標題: 基於節點信用之混合無線網狀網路之安全路由協定
Credit-based Secure Hybrid Wireless Mesh Protocol
作者: 黃政儀
Huang, Cheng-Yi
黃育綸
Huang, Yu-Lun
電控工程研究所
關鍵字: 信用基礎;路由協定;無線網狀網路;Credit-based;Routing protocol;WMN
公開日期: 2012
摘要: 近年來無線網路通訊技術越來越發達,其中無線網狀網路(Wireless Mesh Network, WMN)能提供低成本以及廣泛布置的特性,而且可適用於大部分的環境,因此無線網狀網路成為無線網路通訊的一個重要技術。 混和無線網狀協定(Hybrid Wireless Mesh Protocol, HWMP)是IEEE 802.11s WMN的標準協定。 HWMP雖然適用於各種環境下,但是由於本身缺乏一些保護機制,所以攻擊者可以利用HWMP的弱點進行洪水、路徑轉向、路徑阻擋以及封包丟棄等攻擊。 %WMN 因此我們提出了基於節點信用之混合無線網狀網路之安全路由協定防止這些攻擊,在我們的路由協定中使用了IBC signature scheme以及信用模型來抵擋這些攻擊。 其中,IBC signature scheme 可以用較低的運算成本來保護路由資訊的內容,而信用模型則能有效地建置出WMN網路中各節點之間彼此的信任度。 而我們模擬了我們的路由協定並且與其他現有的安全路由協定作比較,從模擬中可以看出我們的協定擁有較低的安全成本以及封包遺失率。而我們也對我們的協定進行的多種攻擊的分析,從分析中我們證明我們的協定可以有效地抵擋洪水、路由轉向、路由阻擋以及封包丟棄等惡意攻擊。
In recent years, wireless mesh network (WMN) has became one of the wireless network communication technologies. WMN is inexpensive, and can be quickly and easily deployed in an arbitrary environment. Due to these characteristics, WMN is suitable for many demands like rescue, military and so on. %introduction Hybrid Wireless Mesh Protocol (HWMP) is the default routing protocol of IEEE 802.11s standard. HWMP has good performance for most of the scenarios with flexible configurations. But lacking security, HWMP suffers from flooding, route disruption, route diversion and dropping packets attacks. We proposed a Credit-based Secure Hybrid Wireless Mesh Protocol (CSHWMP) to solve the above security issues. We implement an IBC signature scheme and a credit model that uses the subjective logic scheme in CSHWMP. The IBC signature scheme can be used to protect the routing packets with a comparatively low computing costs. The credit model can be used to evaluate and predict the trustiness of nodes in a WMN network. We simulate CSHWMP and compare it against with the existing researches. In our simulation, CSHWMP has lower security cost and packet loss ratio. We also discuss the security in terms of different attacks for our and the existing protocols. We prove that CSHWMP can protect a network from flooding attacks, route disruption, route diversion and dropping packets attacks.
URI: http://140.113.39.130/cdrfb3/record/nctu/#GT070060055
http://hdl.handle.net/11536/72445
Appears in Collections:Thesis