【作者】 魏景芝；

【导师】 杨义先；

【作者基本信息】 北京邮电大学 ， 密码学， 2008， 博士

【摘要】 超宽带(Ultra Wideband,UWB)无线通信技术由于其极高的数据传输速率、较少的功率消耗和强大的抗多径干扰能力等优点,已经成为当今国际上无线通信领域研究和开发的一个热点,使其在无线个域网(Wireless Personal Area Network,WPAN)中有着极大的应用空间,并被视为下一代无线通信的关键技术之一。所以超宽带无线网络的安全性研究是不容忽视的一个重要方面。目前关于UWB安全的研究还没有正式开始,但是进行UWB网络的安全研究是非常必要和紧急的。所以,本文是在基于WiMedia联盟的超宽带ECMA-368标准的基础上进行UWB网络的安全性研究。基于ECMA-368标准的UWB网络特有的节点运算能力有限、使用无线链路连接、拓扑经常变化以及节点缺乏有效的物理保护等特点使得UWB网络安全性保障遇到巨大挑战。对UWB网络的攻击威胁从拒绝服务攻击、工作模式、组播通信和网络入侵检测都严重影响UWB技术的应用,在现实的应用中,也迫切需要有效地解决这些问题。本文研究了针对UWB网络的各种攻击等一系列安全问题。木文主要从四个方面来对UWB网络的安全性进行研究,创新点如下:1)在UWB网络拒绝服务攻击及防御研究方面:由于基于ECMA-368标准的UWB网络是一种开放的分布式网络,没有中央控制,故受到拒绝服务攻击的概率就大大增加。ECMA368中没有专门的避免拒绝服务攻击的机制,虽然在采用的4次握手机制中通过在消息1中设置主密钥ID(MKID)和尽量少保存信息等措施来降低UWB网络受到拒绝服务攻击的可能性,但是还是存在一些安全漏洞。在UWB网络中,拒绝服务攻击主要有UWB MAC层攻击和UWB网络层攻击这两种类型。针对UWB网络MAC层拒绝服务攻击的特点,本文采用异常、特征检测相结合的方法来设计UWB网络拒绝服务攻击防御系统。最后通过对该防御系统进行性能分析表明该系统具有较好防御性能。在UWB网络层实施的攻击我们也称之为UWB路由攻击,本文主要研究了攻击者如何利用UWB的数据报文来进行UWB的洪水(flooding)攻击方法并给出了基于UWB的路由路径删除的防御措施。本文的创新性研究对保障无线UWB网络MAC层和网络层的安全,使之免遭分布式拒绝服务攻击具有重要参考价值。2)在UWB网络的工作模式研究方面:由于在UWB标准ECMA-368中,UWB网络中的工作模式采用的是CCM模式,CCM模式的主要缺点是CBC-MAC模式速度较慢。所以会降低UWB网络的性能。本文主要从这方面进行改进,给出一种快速安全的分组密码工作模式。该工作模式同标准模式CCMfCTRwith CBC-MAC)相比,有明显的速度优势,其综合性能优于CCM。3)在UWB MAC层的组播通信安全研究方面:如何控制组成员的加入/离开以及连锁产生的组密钥的生成、发布和更新事件是组播安全管理的关键所在。在UWB标准中,MAC层安全组播仅在一定条件下对组密钥做出适时更新,未考虑更新产生的一系列开销以及安全性问题,也未给出解决方法。因此UWB的组播安全防护能力存在一定安全缺陷,在UWB用户较多的环境下已经成为制约其发展和应用的重要因素。本文首次提出一种基于树形结构的UWB MAC层组播密钥管理方法。该方法是在扩展UWB的4次握手协商机制并在其基础上添加以树形结构为核心的组播密钥管理功能模块来构成UWB组播安全系统。实验结果表明该方法具有以下优点:1)降低组播密钥更新的相关开销;2)降低组播密钥更新的延迟3)对组播密钥更新帧提供验证功能;4)增强了组播密钥更新的可靠性;5)提高了组播的灵活度。因此该方案能在很大程度上改善UWB在组播通信方面存在的安全问题;同时由于结构的灵活性,对现有UWB标准的影响非常小。4)在UWB网络中的入侵检测研究方面:由于UWB网络的无线信道、动态拓扑等特点,使恶意节点比较容易地伪造身份而进入网络,甚至合法节点也可能被捕获后再放入网络,因此除了对节点的身份认证,入侵检测也是重要的安全措施。针对UWB网络的独有特性,本文提出了一种新的基于域和移动代理的多层合作分布式入侵检测系统模型。该方法中,由于UWB节点采用分布式算法收集UWB网络数据和检测网络行为,所以节省了其它UWB节点的系统资源和网络带宽。此外,由于该检测系统能同时检测UWB主机行为和网络行为,而UWB网络中的域头节点对其它节点的报警信息进行综合分析,从而该检测系统能够检测到UWB网络中不同层次的攻击。最后本文提出了一种能应用于UWB网络的快速入侵检测算法。该算法是在采用AC算法构建反向树型自动机的基础上,吸收了BM算法从右向左跳跃的思想,同时结合了能实现最大跳跃和尽可能少的比较次数的改进的QS算法的优点,来实现搜索树和字符的快速匹配,从而避免了对每一个字符的匹配。新算法的这些特性使得关键字检测过滤速度大大提高,关键词容量大大增加。实验证明在模式串较长和较短的情况下,算法都有很好的匹配性能,能有效改善关键字搜索的性能。鉴于目前还没有关于UWB网络的入侵检测的研究,所以本系统模型的提出,对于建立一个安全的UWB网络有着一定的理论和现实意义。更多还原

【Abstract】 The emerging technology of ultra-wide band (UWB) high-speed indoor wireless communication has attracted world wide attention. With the merits of high data rate, low system power cost and multi-path immunity, compared with general narrow band wireless communication systems, UWB has a bright future in Wireless Personal Area Network ,and has became one of the most competitive and promising technologies in the near future. Application of UWB networks is getting wider and wider and research on UWB networks has already become one important direction in wireless communication technology.Security is a critical issue for potential application of UWB networks. At present, it does not generally start researching the security of UWB Networks, but, obviously, it is very important and urgent to research the security of UWB Networks .Therefore, in this thesis, the secure research on UWB Networks is completely based on UWB ECMA-368 standard made by WiMedia. But providing security in UWB networks is challenging due to all the characteristics of these networks, such as the vulnerability of the wireless links; the limited physical protection of each node or the dynamically changing topology. Attacks against UWB networks, such as DoS attacks, Modes of Operation, Multicast and node Intrusion Detection, all of them prevent application of UWB technology. It is very essential to resolve these attacks.In this dissertation, we investigate a series of security problems in UWB networks. Our contribution mainly includes four parts. Main contents and innovation points in this dissertation are as follows:1)On UWB networks attacks and defending:Owing to UWB networks based on UWB ECMA-368 standard is a open and distributed network without center control, the probability of being attacked by DoS attack will increase greatly. There is not any special secure mechanism avoiding DoS attack in ECM368. Although by seting MKID and saving least information in 4-way handwork to decrease the probability of UWB networks being attacked by DoS attack, there are still some secure weakness in UWB networks. In UWB networks, Denial of Service(DoS) mainly exists in MAC and network layer. Considering the characters of DoS in MAC of UWB networks, a defensive system combining characteristic detection and anomaly detection is proposed in this thesis. Furthermore, the detecting algorithm in this scheme are described. Finally, the performances of the detection system in both false alarm and memory expense by simulation are analyzed, the testing result showes that this scheme presented in this paper has a good performance .Attacks occurred in UWB network layer are also called routing attack. UWB flooding attack based on DATA is researched in this thesis. Then, the detection method based on routing deletion is presented in this paper to prevent the aboved attck. The novelly research on UWB networks attacks and defending has great value for protect the security of UWB networks at UWB MAC layer and UWB network layer from the DoS attack.2)On research on modes of operation in UWB networks:Due to the slow speed of CBC-MAC mode which is the main demerit in UWB networks, we improve on it and propose a fast and secure operation mode of block cipher. This new mode has distinct speed advantage over the standard mode CCM(CTR with CBC-MAC) and are superior to the CCM mode in whole performances.3)On research on multicast communication security in UWB MAC layer:How to control the enter/leaving of group member and the generation、issuance and update of group key is the key of multicast secure management. In UWB standand, MAC layer secure multicast updates group key only in the special case , without considering some series of questions of spending and security after update of group key and solution on these questions. Therefore, there are some secure weakness in UWB multicast secure prevention and protection ability, which are important factors of limiting UWB technology development and application in the environment of many UWB user. In this dissertation, a method of multicast key management in UWB MAC layer based on one-way function tree architecture is firstly presented. This method adds the function modules of multicast key management on the center of tree architecture based on the extension of UWB 4-way handwork , to constitute the secure system of UWB multicast. Experimental results demonstrate that the merits of this method are as flows: 1) decreasing the corresponding spending of multicast key update; 2) decreasing the delay of multicast key update; 3) providing authentication function for multicast key update frame; 4) increasing the dependability of multicast key update; 5) increasing the flexibility of multicast. Therefore, this scheme can greatly increase the security of multicast communication in UWB networks, furthermore, has little influence on present UWB standard due to the flexibility of architecture.4)On research on node intrusion detection in UWB networks:Because of these characters , for example, wireless channel anddynamic topology in UWB networks, baleful node can easily disguiseidentity to enter UWB networks, even legal node maybe enter UWBnetworks after being captured. Hence, intrusion detection is also an importand secure method except for the identity authentication on node. In this paper, a novelly distributed in-trusion detection system based on clusters and mobile agents is put forward for UWB Networks. In this intrusion detection system, in order to saving the limited resources and network bands, nodes use distributed algorithm to collect data and detect network’s behavior. At the same time, the system also can detect host computer’ behavior and network’s behavior. Furthernore, since the nodes of cluster head can synthetically analysis the alarming information offered by other nodes, this intrusion detection system can detect attacks at different layers in UWB Networks. Finally, a fast intrusion detection algorithm applying UWB networks is put forward by research on node intrusion detection mechanism in UWB networks. This algorithm is based on finite state automaton(AC algorithm) combined with Boyer-Moore(BM) algorithm and an improved Quick Search(QS) algorithm. In general, the algorithm described does not need to test each character in the string. By making full use of the results of matching successes and failures, the algorithm can often bypass inspection of as many characters as possible and get all matching locations after one quick search. Experimental results demonstrate that the proposed algorithm achieves excellent performance in the cases of both short patterns and long patterns and effectively improve the performance of keyword detection and filtering.更多还原