【作者】 付才；

【导师】 洪帆；

【作者基本信息】 华中科技大学 ， 信息安全， 2007， 博士

【摘要】 移动Ad Hoc网络(Mobile Ad Hoc Network,MANET)是由一组带有无线收发设备的移动节点组成的临时自治性网络。这种网络的组建不需要基站代理等基础设施,并且采用分布式管理,各节点兼具主机和路由器的功能,节点间采用多跳数据转发机制来交换信息,是一种自创造,自组织和自管理网络。与普通的移动网络和固定网络相比,由于没有固定基础设施、拓扑结构动态变化、无线信道完全开放、节点的恶意行为难以检测、网络缺乏自稳定性等原因,移动自组网容易遭受多种类型的攻击。作为基础构件之一的路由协议的安全性就显得非常重要。针对移动自组网络的特征,一方面,在门限密码基础上,给出了一完整的分布式CA解决方案,该方案对分布式CA构建过程、用户证书的更新以及CA的私钥更新等关键问题进行了研究,并指出纯粹的门限RSA密码方案在实际网络环境中应用存在的问题,通过引入一个素域作为门限方案的背景结构解决了该问题,提高了门限RSA分布式CA的实用性与有效性;另外一方面,对适合移动网络的自组织公钥证书管理体系进行了讨论,提出了基于绝对信任的自组织公钥管理模型,在该模型中,通信实体自己产生公私钥并相互颁发证书,该颁发过程需要双方确认,单一方不能强制或是恶意为另外一方颁发,不需要任何信任第三方以及认证服务器,信任关系按照自然人的绝对可信关系得到传播,相对传统的自组织公钥管理具备较好的性能,绝对信任证书更加符合完全分布式的移动Ad Hoc网络主机通信安全需求,绝对信任证书由于需要双方确认才能颁发,具备更强的安全性能,能有效防止恶意签名,在同样环境中,绝对证书模型可以获得更高的认证通过率以及更短的证书认证路径。提出了基于桥节点的安全路由协议BSOLSR。首先分析了链路状态路由协议OLSR存在的安全隐患及其存在的安全问题。然后通过建立SOLSR安全框架,引入邻居身份认证、协议报文可鉴别、完整性校验以及信任评估模型,来加强OLSR协议的抗攻击能力。重点研究了在单向链路网络环境下,指出SOLSR的认证效率与路由效率难以提高,通过引入桥节点来解决认证效率问题,同时在路由计算中针对单向链路进行优化,基于桥节点的安全路由协议BSOLSR在不影响SOLSR的安全性能下,较好的提高了单向链路的网络性能。通过理论分析和实验仿真,说明BSOLSR路由协议可以保护OLSR的安全性,同时通过对比仿真表明,在单向链路网络中BSOLSR网络性能要优越于SOLSR。提出了基于信任保留的移动身份认证协议。该协议以基本的BSOLSR身份认证协议为基础,对每个步骤的认证结果进行保留,下一次节点相遇时候继续认证过程,通过这种认证结果保留的方式,提高认证的可靠性,仿真表明,在节点移动性能较强的情况下,相对传统认证步骤,有效的提高了认证效率。另外一方面,由于认证过程的延长,导致遭受的恶意攻击可能性提高,为此,采用数据挖掘中基于关联规则的行为检测方法对认证过程中或是认证通过后的节点进行信任评估,以此提高认证协议的安全性能。设计了针对移动自组织网络中路由攻击的检测规则,通过一个典型的虫洞攻击仿真表明,该方法能够有效检测移动自组织网络中的异常或是恶意行为。为解决移动自组网络中匿名路由的可控问题,给出了一个基于SPKI证书的匿名路由方案。在一个高安全的移动自组织网络中,由于无线信号的开放性,恶意节点对网络的流量分析以及路由跟踪变得更加容易,而匿名路由正是抵抗这类攻击的有效方法。在匿名路由查找基础上,引入SPKI匿名属性证书,给出了一个可控匿名路由方案,该方案不需要匿名路由器的支持,实现完全分布式的路由匿名查找过程;通信数据发送与接收双向匿名;在没有影响匿名通信的基础上,提高了信息流的安全性能以及可控性能;由于SPKI证书可以进一步扩展,从整体上对Ad Hoc网络通信进行调控,从而改善了网络通信效果。更多还原

【Abstract】 The Mobile Ad Hoc networks is a self-organized network composed of mobile host with wireless equipments . Unlike traditional mobile wireless networks, ad hoc networks do not rely on any fixed infrastructure and are managed by distributed way, all hosts act as routers and communicate through multi-hop routing,the Ad Hoc networks is a self-created,self-organized and self-managed networks.Ad hoc networks are a new paradigm of wireless communication for mobile nodes. In an ad hoc network, there is no fixed infrastructure such as base stations or mobile switching centers. Mobile nodes that are within each other’s radio range communicate directly via wireless links, while those that are far apart rely on other nodes to relay messages as routers. Because of self-organization, dynamic topology and openness of wireless links, ad hoc networks suffer more attacks than conventional networks. Especially, as one of the core functions, the routing protocols’ security takes very important part.Compared with the commom mobile networks and fixed networks, the Ad Hoc networks is more possibly to be attacked because the wireless channel is open, the hostile behavior is difficult to detect and the Ad Hoc network is dynamic,so the secure routing protocol is very important for the Ad Hoc networks. The main contributions are as follows:Aiming at the characteristics of Ad Hoc networks, a distributed CA solution is proposed,which is composed of the initializing processing, user certificates updating and the private key updating and indicates that pure threshold cryptography have the application problem in practice. By introducing a prime field into the solution,the practicability is improved.The self-organized public key management framework is discussed, a fully self-organized public-key management based on absolute trust model without any centralized authority is proposed ,which allows users to generate their public-private key pairs, to issue certificates, and the trust relation spreads rationally according to the truly human relations. In contrast with the traditional self-Organized Public-Key Management, the average certificates paths get more short,the authentication pass rates gets more high and the most important is that the absolute based model fits the trust requirement of each host better.A bridge nodes based secure link state routing scheme-BSOLSR is proposed to solve the asymmetrical link problem. At first the security problems in OLSR are analysed, a secure SOLSR framework is built, neighbour authenticating protocol, verifying mechanism and trust evaluating is introduced to enhance the OLSR security. The existing secure routing protocols are mainly based on bi-directional and symmetrical links, however, because of the special digital signals transmission equipments, which have different physical characteristic such as power range, there are many asymmetrical links in true wireless networks, so the successful authentication ratio is limited, even they can’t work in some extreme circumstance. This paper proposes a bridge nodes based secure link state routing scheme-BSOLSR to solve the asymmetrical link problem. The simulation presents that the successful authentication ratio is enhanced and the average length of routing paths is more short than that of SOLSR, which is important to the communication efficiency and networks performance.Moving characteristic is a important factor in secure routing for Ad Hoc networks. Most secure routing protocols are difficult to finish the authenticating processing and can’t build the secure routing in a mutative and high speed moving network because authenticating is a continuous processing for messages exchanging and the moving characteristic can’t ensure the continuity. This paper proposes the trust preserving based secure routing protocol based on OLSR, the trust preserving method is adopted to accomplish the authenticating and resolve the high speed moving authenticating problem, which is proved with the formal language. Aiming at the low flexibility of most trust evaluating system, a novely evaluating system is proposed, by which the nodes get the trust information, identify and limit the vicious nodes, at the same time, it can resist the associated attacks,such as worm-hole attack. The simulations shows that in a high speed moving network, The TPSRP’s authenticating performance is more better than that of the traditional and can isolate the attacking nodes effectively.Anonymous and controllable routing is a important problem on Ad Hoc routing security. The controllable routing is not considered in current Ad Hoc anonymous routing, however, which is a effect way to improve the routing security and the bandwidth usage ratio. SPKI certificates have anonymity characteristics. In this paper, this kind of certificates are introduced into Ad Hoc Anonymous routing, the anonymity is not impaired, as result, the controllability and security performance about routing are improved.更多还原