簡易檢索 / 詳目顯示

研究生: 陳勁宏
Chen, Jing-Hung
論文名稱: 無線隨意網路安全之研究:路由靜態資訊的保護
A Study of Securing Ad Hoc Network:Routing Static Information Protection
指導教授: 賴溪松
Laih, Chi-Sung
學位類別: 碩士
Master
系所名稱: 電機資訊學院 - 電腦與通信工程研究所
Institute of Computer & Communication Engineering
論文出版年: 2005
畢業學年度: 93
語文別: 英文
論文頁數: 82
中文關鍵詞: 隨意網路模擬安全
外文關鍵詞: simulation, security, ad hoc network
相關次數: 點閱:49下載:1
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報
  •   無線隨意式網路(Ad Hoc Networks),因為其使用上的方便與架設成本相對基礎建設(Infrastructure)來的便宜等優點,有越來越多人投入其相關研究,也提出了許多的路由協定。但都尚未考量安全,只著重於效率和速度。故在安全的考量上有很大的問題。以有線網路來說,路由器與終端機是分開的,且是被安全保護的,這樣可以確保網路路徑的正確。然而在無線隨意網路,節點同時扮演兩個不同的腳色,同時既是路由器亦是終端機。因此,除了通訊安全的研究,正確的路由建立便成一個很重要的課題。我們將針對不同的路由攻擊做研究與模擬,比較出各種攻擊的威脅程度大小,其次針對攻擊設計一個安全的路由協定。
      在無線隨意網路中,我們探討了安全的兩個部份,一為路由訊息的完整性驗證,另一為節點的身分認證。路由訊息又可分為兩部份,一為路由靜態訊息,另一為路由動態訊息。我們所要探討的是路由靜態訊息部分;路由動態的部份,在智明的論文中探討。我們並引用了RFC-3561 AODV路由協定為例,提出了兩個較為安全且實用的方法。一為基於pairing 的ID-Based簽章,另一為基於非對稱式ID-MAC。後者的方法除了解決路由訊息被偽造、竄改和身份認證的問題之外,也解決了簽章運算量龐大的問題。最後我們以模擬的方式,探討整體的效益為何。

     Ad Hoc network is more convenient and cheaper than the networks with infrastructure in the usage and setup. More and more people involve in this research. The authors mainly research in routing protocols. Many routing methods are proposed by them. There are many problems in considering with security. As to wire network, the router and the terminals are separated. The route also has been protected securely. It can guarantee that the network route is correct. But in Ad Hoc network, nodes act two different roles meanwhile. It is a route and a terminal at the same time. Besides the research in communication security is important, correct route setup becomes a very important subject. We will do the research and simulation to different kinds of route attacks, and then we will design a secure routing protocol.
     On the based of the characteristics of Ad Hoc network, we have researched into two secure parts, one is the integrality verification of the routing information, and another is the identity authentication of node. Routing information can be divided into two parts, one is the routing static information, and another is the routing dynamic information. Static part is what we want to protect; dynamic part, it will be discuss in J.M Hou’s thesis. We have quoted RFC-3561 AODV route protocol as the example. We proposed two comparatively safe and practical methods. One is ID-Based signature based on pairing, and another is the asymmetric ID-MAC. The latter method besides solves the problems of routing forging, modifying, and identity authentication. It also reduces the large amount operation of signature. Finally we use NS2 to simulation and discuss the whole efficiency.

    Chap 1 Introduction 1 1.1 Origin of Ad Hoc Network 1 1.2 The Features of Ad Hoc Network 2 1.3 Applications of Ad Hoc Network 4 1.4 Comparison of Ad Hoc Network and Other Mobile Communication System 6 1.5 Problems in Ad Hoc Network 8 1.6 Research Motives 9 1.7 Contributions 10 Chap 2 A Review of Ad Hoc Routing Protocol and Cryptosystems 11 2.1 Cryptosystems Review 11 2.1.1 Asymmetric Cryptosystems 11 2.1.2 The Group Certification Signature 12 2.1.3 The ID-Based Signature 14 2.1.4 Broadcast Authentication Protocol – TESLA 16 2.2 Ad Hoc Routing Protocol Review 20 2.2.1 Proactive Routing Protocol 21 2.2.2 Reactive Routing Protocol 23 2.2.3 Hybrid Routing Protocol 26 Chap 3 Category of Attacks in Ad Hoc Networks 29 3.1 Attack of Modify Routing Packet Field 30 3.1.1 Rushing Attack 30 3.1.2 Routing Disruption Attack 30 3.2 Attacks Using Masquerade 31 3.2.1 Routing Loop Attack 31 3.2.2 Forge Route Reply Attack 32 3.2.3 Fake Route Error Attack 33 3.3 Other Special Attack Models 34 3.3.1 Wormhole Attack 34 3.3.2 Black-Hole Attack 35 Chap 4 Secure Scheme Reviews for Ad Hoc Networks 36 4.1 Using HMAC 37 4.2 Using Digital Signature 39 4.2.1 SAODV Scheme 39 4.2.2 ARAN Scheme 41 4.3 Using One-Way Hash Chain Function 43 4.3.1 SEAD Scheme 43 4.3.2 Ariadne Scheme 44 4.4 Using Trust Based Model 46 4.5 Comparing and Summarizing 46 Chap 5 Our Proposed Scheme-Based on Signature 48 5.1 The Demands On Ad Hoc Networks Security 48 5.2 Securing Ad Hoc Based on Group Certificate Signature 50 5.3 Securing Ad Hoc Based on ID-Based Signature 54 5.4 Security Analysis 56 Chap 6 Our Proposed Scheme-Based on ID Authentication 59 6.1 Securing Ad Hoc Based on ID Authentication 60 6.2 Security Analysis 66 6.3 Comparing 69 Chap 7 Simulation 71 7.1 Simulation Environment 71 7.2 Scenarios 71 7.2.1 Scenario 1 – Rushing Attack 71 7.2.2 Scenario 2 - Modifying IP Header Attack 73 7.3 The Efficiency Analysis 74 Chap 8 The Conclusion and Future Work 77 References 78

    References
    [1]S.G. AKL, P.D. Taylar, “Cryptography solution to a problem of access control in a hierarchy,” ACM Transaction on Computer Systems, Vol. 1,No.3, pp.239-248 1983
    [2]M. Abolhasan, T. Wysocki, and E. Dutkiewicz, “A review of routing protocols for mobile ad hoc networks”, Elsevier Ad Hoc Networks Journal, vol. 2, no. 1, pp. 1-22, January 2004.
    [3]D.A. Beyer. “Accomplishments of the DARPA Survivable Adaptive Networks SURAN Program,” In Proceedings of the IEEE MILCOM Conference, 1990.
    [4]J. Baek, R. Safavi-Naini, J. Hindmarsh and W. Susilo, “A Survey of Identity-Based Cryptography,” Identification and Authentication Issues in Computing, Proceedings of Australian Unix User. Group Conference 2004, pp 95-102, ISBN: 095775326
    [5]Z.D. Chen, H.T. Kung, and D.V lah. “Ad Hoc Relay Wireless Networks over Moving Vehicles on Highways,” ACM Symposium on MobiHoc, California, USA, Oct 2001.
    [6]J. Cha and J. Cheon, “An Identity-Based Signature from Diffie-Hellman Groups,” Public Key Cryptography – Proceedings of PKC 2003, LNCS 2567, pp. 18-30, Springer-Verlag, 2003.
    [7]T.W. Chang and C.S Laih “Efficient Authentication Schemes Based on Group Certificate and Their Applications on Mobile Communication System,” Department of Electrical Engineering National Cheng Kung University Tainan, Taiwan, R.O.C. Thesis for Master of Science June, 2003
    [8]W. Diffie and M.E. Hellman, “New Directions in Cryptography,” IEEE Trans. 1976, vol. IT-22, pp. 644-654
    [9]B. Dahill, K. Sanzgiri, B. N. Levine, C. Shields, and E. Royer, “A Secure Routing Protocol for Ad Hoc Networks,” in Proceeding of 10th IEEE International Conference on Network Protocols (ICNP 2002), pp. 78-87, November 2002.
    [10]U. Feige, A. Fiat and A. Shamir, “Zero-Knowledge Proofs of Identity,” Jour. of Crypto., Vol. 1, 1988, pages 77–94.
    [11]S.G AKL, P.D. Taylor, “Cryptography solution to a problem of access control in a hierarchy,” ACM Transaction on Computer Systems, Vol. 1, No. 3, pp.239-248 1983
    [12]G. Itkis, L. Reyzin, “Forward-security signatures with optiomal signing and verifying” CRYPTO 2001, LNCS Vol. 2139, August. 2001.
    [13]L.C Guillou, J.J. Quisquator, “A paradoxical identity-based signature scheme resulting from zero-knowledge,” Advances in Cryptology CRYPTO’88 LNCS Vol. 403, pp.216~231, Aug. 1988.
    [14]Z.J. Hass, R. Pearlman, “Zone routing protocol for ad-hoc networks,” Internet Draft, draft-ietf-manet-zrp-02.txt, work in progress, 1999.
    [15]Y.C. Hu, D. B. Johnson, and A. Perrig., “SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks,” in Proceedings of the 4th IEEE Workshop on Mobile Computing Systems & Applications (WMCSA 2002), pp. 3-13, June 2002.
    [16]Y. C. Hu, A. Perrig, and D. B. Johnson, “Ariadne: A Secure On-Demand Routing Protocol for Ad hoc Networks,” in Proceedings of the Eighth Annual International Conference on Mobile Computing and Networking (MobiCom 2002), pp. 12-23, September 2002.
    [17]J.M. Hou and C.S Laih, “A Study of Securing Ad Hoc Network: Dynamic Routing Information Protection,” Cryptology & Network Security Lab Institute of Computer & Communication National Cheng Kung University Tainan, Taiwan, R.O.C. Thesis for Master of Science June, 2005
    [18]J. Jubin and J.D. Tornow. “The DARPA packet radio network protocols,” Proceedings of the IEEE, 1987, 75(1): 21-32.
    [19]D. Johnson, D. Maltz, and J. Jetcheva, “The dynamic source routing protocol for mobile ad hoc networks,” July 19, 2004, draft-ietf-manet-dsr-10.txt.
    [20]B.M. Leiner, R. Ruth, and A.R. Sastry. “Goals and Challenges of the DARPA GloMo Program,” IEEE Personal Communications, Vol.3, No.6, 1996.
    [21]B Ljubica, B Levente, and C Srdjan,. “Self-organization in mobile Ad hoc,” IEEE Communications Magazine, June 2001
    [22]P. Ning and K. Sun, “How to Misuse AODV: A Case Study of Insider Attacks against Mobile Ad-hoc Routing Protocols,” Proceedings of the 4th Annual IEEE Information Assurance Workshop, pp. 60-67, June 2003.
    [23]C.E. Perkins and P. Bhagwat, “Highly Dynamic Destination Sequenced Distance Vector Routing (DSDV) for Mobile Computers,” ACM SIGCOMM’94, 1994
    [24]V.D. Parka and M.S. Corsonb, “A Highly Adaptive Distributed Routing Algorithm f or Mobile Wireless Networks,” IEEE INFOCOM, 1997
    [25]A. Perrig, R. Canetti, J.D. Tygar, and D. Song, “Efficient Authentication and Signing of Multicast Streams over Lossy Channels,” In IEEE Symposium on Security and Privacy, pages 56–73, May 2000.
    [26]A. Perrig, R. Canetti, D. Song, and J. D. Tygar, “Efficient and Secure Source Authentication for Multicast,” in Network and Distributed System Security Symposium, NDSS ’01, pages 35–46, February 2001.
    [27]P. Papadimitratos and Z. J. Haas, “Secure Routing for Mobile Ad hoc Networks”, in Proceedings of SCS Communication Networks and Distributed Systems Modeling and Simulation Conference, January 2002.
    [28]A. Perrig, R. Canetti, JD Tygar, and D. Song, "The tesla broadcast authentication protocol," RSA CryptoBytes, vol. 5, no. Summer, 2002.
    [29]P. Papadimitratos and Z. J. Haas, “Secure message transmission in mobile ad hoc networks,” Elsevier Ad Hoc Networks Journal, vol. 1, no. 1, pp. 193-209, Jan/Feb/March 2003.
    [30]R.L. Rivest, A. Shamir, and L.M Adleman. “A method for obtaining digital signatures and public-key cryptosystems,” Communication of the ACM 22, pp. 120-126, 1978
    [31]E.M. Royer and C-K Toh. “A Review of Current Routing Protocols for Ad hoc Mobile Wireless Networks,” IEEE Personal Communications Magazine, April 1999
    [32]A. Shamir, “Identity-based cryptosystems and signature schemes,” Crypto '84
    [33]L Subramanian, H Randy. “An Architecture for Building Self-Configurable Systems,” IEEE Workshop on Mobile Ad Hoc Networking and Computing. Boston, August 2000
    [34]S Yi, P. Naldurg, and R. Kravets. “Security-aware Ad-Hoc routing for wireless networks,” Tech Rep: UIUCDCS-R-2001-2241, Department of Computer Science, University of Illinois at Urbana-Champaign, August 2001
    [35]M.G. Zapata and N. Asokan, “Securing Ad hoc Routing Protocols,” in Proceedings of the 2002 ACM Workshop on Wireless Security (WiSe 2002), pp. 1-10, September 2002.
    [36]J. Zhen and S. Srinivas “Preventing Replay Attacks for Secure Routing in Ad Hoc Networks Proc,” the Second International Conference on Ad Hoc, Mobile and Wireless Networks, Montreal, Canada, Oct 8-10, 2003.
    [37]賴溪松,洪肇蔚,“各種憑證變體運用在公開金鑰基礎建設”資通安全專輯
    [38]賴溪松, 張真誠, 韓亮, 近代密碼學及其應用 =Contemporary cryptography and it's applications,旗標出版股份有限公司, 2003
    [39]http://140.116.72.80/~smallko/ns2/ns2.htm NS2 教學手冊
    [40]http://monarch.cs.rice.edu/internet-drafts/draft-ietf-manet-dsr-10.txt
    [41]http://www.faqs.org/rfcs/rfc3561.html AODV routing protocol.
    [42]http://www.ieee802.org/11/
    [43]http://www.isi.edu/nsnam/ns/ S. McCanne and S. Floyd “Network Simulator”
    [44]http://www.synack.net/wireless/consumption.html

    下載圖示 校內:2006-07-13公開
    校外:2006-07-13公開
    QR CODE