移动ad hoc网络的安全研究
|
摘要
移动ad hoc网络是由一组无线移动节点组成的集合,这些移动节点可以在没有任何网络基础设施和集中化管理的情况下互相通信。移动ad hoc网络是一个有实际应用价值的研究领域。但是,由于其自身的开放媒质、动态拓扑、分布式协作和受限能力等特点,移动ad hoc网络极其容易受到攻击。对其安全性的研究还处于起步阶段。
本论文讨论了移动ad hoc网络的基本概念、特点、安全需求及安全威胁;分析了当前在移动ad hoc网络安全方面的研究现状;然后就移动ad hoc网络的密钥管理、路由安全和入侵检测等方面做了具体的研究。
本论文所做的主要工作如下:
1.给出了一种分布式认证的具体实现方法,并阐述了其私钥分量产生、发现和清除Byzantine节点、私钥分量动态刷新的具体过程。该方法将网络的安全风险分散化,能在一定程度上解决安全的密钥管理及认证的问题,其安全性依赖于RSA体制的安全性。
2.针对移动ad hoc网络AODV协议中所存在的黑洞攻击,提出了一种增强安全性的解决方案,该方案能在一定程度上解决黑洞问题并可防止假冒目的节点攻击。
3.给出了一种为移动ad hoc网络设计的新的入侵检测和响应结构。该模型是分布式的,比较适用于ad hoc网络。
A mobile ad hoc network(MANET) consists of a collection of wireless mobile nodes that are capable of communicating with each other without the use of a network infrastructure or any centralized administration. MANET is an emerging research area with practical applications. However, wireless MANET is particularly vulnerable due to its fundamental characteristics, such as open medium, dynamic topology, distributed cooperation, and constrained capability. Research on security in MANET is still in its infancy.
This paper introduces the foundational conception, features, security requirements and security threats of mobile ad hoc networks; provides a state-of-the-art view of security in ad hoc networks; then discusses in detail the security aspects of key management, routing, intrusion detection.
The main contributions of this paper include:
1. A material realization method for distributed authentication is given, and the process of the generation of private key shares, detection and elimination Byzantine nodes and dynamically refreshing the private key shares. The method may decentralize the security threats and solve some key management and secure authentication problems to some extent.
2. A security enhancement scheme is proposed to encounter the black hole attacks in AODV protocol. This scheme may solve the black hole problem and prevent personating the destination node to some degree.
3. A new intrusion detection and response architecture for mobile ad hoc networks is presented. This model is distributed and relatively applicable to ad hoc networks.
本论文讨论了移动ad hoc网络的基本概念、特点、安全需求及安全威胁;分析了当前在移动ad hoc网络安全方面的研究现状;然后就移动ad hoc网络的密钥管理、路由安全和入侵检测等方面做了具体的研究。
本论文所做的主要工作如下:
1.给出了一种分布式认证的具体实现方法,并阐述了其私钥分量产生、发现和清除Byzantine节点、私钥分量动态刷新的具体过程。该方法将网络的安全风险分散化,能在一定程度上解决安全的密钥管理及认证的问题,其安全性依赖于RSA体制的安全性。
2.针对移动ad hoc网络AODV协议中所存在的黑洞攻击,提出了一种增强安全性的解决方案,该方案能在一定程度上解决黑洞问题并可防止假冒目的节点攻击。
3.给出了一种为移动ad hoc网络设计的新的入侵检测和响应结构。该模型是分布式的,比较适用于ad hoc网络。
A mobile ad hoc network(MANET) consists of a collection of wireless mobile nodes that are capable of communicating with each other without the use of a network infrastructure or any centralized administration. MANET is an emerging research area with practical applications. However, wireless MANET is particularly vulnerable due to its fundamental characteristics, such as open medium, dynamic topology, distributed cooperation, and constrained capability. Research on security in MANET is still in its infancy.
This paper introduces the foundational conception, features, security requirements and security threats of mobile ad hoc networks; provides a state-of-the-art view of security in ad hoc networks; then discusses in detail the security aspects of key management, routing, intrusion detection.
The main contributions of this paper include:
1. A material realization method for distributed authentication is given, and the process of the generation of private key shares, detection and elimination Byzantine nodes and dynamically refreshing the private key shares. The method may decentralize the security threats and solve some key management and secure authentication problems to some extent.
2. A security enhancement scheme is proposed to encounter the black hole attacks in AODV protocol. This scheme may solve the black hole problem and prevent personating the destination node to some degree.
3. A new intrusion detection and response architecture for mobile ad hoc networks is presented. This model is distributed and relatively applicable to ad hoc networks.
引文
[1] 方旭明,“移动Ad Hoc网络研究与发展现状”,[EB/OL]. http://www.c114.net/technic/technicread.asp?articleid=4960.
[2] F. Stajano, R. Anderson, "The resurrecting deckling: security issues for ad hoc networks,"[A]. Proceedings of the 7th International Workshop on Security Protocols, Lecture Notes in Computer Science[C], Berlin: Springler-Verlag, 1999.
[3] F. Stajano, "The resurrecting duckling - what next?"[A]. Proceedings of the 8th International Workshop on Security Protocols, Lecture Notes in Computer Science[C], Berlin: Springler-Verlag, 2000.
[4] L. Zhou, Z. J. Hass, "Securing ad hoc networks,"[J]. IEEE Network Magazine, 1999, 13(6): 24-30.
[5] J. Kong, P. Zerfos, etc, "Providing robust and ubiquitous security support for mobile ad-hoc networks,"[A]. IEEE Ninth International Conference on Network Protocols(ICNP'01)[C], 2001, 251-260.
[6] J. Douceur, "The sybil attack,"[A]. Proceedings of the 1st International Workshop on Peer-to-Peer Systems(IPTPS)[C], 2002.
[7] N. Asokan, P. Ginzboorg, "Key agreement in ad hoc networks,"[J]. Computer Communications, 2000, 23, 1627-1637.
[8] R.R.S.Verma, D. O'Mahony, etc, "NTM - Progress trust negotiation in ad hoc networks,"[DB/OL], http://www.cs.tcd.ie/omahony/iei-ntm.pdf.
[9] G. Montenegro, C. Castelluccia, "Statistically unique and eryptographically verifiable(SUCV) identifiers and addresses,"[A]. Proceedings of the 9th Annual Network and Distributed System Security Symposium(NDSS)[C], 2002.
[10] T. Camp,J. Boleng, V. Davies, "Mobility models for ad hoc network research,"[A]. Wireless Communications and Mobile Computing (WCMC), Special issue on Mobile Ad Hoc Networking: Research,Trends and Applications [C], 2002.
[11] Sufatrio, K. Y. Lam, "Scalable authentication framework for mobile-IP(SAFe-MI P)," [S]. Internet draft, IETE Nov, 1999.
[12] A. Herzberg, M. Jakobsson, etc, "Proactive public key and signature systems," [A]. ACM Security '97[C], 1997.
[13] A. Fasbender, etc, "Variable and scalable security: protection of loeation
information in mobile IP,"[A]. Mobile Technology for the Human Race, IEEE 46th Vehicular Technology Conference[C], 1996.
[14] H.Luo, S.Lu, "Ubiquitous and robust authentication services for ad hoc networks,"[A]. Technical Report TR-200030, Dept. of Computer Science, UCLA, 2000.
[15] R.Hauser, etc, "Lowering security overhead in link state routing,"[J]. Computer Networks, 1999.
[16] M.G.Zapata, "Secure ad hoc on-demand distance vector(AODV),"[S]. Routing. Mobile Ad Hoc Networking Group, INTERNET DRAFT, Aug, 2001.
[17] Yih-Chun Hu, David B Johnson, Adrian Perrig, "SEAD: Secure efficient distance vector routing for mobile wireless ad hoc networks,"[A]. Proceeding of the 4th IEEE Workshop on Mobile Computing Systems and Applications[C]. Calicoon, NY, June, 2002.
[18] P. Papadimitratos, Z. J. Hass, "Secure routing for mobile ad hoc networs,"[A]. SCS Communication Networks and Distributed Systems Modeling and Simulation Conference(CNDS 2002)[C], San Antonio, TX, Jua, 2002.
[19] S.Yi, P.Naldurg, R.Kravets, "A security aware routing protocol for wireless ad hoc networks,"[A]. The 6th World Multi-Conference on Systems, Cybemetics and Infornatics(SCI 2002)[C], 2002.
[20] S.Buchegger, J-Y Le Boudec, "Nodes bearing grudges: towards routing security, fairness, and robustness in mobile ad hoc networks,"[A]. Proceedings of 10th Euromicro Workshop on Parallel, Distributes and Network-based Proceeding[C], 2002.
[21] Y.Zhang, W.Lee, "Intrusion detection in wireless ad hoc networks,"[A]. The 6th International Conference on Mobile Computing and Networking(MobiCom '00) [C], Boston, MA, 2000. 275-283.
[22] O.Kachirski, R.Guha, "Intrusion detection using mobile agents in wireless ad hoc networks,"[A]. IEEE Workshop on Knowledge Media Networking (KMN'02)[C], Kyoto, JAPAN, 2002.
[23] S.Bhargava, D.P.Agraval, "Security enhancement in AODV protocol for wireless ad hoc networks,"[A]. Vehicular Technology Conference[C], Atlantic City, NY, October, 2001.
[24] P.Brutch, "Challenges in intrusion detection for wireless ad-hoc networks,"[A]. 2003 Symposium on Applications and the Internet Workshops(SAINT'2003 Workshops)[C], Orlando, Florida, January, 2003.
[25] 郑少仁,王海涛,“移动Ad hoc网络中的安全问题”,[J].中国数据通信,2002,4(8).
[26] 王莹,葛建华,杜欣军,“一种增强AODV路由协议安全性的方案”,[J].西安电子科技大学学报,2002,29(6).
[27] 熊焰,苗付友,张伟超,王行甫,“移动自组网中基于多跳步加密签名函数签名的分布式认证”,[J].电子学报,2003,31(2):161-165.
[28] M.Ilyas, "Handbook of Ad Hoc Wireless Networks,"[M]. CRC Press LLC,2003. 30-1-30-51.
[29] 王育民,刘建伟,“通信网的安全—理论与技术”,[M].西安:西安电子科技大学出版社,1999.
[30] Hongmei Deng, etc, "Routing security in wireless ad hoc networks," [J]. IEEE Communacations Magazine, October, 2002: 70-75.
[31] 铁玲等,“无线Ad-Hoc网络中的入侵检测”,[J].通信技术,2001,6:24-26.
[2] F. Stajano, R. Anderson, "The resurrecting deckling: security issues for ad hoc networks,"[A]. Proceedings of the 7th International Workshop on Security Protocols, Lecture Notes in Computer Science[C], Berlin: Springler-Verlag, 1999.
[3] F. Stajano, "The resurrecting duckling - what next?"[A]. Proceedings of the 8th International Workshop on Security Protocols, Lecture Notes in Computer Science[C], Berlin: Springler-Verlag, 2000.
[4] L. Zhou, Z. J. Hass, "Securing ad hoc networks,"[J]. IEEE Network Magazine, 1999, 13(6): 24-30.
[5] J. Kong, P. Zerfos, etc, "Providing robust and ubiquitous security support for mobile ad-hoc networks,"[A]. IEEE Ninth International Conference on Network Protocols(ICNP'01)[C], 2001, 251-260.
[6] J. Douceur, "The sybil attack,"[A]. Proceedings of the 1st International Workshop on Peer-to-Peer Systems(IPTPS)[C], 2002.
[7] N. Asokan, P. Ginzboorg, "Key agreement in ad hoc networks,"[J]. Computer Communications, 2000, 23, 1627-1637.
[8] R.R.S.Verma, D. O'Mahony, etc, "NTM - Progress trust negotiation in ad hoc networks,"[DB/OL], http://www.cs.tcd.ie/omahony/iei-ntm.pdf.
[9] G. Montenegro, C. Castelluccia, "Statistically unique and eryptographically verifiable(SUCV) identifiers and addresses,"[A]. Proceedings of the 9th Annual Network and Distributed System Security Symposium(NDSS)[C], 2002.
[10] T. Camp,J. Boleng, V. Davies, "Mobility models for ad hoc network research,"[A]. Wireless Communications and Mobile Computing (WCMC), Special issue on Mobile Ad Hoc Networking: Research,Trends and Applications [C], 2002.
[11] Sufatrio, K. Y. Lam, "Scalable authentication framework for mobile-IP(SAFe-MI P)," [S]. Internet draft, IETE Nov, 1999.
[12] A. Herzberg, M. Jakobsson, etc, "Proactive public key and signature systems," [A]. ACM Security '97[C], 1997.
[13] A. Fasbender, etc, "Variable and scalable security: protection of loeation
information in mobile IP,"[A]. Mobile Technology for the Human Race, IEEE 46th Vehicular Technology Conference[C], 1996.
[14] H.Luo, S.Lu, "Ubiquitous and robust authentication services for ad hoc networks,"[A]. Technical Report TR-200030, Dept. of Computer Science, UCLA, 2000.
[15] R.Hauser, etc, "Lowering security overhead in link state routing,"[J]. Computer Networks, 1999.
[16] M.G.Zapata, "Secure ad hoc on-demand distance vector(AODV),"[S]. Routing. Mobile Ad Hoc Networking Group, INTERNET DRAFT, Aug, 2001.
[17] Yih-Chun Hu, David B Johnson, Adrian Perrig, "SEAD: Secure efficient distance vector routing for mobile wireless ad hoc networks,"[A]. Proceeding of the 4th IEEE Workshop on Mobile Computing Systems and Applications[C]. Calicoon, NY, June, 2002.
[18] P. Papadimitratos, Z. J. Hass, "Secure routing for mobile ad hoc networs,"[A]. SCS Communication Networks and Distributed Systems Modeling and Simulation Conference(CNDS 2002)[C], San Antonio, TX, Jua, 2002.
[19] S.Yi, P.Naldurg, R.Kravets, "A security aware routing protocol for wireless ad hoc networks,"[A]. The 6th World Multi-Conference on Systems, Cybemetics and Infornatics(SCI 2002)[C], 2002.
[20] S.Buchegger, J-Y Le Boudec, "Nodes bearing grudges: towards routing security, fairness, and robustness in mobile ad hoc networks,"[A]. Proceedings of 10th Euromicro Workshop on Parallel, Distributes and Network-based Proceeding[C], 2002.
[21] Y.Zhang, W.Lee, "Intrusion detection in wireless ad hoc networks,"[A]. The 6th International Conference on Mobile Computing and Networking(MobiCom '00) [C], Boston, MA, 2000. 275-283.
[22] O.Kachirski, R.Guha, "Intrusion detection using mobile agents in wireless ad hoc networks,"[A]. IEEE Workshop on Knowledge Media Networking (KMN'02)[C], Kyoto, JAPAN, 2002.
[23] S.Bhargava, D.P.Agraval, "Security enhancement in AODV protocol for wireless ad hoc networks,"[A]. Vehicular Technology Conference[C], Atlantic City, NY, October, 2001.
[24] P.Brutch, "Challenges in intrusion detection for wireless ad-hoc networks,"[A]. 2003 Symposium on Applications and the Internet Workshops(SAINT'2003 Workshops)[C], Orlando, Florida, January, 2003.
[25] 郑少仁,王海涛,“移动Ad hoc网络中的安全问题”,[J].中国数据通信,2002,4(8).
[26] 王莹,葛建华,杜欣军,“一种增强AODV路由协议安全性的方案”,[J].西安电子科技大学学报,2002,29(6).
[27] 熊焰,苗付友,张伟超,王行甫,“移动自组网中基于多跳步加密签名函数签名的分布式认证”,[J].电子学报,2003,31(2):161-165.
[28] M.Ilyas, "Handbook of Ad Hoc Wireless Networks,"[M]. CRC Press LLC,2003. 30-1-30-51.
[29] 王育民,刘建伟,“通信网的安全—理论与技术”,[M].西安:西安电子科技大学出版社,1999.
[30] Hongmei Deng, etc, "Routing security in wireless ad hoc networks," [J]. IEEE Communacations Magazine, October, 2002: 70-75.
[31] 铁玲等,“无线Ad-Hoc网络中的入侵检测”,[J].通信技术,2001,6:24-26.