymous routing protocols for MANETs and analyzes its anonymity property, evaluates the computational overhead and routing efficiency. Based on the comprehensive anonymity analysis, this paper abstracts a general principle of design on the anonymous routing protocols for MANETs.
Last, according to the pairing technique, we proposed the novel security anonymous routing protocols for mobile wireless Ad hoc networks. The new protocols nicely fulfill the routing task without disclosing the real identities of participaty nodes without the high overhead.
引文
[1] J.Kong and X.Hong.ANODR: anonymous on demand routing with untraceable routes for mobile ad-hoc networks. In Proceedings of the 4th ACM Internationl Symposium on Mobile Ad hoc Networking and Computing(MobiHoc 2003),pages 291-302 ACM Press.2003.
[2] Y.Zhang,W.Liu,and W.Lou.Anonymous communications in mobile Ad hoc networks. In Proceedings of the 24th International Conference of the IEEE Communications Society (INFOCOM 2005).IEEE,2005.
[3] Ronggong Song,Larry Korba ,George yee, AnonDSR:Efficient Anonymous Dynamic Source Routing for Mobile Ad hoc Networks, SASA’05, November 7,2005, Alexandria,Virginia,USA.
[4] K.EI-Khatib, L. Korba, R. Song, and G. Yee. Secure Dynamic Distributed Routing Algorithm for Ad hoc wireless Networks. In Proceeding of the ICPP 2003 First International Workshop on Wireless Security and Privacy, Kaohsiung, Taiwan ,Oct. 6-9,2003.NRC46517.
[5] 程林星,曾曦,曹毅,移动 Ad hoc 网络.北京:电子工业出版社,2006:23-87
[6] Andrew S.Tanenbaum,计算机网络.清华大学出版社, 2004:40-400
[7] 何莉 ,许林英,计算机网络概论.高等教育出版社,1998:42-60
[8] 吴功宜,吴英,计算机网络教程.北京:电子工业出版社,2003:12-45
[9] 谢希仁,计算机网络.北京:电子工业出版社,2004:50-140
[10] Michael E.Whitman,Herbert J.Mattord ,信息安全原理.清华大学出版社, 2004:34-45
[11] 陆庆, 周世杰等. 匿名通信技术分析. 电子科技大学学报,2004.4(2):162-165
[12] 吴振强,杨波. 基于葱头路由技术和 MPLS 的隐匿通信模型. 西安电子科技大学学报, 2002.8(4):513-517
[13] 吴振强, 杨波. 洋葱路由包的封装技术研究. 计算机工程与应用,2002(20):150-153
[14] A.Boukerche,K.EI-Khatib, L. Xu, L. Korba, Performance evaluation of an anonymity providing protocol for wireless Ad hoc networks, Computer Communication 28(2005) 1193-1203.
[15] Bo Zhu,Zhiguo Wan,Mohan S.Kankanhalli,Feng Bao, Anonymous secure routing in mobile Ad hoc networks,Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks,in Proc. Of LCN’04,2004,pp.102-108
[16] Song Li, Anthony Ephremides, Anonymous Routing: Across-layer Coupling between Application and Network layer,Proceedings of the 16th IEEE International Symposium on Personal,Indoor and Mobile Radio Communications,2005.
[17] 雷春娟, 李承恕. 移动 Ad Hoc 网络及其关键技术. 电信技术,2002.12(1):34-37
[18] 方旭明. 移动 Ad hoc 网络研究与发展现状. 数据通信,2003.4(1):15-20
[19] 赵志峰, 郑少仁. Ad hoc 网络体系结构研究. 电信科学,200l.4(1):14-17
[20] 赵志峰, 郑少仁. Ad hoc 传感网络的体系结构及其相关问题. 解放军理工大学学报,2003.4(1):l-6
[21] 王海涛. Ad hoc 网络的体系结构及其设计. 中国数据通信,2003.8(1):70-77
[22] 姜宁康 , 李毓麟 . ns 网络仿真技术及其应用分析 . 小型微型计算机系统 , 2001.4(4):415-417
[23] 刘俊, 徐昌彪等. 基于 ns 的网络仿真探讨. 计算机应用研究,2002(9): 54-57
[24] 李方敏, 李仁发等. 网络仿真软件 ns 的结果输出和分析. 计算机工程,200.9(9):14-16
[25] 洪锡军, 车克南等. 无线自组网路由协议研究. 计算机工程,2005.4(8):105-107
[26] 蒋毅, 史浩山. 一种新的移动 Ad hoc 网络的安全路由策略. 微电子学与计算机, 2005, 22(4):30-32
[27] 马健丽. 移动 Ad hoc 网络的 ns 仿真. 计算机工程, 2005.7(31):176-177
[2] Y.Zhang,W.Liu,and W.Lou.Anonymous communications in mobile Ad hoc networks. In Proceedings of the 24th International Conference of the IEEE Communications Society (INFOCOM 2005).IEEE,2005.
[3] Ronggong Song,Larry Korba ,George yee, AnonDSR:Efficient Anonymous Dynamic Source Routing for Mobile Ad hoc Networks, SASA’05, November 7,2005, Alexandria,Virginia,USA.
[4] K.EI-Khatib, L. Korba, R. Song, and G. Yee. Secure Dynamic Distributed Routing Algorithm for Ad hoc wireless Networks. In Proceeding of the ICPP 2003 First International Workshop on Wireless Security and Privacy, Kaohsiung, Taiwan ,Oct. 6-9,2003.NRC46517.
[5] 程林星,曾曦,曹毅,移动 Ad hoc 网络.北京:电子工业出版社,2006:23-87
[6] Andrew S.Tanenbaum,计算机网络.清华大学出版社, 2004:40-400
[7] 何莉 ,许林英,计算机网络概论.高等教育出版社,1998:42-60
[8] 吴功宜,吴英,计算机网络教程.北京:电子工业出版社,2003:12-45
[9] 谢希仁,计算机网络.北京:电子工业出版社,2004:50-140
[10] Michael E.Whitman,Herbert J.Mattord ,信息安全原理.清华大学出版社, 2004:34-45
[11] 陆庆, 周世杰等. 匿名通信技术分析. 电子科技大学学报,2004.4(2):162-165
[12] 吴振强,杨波. 基于葱头路由技术和 MPLS 的隐匿通信模型. 西安电子科技大学学报, 2002.8(4):513-517
[13] 吴振强, 杨波. 洋葱路由包的封装技术研究. 计算机工程与应用,2002(20):150-153
[14] A.Boukerche,K.EI-Khatib, L. Xu, L. Korba, Performance evaluation of an anonymity providing protocol for wireless Ad hoc networks, Computer Communication 28(2005) 1193-1203.
[15] Bo Zhu,Zhiguo Wan,Mohan S.Kankanhalli,Feng Bao, Anonymous secure routing in mobile Ad hoc networks,Proceedings of the 29th Annual IEEE International Conference on Local Computer Networks,in Proc. Of LCN’04,2004,pp.102-108
[16] Song Li, Anthony Ephremides, Anonymous Routing: Across-layer Coupling between Application and Network layer,Proceedings of the 16th IEEE International Symposium on Personal,Indoor and Mobile Radio Communications,2005.
[17] 雷春娟, 李承恕. 移动 Ad Hoc 网络及其关键技术. 电信技术,2002.12(1):34-37
[18] 方旭明. 移动 Ad hoc 网络研究与发展现状. 数据通信,2003.4(1):15-20
[19] 赵志峰, 郑少仁. Ad hoc 网络体系结构研究. 电信科学,200l.4(1):14-17
[20] 赵志峰, 郑少仁. Ad hoc 传感网络的体系结构及其相关问题. 解放军理工大学学报,2003.4(1):l-6
[21] 王海涛. Ad hoc 网络的体系结构及其设计. 中国数据通信,2003.8(1):70-77
[22] 姜宁康 , 李毓麟 . ns 网络仿真技术及其应用分析 . 小型微型计算机系统 , 2001.4(4):415-417
[23] 刘俊, 徐昌彪等. 基于 ns 的网络仿真探讨. 计算机应用研究,2002(9): 54-57
[24] 李方敏, 李仁发等. 网络仿真软件 ns 的结果输出和分析. 计算机工程,200.9(9):14-16
[25] 洪锡军, 车克南等. 无线自组网路由协议研究. 计算机工程,2005.4(8):105-107
[26] 蒋毅, 史浩山. 一种新的移动 Ad hoc 网络的安全路由策略. 微电子学与计算机, 2005, 22(4):30-32
[27] 马健丽. 移动 Ad hoc 网络的 ns 仿真. 计算机工程, 2005.7(31):176-177