分析了移动自组网(mobile ad hoc network,简称MANET)暴露拓扑带来的安全问题,提出了一种拓扑隐藏的安全多路径路由协议.在路由发现过程中,不在路由包中携带任何路径信息,从而有效隐藏网络拓扑.通过按需的邻居发现进行身份认证并建立路由表项,最终采用排除节点的方法实现多路径的选取;在路由维护过程中,设计了专门的错误发现机制以检验所选路径的有效性和安全性.该协议综合考虑时间因素和路径长度因素,实现了安全的最短路径确定.安全分析表明,该方案可以抵御黑洞攻击、虫洞攻击、rushing攻击和sybil等典型攻击,同时对一般类型的攻击也具有抵御能力.仿真结果表明,与SRP(secure routing protocol)这种典型的安全多路径方案相比,该方案能够找到更多节点不相交的多路径;在普通场景中,该方案没有对协议性能带来额外影响;在黑洞攻击场景中,该方案只需付出一定的信令开销即可大幅度提高数据包转发率,可有效抵御黑洞攻击.%This paper provides a detailed ana. lysis on the threats of topology-exposure in Mobile Ad Hoc Network (MANET) and proposes a secure topology-hiding multipath routing protocol based on the analysis. In Route Discovery, the new protocol exposes no routing information in packets to hide the network topology and adopts a node-excluded mechanism to find multiple paths. During this process, this protocol implements on-demand Neighbor Discovery to verify node identities. In Route Maintenance, a fault detection mechanism is designed to provide assurance that the selected paths are available and secure. Considering the factors of both reaction time and the path length, the scheme aims to find the shortest secure path. The security analysis shows that this scheme can resist the black hole attack, the wormhole attack, the rushing attack, the sybil attack, and other types of common attacks. Through extensive simulations, results demonstrate that this approach can find many more active paths than SRP without bringing negative influences into the normal scenario. Furthermore, this solution largely improves the packet delivery ratio in the black hole attack scenario at an acceptable cost.
展开▼
