【作者】 丁旭阳；

【导师】 范明钰；

【作者基本信息】 电子科技大学 ， 信息安全， 2008， 博士

【摘要】 无线网状网(Wireless Mesh Networks，WMN)是一种动态自组织和自配置的网络。WMN作为Internet在无线方面的扩展和延伸，既具有无线网络的特征，又具有多跳、自组织、配置灵活等特性。但由于WMN缺乏明确的网络边界防线，每个网络节点都可能受到直接或间接的攻击，网络通信安全非常难以保障。在WMN逐步进入我们的生活并展开大规模应用之时，如何保障用户在WMN网络环境下的通信安全成为了一个不容忽视，必须妥善解决的关键性问题。本论文针对上述问题，以WMN通信安全为主要研究对象，学习和总结了WMN通信安全技术的发展现状和未来趋势，在借鉴传统网络安全机制的基础上，结合WMN的固有特点，在不增加任何额外的硬件设备的情况下，对如何保障WMN通信安全进行了创新性和探索性研究。主要内容为：(1)详细研究了WMN网络通信安全架构，提出了一种新的基于非相关多径路由的安全通信机制MSC (Multi-path based Secure Communication)，用于提高WMN网络通信的安全性；(2)详细研究了WMN网络环境下的非相关多径路由寻找技术，提出了一种新的基于DSR路由协议改进的EDSR多径路由寻找算法，为网络节点提供非相关多径路由；(3)详细研究了WMN网络环境下的安全密钥交换算法，提出了一种新的基于非相关多径或单径路由进行的安全密钥交换算法，为网络通信节点分发会话密钥；(4)详细研究了WMN网络环境下的网络信任评估机制，提出了一种新的以不确定性度量极小化原理为基础建立的信任评估模型，为网络节点路由选择提供依据；(5)研究了WMN网络环境下的网络激励机制，提出了一种新的基于有限理性博弈的激励算法，通过网络节点间的有限理性博弈，促使网络节点在网络活动过程中采取正确的网络行为；(6)研究了WMN网络通信异常监测技术，提出了一种新的基于中间件技术构建网络通信异常监测机制，用于协助网络管理和维护，发现网络异常。MSC机制在WMN网络全局范围内应用基于有限理性博弈的激励机制，通过严厉的惩罚策略激励网络节点正常提供网络服务。当网络节点存在通信需求时，源节点利用非相关多径路由发现算法，寻找出它与目的节点间存在的多条路由，并通过基于不确定性度量极小化的信任评估机制对路由可靠性进行评估，根据评估结果选出符合安全设置的路由，然后利用基于单径或多径路由的安全密钥交换机制与目的节点生成会话密钥，加密通信信息，尽可能保障网络通信的安全。此外，MSC机制还通过代理对网络通信进行监测，及时发现网络异常。仿真实验表明，MSC安全通信机制能有效提高网络通信的可靠性，降低网络通信的安全风险。更多还原

【Abstract】 Wireless Mesh Networks (WMN) is a kind of self-organizing and self-configuringnetwork. WMN is an expansion and extension of Internet in wireless area. It containsnot only the characteristics of wireless networks but also multi-hop, self-organizing,self-configuring, and so on. Each node in a WMN may be attacked directly orindirectly by malicious attackers, because WMN lacks a definite network defenseborder. So, it’s very difficult to ensure the security of communications in WMN. Withincreasing applications of WMN, how to guarantee communication security hasbecame a crisis problem, and it should be solved appropriately.To slove above topics, this dissertation focuses on securing communication inWMN. It concludes and analyses the present status and future challenges of securecommunication issues in WMN. On the basis of the traditional network securitymechanisms and the inherent characteristics of WMN, novel researches onguaranteeing communication secutity in WMN are explored without adding anyhardware. The main works are as follows:(1) Secure communication architecture of WMN is studied in detail. A novelMulti-path based Secure Communication (MSC) is proposed. It is used toprovide secure communications in WMN.(2) Technologies of detecting link-disjoint (or node-disjoint) multiple paths arestudied in detail. A novel EDSR algorithm is proposed to provide link-disjoint(or node-disjoint) multiple paths for network nodes in WMN. It’s animprovement of the DSR route protocol.(3) Secure key exchange algorithms are studied in detail. Novel key exchangemethods are proposed to distribute session keys effectively for communicationnodes through multiple paths or single path in WMN.(4) Trust evaluation mechanisms are studied in detail. A novel trust model isproposed according to the minimal principle of uncertainty metric. The model is used to evaluate the trust values of nodes and helps network nodes to chooseproper routes in WMN.(5) Incentive mechanisms in WMN are studied. The proposed new mechanismmakes network nodes act as normal by deploying limited rational game amongall of network nodes.(6) Technologies of network communication abnormal monitoring are studied inWMN. The proposed new monitor is built on middleware technology. It isused to maintain and monitor abnormal cases of the network.MSC deploys the limited rational game based incentive mechanism in wholenetwork, and makes nodes act as normal. When a node needs to send packets toanother node, it will use the detection algorithm to find link-disjoint (or node-disjoint)multiple paths. Then it chooses proper paths according to the evaluation results ofproposed trust model, which is based on the minimal uncertainty metric. At last, MSCuses of the key exchange methods to distribute session keys for communication pairs.And these keys are used to encrypt data and enhance the security of communications.Additionally, MSC uses of agent based network communication abnormal monitoringmechanism to maintain and monitor abnormal cases of the network. Simulation resultsindicate that the proposed MSC mechanism can improve the reliability and decreasethe security risk of communications effectively.更多还原