Ad hoc网络信任模型的研究
|
摘要
Ad hoc网络是一组带有无线收发装置的移动节点组成的一个多跳的临时性自治系统。与传统无线网络相比具有无中心、自组织等特性,网络中节点的行为更不可控,信任关系的建立显得尤为重要,本文就重点对Ad hoc网络中的信任模型进行了研究。
在分析现有模型的基础上提出了一种基于熵理论的信任模型,用信任值量化节点间的信任关系,节点通过直接观察获取直接信任值,利用聚合签名技术,将推荐信任值聚集存储在目标节点本地,使得推荐节点无论是否在线,节点通过向目标节点请求即可获得推荐信任值,因此合成后的总体信任值更趋可信。但该模型仍存在一定的安全缺陷,针对此问题提出一种基于可信计算的信任模型,节点间通过离线CA颁发的直接匿名认证证书证明身份,再利用平台配置寄存器值和存储测量日志进行平台证明,确认当前平台状态以及完整性,确保通信过程中节点平台的可信,消除了因平台完整性破坏而带来的恶意行为。最后对两种模型进行了总结,并指出了下一步的研究方向。
Ad hoc network is a multihop, temporary and autonomic system comprised of a set of mobile terminals with wireless transceivers. The characteristics of Ad hoc networks are different from traditional wireless networks, such as non-center and self-organized. Then the behaviors of nodes in the network are more difficult to control. And the establishment of trust relationship is particularly important. This paper focuses on the trust model for Ad hoc network.
On the basis of the research of the existing models, a trust model based on entropy theory is proposed. In this model, the trust relationship between nodes is quantified by trust value. The direct trust value is obtained by node's direct observation, and the recommending trust values are stored in target node locally by using the aggregate signature, and the recommending trust values are obtained by direct request to the target node whether the target node is online or not. Thus, the overall trust value after is more credible. However, the model still exists some security flaws. To solve this problem, a trust model based on trusted computing is proposed. Nodes authenticate each other through direct anonymous attestation certificate issued by off-line CA, and then the contents of platform configuration register and the stored measurement log are used to confirm the current status and integrity of node's platform which ensures the trust of the platform, and eliminates the security risk brought by damage of platform integrity. Finally, the two models are summarized, and future research directions are pointed out.
在分析现有模型的基础上提出了一种基于熵理论的信任模型,用信任值量化节点间的信任关系,节点通过直接观察获取直接信任值,利用聚合签名技术,将推荐信任值聚集存储在目标节点本地,使得推荐节点无论是否在线,节点通过向目标节点请求即可获得推荐信任值,因此合成后的总体信任值更趋可信。但该模型仍存在一定的安全缺陷,针对此问题提出一种基于可信计算的信任模型,节点间通过离线CA颁发的直接匿名认证证书证明身份,再利用平台配置寄存器值和存储测量日志进行平台证明,确认当前平台状态以及完整性,确保通信过程中节点平台的可信,消除了因平台完整性破坏而带来的恶意行为。最后对两种模型进行了总结,并指出了下一步的研究方向。
Ad hoc network is a multihop, temporary and autonomic system comprised of a set of mobile terminals with wireless transceivers. The characteristics of Ad hoc networks are different from traditional wireless networks, such as non-center and self-organized. Then the behaviors of nodes in the network are more difficult to control. And the establishment of trust relationship is particularly important. This paper focuses on the trust model for Ad hoc network.
On the basis of the research of the existing models, a trust model based on entropy theory is proposed. In this model, the trust relationship between nodes is quantified by trust value. The direct trust value is obtained by node's direct observation, and the recommending trust values are stored in target node locally by using the aggregate signature, and the recommending trust values are obtained by direct request to the target node whether the target node is online or not. Thus, the overall trust value after is more credible. However, the model still exists some security flaws. To solve this problem, a trust model based on trusted computing is proposed. Nodes authenticate each other through direct anonymous attestation certificate issued by off-line CA, and then the contents of platform configuration register and the stored measurement log are used to confirm the current status and integrity of node's platform which ensures the trust of the platform, and eliminates the security risk brought by damage of platform integrity. Finally, the two models are summarized, and future research directions are pointed out.
引文
[1]Jubin J, Tornow JD. The DARPA Packet Radio Network Protocols[A], In: Proceedings of the IEEE, Special Issue on Packet Radio Networks[C].1987,75(1). 21-32.
[2]David A. Beyer. Accomplishments of the DARPA Survivable Adaptive Networks[A], In:Proceedings of the IEEE, MILCOM Conference[C]. USA, IEEE, 1990.
[3]Barry M. Leiner, Robert Ruth, Ambatipudi R. Sastry. Goals and Challenges of the DARPA GloMo Program[A], In:IEEE Personal Commnunication[C]. USA:IEEE, 1996.
[4]Corson S., Macker J. Routing Protocol Performance issues and Evaluation Considerations (RFC 2501)[EB/OL]. ietf,1999.
[5]MANET working group. MANET working group[EB/OL]. ietf,2007.
[6]Stajano F., Anderson R. The Resurrecting Duckling: Security Issues for Ad-Hoc Wireless Networks[A], In: Proceedings of the 7th International Workshop on Security Protocols[C]. Berlin: Springer-Verlag, 1999.172-194.
[7]Zhou L, Haas Z J. Securing Ad hoc Networks[J]. IEEE Network Journal.1999.13 (6):24-30.
[8]柳楠,韩芳溪,程玉松等.移动Ad hoc网络中的特殊攻击[J].计算机工程与设计.2005,06.1486-1488.
[9]Michiardi P, Molva R. Simulation-based analysis of security exposures in mobile Ad Hoc networks[R], In:Proceedings of European Wireless Conference[C].2002.
[10]ISO7498-2. Information processing systems-Open System Interconnection-Basic Reference Model-Part 2:Security Architecture.1989.
[11]胡荣磊.Ad hoc网络保密与认证关键技术研究[D].北京:北京航空航天大学,2008.
[12]Fonseca E., Festag A. A Survey of Existing Approaches for Secure Ad Hoc Routing and Their Applicability to VANETS[R]. NEC:NET Network Laboratories, 2006.
[13]李胜广.移动Ad hoc网络入侵检测模型及算法研究[D].北京:北京航空航天大学,2006.
[14]李彦兵.移动自组网中一种基于信任评估的密钥管理和认证方案[D].西安:西安电子科技大学,2008.
[15]Alafrez Abdul-Rahman, Stephen Hailes. Supporting Turst in Viurtal Communities, In Proc of the Hwaaii Intenrational Conefrence on System Sciences[C]. Muai, Hwaaii:2000.
[16]谢冬青,冷健.PKI原理与技术[M].北京:清华大学出版社,2004.
[17]唐文,陈钟.基于模糊集合理论的主观信任管理模型研究[J].软件学报.2003,14(8).1401-1408.
[18]George TheodorakoPoulos, John S. Baras Trust Evaluation in Ad hoc Networks[C]. ISR Technical RePort MS2004-2, MSc Thesis.2004.
[19]BethT, Borcherding M, Klein B.Valuation of trust in open networks[C], In proceedings of the EuroPean SymPosium on Researeh in Security(ESORICS). Brighton: Springer-Verglag.,1999.
[20]Wang Y, Vassileva J. Bayesian network-based trust model[C]. Processdings of the IEEE/WIC International Conference on Web Intelligence,2003.
[21]王永庆.人工智能原理与方法[M].西安交通大学出版社.1998.
[22]刘玉龙,曹元大,李剑.一种新型推荐信任模型[J].计算机工程与应用.2004.29.
[23]Guha R, Kumar R, Raghavan P. Propagation of trust and distrust[J]. New York, 2004.17-22.
[24]George Theodorakopoulos, John S. Baras. Trust Evaluation in Ad hoc Networks[C]. ISR Technical Report MS2004-2,MSc Thesis,2004,4.
[25]Yu B, Munindar P. An evidential of distributed reputation management[C]. AAMAS02,2002,7.15-19.
[26]A. Jφsang. A logic for Uncertain Probabilities. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems,2001,6,9(3).279-311.
[27]Yan Sun, Wei Yu, Zhu Han. Trust Modeling and Evaluation in Ad hoc Networks[J]. IEEE Globecom,2005.
[28]Yan Sun, Wei Yu, Zhu Han etc. Information theoretic framework of trust modeling and evaluation for ad hoc networks[C]. IEEE Journal on Selected Areas in Communications, Selected Areas in Communications.2006,249(2).305-319.
[29]陈炜,龙翔,高晓鹏等.一种新颖的移动自组网灰洞攻击检测方案[J].计算机研究与发展.2007,44(8).1372-1373.
[30]D Boneh, C Gentry, B Lynn, etc. Aggregate and verifiably encrypted signatures from bilinear maps[G]. In:Advances in Cryptology-EUROCRYPT'03, LNCS 2656. Berlin:Springer-Verlag,2003.416-432.
[31]刘玉龙,曹大元.分布式环境主观信任模型研究[J].北京理工大学学报.2005, 6,25(6).504-508.
[32]宋健.移动Ad hoc网络信任模型研究[D].河南:解放军信息工程大学,2006.
[33]D Boneh, B Lynn, H Shacham. Short signatures from the Weil pairing [C]. In: Boyd C, ed, Advances in Cryptology-Asi-acrypt 2001. Berlin:Springer-Verlag, 2001.514-532.
[34]Trusted Computing Group. Specification, Architecture Overview Specification (1.4 Edition) [EB/OL].2007,8. http://www.trustedcomputinggroup.org.
[35]Ernie Brickell, Jan Camenisch, Liqun Chen. Direct Anonymous Attestation[C]. In ACM Conference on Computer and Communications Security.2004.142-145.
[36]Trusted Computing Group. Trusted Platform Module Main Specification Part 1: Design Principles; Part 2:TPM Structures; Part 3:Commands Specification version 1.2[S].2006. https://www.trustedcomputinggroup.org.
[37]秦戈,韩文报.关于可信计算平台模块的研究[J].信息工程大学学报.2006,12,7(4).341-345.
[38]刘宏伟,朱广志.可信计算平台认证机制研究[J].计算机工程.2006,32(24).149-151.
[39]Trusted Computing Group. Trusted computing platform module (TPM) main specification, version 1.2[EB/OL].2002,2. www.trustedcomputinggroup.org.
[40]张强,朱丽娜,赵佳.可信计算中远程证明方法的研究[J].微计算机信息.2008,4,24(4-3).54-56.
[41]Aarthi Nagarajan, Vijay Varadharajan, Michael Hitchens. Trust Management and Negotiation for Attestation in Trusted Platforms using Web Sevices[C]. Eithth International Conference on Parallel and Distributed Computing, Applications and Technologies.2007,12.453-460. http://portal.acm.org/.
[2]David A. Beyer. Accomplishments of the DARPA Survivable Adaptive Networks[A], In:Proceedings of the IEEE, MILCOM Conference[C]. USA, IEEE, 1990.
[3]Barry M. Leiner, Robert Ruth, Ambatipudi R. Sastry. Goals and Challenges of the DARPA GloMo Program[A], In:IEEE Personal Commnunication[C]. USA:IEEE, 1996.
[4]Corson S., Macker J. Routing Protocol Performance issues and Evaluation Considerations (RFC 2501)[EB/OL]. ietf,1999.
[5]MANET working group. MANET working group[EB/OL]. ietf,2007.
[6]Stajano F., Anderson R. The Resurrecting Duckling: Security Issues for Ad-Hoc Wireless Networks[A], In: Proceedings of the 7th International Workshop on Security Protocols[C]. Berlin: Springer-Verlag, 1999.172-194.
[7]Zhou L, Haas Z J. Securing Ad hoc Networks[J]. IEEE Network Journal.1999.13 (6):24-30.
[8]柳楠,韩芳溪,程玉松等.移动Ad hoc网络中的特殊攻击[J].计算机工程与设计.2005,06.1486-1488.
[9]Michiardi P, Molva R. Simulation-based analysis of security exposures in mobile Ad Hoc networks[R], In:Proceedings of European Wireless Conference[C].2002.
[10]ISO7498-2. Information processing systems-Open System Interconnection-Basic Reference Model-Part 2:Security Architecture.1989.
[11]胡荣磊.Ad hoc网络保密与认证关键技术研究[D].北京:北京航空航天大学,2008.
[12]Fonseca E., Festag A. A Survey of Existing Approaches for Secure Ad Hoc Routing and Their Applicability to VANETS[R]. NEC:NET Network Laboratories, 2006.
[13]李胜广.移动Ad hoc网络入侵检测模型及算法研究[D].北京:北京航空航天大学,2006.
[14]李彦兵.移动自组网中一种基于信任评估的密钥管理和认证方案[D].西安:西安电子科技大学,2008.
[15]Alafrez Abdul-Rahman, Stephen Hailes. Supporting Turst in Viurtal Communities, In Proc of the Hwaaii Intenrational Conefrence on System Sciences[C]. Muai, Hwaaii:2000.
[16]谢冬青,冷健.PKI原理与技术[M].北京:清华大学出版社,2004.
[17]唐文,陈钟.基于模糊集合理论的主观信任管理模型研究[J].软件学报.2003,14(8).1401-1408.
[18]George TheodorakoPoulos, John S. Baras Trust Evaluation in Ad hoc Networks[C]. ISR Technical RePort MS2004-2, MSc Thesis.2004.
[19]BethT, Borcherding M, Klein B.Valuation of trust in open networks[C], In proceedings of the EuroPean SymPosium on Researeh in Security(ESORICS). Brighton: Springer-Verglag.,1999.
[20]Wang Y, Vassileva J. Bayesian network-based trust model[C]. Processdings of the IEEE/WIC International Conference on Web Intelligence,2003.
[21]王永庆.人工智能原理与方法[M].西安交通大学出版社.1998.
[22]刘玉龙,曹元大,李剑.一种新型推荐信任模型[J].计算机工程与应用.2004.29.
[23]Guha R, Kumar R, Raghavan P. Propagation of trust and distrust[J]. New York, 2004.17-22.
[24]George Theodorakopoulos, John S. Baras. Trust Evaluation in Ad hoc Networks[C]. ISR Technical Report MS2004-2,MSc Thesis,2004,4.
[25]Yu B, Munindar P. An evidential of distributed reputation management[C]. AAMAS02,2002,7.15-19.
[26]A. Jφsang. A logic for Uncertain Probabilities. International Journal of Uncertainty, Fuzziness and Knowledge-Based Systems,2001,6,9(3).279-311.
[27]Yan Sun, Wei Yu, Zhu Han. Trust Modeling and Evaluation in Ad hoc Networks[J]. IEEE Globecom,2005.
[28]Yan Sun, Wei Yu, Zhu Han etc. Information theoretic framework of trust modeling and evaluation for ad hoc networks[C]. IEEE Journal on Selected Areas in Communications, Selected Areas in Communications.2006,249(2).305-319.
[29]陈炜,龙翔,高晓鹏等.一种新颖的移动自组网灰洞攻击检测方案[J].计算机研究与发展.2007,44(8).1372-1373.
[30]D Boneh, C Gentry, B Lynn, etc. Aggregate and verifiably encrypted signatures from bilinear maps[G]. In:Advances in Cryptology-EUROCRYPT'03, LNCS 2656. Berlin:Springer-Verlag,2003.416-432.
[31]刘玉龙,曹大元.分布式环境主观信任模型研究[J].北京理工大学学报.2005, 6,25(6).504-508.
[32]宋健.移动Ad hoc网络信任模型研究[D].河南:解放军信息工程大学,2006.
[33]D Boneh, B Lynn, H Shacham. Short signatures from the Weil pairing [C]. In: Boyd C, ed, Advances in Cryptology-Asi-acrypt 2001. Berlin:Springer-Verlag, 2001.514-532.
[34]Trusted Computing Group. Specification, Architecture Overview Specification (1.4 Edition) [EB/OL].2007,8. http://www.trustedcomputinggroup.org.
[35]Ernie Brickell, Jan Camenisch, Liqun Chen. Direct Anonymous Attestation[C]. In ACM Conference on Computer and Communications Security.2004.142-145.
[36]Trusted Computing Group. Trusted Platform Module Main Specification Part 1: Design Principles; Part 2:TPM Structures; Part 3:Commands Specification version 1.2[S].2006. https://www.trustedcomputinggroup.org.
[37]秦戈,韩文报.关于可信计算平台模块的研究[J].信息工程大学学报.2006,12,7(4).341-345.
[38]刘宏伟,朱广志.可信计算平台认证机制研究[J].计算机工程.2006,32(24).149-151.
[39]Trusted Computing Group. Trusted computing platform module (TPM) main specification, version 1.2[EB/OL].2002,2. www.trustedcomputinggroup.org.
[40]张强,朱丽娜,赵佳.可信计算中远程证明方法的研究[J].微计算机信息.2008,4,24(4-3).54-56.
[41]Aarthi Nagarajan, Vijay Varadharajan, Michael Hitchens. Trust Management and Negotiation for Attestation in Trusted Platforms using Web Sevices[C]. Eithth International Conference on Parallel and Distributed Computing, Applications and Technologies.2007,12.453-460. http://portal.acm.org/.