【作者】 张强；

【导师】 龚正虎；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2009， 博士

【摘要】 移动自组网(MANET)是由可移动节点通过分布式协议以无线方式联接成的一种自组织网络系统。它常用于一些无固定基础设施或者有线网络条件缺乏的地方,也可作为临时应用而部署。移动自组网组建灵活、方便,有相当重要的军事价值和广泛的商业应用前景,是下一代网络的重要组成部分。然而,无中心控制的分布式结构、开放性的无线信道以及有限的资源都使MANET在安全性、可靠性以及性能提高上面临困难。因此,针对移动自组网在分簇、路由等关键技术进行研究,以提高系统安全性、稳定性和性能已成当务之急。传统的安全方法往往采用密钥机制,但纯粹的密钥机制在移动自组网这样的分布式系统中分发和管理困难,通信和计算代价高;而信任机制的使用能较好的避免这些问题,它具有复杂性小、自组织管理、激励效应等优势。将信任机制结合到移动自组网系统的关键研究中,可以有效增强MANET的安全性、可靠性和自适应能力,并且提高系统的工作效率。论文以信任为主线,结合移动自组网关键技术,从信任的机理和衍化规律、MANET分簇、路由、认证等关键技术以及安全可信移动自组网架构设计等方面展开了深入和系统的研究,结合具体功能提出了相应的解决方法。综合起来,主要工作体现在以下方面:(1)提出了改进的信任成分随时间衍化的信任三角隧道坠落(TTTD)模型。移动自组网环境往往动态性较强,因此必须充分考虑时间等客观因素对信任的影响。我们对信任随时间衰减和变化的规律做了完整的假设、分析和证明,提出了一种形象表示信任衍化机制的三角隧道坠落模型,并对信任各部分在模型中的组成作了详细说明,为时变信任在移动自组网络中的表示与衍化提供了一种直观而有效的描述方法。(2)提出了一种基于最大客观信任的MANET分簇算法(MOTBCS)。该算法针对MANET网络初组建缺乏原始信任信息或者网络动态性较强的情况,着重考虑信任属性的客观因素,依据客观信任时变模型,以最大稳定链路为主要测度评估节点交互的可靠性。理论分析和仿真试验表明,MOTBCS方法能有效地在组建大规模可信、高效、稳定的分簇结构MANET网络中发挥较好的作用。(3)提出了一种信誉评估和剩余能量约束的MANET分簇协议-HMCPRE。HMCPRE主要通过权衡节点的信誉度和能量等因素,在节点身份复杂的环境下组建稳定、可信且高效的分簇结构MANET网络系统,我们还对HMCPRE进行了较深入的基于概率的簇首独立性分析。模拟实验表明HMCPRE不仅能够形成分布性较好的簇首布局,而且可以有效抑制恶意节点对网络稳定性的危害。(4)提出了一种跨层信任机制的安全分簇源路由协议CTSSRC。CTSSRC利用跨层结构思想,综合自组网各层次信任信息,并以椭圆曲线数字签名(ECDSA)和传统密钥机制为辅助。CTSSRC中的信任机制与密钥方法既能够互相支持,优势互补;又彼此发挥自身特点,依赖性和耦合度低,系统健壮性好。CTSSRC充分利用了跨层结构优势,以多层次的信任信息指导网络层路由,避免了仅仅通过检测路由攻击实现有效路由保障的局限性;二跳邻居采用有限推荐机制进行邻居互评,减小了信任评估的通信和计算开销;采取多路径源路由发现机制可以根据路径信任信息评估出路径质量,源节点在此基础上可以实现报文的多路径发送和负载均衡;信任机制还有显著的激励效应,可以促使节点间更好地合作,从而提高系统自适应能力和整体性能。分析结果和模拟实验都证明了CTSSRC在恶意节点攻击存在情况下的较好性能。(5)在角色信任语言基础上提出了RT~M语言,构建了一个MANET自动信任认证模型RT-M,提出了信任认证算法tc-ask。由于MANET网络具有分布性、开放性及无中心控制等特点,在应用层层次上,传统的安全访问控制方法和交互信任机制在其中存在着可操作性差、认证效率低等缺点。自动信任协商ATN通过信任证、访问控制策略的交互披露,资源的请求方和提供方自动地建立信任关系;交互方无须知道对方访问策略,协商过程一般也不用外在的人工参与。RT~M是一种基于角色信任的分布式信任证明语言,可以高效地在MANET中进行自动信任协商。RT-M能定义不同应用角色进行分布式信任证明,避免信任证盲目搜索,可显著提高认证效率。算法tc-ask仿真结果表明:RT-M与常规方法相比具有交互次数少,通信开销小等特点,是一种较好的适用于移动自组网环境与需求的分布式安全信任认证机制。本文以信任为主线,针对移动自组网的关键技术及核心问题提出了有效的解决方案。这种结合信任的研究思路将有助于构建安全、可信、高效、稳定的MANET系统,并且对移动自组网的进一步理论探索和实用化部署具有一定的贡献和参考价值。更多还原

【Abstract】 Mobile ad hoc networks(MANETs)are self-organized wireless systems which are formed by mobile nodes with distributed protocols. MANETs can be used in the occasions where basic infrastructures and equipments are not easy to deploy. They can also be applied in temporary applications. MANETs are convenient for deployment, thus they have broad commercial future and important military value. They are the primary ingredients of next generation networks.However, the characteristics of MANETs as distributed systems with acentric structure, open wireless channels and scarce energy bring out many problems on security, reliability and performance improvement. Hence, the key techniques of MANETs, such as clustering and routing become urgent affairs to enhance the security, stability and capability of the systems. Cryptography method is a traditional security way in MANETs, but it has obvious defects in key distribution, key management, costs of communication and computing. On the contrary, trust mechanism can avoid the above problems because of its peculiarity of less complexity, self-organized structure, incentive effect and many other advantages. Trust mechanism can be combined into the key techniques of MANETs, and the security, reliability, adaptability and working efficiency in MANETs will be greatly improved.Trust is the major basis of my thesis and we have made thorough and systemic research on the key techniques of MANETs combining trust principles. Trust evolvement rule, MANET clustering, routing, trust authentication, and the holistic design of secure and trustful MANETs are the main aspects of our work. In summary, the main contributions of our work are as follows:(1) An improved trust triangle tunnel downfallen model called TTTD is proposed, which can intuitively denote the evolvement trend of trust ingredients. Since MANET nodes are always moving and the environments change rapidly, the impact of time must be considered adequately. After making sufficient suppose, analyse and proving about trust decay and evolvement rules, a triangle tunnel downfallen model is proposed. Each composing partition of the model is particularly described and it is a intuitive and effective representation means for time-related trust in mobile ad hoc networks.(2) A MANET clustering algorithm based on maximum objective trust-MOTBCS is proposed. To address the lack of original trust information and the strong dynamic nature of MANETs, we emphasize the objective factor of trust attributes, and design a mathematical model for the evaluation of objective trust, which is according to the count of stability links to evaluate the reliability of interactive nodes. Theoretic analysis and experiments illuminate that MOTBCS can achieve better performance in building reliable, efficient, and stable systems of large-scale clustering MANETs. (3)A hybrid clustering protocol-HMCPRE is proposed, based on reputation valuation and resident energy. HMCPRE can construct a stable, credible and efficient clustering MANET sytem mainly considering reputation degree and energy remaining of nodes. We have also carried out further research on the independent analyse of cluster heads in probability ways. Simulation results show that HMCPRE can not only form a fine layout which has good cluster head distribution, but also effectively restrain the attack of malicious nodes and the damage to the stability of MANETs.(4) This thesis puts forward a secure routing protocol-CTSSRC, which is based on cross layer trust scheme. CTSSRC adopts the thought of cross layer, synthesizing the trust information of each layer in ad hoc networks, and taking the cryptography mechanism as an assistance. The trust method adopted by CTSSRC can be closely combined with cryptography designs, including ECDSA and traditional cryptography ways. They can support each other and the dependence and coupling degree between them are rather low, as well as the system is robust. CTSSRC makes full use of the advantage of cross layer structure, and instructs routing based on the trust information of multi-layers. It can avoid the limitation of secure routing ways which merely depend on the invasion inspection of routing attacks. Two-hop neighbors adopt limited recommending mechanism to estimate trust and this way greatly reduces the communication and computing costs of trust evaluation. Multi-path source routing mechanism can evaluate the path quality based on trust information, and the source node send packets in multiple pathes, which can avoid load congestion. Trust mechanism also has extraordinary incentive effect, so it can strengthen the cooperation between nodes and raise the adaptable ability and enhance the whole performance of the system. Analysis results and simulation experiments both show the better performance of CTSSRC on the circumstances where malicious attack behaviors exist.(5) This thesis proposes a kind of MANET distributed trust proving language-RT~M based on role trust, and then, distributed authentication framework RT-M and authentication algorithm tc-ask are designed. Due to the characteristics of distributed deployment, open channel and acentric structure of MANETs, there are a lot of weakness such as bad cooperation and low authentication efficiency in the previous secure access control methods and mutual trust mechanisms. Automatic trust negotiation-ATN can set up trust relationship between resource requesting partners and providing partners by the means of mutual exposure of credentials and access control strategies. The interactive partners needn’t know others’access control strategies and negotiation process generally needn’t artificial participation. RT~M is a kind of distributed trust proving language which can process trust negotiation automaticly and efficiently in MANETs. RT-M defines different application roles to make distributed trust proving, avoid unrelated credential fetching, thus it can improve efficiency notably. Experiment results and tc-ask algorithm indicate that RT-M consumes less interactive time and communication cost than normal methods and it is a preferable distributed trust authentication mechanism which is suitable for the environments of MANETs.This thesis is organized with the thought of trust and presents several solutions on the key techniques of MANETs. Our design combines trust mechanism into MANETs. As a result it helps to construct secure, trustful, effective and stable MANET systems and contributes much to the further study and deployment of MANETs.更多还原