基于AODV的安全路由协议研究
|
摘要
近年来,随着无线通信技术快速发展以及Ad Hoc网络技术的应用范围不断拓展,针对Ad Hoc网络路由的研究也日益成熟,AODV路由协议由此孕育而生,然而AODV设计之初并未充分考虑诸多应用在安全方面的要求。因此,建立在AODV的研究基础上,设计出能充分保证路由的安全性和可靠性,同时优化Ad Hoc网络的节点能耗的安全路由协议是值得不断探讨的一个热点问题。
论文对AODV协议的安全性以及基于AODV安全性改进的路由协议进行了研究,设计了一种基于AODV的安全路由方案DCAODV。为了有效避免恶意节点利用黑洞和蠕洞针对AODV的路由进行安全攻击,DCAODV协议在AODV协议的机制上增加了对路由回复过程进行验证的功能:采用邻居验证,用于降低验证的复杂度与网络规模的相关性,解决已有协议验证算法涉及节点数目过多的不足;建立在邻居验证基础上的二项分布的概率验证用于进一步检验回复点的可靠性。为了减轻AODV协议在链路中断时完全重建路由的过重负担,DCAODV协议针对路由的重建进行了优化。设计单点断路时,利用断点的上下游节点间的互搜索实现局部的路由重建;多点断路时,参照健壮的AODV路由修复协议采用备份路由来完成重建工作。
仿真结果表明DCAODV协议基本可以满足Ad Hoc网络路由安全性方面的要求。
In recent years, as the wireless communication technology being rapidly developed and the scope of the application of Ad Hoc continuously expanding.AODV is considered as the best protocol in domain, but the security is not being considered in it.Therefore, how to design a security routing protocol that fully guarantee the security and reliability of routing and optimize the energy consumptions of nodes and based on AODV is a hot topic worthing being continuously discussed.
The disseratation was made reseach on the security of AODV protocol and the protocol based on the improving of security of AODV.A security routing protocol ------DCAODV that adopted a double testmechanism based on neighbors cetification and binomial distribution probability recursive verification for the routing lookup process,and optimized the reconstruction of route for the routing maintenance phase. In order to avoid the attacks of unreliable notes,a function that made certification for the replying process in routing lookup process was added to DCAODV.The neighbor verification can reduce the relevance between the complexity of verification and the scale of network. It can decrease the number of nodes in the authentication algorithm in the large-scale networks; The binomial distribution probability recursive based on the neighbors certification can also increase the reliability of replying notes.In order to alleviate the burden of reconstruct routing after route interrupt,DCAOV protocol optimized the routing construction.
The simulation result indicated that the DCAODV protocol basicly satisfied the security request of the network route of Ad Hoc.
论文对AODV协议的安全性以及基于AODV安全性改进的路由协议进行了研究,设计了一种基于AODV的安全路由方案DCAODV。为了有效避免恶意节点利用黑洞和蠕洞针对AODV的路由进行安全攻击,DCAODV协议在AODV协议的机制上增加了对路由回复过程进行验证的功能:采用邻居验证,用于降低验证的复杂度与网络规模的相关性,解决已有协议验证算法涉及节点数目过多的不足;建立在邻居验证基础上的二项分布的概率验证用于进一步检验回复点的可靠性。为了减轻AODV协议在链路中断时完全重建路由的过重负担,DCAODV协议针对路由的重建进行了优化。设计单点断路时,利用断点的上下游节点间的互搜索实现局部的路由重建;多点断路时,参照健壮的AODV路由修复协议采用备份路由来完成重建工作。
仿真结果表明DCAODV协议基本可以满足Ad Hoc网络路由安全性方面的要求。
In recent years, as the wireless communication technology being rapidly developed and the scope of the application of Ad Hoc continuously expanding.AODV is considered as the best protocol in domain, but the security is not being considered in it.Therefore, how to design a security routing protocol that fully guarantee the security and reliability of routing and optimize the energy consumptions of nodes and based on AODV is a hot topic worthing being continuously discussed.
The disseratation was made reseach on the security of AODV protocol and the protocol based on the improving of security of AODV.A security routing protocol ------DCAODV that adopted a double testmechanism based on neighbors cetification and binomial distribution probability recursive verification for the routing lookup process,and optimized the reconstruction of route for the routing maintenance phase. In order to avoid the attacks of unreliable notes,a function that made certification for the replying process in routing lookup process was added to DCAODV.The neighbor verification can reduce the relevance between the complexity of verification and the scale of network. It can decrease the number of nodes in the authentication algorithm in the large-scale networks; The binomial distribution probability recursive based on the neighbors certification can also increase the reliability of replying notes.In order to alleviate the burden of reconstruct routing after route interrupt,DCAOV protocol optimized the routing construction.
The simulation result indicated that the DCAODV protocol basicly satisfied the security request of the network route of Ad Hoc.
引文
[1]英春,史美林.自组网体系结构研究,通信学报,1999,20(9):47-54
[2]许强.基于Ad Hoc无线传感网络关键技术研究及应用.中国科技信息,2006,(23):122-123
[3]Dahill,K.Sanzgiri,B.N.Levine,et al.A Secure Routing Protocol for Ad Hoc Networks.in Proceedings of the 10th IEEE International Conference on Network Protocols(ICNP),2002,(11)
[4]D.Bertsekas and R.Gallager.Data Networks.Second Ed.Prentice Hall,Inc.1992
[5]Chales E.Perkins,Elizabeth M.Royer,Samir R.Das.Performance Comparison of Two On Demand Routing Protocols for Ad Hoc networks.IEEE Personal Communications,2001,(8):16-25
[6]Perkins C E,Royer E M.Ad hoc on demand distance vector routing.IEEE WMCSA,1999,90-100
[7]C E PERKNS,P BHAGWAI.Highly Dynamic Destination Sequenced Distance Vector Routing(DSDV)for Mobile computer.In:Proc ACMSIGCOMM94,1994,(8)
[8]应俊,吴哲夫,乐孜纯.基于OPNET的DSR路由协议的性能分析.杭州电子科技大学学报,2006,(05):70-73
[9]C.-C.Chiang and M.Gerla.Routing and Multicast in Multihop Mobile Wireless Networks.Proc.IEEE ICUPC '97,San Diego,CA,1997,10
[10]Vincent D.Park and M.Scott Corson.Temporally-Ordered Routing Algorithm(TORA)version1:Functionalspecification.Internet-Draft,Draft-ietf-manet-tora-spec00.Txt,1997,(11)
[11]S.Murthy and J.J.Garcia-Luna-Aceves.Congestion-Oriented Shortest Multipath Routing,Proc.IEEE INFOCOM,1996,5
[12]张宏霄,张远,刘洛琨.LANMAR算法对大型Ad hoc网络路由性能的改善.无线通信技术,2005,(1):51-54
[13]Navas J.C.,Imelinski T..Geocast-geographic addressing and routing.In:Pro ceedings of ACM/IEEE MOBICOM'97.Budapest:Hungary,1997,3:66-76
[14]Young-Bae Ko,Nitin H.Vaidya.Location-Aided Routing(LAR)in mobile ad hoc Networks.Wireless Networks,2000,6(4):66-75
[15]B.Karp,H.T.Kung.GPSR:Greedy Perimeter Stateless Routing for Wireless Net works.Raymond Pickoltz.Proc.of the 6th Annual ACM/IEEE International Conference on Mobile Computing and Networking.Boston:ACMPress,2000. 243-254
[16]S.Basagni,et al.A Distance Routing Effect Algorithm for Mobility(DREAM).ACM/IEEE Int'l.Conf.Mobile Computing and Networking,1998.76-84
[17]C.K.Toh.Long-lived Ad Hoc Routing based on the concept of Associativity.IETF Draft.http://www.ietf.org/Internet-drafts/draft-ietf-manet-log-lived-adhoc-Rout ing-OO.txt,1999,5
[18]王卓琳,李浩君.移动Ad Hoc网络中的ZRP.无线电通信技术,2005,(03):12-14
[19]Manel Guerrero Zapata.Secure Ad hoc On-Demand Distance Vector(SAODV)Routing.Draft-guerrero-manet-saodv-02.txt,2004,11
[20]Dahill B,Levine B N,Royer E,et al.ARAN:A secure Routing Protocol for Ad hoc Networks.Umass Tech Report,2002.02-32
[21]Papadimitrators P,Haas Z J.Secure Routing for Mobile Ad hoc Networks.SCS Comm Networks and Mobile Computing and Communications Review.Number 21Distributed Systems Modeling and Simulation,2002,1:27-31
[22]Y-C Hu,Johnson DB and Perrig A.SEAD:Secure Efficient Distance Vector Routing for Mobile Wireless.Ad hoc Networks in the fourth IEEE Workshop on Mobile Computing Systems and Applications,2002,3-13
[23]Y-C Hu,Perrig A,Johnson D B.Ariadne:A secure On-Demand Routing Protocol for Ad hoc Networks.In proceedings of MOBJCOM,2002
[24]Zhou Lidong,Haas.Securing Ad Hoc Networks.IEEE Networks Special Issue on Network Security,1999,13(6):24-30
[25]Weaver N,Paxson v,Staniford S,et al.A Taxonomy of Computer Worms.In:Proc.ACM CCS Workshop on Rapid Malcode,2003
[26]SHM IR A.Identity-based cryp to systems and signature schemes.Proc of Cryp to logy-Cryp.CA:Springer Verlag,1984:47-53
[27]Security firm:MyDoom worm fastest yet.http://edition.cnn.com/2004/TECH/Int -ernet/01/58/mydoom.spreadwed/index.html
[28]Kevin Lai Sergio Marti,Giuli T J,Mary Baker.Mitigating routing misbehavior in mobile Ad hoc networks.In Proceedings of MOBICOM,2000
[29]Buchegger.J-Y Le Boudee.Nodes bearing grudges:towards routing security,Fairness,and robustness in mobile ad hoc networks.In:Proceedings of 10th Euromicro Workshop on Parallel,Distributed and Network-based Processing,2002:403-410
[30]Pin-Han Ho,Mouftah H T.SLSP:A new Path Protection scheme for the optical Internet.OFC2001.Anaheim.2001:1-3
[31]ZAPATA M,AWERBUCH N,HOLMER D,et al.An on-demand secure routing protocol resilent to byzantine failures.In:Proceedings of the ACM Workshop Wireless Security(WiSE2002),Dec 12-14,2002,Atlanta,GA,USA.New York,NY,USA:ACM,2002:21-30
[32]LUO H,ZERFOS P,KONG J,et al.Self-securing ad hoc wireless networks.ISCC.2002:567
[33]Deng Hongmei,Agrawal Dharma P.TIDS:threshold and identity-based security scheme for wireless ad hoc networks.Ad hoc Networks,2004,2(3):291-307
[34]Buttyan L,Hubaux J P.Nuglets:a virtual currency to stimulate cooperation in self organized ad hoc networks.Technical Report DSC/2001/001,Swiss Federal Institute of Technology-Lausanne,2001
[35]Seung Yi,Prasad Naldurg,Robin Kravets.Security-Aware Ad hoc Routing for wireless Networks.The 6th World Muti-Conference on Systemics,Cybemetics and informations(SCI2002),2002
[36]赵绍刚,肖征荣.移动无线Ad Hoc网络中的路由安全问题.世界电信,2004,(02):53-56
[37]王英龙,牛秋娜,王美琴.移动Ad Hoc网络的安全路由协议研究,DPCS2003 &NDCS13论文集,2003:252-259
[38]张险峰,蒋凡.移动自组网络路由协议的安全性研究.电子技术应用,2006,(10):21-23
[39]熊焰,苗付友,张伟超,王行甫.移动自组网中基于多跳步加密签名函数签名的分布式认证.电子学报,2003,(02):2-6
[40]朱晓妍,王育民.一种增强Ad hoc网络路由协议安全性的方案.华中科技大学学报,2003,(S1):154-156
[41]李光松,韩文报.基于签密的Ad Hoc网络密钥管理.计算机工程与应用,2005,(12):163-167
[42]徐倩,张福泰,刘志高.无线Ad hoc网络中基于身份的密钥管理方案.南京师范大学学报(工程技术版),2006,(03):59-64
[43]曾英佩,郭山,清谢立.Ad Hoc网络中的入侵检测.计算机科学,2005,32(12):53-57
[44]穆海冰,刘云,张长伦.移动自组网中可逆证书状态管理模型.计算机应用,2006(12):139-141
[45]王海涛,刘晓明.Ad hoc网络的安全问题综述.计算机安全,2004,(07):26-30
[46]詹鹏飞,陈前斌,李云.移动Ad Hoc网络AODV路由协议安全性分析和改进.计 算机应用,2003,23(8):44-47
[47]胡海燕,吴蒙.AODV路由协议安全性改进与G1oMoSim仿真.南京邮电学院学报,2005(03):64-68
[48]沈颖.移动自组网的安全风险分析.信息安全与通信保密,2005,(08):94-97
[49]况晓辉,朱培栋,卢锡城.移动自组网络分布式组密钥更新算法.软件学报,2004,(05):127-136
[50]宋健,王建华,徐旸.移动自组网信任模型研究.计算机安全,2006,(07):15-16
[51]Sui AF,Yang YX,Niu XX,Luo SS.Research on the authenticated key greement protocol based on elliptic curve cryptography.Journal of Beijing University of Posts and Telecommunications,2004,27(3):28-32
[52]DENG Hongmei,L I Wei,AGRAWAL D P.Routing Security in Wireless Ad Hoc Networks.IEEE Communication Magazine,2002,40(10):70-75
[53]Schneier B.Applied Cryptography.北京:机械工业出版社,2001
[54]Suhua Tang,Bing Zhang.A robust AODV protocol with local update.Proceedings of the 5th International Symposium on Multi-Dimensional Mobile Communications,2004,1:418
[2]许强.基于Ad Hoc无线传感网络关键技术研究及应用.中国科技信息,2006,(23):122-123
[3]Dahill,K.Sanzgiri,B.N.Levine,et al.A Secure Routing Protocol for Ad Hoc Networks.in Proceedings of the 10th IEEE International Conference on Network Protocols(ICNP),2002,(11)
[4]D.Bertsekas and R.Gallager.Data Networks.Second Ed.Prentice Hall,Inc.1992
[5]Chales E.Perkins,Elizabeth M.Royer,Samir R.Das.Performance Comparison of Two On Demand Routing Protocols for Ad Hoc networks.IEEE Personal Communications,2001,(8):16-25
[6]Perkins C E,Royer E M.Ad hoc on demand distance vector routing.IEEE WMCSA,1999,90-100
[7]C E PERKNS,P BHAGWAI.Highly Dynamic Destination Sequenced Distance Vector Routing(DSDV)for Mobile computer.In:Proc ACMSIGCOMM94,1994,(8)
[8]应俊,吴哲夫,乐孜纯.基于OPNET的DSR路由协议的性能分析.杭州电子科技大学学报,2006,(05):70-73
[9]C.-C.Chiang and M.Gerla.Routing and Multicast in Multihop Mobile Wireless Networks.Proc.IEEE ICUPC '97,San Diego,CA,1997,10
[10]Vincent D.Park and M.Scott Corson.Temporally-Ordered Routing Algorithm(TORA)version1:Functionalspecification.Internet-Draft,Draft-ietf-manet-tora-spec00.Txt,1997,(11)
[11]S.Murthy and J.J.Garcia-Luna-Aceves.Congestion-Oriented Shortest Multipath Routing,Proc.IEEE INFOCOM,1996,5
[12]张宏霄,张远,刘洛琨.LANMAR算法对大型Ad hoc网络路由性能的改善.无线通信技术,2005,(1):51-54
[13]Navas J.C.,Imelinski T..Geocast-geographic addressing and routing.In:Pro ceedings of ACM/IEEE MOBICOM'97.Budapest:Hungary,1997,3:66-76
[14]Young-Bae Ko,Nitin H.Vaidya.Location-Aided Routing(LAR)in mobile ad hoc Networks.Wireless Networks,2000,6(4):66-75
[15]B.Karp,H.T.Kung.GPSR:Greedy Perimeter Stateless Routing for Wireless Net works.Raymond Pickoltz.Proc.of the 6th Annual ACM/IEEE International Conference on Mobile Computing and Networking.Boston:ACMPress,2000. 243-254
[16]S.Basagni,et al.A Distance Routing Effect Algorithm for Mobility(DREAM).ACM/IEEE Int'l.Conf.Mobile Computing and Networking,1998.76-84
[17]C.K.Toh.Long-lived Ad Hoc Routing based on the concept of Associativity.IETF Draft.http://www.ietf.org/Internet-drafts/draft-ietf-manet-log-lived-adhoc-Rout ing-OO.txt,1999,5
[18]王卓琳,李浩君.移动Ad Hoc网络中的ZRP.无线电通信技术,2005,(03):12-14
[19]Manel Guerrero Zapata.Secure Ad hoc On-Demand Distance Vector(SAODV)Routing.Draft-guerrero-manet-saodv-02.txt,2004,11
[20]Dahill B,Levine B N,Royer E,et al.ARAN:A secure Routing Protocol for Ad hoc Networks.Umass Tech Report,2002.02-32
[21]Papadimitrators P,Haas Z J.Secure Routing for Mobile Ad hoc Networks.SCS Comm Networks and Mobile Computing and Communications Review.Number 21Distributed Systems Modeling and Simulation,2002,1:27-31
[22]Y-C Hu,Johnson DB and Perrig A.SEAD:Secure Efficient Distance Vector Routing for Mobile Wireless.Ad hoc Networks in the fourth IEEE Workshop on Mobile Computing Systems and Applications,2002,3-13
[23]Y-C Hu,Perrig A,Johnson D B.Ariadne:A secure On-Demand Routing Protocol for Ad hoc Networks.In proceedings of MOBJCOM,2002
[24]Zhou Lidong,Haas.Securing Ad Hoc Networks.IEEE Networks Special Issue on Network Security,1999,13(6):24-30
[25]Weaver N,Paxson v,Staniford S,et al.A Taxonomy of Computer Worms.In:Proc.ACM CCS Workshop on Rapid Malcode,2003
[26]SHM IR A.Identity-based cryp to systems and signature schemes.Proc of Cryp to logy-Cryp.CA:Springer Verlag,1984:47-53
[27]Security firm:MyDoom worm fastest yet.http://edition.cnn.com/2004/TECH/Int -ernet/01/58/mydoom.spreadwed/index.html
[28]Kevin Lai Sergio Marti,Giuli T J,Mary Baker.Mitigating routing misbehavior in mobile Ad hoc networks.In Proceedings of MOBICOM,2000
[29]Buchegger.J-Y Le Boudee.Nodes bearing grudges:towards routing security,Fairness,and robustness in mobile ad hoc networks.In:Proceedings of 10th Euromicro Workshop on Parallel,Distributed and Network-based Processing,2002:403-410
[30]Pin-Han Ho,Mouftah H T.SLSP:A new Path Protection scheme for the optical Internet.OFC2001.Anaheim.2001:1-3
[31]ZAPATA M,AWERBUCH N,HOLMER D,et al.An on-demand secure routing protocol resilent to byzantine failures.In:Proceedings of the ACM Workshop Wireless Security(WiSE2002),Dec 12-14,2002,Atlanta,GA,USA.New York,NY,USA:ACM,2002:21-30
[32]LUO H,ZERFOS P,KONG J,et al.Self-securing ad hoc wireless networks.ISCC.2002:567
[33]Deng Hongmei,Agrawal Dharma P.TIDS:threshold and identity-based security scheme for wireless ad hoc networks.Ad hoc Networks,2004,2(3):291-307
[34]Buttyan L,Hubaux J P.Nuglets:a virtual currency to stimulate cooperation in self organized ad hoc networks.Technical Report DSC/2001/001,Swiss Federal Institute of Technology-Lausanne,2001
[35]Seung Yi,Prasad Naldurg,Robin Kravets.Security-Aware Ad hoc Routing for wireless Networks.The 6th World Muti-Conference on Systemics,Cybemetics and informations(SCI2002),2002
[36]赵绍刚,肖征荣.移动无线Ad Hoc网络中的路由安全问题.世界电信,2004,(02):53-56
[37]王英龙,牛秋娜,王美琴.移动Ad Hoc网络的安全路由协议研究,DPCS2003 &NDCS13论文集,2003:252-259
[38]张险峰,蒋凡.移动自组网络路由协议的安全性研究.电子技术应用,2006,(10):21-23
[39]熊焰,苗付友,张伟超,王行甫.移动自组网中基于多跳步加密签名函数签名的分布式认证.电子学报,2003,(02):2-6
[40]朱晓妍,王育民.一种增强Ad hoc网络路由协议安全性的方案.华中科技大学学报,2003,(S1):154-156
[41]李光松,韩文报.基于签密的Ad Hoc网络密钥管理.计算机工程与应用,2005,(12):163-167
[42]徐倩,张福泰,刘志高.无线Ad hoc网络中基于身份的密钥管理方案.南京师范大学学报(工程技术版),2006,(03):59-64
[43]曾英佩,郭山,清谢立.Ad Hoc网络中的入侵检测.计算机科学,2005,32(12):53-57
[44]穆海冰,刘云,张长伦.移动自组网中可逆证书状态管理模型.计算机应用,2006(12):139-141
[45]王海涛,刘晓明.Ad hoc网络的安全问题综述.计算机安全,2004,(07):26-30
[46]詹鹏飞,陈前斌,李云.移动Ad Hoc网络AODV路由协议安全性分析和改进.计 算机应用,2003,23(8):44-47
[47]胡海燕,吴蒙.AODV路由协议安全性改进与G1oMoSim仿真.南京邮电学院学报,2005(03):64-68
[48]沈颖.移动自组网的安全风险分析.信息安全与通信保密,2005,(08):94-97
[49]况晓辉,朱培栋,卢锡城.移动自组网络分布式组密钥更新算法.软件学报,2004,(05):127-136
[50]宋健,王建华,徐旸.移动自组网信任模型研究.计算机安全,2006,(07):15-16
[51]Sui AF,Yang YX,Niu XX,Luo SS.Research on the authenticated key greement protocol based on elliptic curve cryptography.Journal of Beijing University of Posts and Telecommunications,2004,27(3):28-32
[52]DENG Hongmei,L I Wei,AGRAWAL D P.Routing Security in Wireless Ad Hoc Networks.IEEE Communication Magazine,2002,40(10):70-75
[53]Schneier B.Applied Cryptography.北京:机械工业出版社,2001
[54]Suhua Tang,Bing Zhang.A robust AODV protocol with local update.Proceedings of the 5th International Symposium on Multi-Dimensional Mobile Communications,2004,1:418