基于椭圆曲线的Ad hoc网络门限身份认证研究

移动Ad hoc网络是一种拥有自组织、自愈能力而且复杂分布式的网络,Ad hoc网络由能够移动无线节点构成,具有网络拓扑动态变化特性。根据这些特点,安全隐患是Ad hoc网络最主要的缺陷,尤其身份认证作为整个Ad hoc网络达到安全稳定的前提,不言而喻在移动Ad hoc网络中至关重要。提出基于椭圆曲线的Ad hoc网络门限身份认证思想,利用椭圆曲线数字签名算法建立子密钥和群密钥,通过子证书的合成并且进行身份验证,使算法具有极强的安全性、高效率,而且降低了计算难度,满足自组移动的Ad hoc网络特性。     

基于簇的ad hoc网络密钥管理方案

将自认证公钥的概念和组合公钥的思想相结合,为ad hoc网络提出了一种新的门限密钥分发方案,在此基础上,和"簇"的组网方式结合,提出一种完整的密钥管理方案.该方案公钥自身具有认证功能,不需要证书管理,密钥分发过程简单,消除了IBE(identity-based encryption)方案中存在的密钥托管问题.方案能够灵活地适应ad hoc网络动态拓扑性,适用于各种规模的网络.理论和仿真分析表明,该方案计算量和通信量都比较小,与PKI、IBE方案相比,具有更高的安全性和实用性.     

Ad hoc网络中基于双线性配对的STR组密钥管理协议研究

STR组密钥管理协议具有较好的计算、通信和存储代价,但在安全性方面,由于没有提供密钥认证,不能抵御主动攻击.在分析STR协议基础上,引入双线性配对密码体制和三叉密钥树来实现组密钥管理,提出PSTR(bilinear pairing-based STR)协议,其中包括密钥产生过程及其6个子协议,对PSTR协议安全性进行分析,证明了PSTR协议在计算上是安全的.分析与比较了PSTR协议和STR协议的性能,结果表明PSTR协议在通信代价、计算代价和存储代价均优于STR协议,因此PSTR协议是ad hoc环境下一种新型、可靠的组密钥管理协议.     

基于椭圆曲线密码组合公钥的ad hoc密钥管理方案

Ad Hoc网络是一种独具特色的网络,作为一种新型的无线,多跳、无中心分布式控制网络,它无需网络基础设施,具有很强的自组织性,鲁棒性.抗毁性和容易构建的特点,其安全问题一直是研究的热点和难点.文中提出了一种改进的基于椭圆曲线密码组合公嘲的ad hoc密钥管理方案.与原方案相比,除了保持快捷地计算出节点的公私钥对、扩展性好、无需证书等特性外,新方案进一步提高了ad hoc网络的安全性,避免了单点失败.     

Ad hoc网络中基于数据流的QoS路由协议

已有ad hoc网络中的QoS路由都是基于目的地址的选路并预留资源,当源节点针对同一个目的节点先后建立两个或者多个实时业务流的时候,将导致几个数据流争用资源,使得几个流的QoS都无法得到保证。针对这个问题,文章提出了基于流的QoS路由机制,并且进行了仿真分析,仿真结果表明这种机制能够解决这个问题,使QoS得到保证。     

适合ad hoc网络无需安全信道的密钥管理方案

密钥管理问题是构建ad hoc安全网络系统首要解决的关键问题之一.针对ad hoc网络特点,提出了一个无需安全信道的门限密钥管理方案.该方案中,可信中心的功能由局部注册中心和分布式密钥生成中心共同实现,避免了单点失效问题;通过门限技术,网络内部成员相互协作分布式地生成系统密钥;利用基于双线性对的公钥体制实现了用户和分布式密钥生成中心的双向认证;通过对用户私钥信息进行盲签名防止攻击者获取私钥信息,从而可以在公开信道上安全传输.分析表明该方案达到了第Ⅲ级信任,具有良好的容错性,并能抵御网络中的主动和被动攻击,在满足ad hoc网络安全需求的情况下,极大地降低了计算和存储开销.     

一种新的基于椭圆曲线密码体制的 Ad hoc组密钥管理方案

在安全的组通信中,组密钥管理是最关键的问题.论文首先分析了组密钥管理的现状和存在的问题,然后基于椭圆曲线密码体制,针对Ad hoc网络提出了一种安全有效的分布式组密钥管理方案,并对其正确性和安全性进行了证明,由椭圆曲线离散对数困难问题保证协议的安全.针对Ad hoc网络节点随时加入或退出组的特点,提出了有效的组密钥更新方案,实现了组密钥的前向保密与后向保密.与其他组密钥管理方案相比,本方案更加注重组成员的公平性,没有固定的成员结构,并且还具有轮数少、存储开销、通信开销小等特点,适合于在Ad hoc网络环境中使用.     

基于椭圆曲线密码体制的动态秘密共享方案

文章给出了一个基于椭圆曲线公钥密码体制的动态秘密共享方案，有效地解决了共享秘密的动态更新，子密钥动态分配和欺诈问题，且易于实现，效率高。方案的安全性基于求解有限域上椭圆曲线离散对数的困难性。     

Ad hoc网络中带宽保证路由协议

研究ad hoc网络中无线链路存在邻近链路干扰及隐藏终端和暴露终端问题，提出新的带宽预留模型及带宽保证路由协议(BGRP)，旨在按需探测符合带宽需要的路由路径并预留可靠的带宽资源。理论分析证明，BGRP探测的路由路径能满足带宽需要，而且预留的带宽资源准确有效。仿真结果表明，就有效带宽而言，BGRP较INSIGNIA和BGSR算法有效，而且消息复杂性较小，具有良好的网络扩展性。     

移动Ad hoc网络基于干扰和连通度的路由协议

移动Ad hoc网络中,节点随机移动会引起通信链路频繁断开,从而导致路由失效,带来大量的路由重建与路由发现,耗费了有限的网络资源。传统按需路由中,采用简单的洪泛进行路由发现,路由请求包的盲目转发会带来大量不必要的冗余转发,造成广播风暴问题。此外,大量的数据包同时发送也会对彼此的传输造成干扰,增加数据包冲突概率。针对这种情况,本文提出一种基于干扰和连通度的路由协议,该协议结合节点的连通度和潜在干扰设计转发概率,不仅减少了路由请求包的传播范围,还减少了路由请求包的冲突概率,提高了传输成功率。仿真结果表明,本文设计的方案在减少路由开销的同时,有效提高了数据包投递率,从而提高了路由性能。     

在椭圆曲线域中基于身份认证的移动ad hoc密钥管理框架

提出一种建立在椭圆曲线域上的基于双向身份认证的移动adhoc密钥管理框架。框架中的门限方案增强了系统的健壮性，基于身份的双向认证方案确保了交互节点身份的真实性，从而能将恶意仿冒节点和恶意发送虚假信息节点快速从系统中分离出来。     

Location-aware resource management in mobile ad hoc networks

We propose an innovative resource management scheme for TDMA based mobile ad hoc networks. Since communications between some important nodes in the network are more critical, they should be accepted by the network with high priority in terms of network resource usage and quality of service (QoS) support. In this scheme, we design a location-aware bandwidth pre-reservation mechanism, which takes advantage of each mobile node’s geographic location information to pre-reserve bandwidth for such high priority connections and thus greatly reduces potential scheduling conflicts for transmissions. In addition, an end-to-end bandwidth calculation and reservation algorithm is proposed to make use of the pre-reserved bandwidth. In this way, time slot collisions among different connections and in adjacent wireless links along a connection can be reduced so that more high priority connections can be accepted into the network without seriously hurting admissions of other connections. The salient feature of our scheme is the collaboration between the routing and MAC layer that results in the more efficient spatial reuse of limited resources, which demonstrates how cross-layer design leads to better performance in QoS support. Extensive simulations show that our scheme can successfully provide better communication quality to important nodes at a relatively low price. Finally, several design issues and future work are discussed. Xiang Chen received the B.E. and M.E. degrees in electrical engineering from Shanghai Jiao Tong University, Shanghai, China, in 1997 and 2000, respectively. Afterwards, he worked as a MTS (member of technical staff) in Bell Laboratories, Beijing, China. He is currently working toward the Ph.D. degree in the department of Electrical and Computer Engineering at the University of Florida. His research is focused on protocol design and performance evaluation in wireless networks, including cellular networks, wireless LANs, and mobile ad hoc networks. He is a member of Tau Beta Pi and a student member of IEEE. Wei Liu received the BE and ME degrees in electrical engineering from Huazhong University of Science and Technology, Wuhan, China, in 1998 and 2001, respectively. He is currently pursuing the P.hD. degree in the Department of Electrical and Computer Engineering, University of Florida, Gainesville, where he is a research assistant in the Wireless Networks Laboratory (WINET). His research interest includes QoS, secure and power efficient routing, and MAC protocols in mobile ad hoc networks and sensor networks. He is a student member of the IEEE. Hongqiang Zhai received the B.E. and M.E. degrees in electrical engineering from Tsinghua University, Beijing, China, in July 1999 and January 2002 respectively. He worked as a research intern in Bell Labs Research China from June 2001 to December 2001, and in Microsoft Research Asia from January 2002 to July 2002. Currently he is pursuing the Ph.D. degree in the Department of Electrical and Computer Engineering, University of Florida. He is a student member of IEEE. Yuguang Fang received a Ph.D. degree in Systems and Control Engineering from Case Western Reserve University in January 1994, and a Ph.D. degree in Electrical Engineering from Boston University in May 1997. From June 1997 to July 1998, he was a Visiting Assistant Professor in Department of Electrical Engineering at the University of Texas at Dallas. From July 1998 to May 2000, he was an Assistant Professor in the Department of Electrical and Computer Engineering at New Jersey Institute of Technology. In May 2000, he joined the Department of Electrical and Computer Engineering at University of Florida where he got the early promotion to Associate Professor with tenure in August 2003 and to Full Professor in August 2005. He has published over 180 papers in refereed professional journals and conferences. He received the National Science Foundation Faculty Early Career Award in 2001 and the Office of Naval Research Young Investigator Award in 2002. He is currently serving as an Editor for many journals including IEEE Transactions on Communications, IEEE Transactions on Wireless Communications, IEEETransactions on Mobile Computing, and ACM Wireless Networks. He is also actively participating in conference organization such as the Program Vice-Chair for IEEE INFOCOM’2005, Program Co-Chair for the Global Internet and Next Generation Networks Symposium in IEEE Globecom’2004 and the Program Vice Chair for 2000 IEEE Wireless Communications and Networking Conference (WCNC’2000).     

基于带宽估计的ad hoc网络拥塞控制机制

针对ad hoc网络提出了一种基于带宽估计的拥塞控制机制.该机制通过实时的监测无线节点链路的工作状态,来估计节点的可用带宽,从而获得节点的拥塞程度指标,根据包的类型进行拥塞控制.由于带宽估计不需要与其他节点进行状态信息交换,降低了系统开销.同时拥塞控制机制缓解了无线网络的拥塞状态,提高了网络性能.     

Threshold cryptography in mobile ad hoc networks under minimal topology and setup assumptions

Mobile Ad Hoc Networks (MANET), due to their lack of physical infrastructures or centralized online authorities, pose a number of security challenges to a protocol designer. In particular, several typical application scenarios demand the design of protocols that cannot base their security on the existence of trusted parties or setup information, but rather need to leverage uniquely on assumptions limiting the corrupting power of the adversaries. This naturally defines security design and analysis paradigms similar to those of the threshold cryptography area, where it is typically assumed that an adversary can corrupt up to a limited amount of entities or resources. Therefore a secure realization of primitives from threshold cryptography in MANET promises to be applicable to several MANET protocols. However, directly applying known threshold cryptography solutions for wired network into MANETs faces serious challenges. In particular, we noted a major design difficulty due to the lack of full network connectivity that significantly constrained the network topology assumptions under which a MANET threshold signature scheme can be proved secure. In this paper we formalize, investigate and present a new MANET threshold signature scheme that is secure under significantly improved topology and setup assumptions. Surprisingly, we break through an apparent barrier due to well-known results from the distributed computing area.     

A routing protocol based on node density for ad hoc networks

Ad hoc networks are a type of mobile network that functions without any fixed infrastructure. One of the weaknesses of ad hoc networks is that a route used between a source and a destination is likely to break during communication. To solve this problem, one approach consists of selecting routes whose nodes have the most stable behavior. Another strategy aims at improving the route repair procedure. This paper proposes a method for improving the success rate of local route repairs in mobile ad hoc networks. This method is based on the density of the nodes in the neighborhood of a route and on the availability of nodes in this neighborhood. Theoretical computation and simulation results show that the data packet loss rate decreased significantly compared to other methods which are well-documented in the literature. In addition, the time required to complete a local route repair following a failure was significantly reduced.     

A green trust‐distortion resistant trust management scheme on mobile ad hoc networks

Trust management is an emerging security approach used to conduct nodes' relationships in mobile ad hoc networks. It relates to assigning a trust level to each network component based on its cooperative behavior with respect to system goals. Because of its infrastructure‐less nature, frequent network dynamics, and severe resource constraints, it is complex to establish trust in such a network. Mainly, trust systems are vulnerable to attacks that make use of inherent properties of the trust model to alter the accuracy of estimated trust levels, referred to as trust‐distortion attacks. Because of the contradictory nature of such attacks, their detection can be confusing, complex, and energy‐demanding, especially in multiattack environments. To handle such threats, we propose a Green Trust‐distortion Resistant Trust Management Scheme, called GTRTMS, which handles different trust‐distortion attacks in multiattack environments. The proposed solution self‐adapts its trust knowledge monitoring according to the network context to conserve the energy of mobile nodes and reduce the produced CO₂ emissions. Simulation results prove that GTRTMS exhibits significantly better performance than the other counterpart in presence of simultaneous and contradictory different trust‐distortion attacks.     

移动自组网络中一种基于选播策略的路由恢复方法

独立于路由算法对路由恢复方法进行了研究,并在选播策略的基础上,提出了一种路由恢复方法。模拟测试表明该方法具有平均路由恢复延时较短和平均控制字节数较少的特点。     

TIDS: threshold and identity-based security scheme for wireless ad hoc networks

As various applications of wireless ad hoc network have been proposed, security has received increasing attentions as one of the critical research challenges. In this paper, we consider the security issues at network layer, wherein routing and packet forwarding are the main operations. We propose a novel efficient security scheme in order to provide various security characteristics, such as authentication, confidentiality, integrity and non-repudiation for wireless ad hoc networks. In our scheme, we deploy the recently developed concepts of identity-based signcryption and threshold secret sharing. We describe our proposed security solution in context of dynamic source routing (DSR) protocol. Without any assumption of pre-fixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide key generation and key management services using threshold secret sharing algorithm, which effectively solves the problem of single point of failure in the traditional public-key infrastructure (PKI) supported system. The identity-based signcryption mechanism is applied here not only to provide end-to-end authenticity and confidentiality in a single step, but also to save network bandwidth and computational power of wireless nodes. Moreover, one-way hash chain is used to protect hop-by-hop transmission.