- 學位論文
無線行動隨意網路之路由協定安全問題
Routing Security for Mobile Wireless Ad Hoc Networks
摘要
Ad hoc網路是一群無線行動裝置的集合,不需要藉助任何諸如基地台或無線存取裝備(AP),就可以彼此透過多重轉送路徑互相通訊。雖然過去已有許多根據距離向量方法所提出的Ad hoc網路路由協定,但都是假設在互相信賴的環境。本篇論文修改Ad hoc網路的DSDV路由協定,並提出一個較安全的路由協定SDSDV(secure destination-sequenced distance-vector routing protocol,SDSDV)。在SDSDV協定內,網路內的每個行動節點對其他節點都建立維護兩串單向赫序鏈(one-way hash chains),並在每條欲更新的路徑資料內新增兩個欄位,稱為修改欄位(alteration field)及累積欄位(accumulation field)。在AL及AC欄位內適當使用單向赫序鏈的值,可以保護路徑資料內的序號及距離值,免於被任意竄改。比較先前secure efficient distance vector (SEAD)路由協定只可以保護距離值不被減少的方法,SDSDV能提供更強的保護。 雖然SDSDV比SEAD能提供更強的保護,但在路徑更新傳輸時會產生許多封包負載,特別在大型Ad hoc網路時。根據模擬顯示,SDSDV的資料封包接收率小於DSDV的資料封包接收率。所以我們想使用公開金鑰加密來取代傳統對稱式加密方法。我們採用公開金鑰密碼學的確認和完整之特性,提出SDSDV使用公開金鑰的演算法(SDSDV-PK)。SDSDV-PK需要在每條路徑資料內新增一個欄位,這欄位是用來確認從其他節點接收的序號、距離值及其加密值是否正確。 我們藉由電腦模擬SDSDV和SDSDV-PK的系統效能並和DSDV作比較。結果由於SDSDV增加兩個赫序欄位,模擬數據顯示在平均點對點封包延遲時間和尋徑封包長度上有較差的效能。然而我們認為這是值得的,因為藉由付出一些效能上的代價可以讓尋徑協定更加安全。
並列摘要
An ad hoc network is a collection of wireless computers (nodes), communicating among themselves over possibly multihop paths, without the help of any infrastructure such as base stations or access points. Although many previous ad hoc network routing protocols have been based in part on distance vector approaches, they have generally assumed a trusted environment. This thesis presents a secure destination-sequenced distance-vector routing protocol (SDSDV) for mobile wireless ad hoc networks. The proposed protocol is based on the regular DSDV protocol. Within SDSDV, each node maintains two one-way hash chains about each node in the network. Two additional fields, which we call alteration field and accumulation field, are added to each entry in an update. With proper use of the elements of the hash chains in AL and AC fields, the sequence number and the metric values on a route can be protected from being arbitrarily tampered. In comparison with the secure efficient distance vector (SEAD) protocol previously proposed in literature provides only lower bound protection on the metric, SDSDV can provide more robust protection. Although SDSDV is more robust than SEAD, it produce higher routing load in updates, especially in a large ad hoc network. According to our simulation, the data packet delivery ratio of SDSDV is smaller than DSDV. So we also consider using public-key encryption instead of symmetric encryption. Our proposed SDSDV using public-key encryption (SDSDV-PK) is based on the characteristics of authentication and integrity inherent in public-key cryptography. The SDSDV-PK also requires one additional field for each entry. The additional field is used for authentication the metric value, sequence number and the authentication value of the other node. We have compared the system performance of SDSDV and SDSDV-PK to the original DSDV by computer simulation. Results show that due to the additional hash fields, the SDSDV exhibits slight worse performance in the Average end-to-end delay of routing packets and routing load. However, we think this worthwhile because by paying the cost we can secure the routing protocol.
參考文獻
延伸閱讀
- 劉政應(2000)。隨意式無線網路之穩定性策略與路由方法〔碩士論文,元智大學〕。華藝線上圖書館。https://www.airitilibrary.com/Article/Detail?DocID=U0009-0112200611294603
- 陳潤賢(2008)。無線網狀網路安全機制之研究〔碩士論文,淡江大學〕。華藝線上圖書館。https://doi.org/10.6846/TKU.2008.00378
- Hsiao, Y. K. (2014). 無線網狀網路下之安全匿名路由協定之研究 [doctoral dissertation, Tamkang University]. Airiti Library. https://doi.org/10.6846/TKU.2014.00976
- Liao, C. F. (2007). An Efficient Secure Routing Protocol for Wireless Ad HocNetworks [master's thesis, National Taiwan University]. Airiti Library. https://doi.org/10.6342/NTU.2007.00747
- Ho, Y. K. (2002). Efficient Routing Protocols for Ad Hoc Mobile Wireless Networks [doctoral dissertation, Yuan Ze University]. Airiti Library. https://www.airitilibrary.com/Article/Detail?DocID=U0009-0112200611352322