簡易檢索 / 詳目顯示

回結果列表
研究生: 侯智明
Hou, Jr-Ming
論文名稱: 安全隨意網路之研究:動態路由訊息之防護
A Study of Securing Ad Hoc Network: Dynamic Routing Information Protection
指導教授: 賴溪松
Laih, Chi-Sung
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 電腦與通信工程研究所
Institute of Computer & Communication Engineering
論文出版年: 2005
畢業學年度: 93
語文別: 英文
論文頁數: 75
中文關鍵詞: 模擬安全隨意網路
外文關鍵詞: simulation, security, ad hoc network
相關次數: 點閱:78下載:1
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    •   隨意網路(Ad Hoc network),因為其方便性與架設成本上的優勢,有越來越多人投入其相關領域的研究;然而在安全性方面,由於初期的協定設計是以效率為優先考量,導致其先天上不足,雖然目前有許多的安全方法可以套用但仍有其不足之處。
      隨意網路上的節點同時扮演著路由器與終端機的功能,這導致隨意網路的安全設計與有線網路的不同;其次,任意網路的路由是動態的,並非有線網路那樣固定,故無法套用某些有線網路的安全方法。
      經由分析針對隨意網路之各種攻擊模式之後,我們將提供目前廣為人知之路由協定AODV(Ad hoc On-Demand Distance Vector)提供了一個安全機制,首先我們將其路由訊息(路由封包的內容)分類為靜態欄位與動態欄位兩大部分,針對靜態部分經過我們的分析,此時傳遞的資料在端點與端點之間是固定的,所以適合使用數位簽章來保護,而由於簽章時的公鑰發布問題,所以我們採用基於ID的(ID-based)數位簽章,並使用我們的檢驗方法來達到安全性。動態部份由於資料在傳送時會隨時的變動,所以不適合使用上述方法保護之,我們設法利用具有同態(homomorphism)特性之單向函數(one-way function)經由我們的方法來保證其安全性,並且我們使用網路模擬器(NS2)來模擬我們的方法,由模擬結果來探討其效益為何。最後我們嘗試簡單的實作以確保其整體的可行性。

      Because the vantage of conveniences and costs, there are more and more people involved in the area of research in Ad Hoc networks. However, because the efficiency was concerned first at the initial time of the protocol design, leads to the lack of security inborn. Although there are many security schemes can be applied to those protocols, the security is still not enough.
      The node in Ad Hoc networks plays both the role of routers and terminals. This leads to the difference of the secure design between Ad Hoc networks and wired networks. Moreover, the routing path in Ad Hoc networks is dynamic; it is not fixed as in wired networks. Therefore, some secure mechanisms used in wired networks can not simply be applied to the protocols in Ad Hoc networks.
      After analyzing various types of attack against Ad Hoc networks, we will propose a secure scheme for the famous routing protocol, AODV. Fist, we divide routing information (the content of routing packets) into two parts. They are static and dynamic fields. For the static part, the messages transmitted between two end nodes are fixed, so it is suitable to use the digital signature to protect this part. Furthermore, because of the problem for the public key distribution, we use the ID-based digital signature with our method to achieve the security. For the dynamic part, the messages transmitted between two end nodes are mutable, so it is not suitable to use the above method to protect this part. We use the one-way function with the property of homomorphism through our method to guarantee the security. Furthermore, we use NS2 (Network Simulator) to simulate our scheme and discuss how well the efficiency is from the simulation results. Finally, we try to achieve the simple implementation to ensure the feasibility.

    Chapter 1 Introduction 1 1.1 History of Ad Hoc Networks 1 1.2 The Features of Ad Hoc Networks 3 1.3 Applications of Ad Hoc Networks 4 1.4 Comparison of Ad Hoc Networks and Other Mobile Communication Systems 6 1.4.1 Honeycomb(Cellular) Systems 7 1.4.2 Satellite Communication Systems 7 1.5 Problems Faced in Ad Hoc Networks 9 1.6 Motivation 10 1.7 Contribution 11 Chapter 2 Overview of Current Routing Protocols for Ad Hoc Networks 13 2.1 Proactive (Table-Driven) Routing Protocols 14 2.2 Reactive Routing Protocols 16 2.3 Hybrid Routing Protocols 20 Chapter 3 Security Needs 22 3.1 Security Requirements 22 3.2 Authentication Models and Previous Work 23 3.2.1 HMAC 24 3.2.2 Digital Signature 24 3.2.3 One-way HMAC key chain 27 3.2.4 Analysis and Comparison 27 Chapter 4 Category of Attacks in Ad Hoc Networks 29 4.1 Attacks of Modification 30 4.1.1 Modification of Static Fields 30 4.1.2 Modification of Dynamic Fields 31 4.2 Attacks of Forging/Fabrication 32 4.3 Attacks in “IP Layer” 33 4.4 Weakness Analysis of AODV 33 Chapter 5 Overview of Secure Schemes for Ad Hoc Networks 34 5.1 Schemes Using HMACs 35 5.2 Schemes Using Digital Signatures 36 5.2.1 The SAODV Scheme 37 5.2.2 The ARAN Scheme 39 5.3 Schemes Using One-way HMAC key chain 41 5.3.1 The SEAD Scheme 41 5.3.2 The Ariadne Scheme 42 5.4 Other Methods 43 5.4.1 Trust Based Schemes 43 5.4.2 IDS Schemes 44 5.5 Comparison and Summary 44 Chapter 6 Our Proposed Scheme 46 6.1 Review of Others’ Schemes 47 6.2 Improved Static Fields’ Protection 49 6.3 Improved Dynamic Fields’ Protection 49 Chapter 7 Simulation 54 7.1 Network Simulator 2 54 7.2 Simulation Scenarios 55 Chapter 8 Implementation 61 8.1 Trace the AODV-UU 61 8.2 Our Implementation 67 8.3 Result 70 Chapter 9 Conclusions and Future Work 71 References 72

    [1] M. Abolhasan, T. Wysocki, and E. Dutkiewicz, “A review of routing protocols for mobile ad hoc networks”, Elsevier Ad Hoc Networks Journal, vol. 2, no. 1, pp. 1-22, January 2004.
    [2] D.A. Beyer, “Accomplishments of the DARPA Survivable Adaptive Networks SURAN Program”, Proceedings of IEEE MILCOM’90, Monterey, CA, Oct. 1990, pp. 855-862.
    [3] D. Boneh, M. Franklin, “Identity-Based Encryption from the Weil Pairing”, Advances in Cryptology -- Crypto'2001, Lecture Notes on Computer Science 2139, Springer-Verlag (2001), pp. 213--229.
    [4] J.H. Chen and C.S. Laih, “A Study of Securing Ad Hoc Network: Static Routing Information Protection” Thesis for Master of Science, June, 2005.
    [5] B. Dahill, K. Sanzgiri, B. N. Levine, C. Shields, and E. Royer, “A Secure Routing Protocol for Ad Hoc Networks”, in Proceeding of 10th IEEE International Conference on Network Protocols (ICNP 2002), pp. 78-87, November 2002.
    [6] X. Du, Y. Wang, J. Ge, and Y. Wang, “A Method for Security Enhancements in AODV Protocol”, AINA 2003: 237-240.
    [7] A. Hamidian, “A Study of Internet Connectivity for Mobile Ad Hoc Networks in NS 2”, Masters thesis, Department of Communication Systems, Lund Institute of Technology, Lund University, Sweden, January 2003.
    [8] Z.J. Hass and M.R. Pearlman, “The Performance of Query Control Schemes for the Zone Routing Protocol”, IEEE/ACM Transactions on Networking, Vol. 9, no.4, August 2001, pp.427-438.
    [9] K. Hoeper and G. Gong, “Models of Authentication in Ad Hoc Networks and Their Related Network Properties”, Department of Electrical and Computer Engineering University of Waterloo, 2004 Technical Reports (CACR 2004-03).
    [10] Y.C. Hu, D.B. Johnson, and A. Perrig, “SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks”, in Proceedings of the 4th IEEE Workshop on Mobile Computing Systems & Applications (WMCSA 2002), pp. 3-13, June 2002.
    [11] Y.C. Hu, A. Perrig, and D.B. Johnson, “Ariadne: A Secure On-Demand Routing Protocol for Ad hoc Networks”, in Proceedings of the Eighth Annual International Conference on Mobile Computing and Networking (MobiCom 2002), pp. 12-23, September 2002.
    [12] M. Joye and S.M. Yen, “One-Way Cross-Tree and Their Applications”, Public Key Cryptography, vol. 2274 of Lecture Notes in Computer Science, pp. 346-356, Springer-Verlag, 2002.
    [13] J. Jubin and J.D. Tornow, “The DARPA packet radio network protocols”, Proceedings of the IEEE, 1987, 75(1): 21-32.
    [14] V. Karpijoki, “Security in Ad Hoc Networks”, in Proceedings of the Helsinki University of Technology, Seminar on Network Security, 2000.
    [15] W.C. Ku and S.D. Wang, “Hierarchical key Establishment Protocols Based on Secure Keyed One-Way Hash Functions”, Proceedings of The 12th International Conference on Information Networking, pp. 162-167, January 1998. (Proc., pp. 162-167).
    [16] S.J. Lee, M. Gerla, and C.K. Toh, “A Simulation Study of Table-Driven and On-Demand Routing Protocols for Mobile Ad Hoc Networks”, IEEE network, vol 134, July-Aug. 1999, pp. 48-54.
    [17] B.M. Leiner, R. Ruth, and A.R. Sastry, “Goals and Challenges of the DARPA GloMo Program”, IEEE Personal Communications, Vol.3, No.6, 1996.
    [18] S. McCanne, S. Floyd, “Network Simulator”, http://www.isi.edu/nsnam/ns/. K. Fall, K. Varadhan, “The ns Manual” the VINT Project.
    [19] R.K. Nekkanti and C.W. Lee, “Trust Based Adaptive on Demand Ad Hoc Routing Protocol”, In Proceedings of the 42nd Annual ACM Southeast Regional Conference (Huntsville, AL, USA, Apr. 2004), ACM Press, pp. 88-93.
    [20] P. Papadimitratos and Z.J. Haas, “Secure Routing for Mobile Ad hoc Networks”, in Proceedings of SCS Communication Networks and Distributed Systems Modeling and Simulation Conference, January 2002.
    [21] P. Papadimitratos and Z.J. Haas, “Secure message transmission in mobile ad hoc networks”, Elsevier Ad Hoc Networks Journal, vol. 1, no. 1, pp. 193-209, Jan/Feb/March 2003.
    [22] C.E. Perkins and P. Bhagwat, “Highly Dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for Mobile Computers”, ACM SIGCOMM’94, 1994.
    [23] C. Perkins, E. Belding-Royer, and S. Das, “Ad hoc On-Demand Distance Vector (AODV) Routing”, RFC 3561– Experimental Standard, July 2003.
    [24] A. Perrig, R. Canetti, J.D. Tygar, and D. Song, “The TESLA Broadcast Authentication Protocol”, RSA CryptoBytes, vol. 5, no. 2, 2002, pp. 2-13.
    [25] A.A. Pirzada and C. McDonald, “Establishing Trust in Pure Ad-hoc Networks”, January 2004 Proceedings of the 27th conference on Australasian computer science - Volume 26.
    [26] R. Rivest, A. Shamir, and L. Adleman, “A method for obtaining Digital Signatures and Public Key Cryptosystems”, Communications of ACM, vol. 21, no. 2, pp. 120-126, February 1978.
    [27] R. Rivest, “The MD5 Message-Digest Algorithm”, RFC 1321, April 1992.
    [28] E.M. Royer and C.K. Toh, “A Review of Current Routing Protocols for Ad Hoc Mobile Wireless Networks”, IEEE Personal Communications [see also IEEE Wireless Communications], Vol.6, no.2, April 1999, pp.46-55.
    [29] A. Shamir, “Identity based cryptosystems and signature schemes”, Advances in Cryptology, CRYPTO'84, pp. 47- 53, Lecture Notes in Computer Science, 1984.
    [30] W. Wang, Y. Lu, and B. Bhargava, “On Security Study of Two Distance Vector Routing Protocols for Mobile Ad Hoc Networks”, the first IEEE Annual Conference on Pervasive Computing and Communications (PerCom’2003), Dallas-Fort Worth, Texas, March 2003.
    [31] A. Weimerskirch and D. Westhoff, “Identity Certified Authentication for Ad-hoc Networks”, In ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN ’03), 2003.
    [32] H. Yang, H. Luo, F. Ye, S. Lu, and L. Zhang, “Security in Mobile Ad Hoc Networks: Challenges and Solutions”, IEEE Wireless Communications, February 2004, Vol.11, No. 1.
    [33] S. Yi, P. Naldurg, and R. Kravets, “Security-aware Ad hoc routing for Wireless Networks”, in Proceedings of the ACM Mobihoc, 2001.
    [34] M.G. Zapata and N. Asokan, “Securing Ad hoc Routing Protocols”, In Proceedings of the 2002 ACM Workshop on Wireless Security (WiSe 2002), pp. 1-10, September 2002.
    [35] M.G. Zapata, “Secure Ad hoc On-Demand Distance Vector (SAODV) Routing”, INTERNET-DRAFT draft-guerrero-manet-saodv-02.txt. November 2004.
    [36] M.G. Zapata, “Secure Ad hoc On-Demand Distance Vector (SAODV) Routing”, INTERNET-DRAFT draft-guerrero-manet-saodv-03.txt. March 2005.
    [37] Y. Zhu and T. Kunz, “MAODV Implementation for NS-2.26”, Systems and Computing Engineering, Carleton University, Technical Report SCE-04-01, January 2004.
    [38] National Institute of Standards and Technology (NIST). Secure Hash Standard, May 1993. Federal Information Processing Standards (FIPS) Publication 180-1.
    [39] http://140.116.72.80/~smallko/ns2/ns2.htm
    [40] http://core.it.uu.se/AdHoc/AodvUUImpl.
    [41] 賴溪松、韓亮、張真誠,近代密碼學及其應用,旗標出版有限公司,2003年。

    下載圖示 校內:立即公開
    校外:2005-07-11公開
    QR CODE