簡易檢索 / 詳目顯示

回結果列表
研究生: 林孝青
Lin, Hsiao-Ching
論文名稱: 無線隨意網路的資料傳播防護
Protection of Data Dispersion in Mobile Ad-Hoc Networks
指導教授: 林輝堂
Lin, Hui-Tang
學位類別: 博士
Doctor
系所名稱: 電機資訊學院 - 電腦與通信工程研究所
Institute of Computer & Communication Engineering
論文出版年: 2016
畢業學年度: 104
語文別: 英文
論文頁數: 76
中文關鍵詞: 無線隨意網路金鑰管理祕密分享規範式入侵偵測視覺化祕密分享
外文關鍵詞: Mobile Ad Hoc Network, Key Management, Secret Sharing, Specification-based Intrusion Detection, Visual Secret Sharing
相關次數: 點閱:131下載:0
分享至:
查詢本校圖書館目錄 查詢臺灣博碩士論文知識加值系統 勘誤回報

    • 無線隨意網路是由一群自主性的節點,彼此之間不需要有線的基礎網路設施,而是透過無線傳輸互相連結而成。無線隨意網路中的每一個節點,可以自由地移動並且參與資料的傳輸。此網路有著開放的特性,只要在範圍內的節點皆可以接收到訊息;此外,無線隨意網路又有著可移動性與無集中管理節點的特性,相較於有線網路在維護安全性的困難度更高,因此在傳播資料的防護上有著相當大的挑戰。
    本論文提出了三個方法,來提升無線隨意網路資料傳播的安全性。第一個方法是以祕密分享為基礎,提出了多層次與群組的概念,符合無線隨意網路有著動態拓樸與無集中管理節點的特性,以達到金鑰對的產生與驗證;在此的架構中,所有的節點可以參與金鑰對的生成與驗證,並且不同層次的節點有著不同的身分,在較高層次的子群組中廣播的訊息,不會有遭受群組外一般節點竊聽的風險。第二個方法是以規範式入侵偵測與雙節點(two-hop)的方法來驗證路由資訊的完整性,確保路由資訊在無線隨意網路的傳播途中,不會遭受竄改。最後,本文提出了以字母為基礎的視覺化秘密分享方法,分享的秘密可以有意義的文字來取代原本的無意義像素點,藉以欺騙混淆竊聽者。此方法不需要複雜的運算,且接收者不需具備密碼學等知識背景也可運用;將分享的密文以重疊方式解密,符合門檻條件的接收者即可解讀隱藏的訊息;而竊聽者即使攔截到封包,在未符合門檻的條件下,也無法取出隱藏的資訊。因此,我們可以透過此三種方法來提升無線隨意網路在傳播資料上的安全性。

    A Mobile Ad-Hoc NETwork (MANET) is established among a group of autonomous nodes that communicate with each other using a multi-hop radio network which maintains connectivity in an infrastructure-less environment. Each node is free to move independently and participates in forwarding data for other nodes. Unlike wired networks, there is no fixed and dedicated link available between the nodes. So any node within radio range can serve as access between nodes. This nature of open medium makes MANET difficult to restrict access and also it attracts malicious users who sniff or cheat other normal users. In addition, the dynamic and non-centralized features of MANET make it more difficult to implement security mechanisms than in traditional wired networks.
    In this dissertation, we propose three mechanisms to enhance the security of data dispersion in MANET. First, a (n, t, n) secret sharing method is applied towards a group-based mobile network architecture to provide authentication and key management services. All nodes participate in key pair generation as shareholders using a threshold secret sharing scheme. This group-based network consists of multi-level participants. The nodes participating at different levels have different identities. The node identity in a higher-level subset is different from the larger common group. In the subset, shared information is broadcast efficiently and securely without risk of eavesdropping from the larger group.
    Secondly, we propose a specification based intrusion detection scheme (SIDS) with the concept of two-hop integrity stamping (THIS) which utilizes previous hop routing messages to assure the integrity of the routing message. The vulnerable message fields that could be tampered with during dispersion are protected by this method. The proposed scheme is lightweight and deployable in a distributed and mobile environment. When employing the designed idea into the AODV routing protocol, experimental results demonstrate suitable performance in MANET.
    Finally, we present a Letter-based Visual Cryptography Scheme (LVCS) where pixels are replaced by letters for the share images. Shares can be constructed using meaningful data as subterfuge while carrying secret data in plain sight, and an adversary will not recognize them as containing secrets. The secret information only can be reconstructed when the threshold condition is satisfied. Otherwise, eavesdropping reveals nothing even if the packet with secret shares is sniffed. In addition, LVCS has a novel stack-to-see property which requires neither knowledge of cryptography nor complex computations for decryption. It can decrease the resource consumption of encryption and decryption. Therefore, we apply these three schemes to raise the security of data dispersion in MANET.

    摘要 I ABSTRACT II 誌謝 IV CONTENTS V LIST OF TABLES VII LIST OF FIGURES VIII CHAPTER 1 INTRODUCTION 1 1.1 INTRODUCTION 1 1.2 MOTIVATION 1 1.3 CONTRIBUTION 3 1.4 ORGANIZATION 4 CHAPTER 2 BACKGROUND AND RELATED WORK 5 2.1 KEY MANAGEMENT WITH THRESHOLD CRYPTOGRAPHY IN MANET 5 2.2 INTRUSION DETECTION IN MANET 7 2.3 VISUAL CRYPTOGRAPHY SCHEME 9 CHAPTER 3 KEY MANAGEMENT 11 3.1 PRELIMINARIES AND ASSUMPTIONS 12 3.1.1 (n, t, n) secret sharing 12 3.1.2 Identity-based Encryption Scheme 13 3.1.3 Assumptions 14 3.2 MULTI-LEVEL AND GROUP-BASED KEY MANAGEMENT 15 3.2.1 Master Key Generation 15 3.2.2 Private Key Generation 16 3.2.3 New Master Key Share Generation 17 3.2.4 Multi-level Key Generation 17 3.2.5 Authentication 18 3.3 SECURITY ANALYSIS AND SUMMARY 19 CHAPTER 4 INTRUSION DETECTION AND DATA INTEGRITY 20 4.1 PRELIMINARIES AND ASSUMPTIONS 20 4.1.1 Overview of AODV Routing Protocol 21 4.1.2 Assumptions 22 4.1.3 Critical Routing Fields and Adversary Model 22 4.2 SPECIFICATION-BASED INTRUSION DETECTION SCHEME 24 4.2.1 Validation Rules 24 4.2.2 Two Hop Integrity stamping 26 4.3 SECURITY ANALYSIS 27 4.4 SIMULATION RESULTS 28 4.4.1 Deployment Feasibility 29 4.4.2 Attack Prevention Capability 30 4.5 APPLICATION: EXTENSION TO VEHICULAR ENVIRONMENT 32 4.5.1 Emergency Scenario 32 4.5.2 Deployment Feasibility in VANET 34 4.5.2 Attack Prevention Capability in VANET 39 4.6 SUMMARY 40 CHAPTER 5 LETTER-BASED VISUAL CRYPTOGRAPHY SCHEME AND DATA CONFIDENTIALITY 41 5.1 PRELIMINARIES 41 5.1.1 DVCS 41 5.1.2 PVCS 42 5.2 MOTIVATION AND DESIGN CONCEPTS 44 5.2.1 Motivation 45 5.2.2 Design Concept 46 5.3 THE PROPOSED LVCS 48 5.3.1 The (k, n)-LVCS 48 5.3.2 The Enhanced (2, n)-LVCS 51 5.4 EXPERIMENT AND APPLICATION 52 5.4.1 Evaluating Indexes 52 5.4.2 LVCS Using English Characters 53 5.4.3 LVCS Using Other Languages 61 5.4.4 Error Tolerance 65 5.4.5 Application: Using a Code Book as a Meaningful Share 67 5.5 SUMMARY 69 CHAPTER 6 CONCLUSION AND FUTURE WORK 70 6.1 CONCLUSION 70 6.2 FUTURE WORK 71 BIBLIOGRAPHY 72

    [1] Alharthi, S., and Atrey, P. K.,“An improved scheme for secret image sharing,” IEE International Conference on Multimedia and Expo (ICME), pp. 1661–1666, 2010.
    [2] Behrisch, M., Bieker, L., Erdmann, J., and Krajzewicz, D. “Sumo - simulation of urban mobility: an overview,” The Third International Conference on Advances in System Simulation, pp. 63-68, 2011.
    [3] Benaloh, J. C., “Secret sharing homomorphisms: keeping shares of a secret,” Proceedings of the Crypto’86 Advances in Cryptology,, Springer-Verlag, Lecture Notes in Computer Science, vol. 263, pp. 251-260, 1987.
    [4] Boneh, D., and Franklin, M., “Identity-Based Encryption from Weil Pairing,” Advances in Cryptology, CRYPTO 2001, Lecture Notes in Computer Science, Vol. 2139, pp. 213-229, Springer Verlag, 2001.
    [5] Cachin, C., “Entropy measures and unconditional security in cryptography,” Ph.D. thesis, Swiss Federal Institute of Technology Zurich, 1997.
    [6] Capkun, S., Buttyan, L., and Hubaux, J. P., “Self-Organized Public Key Management for Mobile Ad Hoc Networks,” IEEE Trans. Mobile Computing, vol. 2, no. 1, pp. 52-64, 2003.
    [7] Chang, C.-C., Hsieh, Y.-P., and Lin, C.-H., “Sharing Secrets in Stego Images with Authentication,” Pattern Recognition, vol. 41, no. 10, pp. 3130-3137, 2008.
    [8] Chen , L.-Q., and Hu, R.-L., “Group Key Agreement Scheme for Mobile Ad Hoc Networks Based on Threshold Secret Sharing,” The 3rd International Symposium on Electronic Commerce and Security (ISECS’10), pp. 176-180, 2010.
    [9] Cimato, S., Prisco,R. D., and Santis, A.D., “Probabilistic visual cryptography schemes,” The Computer Journal, vol. 49, pp. 97-107, 2006.
    [10] Dalal, R., Singh, Y., and Khari1, M., “A Review on Key Management Schemes in MANET,” International Journal of Distributed and Parallel Systems (IJDPS), vol. 3, no. 4, pp. 165-172, 2012.
    [11] Deng, H.-M., Mukherjee, A., and Agrawal, D. P., “Threshold and Identitybased Key Management and Authentication for Wireless Ad Hoc Networks,” Proceedings of the International Conference on Information Technology: Coding and Computing (ITCC’04), pp.107-111, 2004.
    [12] Feng, J., Wu, H., Tsai, C., Chang, Y., and Chu, Y., “Visual secret sharing for multiple secrets,” Pattern Recognition, vol. 41, pp. 3572-3581, 2008.
    [13] Guo, T., Liu, F., and Wu, C.-K., “On the equivalance of two difinitions of visual cryptography scheme,” Information Security Practice and Experience, vol. 7232, pp. 217-227, 2012.
    [14] Harn, L., and Lin, C.-L., “Strong (n,t,n) verifiable secret sharing scheme,” Information Sciences, vol.180, no.16, pp. 3059-3064, 2010.
    [15] Hu, Y.-C., and Perrig, A., “A Survey of Secure Wireless Ad Hoc Routing,” IEEE Security and Privacy, vol. 2, no. 3, pp. 28-39, 2004.
    [16] Huang, Y.-A., and Lee, W.-K., “A Cooperative intrusion detection system for ad hoc networks,” ACM workshop on security of ad hoc and sensor networks, Fairfax, VA, USA, pp. 135-147, 2003.
    [17] Huang, Y.-A., and Lee, W.-K., “Attack analysis and detection for ad hoc routing protocols,” in Proceedings of the 7th International Symposium on Recent Advances in Intrusion Detection (RAID’04), pp. 125-145, Riviera, French, Sept. 2004.
    [18] Ito, R., Kuwakado, H., and Tanaka, H., “Image size invariant visual cryptography,” IEICE – Transactions on Fundamentals of Electronics Communications and Computer Sciences E82-A, pp. 2172-2177, 1999.
    [19] Johansson, P., Larsson, T., Hedman, N., Mielczarek, B., and Degermark, M., “Scenario-based performance analysis of routing protocols for mobile ad-hoc networks,” Proceedings of the 5th annual ACM/IEEE international conference on Mobile computing and networking (MobiCom ’99), pp. 195–206, 1999.
    [20] Khalili, A., Katz, J., and Arbaugh, W. A., “Towards secure key distribution in truly ad-hoc networks,” Proceedings of Symposium on Applications and the Internet Workshops, pp. 342-346, 2003.
    [21] Ko, C., Ruschitzka, M., and Levitt. K., “Execution monitoring of security-critical programs in distributed systems: A specification-based approach,” In Proceedings of the 1997 IEEE Symposium on Security and Privacy, pp. 134-144, 1997.
    [22] Kong, J., Zerfos, P., Luo, H., Lu S., and Zhang, L., “Providing Robust and Ubiquitous Security Support for Mobile Ad-Hoc Networks,” Proceedings of the IEEE 9th International Conference on Network Protocols (ICNP’01), pp. 251-260, 2001.
    [23] Kuwakado, H., and Tanaka, H., “Size-reduced visual secret sharing scheme,” IEICE – Transactions on Fundamentals of Electronics Communications and Computer Sciences E87-A, pp. 1193-1197, 2004.
    [24] Lee, K.-H., and Chiu, P.-L. “A high contrast and capacity efficient visual cryptography scheme for the encryption of multiple secret images,” Optical Communication, vol. 284, pp. 2730-2741, 2011.
    [25] Lin, S.-J., Chen, S.-K., and Lin, J.-C., “Flip visual cryptography (fvc) with perfectsecurity, conditionally-optimal contrast, and no expansion,” Journal of Visual Communication and Image Representation, vol. 21, pp. 900-916, 2010.
    [26] Liu, F., Wu, C.-K., and Lin, X.-J., “The alignment problem of visual cryptography schemes,” Designs, Codes and Cryptography, vol. 50, pp. 215-227, 2009.
    [27] Liu, F., Guo, T., Wu, C., and Qian, L., “Improving the visual quality of size invariant visual cryptography scheme,” Journal of Visual Communication and Image Representation, vol. 23, pp.331-342, 2012.
    [28] McCune, J. M., Perrig, A., and Reiter, M. K., “Seeing-is-believing: using camera phone for human-verifiable authentication,” IEEE Symposium on Security and Privacy, pp. 110-124, 2005.
    [29] Nakayama, H., Kurosawa, S., Jamalipour, A., Nemoto, Y., and Kato, N. “A Dynamic Anomaly Detection Scheme for AODV-Based Mobile Ad Hoc Networks,” IEEE Transactions on Vehicular Technology, vol. 58, no. 5, pp. 2471-2481, 2008.
    [30] Naor, M., and Shamir, A., “Visual Cryptography,” Advances in Cryptology (EUROCRYPT’94), Lecture Notes in Computer Science, Perugia, Italy, vol. 950, pp. 1-12, 1994.
    [31] Naor, M., and Pinkas, B., “Visual authentication and identification,” Advances in Cryptology-Crypt’97, vol. 1294, pp. 322-336, 1997.
    [32] Paterson, K. G., "ID-based signatures from pairings on elliptic curves," Cryptology ePrint Archive, Report 2002/004, http://eprint.iacr.org/.
    [33] Pedersen, T. P. “A threshold cryptosystem without a trusted party,” Proceedings of the Eurocrypt’91 Advances in Cryptology, Springer-Verlag, Lecture Notes in Computer Science, vol. 547, pp. 522-526, 1991.
    [34] Perkins, C., Belding-Royer, E., Das, S., and Chakeres, I., “AODV,” in http://moment.cs.ucsb.edu/AODV/, 1998.
    [35] Perkins, C., Royer, E. M., and Das, S., “Ad hoc on demand distance vector (aodv) routing,” IETF RFC 3561, 2003.
    [36] Puttini, R. S., Percher, J. M., Mé, L., Camp, O., De Sousa, R. Jr., Barenco Abbas, C. J., and García-Villalba, L. J., “A Modular Architecture for Distributed IDS in MANET,” proceeding of the international conference on computational science and its applications (ICCSA), Springer Verlag, LNCS 2669, pp. 91-113, 2003.
    [37] Samreen, A. and Ansari, S., “Certificateless ID-based authentication using threshold signature for P2P MANETs,” International Conference on Information and Communication Technologies (ICICT’09), pp. 112-116, 2009.
    [38] Shamir, A., “How to Share a Secret,” Communications of the ACM, Vol. 22, No. 11, pp. 612-613, 1979.
    [39] Shyu, S.-J., Huang, S.-Y., Lee, Y.-K., Wang, R.-Z., and Chen, K., “Sharing multiple secrets in visual cryptography,” Pattern Recognition, vol. 40, pp. 3633-3651, 2007.
    [40] Subhadrabandhu, D., Sarkar, S., and Anjum, F., “A Framework for Misuse Detection in Ad Hoc Networks—Part I,” IEEE Journal on Selected Areas in Communications, vol. 24, no. 2, pp. 274-289, 2006.
    [41] Sun, B., Wu, K., and Pooch, U. W., “Routing anomaly detection in mobile ad hoc networks,” Proc. of 12th International Conference on Computer Communication and Networks, pp. 25-31, Dallas, Texas, 2003.
    [42] Takizawa, O., and Yamamura, A., “A proposal of secret sharing using natural language text,” IPSJ Computer Security Symposium, pp. 343-348, 2001.
    [43] Takizawa, O., Yamamura, A., and Makino, K., “Secret sharing scheme using natural language text,” Journal of the National Institute of Information and Communications Technology, vol. 52, pp. 173-183, 2005.
    [44] Thien, C.-C. and Lin, J.-C., “Secret image sharing,” Computers & Graphics, vol. 26, no. 5, pp. 765-770, 2002.
    [45] Tsai, D.-S., Chen, T.-H., and Horng, G.-B., “A cheating prevention scheme for binary visual cryptography with homogeneous secret images,” Pattern Recognition, vol. 40, pp. 2356-2366, 2007.
    [46] Tseng, C.-Y., Song, T., and Balasubramanyam, B., Ko, C., and Levitt, K., “A Specification-based Intrusion Detection Model for OLSR,” RAID, LNCS, vol. 3858, pp.330-350, 2006.
    [47] Tseng, C.-Y., Wang, S.-H., Ko, C. and Levitt, K., “DEMEM: Distributed Evidence-driven Message Exchange intrusion detection Model for MANET,” RAID, LNCS, vol. 4219, pp. 249-271, 2006.
    [48] Tseng, C.-Y., Balasubramanyam, P., Ko, C., Limprasittiporn, R., Rowe, J., and Levitt, K. “A specification-based intrusion detection system for AODV,” In ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN'03), pp. 125-134, George W. Johnson Center at George Mason University, Fairfax, VA, Oct. 2003.
    [49] Vergados, D. D. and Stergiou, G., “An Authentication Scheme for Ad-hoc Networks using Threshold Secret Sharing,” Wireless Personal Communications, vol. 43, no. 4, pp. 1767-1780, 2004.
    [50] Wang, R.-Z. and Su, C.-H., “Secret Image Sharing with Smaller Shadow Images,” Pattern Recognition Letters, vol. 27, pp. 551-555, 2006.
    [51] Wang, D.-S., Yi, F., and Li, X.-B, “Probabilistic visual secret sharing schemes for grey-scale images and color images,” Information Sciences, vol. 181, pp. 2189-2208, 2011.
    [52] Wu, B., Wu, J., Fernandez, E., Magliveras, S., and Ilyas, M., “Secure and Efficient Key Management in Mobile Ad Hoc Networks,” Proceeding of 19th IEEE International Parallel & Distributed Processing Symposium (IPDPS), 2005.
    [53] Wu, B., Wu, J., and Cardei, M., “A Survey of Key Management in Mobile Ad Hoc Networks,” Handbook of Research on Wireless Security, 2008, https://www.researchgate.net/publication/228910095_A_Survey_of_Key_Management_in_Mobile_Ad_Hoc_Networks.
    [54] Yang, C.-N., “New visual secret sharing schemes using probabilistic method,” Pattern Recognition Letters, vol. 25, pp. 481-494, 2004.
    [55] Yang, C.-N., Chen, T.-S., Yu, K.-H., and Wang, C.-C., “Improvements of Image Sharing with Steganography and Authentication,” Journal of Systems and Software, vol. 80, no. 7, pp. 1070-1076, 2007.
    [56] Yang, C.-N. and Chen, T.-S., “Security analysis on authentication of images using recursive visual cryptography,” Cryptologia, vol. 32, pp. 131-136, 2008.
    [57] Yang, C.-N., Peng, A.-G., and Chen, T.-S., “Mtvss: (m)isalignment (t)olerant (v)isual (s)ecret (s)haring on resolving alignment difficulty,” Signal Processing, vol. 89, pp. 1602-1624, 2009.
    [58] Yang, C.-N. and Huang, S.-M., “Constructions and properties of k out of n scalable secret image sharing,” Optics Communications, vol. 283, pp. 1750-1762, 2010.
    [59] Yang, C.-N., and Chung, T.-H., “A general multi-secret visual cryptography scheme,” Optical Communication, vol. 283, pp. 4949-4962, 2010.
    [60] Yang, H., Luo, H., Ye, F., Lu, S., and Zhang, L., “Security in Mobile Ad Hoc Networks: Challenges and Solutions,” IEEE Wireless Communications, vol. 11, no. 1, pp. 38-47, 2004.
    [61] Yi, S., Naldurg, P., and Kravets, R., “Security-aware Ad Hoc Routing for Wireless Networks,” Proceedings of the 2nd ACM international symposium on Mobile ad hoc networking & computing (MobiHoc’01), pp. 299-302, 2001.
    [62] Yi, S. and Kravets, R., “Composite Key Management for Ad Hoc Networks,” Proceeding of the 1st Annual International Conference on Mobile and Ubiquitous Systems: Networking and Services (MobiQuitous’04), pp. 52-61, 2004.
    [63] Zeadally, S., Hunt, R., Chen, Y.-S., Irwin, A., and Hassan, A., “Vehicular ad hoc networks (VANETS): status, results, and challenges,” Telecommunication Systems, vol. 50, no. 4, pp. 217-241, 2010.
    [64] Zhang, Y.-G. and Lee, W.-K., “Intrusion Detection in Wireless Ad-Hoc Networks,” proceedings of the 6th annual international conference on mobile computing and networking (MobiCom’2000), Boston, Massachussetts, pp. 275-283, August 6–11, 2000.
    [65] Zhang, Y.-G., Lee, W.-K., and Huang, Y.-A., “Intrusion Detection Technologies for Mobile Wireless Networks,” Wireless Networks, vol. 9, no. 5, pp. 545-556, SprigerLink, 2003.
    [66] Zheng, X., Bagrodia, R., and Gerla, M., “Glomosim: Global mobile information systems simulation library,” in http://pcl.cs.ucla.edu/projects/glomosim/, 2005.
    [67] Zhou, L. and Haas, Z. J., “Securing Ad Hoc Networks,” IEEE Network Magazine, vol. 13, no. 6, pp. 24-30, 1999.

    無法下載圖示 校內:2021-06-22公開
    校外:不公開
    電子論文尚未授權公開,紙本請查館藏目錄
    QR CODE