CN101110762A - Ad hoc network security path method - Google Patents
Ad hoc network security path method Download PDFInfo
- Publication number
- CN101110762A CN101110762A CNA2007100530173A CN200710053017A CN101110762A CN 101110762 A CN101110762 A CN 101110762A CN A2007100530173 A CNA2007100530173 A CN A2007100530173A CN 200710053017 A CN200710053017 A CN 200710053017A CN 101110762 A CN101110762 A CN 101110762A
- Authority
- CN
- China
- Prior art keywords
- node
- token
- trustship
- collection
- section point
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Landscapes
- Mobile Radio Communication Systems (AREA)
Abstract
The present invention relates to an Ad hoc network security routing method, which comprise: a first node sends out a routing request message to a second node, the second node certificates the authenticity and timeliness of a token of the first node according to the routing request message, and then returns to the routing and replies message to the first node. The first node certificates the authenticity and timeliness of a token of the first node according to the routing reply message, and then establishes a routing path. The present invention certificates the credibility of the node in a full-distributed way through a method of giving away tokens in a local trust collection, the computational complexity is low, to provide the extensibility, and the present invention can be applied to large-scale Ad hoc network without adding additional communication computing cost to the node.
Description
Technical field
The present invention relates to communication technical field, relate in particular to a kind of safety routing method of in Ad hoc network, introducing dynamic token trustship technology.
Background technology
Ad hoc network is a kind of special shape of mobile computer, and it can support professional wireless transmission such as data, voice, image between the mobile node by interim network's mode in adverse circumstances.Because Ad hoc network does not need fixed base stations, each node all can move freely, and can realize dynamic the connection, add have that survivability is strong, characteristics such as establishment and conveniently moving, made it to remedy many deficiencies of conventional cellular network and cable network, under many special applied environments, irreplaceable effect has been arranged.Mobile Ad hoc network can be widely used in national defence war preparedness, disaster assistance, law execution etc. can't to obtain cable network support or some be temporary needs communication but establish the too big environment of spider lines cost, and can be used as the extremely strong backup network of survivability, especially on the future battlefield, mobile Ad hoc network all has very important significance for advanced technological arms, centralized direction, cooperation and raising operational mobility etc.
Yet, because the mobility of terminal, the changeability of network topology structure, the multi-hop of transmission, the unreliability of wireless channel, the exclusive characteristics of numerous mobile Ad hoc networks such as finiteness of Internet resources make Research of Routing Protocols be faced with huge challenge.Routing Protocol is one of focal issue of mobile Ad hoc network research always.
Ad hoc network is different from the fragility of the present Routing Protocol of property list of legacy network and the diversity of intrusion behavior.At first, the fail safe of Ad hoc network routing protocol is more fragile more than legacy network, this be because:
All signals in the Ad hoc network all transmit by the open wireless channel of certain bandwidth, make Ad Hoc network than the easier security threats such as eavesdropping, interference that are subjected to of cable network, invador unlike cable network also needs access network physically, and will break through safeguards such as fire compartment wall, gateway;
Ad hoc network lacks central control equipment, therefore can't directly use traditional authentication mechanism based on public keys, and the mutual cooperation that all judgements all must rely on each mobile node is finished, malicious node (Malicious Node) just can block easily or revises letter bag through it by refusal cooperation or false cooperation, and a lot of intrusion detection features of legacy network can't be realized;
Node in the Ad hoc network can at random move, therefore topology of networks and member position all are among the dynamic variation, internodal trusting relationship is also in continuous variation, so the safety approach to Ad hoc network using static configuration is infeasible, and the forwarding of the dynamic recognition of node and neighbours' grouping is easy to be injected into the control information of forgery;
But the mobile node in the Ad hoc network all adopts battery or other consumable power source to power, so malicious node can force certain mobile node constantly to handle and transmit grouping information by Denial of Service attack, thereby exhausts its electric energy.
In addition, also be complicated various at the attack of Ad Hoc network routing protocol, can classify by multiple mode:
Can be divided into external attack and internal attack by the attack source branch: external attack refers to not obtain the attack of the network node of CA (Certification Authority) authentication to network.Internal attack and refer to come from inside and have and authorize the attack that obtains node, bigger to the threat of network.Malicious node obtain after the legitimate secret of network can be in network the routing iinformation of other node broadcasts mistakes, be captured and the node of switching political loyalty also can be initiated various attack.Because malicious node or traitorous node all can use legal private key to produce effectively signature, therefore are difficult to detect the mistake in the routing iinformation.And the topology of Ad hoc network was exactly dynamic change originally, and just being difficult to correct the differentiation is that topology has taken place to change or the assailant occurred.Safety measure commonly used is powerless for internaling attack, and only takes intrusion detection, the abnormal behaviour of monitor node, and isolate the node (Byzantine Node) of switching political loyalty, could resist with this and internal attack.
Can be divided into passive attack and active attack by attacking the character branch: passive attack refers to that the invador obtains valuable routing iinformation, important informations such as for example internodal relative position, node IP address, topology of networks by monitoring internodal communication.The assailant can also be by finding the key node in the network on the basis of eavesdropping to the flow analysis of information, and notify its confederate with the information that obtains, make the latter can have at the initiation active attack, cause the bigger loss of network.Because passive attack does not produce any influence to network traffics, be difficult to usually be detected, also with regard to more difficult being on the defensive.Active attack refers to that the invador initiatively destroys the behavior of Routing Protocol, breach of security strategy, and its main purpose is to destroy the foundation of normal route, and making can't proper communication between node.The final goal of active attack is for the packet that will send to legal node originally being sent to the assailant, perhaps making network paralysis.
Attack pattern at Routing Protocol mainly contains following several at present:
Distort (Modification attacks)
To distorting of sequence number, source node and destination node IP address, jumping figure value in the route control grouping, all may cause redirection of router.The assailant can slip in the current routing daemon, and wait for an opportunity to initiate other attacks by distorting sequence number or the jumping figure value in the route control grouping;
Personation (Impersonation attacks)
Belong to the identity class and attack, the invador can be made self IP address or MAC Address into other IP addresses of nodes or MAC Address, is masquerading as legal node, sets up with other legal nodes and communicate by letter, or make network generation route ring;
Forge (Fabrication attacks)
Malicious node can be forged false routing iinformation, and network is damaged.The assailant just can forge false routing error information RERR, and malice is removed legal route, destroys internodal communication.This kind attack is also referred to as black mail (blackmail attack) and attacks;
Black hole, grey hole are attacked (Black holes, Gray holes)
Black hole attack is exactly that the assailant abandons the grouping that all are received, no matter this grouping is packet or control grouping.It is exactly that the assailant abandons grouping selectively that grey hole is attacked, and is that selection abandons packet and do not abandon the control grouping generally speaking.The assailant can be by distorting or means such as personation add route, then just can be all or selectively abandon grouping through this node, formation black hole or grey hole in network;
Denial of Service attack (Denial-of-Service Attacks)
Denial of service is to attack at a class of availability.The assailant causes normal service can't finish or reduce network performance by taking a large amount of networks or the Service Source of node with this.The common method of implementing denial of service is that any centralized resources is started flood attack, destroys its operate as normal up to making its collapse.Though there is not center control nodes in Ad hoc network, its network bandwidth and terminal energy are all limited, and the assailant just can realize Denial of Service attack easily as long as take these precious resources in a large number.Because the various resources of Ad hoc network are all very limited, therefore prevent the Denial of Service attack particular importance that just seems.
The present Ad hoc network security Routing Protocol that proposes mainly comprises two big classes: table drives safe Routing Protocol and safe as required Routing Protocol, and wherein the safe Routing Protocol of table driving also is divided into safe Routing Protocol and the distance vector safety Routing Protocol based on Link State.They all are basically on the basis of existing Ad hoc network routing protocol, and certain safety measure realizes by increasing.Wherein widely used have following:
SLSP
SLSP adopts digital signature, the Link State Update Packet LSU between the triple mechanism protection of one-way Hash function and the sequence number node.By digital signature, the SLSP agreement has solved the node Verify Your Identity questions to a certain extent.One-way Hash function has been protected the integrality of routing iinformation, and sequence number is used to resist the replay of LSU.But owing to before route is set up, need to exchange a large amount of link-state informations, if regularly renewal can cause bigger cost on network communication;
SEAD
SEAD is based on distance vector routing protocol DSDV; focus on the routing update updating message of broadcasting between the protection adjacent node; similar with SLSP; SEAD adopts one-way Hash function protection sequence number and tolerance two class data, can guarantee that ideally any intermediate node can not increase sequence number and reduce metric.The major defect of this scheme is to be that internodal to authenticate efficient in twos lower, can not resist the malicious modification to the route direction equally;
SAODV
The AODV Routing Protocol is a typical on-demand routing protocol in the Ad hoc network.Compare table and drive Routing Protocol, on-demand routing protocol is of value to the minimizing routing cost under the situation faster in change in topology, and only when data sent demand and local routing table and do not arrive the route of destination node, source node was just initiated route requests.On the basis of AODV agreement, have based on open applications environmentAL safety AODV Routing Protocol SAODV.SAODV adopts digital signature and hash chain protection route requests and maintenance.The integrality of the variable field in the digital signature protection message; hash chain protection variable field is not changed little by intermediate node malice, do not revise field but work as the assailant, but change the node route list of next jumping; when causing the route direction mistake, the protection of hash chain was lost efficacy.
Above scheme is to finish authentication to node by extra communication overhead basically, need in network, exchange a large amount of authentication messages, and their authentication system is static, shortage is to the control of the authentication term of validity and the autgmentability of authentication region, in case node is trusted by other nodes, become traitorous node even if it is caught by malicious node in the future, other nodes also can't be understood in time.After the route requests victim is intercepted and captured, the assailant can be forged into destination node the packet that source node sends is routed to oneself, perhaps oneself is forged into source node and gives out a contract for a project to destination node malice and make destination node paralysis, and above scheme at the strick precaution ability of the attack of this non-modification route control messages field a little less than.
And in the design of present stage Ad hoc network security route there being ubiquitous problem: has adopted complicated cryptographic algorithm and interactive authentication flow process, the computing capability of the node in the Ad hoc network is had relatively high expectations, brought bigger cost on network communication simultaneously; Based on the authentication system of static state, authentication region lacks autgmentability, the term of validity of authentication is not controlled; Not enough to the route protection after the route foundation, the assailant can destroy the legal route of having set up easily by distorting node route list.
Summary of the invention
The objective of the invention is provides a kind of Adhoc network security path method in order to solve the problem that existing several Routing Protocol exists, and realizes that to the data transmission in Ad hoc network provides the protection of more powerful and lower expense.
To achieve these goals, the invention provides a kind of Ad hoc network security path method, comprising:
First node is initiated route request information to Section Point, described Section Point verify according to described route request information described first node token authenticity and ageing after return routing reply message and give described first node, described first node verify according to described routing reply message described Section Point token authenticity and ageing after, set up routed path.
Ad hoc network security path method also comprises: the 3rd node receives and according to described route request information and routing reply message, sets up the token routing table.
Described first node initiates also to comprise before the route request information to Section Point:
First node, Section Point or the 3rd node are determined the basic token trustship collection at its place, and other nodes of concentrating for described basic token trustship generate the sub-token of first trustship;
Described first node, Section Point or the 3rd node are initiated the token application to described basic token trustship collection, other nodes that described basic token trustship is concentrated are issued the sub-token of second trustship separately and are given described first node, Section Point or the 3rd node, and described first node, Section Point or the 3rd node merge the formation token with the sub-token of described second trustship.
The described route of setting up also comprises afterwards: described first node obtains the group signature of described basic token trustship collection; Send detection packet between first node and the Section Point mutually and confirm described routed path; And described first node sends packet along described routed path.
The group signature that described first node obtains described basic token trustship collection is specially:
First node sends token signature solicitation message to described basic token trustship collection, and other nodes in the described basic token trustship collection return the application of the signature that comprises the sub-token of issuing separately of second trustship and reply message; Described first node synthesizes the signature of the sub-token of described second trustship group signature of described basic token trustship collection.
Ad hoc network security path method also comprises the group signature of the 3rd node verification first node and Section Point, and confirms that the first node and the Section Point of transmission detection packet are to send the first node of described route request information and the Section Point of described routing reply message.
Described first node initiates also to comprise before the route request information to Section Point: first node is to the propagation setting maximum hop count restriction of described route request information in network.
Described token routing table comprises token authentication code, route request information between the two and the routing reply message of first node and Section Point and the token of first node and Section Point.
Other nodes that described first node, Section Point or the 3rd node are concentrated to the step and the described basic token trustship of the application of described basic token trustship collection initiation token are issued the sub-token of second trustship separately and also comprised between the step of described first node, Section Point or the 3rd node: other nodes that described basic token trustship is concentrated are estimated the prestige of described first node.
Described first node, Section Point or the 3rd node determine that the basic token trustship collection at its place also comprises before:
Configuration comprises the setting of selection, the credit rating index of basic trustship collection member quantity thresholding, one-way hash function algorithm, the interim token system parameters of effective time;
The local trustship territory at initialization first node place;
First node sends token trustship request to the local trustship territory at place, the node that receives described request selects a node as its backup node, and the general is own and backup node information is returned first node by response message, after reaching described basic trustship collection member quantity thresholding, the described node that returns response message constitutes described basic token trustship collection.
Therefore, the token that Ad hoc network security path method provided by the invention has realized having only the basic trustship token collection that obtained local trustship territory to issue, node just can participate in the routing daemon; The present invention can remain the protection to the safe routing channel of having set up after route is set up, finish until transfer of data.
Description of drawings
Fig. 1 is applicable to the Ad hoc network architecture model of dynamic token trustship for the present invention;
Fig. 2 is the flow chart of Ad hoc network security path method of the present invention;
Fig. 3 is the process flow diagram of the present patent application token;
Fig. 4 is the flow chart of transfer of data of the present invention.
Embodiment
Be illustrated in figure 1 as the Ad hoc network architecture model that the present invention is applicable to the dynamic token trustship, this network model has been described the network state of Ad hoc network when adopting token to carry out route foundation and transfer of data under the wireless mobile multi-hop environment well.As shown in Figure 1, local trustship territory LA (LacalArea): the local trustship territory at node place is to be the center with this node, the zone in the 2 jumping scopes.Wherein the zone in the 1 jumping scope is called basic local trustship territory, and 1 zone that skips in the 2 jumping scopes is called the local trustship of expansion territory 102; Trustship collection ES (Escrow Set): the trustship collection is the trust set by the member composition in local trustship territory, the trustship collection of wherein basic local trustship territory member composition is called basic trustship token collection (basic ES), and the trustship collection of expanding local trustship territory member composition is called expansion token trustship collection (expansion ES); Token TK (Token): token be node place trustship set pair in the trust of node, have TTL life cycle (Time To Live), the node that has obtained token just can participate in the routing daemon and go.
Be illustrated in figure 2 as the flow chart of Ad hoc network security path method of the present invention.The present invention proposes Ad hoc network security path method,, controlled the mutual trust relation of node in the network well by having the token of TTL based on the Ad hoc network of dynamic token trustship DTE (Dynamic Token Escrow).This method is signaling and the data channel that a safety is provided between source node (also being referred to as first node) and the destination node (also being referred to as Section Point), has greatly improved the fail safe and the reliability of route service, and has reduced cost on network communication.This method comprises:
Step 20: first node is initiated route request information R to Section Point
Req={ H
S, T
S, T
I; H wherein
S=h (R
Req, TK
S), be to TK
SAnd R
ReqHash function, T
IBe up-to-date the issuing the time of the token of first node, T
SBe the token authentication code of source node, TK
SToken for described first node;
Step 21: described Section Point verify according to described route request information described first node token authenticity and ageing after return routing reply message R
Resp={ H
D, T
D, T
I' to described first node, wherein H
D=h (R
Resp, TK
D), be to TK
DAnd R
RespHash function, T
I' be the up-to-date time of issuing of token of Section Point, T
DBe destination node U
DThe token authentication code, TK
DToken for described Section Point;
Step 22: described first node verify according to described routing reply message described Section Point token authenticity and ageing after, set up routed path.
In above-mentioned steps, also comprise the reception of step 200 the 3rd node and, set up the step of token routing table according to described route request information and routing reply message.
Above-mentioned flow process shown in Figure 2 is to be in the route stage in the whole communication process of Ad hoc, will initiate route requests by source node, and the route between finishing from the source node to the destination node is set up.Source node and destination node are verified the ageing of the other side's token mutually, only all just can set up effective route before the deadline at both sides' token.
In the route stage, transmit in the network to set up relevant route control messages with route mainly be route request information R
ReqWith routing reply message R
RespIn order to prevent the distort threat that to Ad hoc network bring of malicious attacker to routing table, the legal route that protection has been set up, the present invention is by with token and specific routing daemon binding, and promptly intermediate node is responsible for R that this stage is received
ReqAnd R
RespBinding is got up, create one by this to R
ReqAnd R
RespThe uniquely identified route also is kept in the token routing table.Introduce the route stage below in detail:
Route request information is at first generated by source node in the step 20, only obtains the trustship collection and is its token of issuing, and node is qualified initiation routing daemon.Wherein, T
SBe the token authentication code TAC (Token Authentication Code) of source node, suc as formula (2):
T
S=h (H
S, K
SD, R
Req) formula (2)
K wherein
SDBe the shared key between source, destination node, will be after encrypted by route request information R
ReqCarry and send to destination node.The TAC sign indicating number has following three effects:
The TAC sign indicating number is the signature to the route control messages that source, destination node utilize token to generate, and proves that this route control messages is to be generated by source, destination node;
The TAC sign indicating number is used for binding route table items in the node route list by intermediate node, can provide route for the packet that comes from source, destination node.Not using token and use TAC sign indicating number binding route table items, is because token only just can come forth at data transfer phase.
The also effective property of TAC, the route of relevant TAC sign indicating number to binding with the TTL of token when the term of validity of TAC by after also can from routing table, delete, prevent that the assailant from utilizing the route direction of expired route changing packet.
After step 20, before step 21, also comprise step 200, intermediate node (also being referred to as the 3rd node) is handled route request information:
Wherein, described first node is before Section Point is initiated route request information, in order to prevent R
ReqThe propagation of message in network produces " broadcast storm ", and source node is R
ReqMaximum hop count restriction MaxHop has been set in the propagation of message in network.Preferably, the setting of this maximum hop count restriction MaxHop is relevant with the scale of Ad hoc network.
Receive the route request information R that source node sends collection to be broadcasted to the basic trustship order at place
ReqAfter, intermediate node comprises following two parts to its processing:
Intermediate node is with R
ReqThe jumping figure value of process adds one, and and the maximum hop count restriction ratio, if reached the maximum hop count restriction, will no longer continue to transmit this R
Req
Intermediate node is noted R
Req, and extract the T of source node
SBe kept among the token routing table TRT (Token Routing Table) of node.
The TRT table comprises these 6 fields of Source TAC, Destination TAC, Route Resq, Route Resp, Source Token and Dest Token.Wherein Source TAC and Destination TAC have write down the TAC value of source node and destination node, and Route Resq and Route Resp have write down each to route request information R between source node and the destination node
ReqWith routing reply message R
Resp, SourceToken and Dest Token have write down the token of source, destination node.This table will be used for route at the packet of data transfer phase through intermediate node.The TRT table of this moment is as follows, has write down route request information R
ReqTAC value with source node:
| Source TAC | Destination TAC | Route Resq | Route Resp | Source Token | Dest Token |
| T S | R req |
The TRT table
Wherein, intermediate node can reprocessing R
ReqMessage is when receiving the R that comes from same source node and mail to same destination node once more
ReqDuring message, intermediate node can abandon it, to avoid unnecessary computing cost.
Because R
ReqMessage is propagated by broadcast mode in network, so destination node U
DCan receive many R that come from source node
ReqMessage.U
DOnly can select article one to arrive, i.e. the minimum R of time delay
ReqMessage is handled, the identical R that receives thereafter
ReqMessage all can be dropped.The step 21 that destination node is handled this route request information specifically comprises:
Checking R
ReqThe authenticity of message.Destination node is from R
ReqThe K of the encryption that message is carried
SDBe decrypted and obtain K
SDAfter, according to formula T
s=h (H
S, K
SD, R
Req) calculating T
S', if T
S'=T
S, prove R
ReqMessage comes from source node U really
s
Checking token TK
SAgeing.Destination node is in conjunction with current time and R
ReqCarry token in the message and issue the time, the token TK of checking source node
SWhether expired;
Note R
ReqMessage the path of process so that generate routing reply message R
RespThe back is returned along former road.
Ageing and R to the source node token
ReqAfter the authenticity verification of message passes through, destination node U
DIts route requests is replied.Destination node generates routing reply message R
Resp={ H
D, T
D, T
I', produce R
RespAfter the message, R
RespMessage will be along R
ReqThe route of message process oppositely sends to source node.
Between step 21 and step 22, also comprise step 200, receive R
RespAfter, intermediate node can be noted R
Resp, and extract the T of destination node
D, be kept among the token routing table TRT of node.The TRT table of this moment is as follows, has write down routing reply message R
RespTAC value with destination node:
| Source TAC | Destination TAC | Route Resq | Route Resp | Source Token | Dest Token |
| T S | T D | R req | R resp |
The TRT table
(1) checking R
RespThe authenticity of message.Source node U
SFormula T
S=h (H
S, K
SD, R
Req) calculating T
D', if T
D'=T
D, prove R
RespMessage comes from destination node U really
D
(2) checking destination node token TK
DAgeing.Source node U
SIn conjunction with current time and R
RespCarry token in the message and issue time T
I', checking destination node token TK
DWhether expired;
Source node and destination node are finished the checking of the ageing and route control messages authenticity of mutual token, owing at the token of route stage transmission the one-way Hash function protection is arranged, if do not get access to the token of source and destination node, want to forge T
SAnd T
DBe very difficult.So far the route construction between source node and destination node finishes.
Before stage, also comprise netinit stage and token stage in route.Initial establishment stage at network, because internodal credit rating system is not set up as yet, each node can distribute a very fast expired interim token, hypothesis node all is trusted during this, after the credit rating system is set up, the malicious node network that can be eliminated out, the token of the node that does very well also can access renewal.The concrete steps in this stage are as follows:
Steps A, configuration-system parameter
System parameters comprises the setting of selection, the credit rating index of basic trustship collection member quantity thresholding, one-way hash function algorithm, interim token effective time etc., and system parameters is set each factor such as comprehensive Ad hoc network of network scale, the network bandwidth, node operational capability and network safety grade requirement among the present invention.
In every system parameters, one-way Hash function is the Fundamentals of Mathematics of protection token.The one-way hash function algorithm that is widely adopted at present mainly contains two kinds of MD5 and SHA1, the hashed value length that MD5 obtains is 128, the hashed value length that SHA1 obtains is 160, the present invention will be provided with corresponding one-way hash function algorithm according to the operational capability of node in the Ad hoc network, Hash calculation represents that with h=H (M) M represents by the object of Hash.
The credit rating index is the foundation whether the predicate node various actions belong to the malicious node feature, it is the basis of credit rating system, comprise: whether balance, the number of giving out a contract for a project in the unit interval have exceeded standard, whether have distorted the route control messages through its forwarding, the legal node that whether disguises oneself as participates in network service, whether forges token etc. in the transmitting-receiving of packet, in case in the credit rating index, do not reach the network safety grade requirement, node will be judged as malicious node, enter system's blacklist, be excluded outside routing daemon.
Step B, the local trustship territory LA of initialization
Node is by determining the local trustship territory LA at its place to peripheral broadcast probe bag.Detection packet has been set the 2 jumping figure restrictions of jumping, and promptly after detection packet arrives the node of jumping apart from this node 2, is just no longer continued to transmit.Node obtains other nodal information in the local trustship territory at its place according to the response results of detection packet, comprises that node ID and node are among basic LA or the expansion LA.
Because node is in mobile status all the time in the Ad hoc network, node just needs the periodic broadcast detection packet in order in time to understand the local trustship territory situation at place.In case variation has taken place in the local trustship of node territory, also can correspondingly change based on the trustship collection in local trustship territory.
Step C, initialization credit rating system
After the local trustship territory LA of initialization, need in LA, set up preliminary credit rating system.Because the node among the LA is few alternately at this moment, can't make an appraisal to the confidence level of other node, therefore in the netinit stage, all credit rating indexs all are set to initial value, promptly are all to regard all nodes among the LA as trusted node.When new node adds network, also as trusted node can be regarded temporarily.
Step D, initialization token trustship collection ES
Node is initialization basis trustship token collection in the basic local trustship territory at place.Node U
SiT trusted node (in netinit stage, all nodes are all temporarily regarded trusted node as) in the local trustship territory, basis, selected at random place sent token trustship request TK
Init (i), TK
Init (i)={ u
Sj| j=1,2 ..., t, j ≠ i}.{ u
SjBe selected node ID, and t is basic ES number of members thresholding, i.e. the number of members of formation base trustship token collection must not be lower than t.
Receive TK
Init (i)Node selected node in expansion local trustship territory in case oneself withdraw from local trustship territory, just can finish generating the sub-token of trustship and reach the work of signing as own backup by this backup node to the sub-token of trustship.Receive TK
Init (i)Node all bring U with the information of this node and backup node by response message
SiWork as U
SiAfter the response message quantity that obtains has reached basic trustship collection member quantity threshold requirement, just can primordial plinth token trustship collection, and with all other members of member id information notification.
At the intrinsic topological unsteadiness of Ad hoc network, the present invention has set redundancy scheme for the trustship collection: in the netinit stage, node had both sent the token trustship request of oneself, can receive that also the trustship collection from other node joins request simultaneously.Therefore, the situation that a node is subordinated to several basic token trustship collection simultaneously can appear.When needing the application token, just can obtain the token of communicating by letter as long as obtain the trust of one of them basic token trustship collection; Concentrate the failure of application token a basic token trustship, can switch to another application process again.
After the said process in above-mentioned netinit stage is finished, comprise that also node determines the basic token trustship collection at its place, and other nodes of concentrating for described basic token trustship generate the sub-token of first trustship; Basis token trustship collection A
i={ U
Si| i=1,2 ..., t}, { U
SiFor the member id of trustship collection.Trustship collection member U
SiBe A
iIn the sub-token of trustship that generates of other node be { T
Si(u
Sj) | j=1,2 ..., t, j ≠ i} keeps the backup of the sub-token of this trustship simultaneously on the corresponding backup node on the expansion token trustship collection.The sub-token of trustship only is presented to corresponding trustship collection member by the investigation of credit rating system at token during the stage.
At this moment, the node that the basic token trustship of netinit after the stage concentrated can be initiated the token application to basic token trustship collection, other nodes that basis token trustship is concentrated are issued the node that the sub-token of second trustship is given the request of initiation separately, the sub-token of described second trustship are merged form token.Referring to Fig. 3 is the process flow diagram of the present patent application token, and this process specifically comprises:
Trustship collection member U
SiThe TTL of the token of holding originally be about to expired in, can select the basic token trustship collection at its place to initiate the token application process.U
SiArbitrary node (also being referred to as the member) to this basis token trustship collection sends token solicitation message TK
Req (i), TK
Req (i)Message is transmitted between the member of this basis token trustship collection;
Other nodes that step 32, basic token trustship are concentrated are estimated the prestige of this node.
Receive TK
Req (i)Node U
SjCan investigate token application node U according to the credit rating system
SiPrestige, with the decision whether issue the sub-token of trustship to it, if U
SiFinally can obtain all trustship collection member U
SjApproval, TK
Req (i)Message can return node U
Si, and to carry all trustship collection members be U
SiThe sub-token of second trustship that generates.
In the credit rating system, each member of trustship collection preserves a token recovery table, the low prestige node that record is accused.As long as there is the member to find U
SiOr a last hop node of transmitting the token solicitation message reclaims in the table at own token, just can end investigation, and inform that by the safety feedback module of credit rating system other node of trustship collection is with in the malicious node adding token recovery table separately.
Other nodes that step 33, basic token trustship are concentrated are to the U that initiates request
SiIssue the sub-token of trustship:
U
SjTo oneself be U
SiThe sub-token T of second trustship that generates
Sj(u
Si) be attached to token application TK
Req (i)Also continue on the message to transmit, whether reply, judge whether next-hop node breaks away from basic trustship collection according to next-hop node.Left basic trustship collection if judge next-hop node, then needed TK
Req (i)Be forwarded to the backup node of its correspondence on expansion trustship collection, continue U by backup node
SiPrestige investigate.If the backup node on the expansion trustship collection has also left local trustship territory, then can be according to the trustship collection redundancy scheme of mentioning in netinit stage step D, U
SiOther trustship collection that can switch to the place is applied for token again.
Token application node U
SiAfter having received that trustship concentrates other member for its sub-token of second trustship that provides, just they can be synthesized the final token that is used to communicate by letter.
Last receives TK
Req (i)Trustship collection member finish U
SiPrestige investigate after, will oneself be U earlier
SiThe sub-token of second trustship that generates is attached to TK
Req (i)On, again with TK
Req (i)Transmit back U
SiU like this
SiFrom TK
Req (i)On got access to all other members of trustship collection the token { T of its second trustship that provides be provided
Sj(u
Si) | j=1,2 ..., t, j ≠ i}, thereby synthetic final token TK
i, TK
iTo just announce time the data transfer phase checking token legitimacy of always maintaining secrecy.
Wherein, the token of each basic token trustship node application of concentrating all has certain TTL life cycle.
Node and the initiate node of netinit during the stage all only can have a token that TTL is very short.Under the credit rating system, node can be accumulated its prestige, as long as node is movable legal in network, it subsequently to the application of trustship collection to token just have longer TTL, the frequency of upgrading token will reduce.The algorithm that token upgrades is as follows:
T
1, T
2, T
3, T
4Represent the time of signing and issuing and the time-out time of old token and new token, T
0Be the minimum refresh time of token, the time incremental calculation formula that the present invention adopts is:
T
4-T
3=T
2-T
1+T
0
In the time of each legal node updates token, its TTL will increase T
0, renewal frequency can decrease.The dynamic topology that meets Ad hoc network effective time by TTL control token, obtaining of token no longer is lifelong tenure, although token after TTL is overtime again application can cause certain network overhead, the method for the TTL that adds up can significantly reduce this expense.
After stage, the node in Ad hoc network all has the token in trustship territory, a place by network starting stage and token, and this moment, every node with this token can ask to set up route in the term of validity of token.Described the process of setting up of route as shown in Figure 2 in detail.
Can begin transfer of data having set up between the source and destination node of routed path, this data transfer phase is illustrated in figure 4 as the flow chart of transfer of data of the present invention.This process comprises:
Step 41: source node obtains the group signature of basic token trustship collection; This step is specially:
Step 411: source node sends token signature solicitation message S to basic token trustship collection
Req (i)={ U
Si, T
Sj(u
Si), j=1 ..., t, j ≠ i, wherein T
Sj(u
Si) be trustship collection member U
SjBe source node U
sThe sub-token of the trustship of issuing;
Step 412: the application answer message that other nodes in the basic token trustship collection return the signature that comprises the sub-token of issuing separately of second trustship is specially: trustship collection member U
SjReceive token signature solicitation message S
Req (i)After, at first check the sub-token T of its trustship of carrying
Sj(u
Si) whether issue by oneself, investigate token signature application node U again
sWhether the prestige under the credit rating system reaches network hierarchy requirement, U afterwards
SjCan be to the node U that investigates by prestige
sSend the signature application and reply message S
Resp (i), S
Resp (j)={ P
S (j), j=1 ..., t, j ≠ i, wherein P
S (j)Be trustship collection member U
SjSignature to its sub-token of issuing of second trustship; Other trustship collection member is identical to the handling process of token signature solicitation message.
Step 413: source node synthesizes the signature of the sub-token of second trustship group signature of basic token trustship collection.Be specially:
Token signature application node U
sAfter receiving that message is replied in the signature application that comes from other member of trustship collection, therefrom extract the signature P of each member to its sub-token of issuing of second trustship
s(j), j=1 ..., t, j ≠ i synthesizes the group signature G of basic token trustship collection
A, be legal to prove this token.
Wherein, to trustship in the sub-token signature, its group PKI is announced in the trustship rally trustship collection member, and the group PKI can be used for checking group signature.
Formally before destination node sends packet, can successively send probe data packet between source, destination node to the other side, the function of probe data packet is in order to allow intermediate node confirm that ensuing packet is to come to produce R really
ReqMessage and R
RespTherefore the source of message, destination node also comprise:
Step 42: send detection packet between source node and the destination node mutually and confirm routed path;
In the probe data packet of the transmission of source node, carry shared key K through the source node token of group signature and source, destination node
SD, the routed path that this probe data packet made up along the route stage sends to destination node; After step 421 source node sent detection packet, step 422 intermediate node (also being referred to as the 3rd node) comprised following two parts to the processing of probe data packet:
(1) the group signature of intermediate node checking source node token.Intermediate node extracts the source node token from packet after, use the group public key verifications group signature of the basic token trustship collection announcement of foregoing description, the packet by checking will not be dropped;
(2) intermediate node is made matched routings.Specifically be divided into following a few step again: according to formula H
S=h (R
Req, TK
S) and formula T
S=h (H
S, K
SD, R
Req) calculate a T
SIf can in routing table, find same T
S, prove that this probe data packet comes from generation R really
ReqThe source node of message.Note the source node token TK that carries in the probe data packet
S, be kept among the token routing table TRT of node.This moment, the TRT table was as follows:
| Source TAC | Destination TAC | Route Resq | Route Resp | Source Token | Dest Token |
| T S | T D | R req | R resp | TK S |
The TRT table
Step 423: destination node sends probe data packet
Destination node has been received after the probe data packet of source node, also can send the destination node token TK that carries through the group signature to source node
DProbe data packet.
Step 424: intermediate node handles destination node probe data packet, intermediate node comprises following two parts to the processing of probe data packet:
The group signature of intermediate node checking destination node token.Intermediate node extracts the destination node token from packet after, the group public key verifications group signature that uses basic token trustship collection to announce, the packet by checking will not be dropped;
Intermediate node is made matched routings.Specifically be divided into following a few step again: according to formula H
D=h (R
Resp, TK
D) and formula T
D=h (H
D, K
SD, R
Resp) calculate a T
DIf can in routing table, find same T
D, prove that this probe data packet comes from generation R really
RespThe destination node of message.Note the destination node token TK that carries in the probe data packet
D, be kept among the token routing table TRT of node.This moment, the TRT table was as follows:
| Source TAC | Destination TAC | Route Resq | Route Resp | Source Token | Dest Token |
| T S | T D | R req | R esp | TK S | TK D |
The TRT table
Step 43: source node sends packet along routed path.
After source node is received the probe data packet of destination node, the affirmation of route is finished, can formally begin with destination node between communicate by letter.Intermediate node also carries out route according to token routing table TRT to packet.
The present invention is by issuing the mode of token in local trustship territory, node is carried out the confidence level authentication full distributedly, computation complexity is low, makes it have extensibility, can be applied in the large-scale Adhoc network and can not increase extra communication computing cost to node.
The present invention writes code under emulation tool OPNET, the present invention is carried out emulation experiment.Emulation experiment proves, in the network that has adopted based on the Ad hoc network security path method of dynamic token trustship, even there is the malicious node of significant proportion to exist, also can not have much impact to normal routing daemon.When improving authentication security, reduced the interacting message in the network, improved the efficient that route is set up.
It should be noted last that, above embodiment is only unrestricted in order to technical scheme of the present invention to be described, although the present invention is had been described in detail with reference to preferred embodiment, those of ordinary skill in the art is to be understood that, can make amendment or be equal to replacement technical scheme of the present invention, and not breaking away from the spirit and scope of technical solution of the present invention, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (10)
1. Ad hoc network security path method is characterized in that comprising:
First node is initiated route request information to Section Point, described Section Point verify according to described route request information described first node token authenticity and ageing after return routing reply message and give described first node, described first node verify according to described routing reply message described Section Point token authenticity and ageing after, set up routed path.
2. Ad hoc network security path method according to claim 1 is characterized in that also comprising: the 3rd node receives and according to described route request information and routing reply message, sets up the token routing table.
3. Ad hoc network security path method according to claim 1 and 2 is characterized in that described first node also comprised before Section Point initiation route request information:
First node, Section Point and/or the 3rd node are determined the basic token trustship collection at its place, and other nodes of concentrating for described basic token trustship generate the sub-token of first trustship;
Described first node, Section Point and/or the 3rd node are initiated the token application to described basic token trustship collection, other nodes that described basic token trustship is concentrated are issued the sub-token of second trustship separately and are given described first node, Section Point or the 3rd node, and described first node, Section Point and/or the 3rd node merge the formation token with the sub-token of described second trustship.
4. Ad hoc network security path method according to claim 3, it is characterized in that the described route of setting up also comprises afterwards: described first node obtains the group signature of described basic token trustship collection; Send detection packet between first node and the Section Point mutually and confirm described routed path; And described first node sends packet along described routed path.
5. Ad hoc network security path method according to claim 4 is characterized in that the group signature that described first node obtains described basic token trustship collection is specially:
First node sends token signature solicitation message to described basic token trustship collection, and other nodes in the described basic token trustship collection return the application of the signature that comprises the sub-token of issuing separately of second trustship and reply message; Described first node synthesizes the signature of the sub-token of described second trustship group signature of described basic token trustship collection.
6. according to claim 4 or 5 described Ad hoc network security path methods, it is characterized in that also comprising the group signature of the 3rd node verification first node and Section Point, and confirm that the first node and the Section Point of transmission detection packet are to send the first node of described route request information and the Section Point of described routing reply message.
7. Ad hoc network security path method according to claim 6 is characterized in that described first node also comprised before Section Point initiation route request information: first node is to the propagation setting maximum hop count restriction of described route request information in network.
8. according to claim 2 or 7 described Ad hoc network security path methods, it is characterized in that described token routing table comprises token authentication code, route request information between the two and the routing reply message of first node and Section Point and the token of first node and Section Point.
9. Ad hoc network security path method according to claim 3, it is characterized in that described first node, Section Point or the 3rd node initiate the step of token application and other nodes that described basic token trustship is concentrated to described basic token trustship collection and issue the sub-token of second trustship separately and give between the step of described first node, Section Point or the 3rd node and also comprise: other nodes that described basic token trustship is concentrated are estimated the prestige of described first node.
10. according to claim 3 or 9 described Ad hoc network security path methods, it is characterized in that described first node, Section Point and/or the 3rd node determine also to comprise before the basic token trustship collection at its place:
Configuration comprises the setting of selection, the credit rating index of basic trustship collection member quantity thresholding, one-way hash function algorithm, the interim token system parameters of effective time;
The local trustship territory at initialization first node place;
First node sends token trustship request to the local trustship territory at place, the node that receives described request selects a node as its backup node, and the general is own and backup node information is returned first node by response message, after reaching described basic trustship collection member quantity thresholding, the described node that returns response message constitutes described basic token trustship collection.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100530173A CN101110762A (en) | 2007-08-22 | 2007-08-22 | Ad hoc network security path method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CNA2007100530173A CN101110762A (en) | 2007-08-22 | 2007-08-22 | Ad hoc network security path method |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN101110762A true CN101110762A (en) | 2008-01-23 |
Family
ID=39042660
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CNA2007100530173A Pending CN101110762A (en) | 2007-08-22 | 2007-08-22 | Ad hoc network security path method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN101110762A (en) |
Cited By (23)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101924660A (en) * | 2009-06-09 | 2010-12-22 | 阿尔卡特朗讯公司 | Method and device for detecting network malicious behaviors |
| CN102404737A (en) * | 2011-12-29 | 2012-04-04 | 重庆邮电大学 | Dynamic-detection-based wireless sensor network secure routing method |
| CN101599961B (en) * | 2009-06-10 | 2012-05-09 | 南京邮电大学 | Target attack and defense method specific to optimized link state routing protocol |
| CN102598738A (en) * | 2009-10-14 | 2012-07-18 | 皇家飞利浦电子股份有限公司 | A method for operating a node in a wireless sensor network |
| CN103037365A (en) * | 2012-12-12 | 2013-04-10 | 深圳市汇川控制技术有限公司 | Wireless Mesh network security system based on Ad-hoc and wireless Mesh network security method based on the Ad-hoc |
| CN103957097A (en) * | 2014-04-14 | 2014-07-30 | 河海大学 | Routing and data safety guaranteeing method of mobile Ad Hoc network |
| WO2014205645A1 (en) * | 2013-06-25 | 2014-12-31 | Nokia Corporation | A method and apparatus for anonymous and trustworthy authentication in pervasive social networking |
| CN104580207A (en) * | 2015-01-04 | 2015-04-29 | 华为技术有限公司 | Forwarding method and device for authentication information in Internet of things and repeater |
| CN104969517A (en) * | 2013-01-15 | 2015-10-07 | 思科技术公司 | Automated control plane for limited user destruction |
| CN105991617A (en) * | 2014-12-01 | 2016-10-05 | 塔塔咨询服务有限公司 | Computer implemented system and method for secure path selection using network rating |
| CN106789095A (en) * | 2017-03-30 | 2017-05-31 | 腾讯科技(深圳)有限公司 | Distributed system and message treatment method |
| CN106790647A (en) * | 2017-01-15 | 2017-05-31 | 网宿科技股份有限公司 | A kind of method and system of self adaptation Service Management |
| EP2329621A4 (en) * | 2008-09-24 | 2017-06-21 | Telefonaktiebolaget LM Ericsson (publ) | Key distribution to a set of routers |
| CN106936798A (en) * | 2015-12-31 | 2017-07-07 | ***通信集团江苏有限公司 | A kind of service authentication method and device |
| CN107534642A (en) * | 2015-04-16 | 2018-01-02 | 瑞典爱立信有限公司 | For the method and apparatus to being established with the calculating problem in communication between clients and servers |
| CN107836101A (en) * | 2015-06-27 | 2018-03-23 | 迈克菲有限责任公司 | Goodwill for URL |
| CN108696879A (en) * | 2018-03-21 | 2018-10-23 | 深圳市海司恩科技有限公司 | Ad hoc network method, self-organizing network system and the storage medium of ultraviolet optical-fiber network |
| CN109565500A (en) * | 2016-08-05 | 2019-04-02 | 上海诺基亚贝尔股份有限公司 | On-demand security architecture |
| CN110300411A (en) * | 2019-06-13 | 2019-10-01 | 北京市天元网络技术股份有限公司 | A kind of method and system for safety-oriented data transfer |
| CN112291789A (en) * | 2020-12-24 | 2021-01-29 | 江苏移动信息***集成有限公司 | Security routing protocol method and system for large-scale self-organizing network |
| CN112904827A (en) * | 2021-01-18 | 2021-06-04 | 同济大学 | Unmanned virtual simulation test system for multiple ICUs |
| US11595444B2 (en) | 2020-12-03 | 2023-02-28 | International Business Machines Corporation | Authenticity assessment of a requestor based on a communication request |
| CN115883443A (en) * | 2022-12-22 | 2023-03-31 | 中国人民解放军战略支援部队信息工程大学 | Method and device for determining network time synchronization message safe transmission route |
-
2007
- 2007-08-22 CN CNA2007100530173A patent/CN101110762A/en active Pending
Cited By (40)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| EP2329621A4 (en) * | 2008-09-24 | 2017-06-21 | Telefonaktiebolaget LM Ericsson (publ) | Key distribution to a set of routers |
| CN101924660B (en) * | 2009-06-09 | 2014-07-02 | 阿尔卡特朗讯公司 | Method and device for detecting network malicious behaviors |
| CN101924660A (en) * | 2009-06-09 | 2010-12-22 | 阿尔卡特朗讯公司 | Method and device for detecting network malicious behaviors |
| CN101599961B (en) * | 2009-06-10 | 2012-05-09 | 南京邮电大学 | Target attack and defense method specific to optimized link state routing protocol |
| CN102598738A (en) * | 2009-10-14 | 2012-07-18 | 皇家飞利浦电子股份有限公司 | A method for operating a node in a wireless sensor network |
| CN102404737A (en) * | 2011-12-29 | 2012-04-04 | 重庆邮电大学 | Dynamic-detection-based wireless sensor network secure routing method |
| CN102404737B (en) * | 2011-12-29 | 2014-07-02 | 重庆邮电大学 | Dynamic-detection-based wireless sensor network secure routing method |
| CN103037365B (en) * | 2012-12-12 | 2015-06-24 | 深圳市汇川控制技术有限公司 | Wireless Mesh network security system based on Ad-hoc and wireless Mesh network security method based on the Ad-hoc |
| CN103037365A (en) * | 2012-12-12 | 2013-04-10 | 深圳市汇川控制技术有限公司 | Wireless Mesh network security system based on Ad-hoc and wireless Mesh network security method based on the Ad-hoc |
| CN104969517B (en) * | 2013-01-15 | 2018-07-06 | 思科技术公司 | A kind of method and apparatus for the control plane that configuration is resisted for foundation |
| CN104969517A (en) * | 2013-01-15 | 2015-10-07 | 思科技术公司 | Automated control plane for limited user destruction |
| CN105308897A (en) * | 2013-06-25 | 2016-02-03 | 诺基亚技术有限公司 | A method and apparatus for anonymous and trustworthy authentication in pervasive social networking |
| WO2014205645A1 (en) * | 2013-06-25 | 2014-12-31 | Nokia Corporation | A method and apparatus for anonymous and trustworthy authentication in pervasive social networking |
| CN105308897B (en) * | 2013-06-25 | 2019-09-13 | 诺基亚技术有限公司 | Method and apparatus for anonymity and authentic authentication in infiltration type social networking |
| US10291587B2 (en) | 2013-06-25 | 2019-05-14 | Nokia Technologies Oy | Method and apparatus for anonymous and trustworthy authentication in pervasive social networking |
| CN103957097A (en) * | 2014-04-14 | 2014-07-30 | 河海大学 | Routing and data safety guaranteeing method of mobile Ad Hoc network |
| CN105991617A (en) * | 2014-12-01 | 2016-10-05 | 塔塔咨询服务有限公司 | Computer implemented system and method for secure path selection using network rating |
| CN105991617B (en) * | 2014-12-01 | 2020-04-24 | 塔塔咨询服务有限公司 | Computer-implemented system and method for selecting a secure path using network scoring |
| CN104580207B (en) * | 2015-01-04 | 2019-03-19 | 华为技术有限公司 | Retransmission method, device and the transponder of authentication information in Internet of Things |
| US10880297B2 (en) | 2015-01-04 | 2020-12-29 | Huawei Technologies Co., Ltd. | Forwarding method, forwarding apparatus, and forwarder for authentication information in Internet of Things |
| CN104580207A (en) * | 2015-01-04 | 2015-04-29 | 华为技术有限公司 | Forwarding method and device for authentication information in Internet of things and repeater |
| CN107534642B (en) * | 2015-04-16 | 2020-11-10 | 瑞典爱立信有限公司 | Method and apparatus for establishing computational puzzle for use in communication between client and server |
| CN107534642A (en) * | 2015-04-16 | 2018-01-02 | 瑞典爱立信有限公司 | For the method and apparatus to being established with the calculating problem in communication between clients and servers |
| US10735392B2 (en) | 2015-04-16 | 2020-08-04 | Telefonaktiebolaget Lm Ericsson (Publ) | Method and device for establishing a computational puzzle for use in communication between a client and a server |
| CN107836101A (en) * | 2015-06-27 | 2018-03-23 | 迈克菲有限责任公司 | Goodwill for URL |
| CN106936798B (en) * | 2015-12-31 | 2020-06-12 | ***通信集团江苏有限公司 | Service authentication method and device |
| CN106936798A (en) * | 2015-12-31 | 2017-07-07 | ***通信集团江苏有限公司 | A kind of service authentication method and device |
| CN109565500B (en) * | 2016-08-05 | 2021-10-29 | 上海诺基亚贝尔股份有限公司 | On-demand security architecture |
| CN109565500A (en) * | 2016-08-05 | 2019-04-02 | 上海诺基亚贝尔股份有限公司 | On-demand security architecture |
| US11349881B2 (en) | 2016-08-05 | 2022-05-31 | Alcatel Lucent | Security-on-demand architecture |
| CN106790647B (en) * | 2017-01-15 | 2020-06-23 | 网宿科技股份有限公司 | Method and system for self-adaptive service management |
| CN106790647A (en) * | 2017-01-15 | 2017-05-31 | 网宿科技股份有限公司 | A kind of method and system of self adaptation Service Management |
| CN106789095B (en) * | 2017-03-30 | 2020-12-08 | 腾讯科技(深圳)有限公司 | Distributed system and message processing method |
| CN106789095A (en) * | 2017-03-30 | 2017-05-31 | 腾讯科技(深圳)有限公司 | Distributed system and message treatment method |
| CN108696879A (en) * | 2018-03-21 | 2018-10-23 | 深圳市海司恩科技有限公司 | Ad hoc network method, self-organizing network system and the storage medium of ultraviolet optical-fiber network |
| CN110300411A (en) * | 2019-06-13 | 2019-10-01 | 北京市天元网络技术股份有限公司 | A kind of method and system for safety-oriented data transfer |
| US11595444B2 (en) | 2020-12-03 | 2023-02-28 | International Business Machines Corporation | Authenticity assessment of a requestor based on a communication request |
| CN112291789A (en) * | 2020-12-24 | 2021-01-29 | 江苏移动信息***集成有限公司 | Security routing protocol method and system for large-scale self-organizing network |
| CN112904827A (en) * | 2021-01-18 | 2021-06-04 | 同济大学 | Unmanned virtual simulation test system for multiple ICUs |
| CN115883443A (en) * | 2022-12-22 | 2023-03-31 | 中国人民解放军战略支援部队信息工程大学 | Method and device for determining network time synchronization message safe transmission route |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN101110762A (en) | Ad hoc network security path method | |
| CN101159748B (en) | Entity authentication method in wireless sensor network | |
| Yi et al. | A survey on security in wireless mesh networks | |
| Ranjan et al. | Security issues of black hole attacks in MANET | |
| Rajkumar et al. | Secure multipath routing and data transmission in MANET | |
| Deshmukh et al. | Secure routing to avoid black hole affected routes in MANET | |
| Sharma et al. | A comprehensive review of security issues in manets | |
| Ghosh et al. | Identity based secure aodv and tcp for mobile ad hoc networks | |
| Atheeq et al. | Mutually authenticated key agreement protocol based on chaos theory in integration of internet and MANET | |
| Jarjis et al. | Blockchain authentication for aodv routing protocol | |
| Ahmad et al. | BHQRSM: binary hex quadratic residue security model to enhance the trust in MANETs | |
| Rao et al. | An effective data privacy mechanism through secure session key exchange model for MANET | |
| Imran et al. | DD-SARP: Dynamic data secure Anonymous Routing Protocol for MANETs in attacking environments | |
| Bhardwaj et al. | Secure co-operative neighbour-based approach for detection and prevention of black hole attack in wireless mobile ad-hoc networks | |
| Qabajeh et al. | Detailed security evaluation of ARANz, ARAN and AODV protocols | |
| Gilaberte et al. | A secure routing protocol for ad hoc networks based on trust | |
| Kush et al. | Hash security for ad hoc routing | |
| Madhumitha et al. | A Survey on Anonymous Routing Protocols in Mobile Ad hoc Networks | |
| de Oliveira et al. | NEKAP: Intruder Resilient and Energy Efficient Key Establishment in Sensor Networks | |
| Ahmad et al. | Security on MANETs using block coding | |
| Zalte et al. | Pre-Path and Post-Path Security to Mobile Adhoc Network | |
| Dureja et al. | Comparative Study Of Collaborative Attacks & Security Mechanisms In Manet | |
| Abuhaiba et al. | Securing zone routing protocol in Ad-hoc networks | |
| Gupta et al. | A Survey of Attacker Identification and Security Schemes in MANET | |
| Zalte et al. | A survey on secure routing protocols for mobile ad-hoc network |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C12 | Rejection of a patent application after its publication | ||
| RJ01 | Rejection of invention patent application after publication |
Open date: 20080123 |