基于自组网协议度量值单向特征的网络安全策略  被引量：1

作　　者：林钊安 叶金才[1] 张法全[1] 王国富 LIN Zhaoan;YE Jincai;ZHANG Faquan;WANG Guofu(School of Information and Communication,Guilin University of Electronic Technology,Guilin 541004,China;School of Electrical and Information Engineering,Guangxi University of Science and Technology,Liuzhou 545006,China)

机构地区：[1]桂林电子科技大学信息与通信学院,广西桂林541004 [2]广西科技大学电气与信息工程学院,广西柳州545006

出　　处：《桂林电子科技大学学报》2021年第1期7-12,共6页Journal of Guilin University of Electronic Technology

基　　金：国家自然科学基金(61861011);广西科技重大开发项目(桂科AD19245202);广西科技计划(2018AD11018);桂林电子科技大学研究生教育创新计划(2020YCXS029)。

摘　　要：针对自组网协议中控制数据包被恶意修改引起瘫痪的问题,提出了一种基于哈希函数构建单向序列保护网络的安全策略。该策略基于固定输入长度抗碰撞哈希函数f构造的单向序列,序列具有正向递推容易而反向递推困难的特点,反向递推等价于求f的原像。f选自Merkle-Damgard结构哈希函数H中的压缩函数,其安全性等价于求H伪原像的复杂度。通过f和数字签名构造了只能单向变化的度量字段,解决了度量字段需要被任意协作节点修改但又不能被恶意节点随意篡改之间的矛盾,提高了恶意节点修改度量字段的困难性,提升了网络安全性。结合了单向序列的BATMAN.adv网络中度量值篡改的复杂度提高了2^(64)。测试结果表明,在黑洞攻击条件下,避免了网络吞吐量归零。Due to wireless ad hoc network(WANET)can be destroy by modify control packet,a security strategy based on one-way sequence is proposed.The one-way sequence constructed based on a fixed size collision free hash function f is proposed.The sequence has the characteristics of easy forward recursion and complicated reverse recursion.Reverse recursion is equivalent to finding the preimage of f.f is selected from the compression function in the Merkle-Damgård structure hash function H.Its security level is equivalent to the complexity of seeking pseudo-preimage of H.A one-waymetric-segment is constructed by f and digital signature.Solved the contradiction between the metric-segment needs to be modified by any cooperative node but cannot be tampered by malicious nodes at will.By improving the difficulty of malicious nodes to modify the metric-segment,network security is improved.The complexity of metric tampering in the BATMAN.adv network combined with a one-way sequence has increased by 2^(64).Tests show that the network avoids zero throughputs under conditions of black hole attack.

关 键 词：网络安全 无线自组织网络 BATMAN.adv Ad hoc 哈希函数 

分 类 号：TN801[电子电信—信息与通信工程]