CN202488761U - Safe router of mobile self-organized network - Google Patents
Safe router of mobile self-organized network Download PDFInfo
- Publication number
- CN202488761U CN202488761U CN 201120449937 CN201120449937U CN202488761U CN 202488761 U CN202488761 U CN 202488761U CN 201120449937 CN201120449937 CN 201120449937 CN 201120449937 U CN201120449937 U CN 201120449937U CN 202488761 U CN202488761 U CN 202488761U
- Authority
- CN
- China
- Prior art keywords
- node
- route
- data
- hoc network
- router
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Expired - Fee Related
Links
- 238000012545 processing Methods 0.000 claims abstract description 16
- 238000000034 method Methods 0.000 description 8
- 238000012795 verification Methods 0.000 description 3
- 101100217298 Mus musculus Aspm gene Proteins 0.000 description 2
- 230000005540 biological transmission Effects 0.000 description 2
- 238000001514 detection method Methods 0.000 description 2
- 230000006870 function Effects 0.000 description 2
- 238000007689 inspection Methods 0.000 description 2
- 238000012423 maintenance Methods 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 230000003139 buffering effect Effects 0.000 description 1
- 238000004891 communication Methods 0.000 description 1
- 238000013461 design Methods 0.000 description 1
- 238000010586 diagram Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000000977 initiatory effect Effects 0.000 description 1
- 230000009191 jumping Effects 0.000 description 1
- 238000011160 research Methods 0.000 description 1
- 230000004044 response Effects 0.000 description 1
Images
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Computer And Data Communications (AREA)
Abstract
The utility model relates to a safe router of a mobile self-organized network. The safe router includes an input interface, an output interface, a data packet transmitting/exchanging module, and a route processing module. The input interface is used for inputting the route data. The route data is stored in the data packet transmitting/ exchanging module. The data packet transmitting/ exchanging module is bidirectionally connected with the route processing module. The data packet transmitting/ exchanging module transmits and exchanges the data, and then the data is output via the output interface. The effective safe router is based on the dynamic source routing protocol DSR, and the effective safe router expands the safety function of the DSR protocol, fills the security vulnerabilities in previous protocols via the route processing module, and guarantees the most rapid route.
Description
Technical field
The utility model relates to router, especially moves the router in the Ad Hoc network, specifically a kind of secure router towards mobile ad hoc network.
Background technology
At present; It is mobile that Ad Hoc network---MANET (Mobile Ad Hoc network) becomes the focus of wireless network research field just gradually; Move the exclusive characteristic of Ad Hoc network; Make it under attack more easily, the tectonic network security system is also more complicated, and the fail safe of therefore moving Ad Hoc network is a problem very necessary with anxious to be solved.
Router is a part and parcel that moves in the Ad Hoc network, because it has directly determined the realization and the efficient of network function.Many mobile networks' of being applicable to Routing Protocol has been proposed in recent years; Like DSR [88], AODV [89], DSDV [90], OLSR [91] etc.; These Routing Protocols have taken into full account the characteristics of mobile Ad Hoc network when design; But do not consider the factor of secure context, this makes above-mentioned Routing Protocol have major hidden danger at secure context.
Summary of the invention
The purpose of the utility model is to have the problem of major hidden danger to Routing Protocol at secure context, proposes a kind of secure router towards mobile ad hoc network, prevents the forgery of route messages and distorts.
The technical scheme of the utility model is:
A kind of secure router towards mobile ad hoc network; It comprises input interface, output interface, packet forwarding/Switching Module and route processing module; Described input interface is used for the input of route data, is stored to packet forwarding/Switching Module, and packet forwarding/Switching Module is connected with the route processing module is two-way; Packet forwarding/Switching Module is transmitted, is exchanged data, exports through output interface.
The input of the router of the utility model, the network that output interface inserts is for moving Ad Hoc network.
The route processing module of the utility model comprises key distribution module and processor, and the key distribution module is used for the tape swap data are carried out encryption key distribution.
In the mobile ad hoc network of the utility model, main frame all is mobile devices, comprises PDA, pocket computer or palmtop PC.
The beneficial effect of the utility model:
The effective and safe road device of the utility model is to be the basis with dynamic source routing protocol (DSR), and it has expanded the safety function of DSR agreement, has stopped up the security breaches in some agreements of past through the route processing module, and has guaranteed to provide path the most fast.
Description of drawings
Fig. 1 is the theory diagram of the utility model.
Fig. 2 is the BROADCASTING GRAPH of the utility model towards the new node information of the router of Ad Hoc network.
Fig. 3 is the utility model towards the router of the Ad Hoc network processing figure to the new node broadcast message.
Fig. 4 is the discovery figure of the utility model towards the router of Ad Hoc network.
Embodiment
Below in conjunction with accompanying drawing and embodiment the utility model is further described.
As shown in Figure 1; A kind of secure router towards mobile ad hoc network, it comprises input interface, output interface, packet forwarding/Switching Module (model can be CISCO 1841) and route processing module, described input interface is used for the input of route data; Be stored to packet forwarding/Switching Module; Packet forwarding/Switching Module is connected with the route processing module is two-way, and packet forwarding/Switching Module is transmitted, exchanged data, exports through output interface.
The input of the router of the utility model, the network that output interface inserts is for moving Ad Hoc network.
The route processing module of the utility model comprises key distribution module (ESRS) and processor (model can be Motorola 68030), and the key distribution module is used for the tape swap data are carried out encryption key distribution.
In the mobile ad hoc network of the utility model, main frame all is mobile devices, comprises PDA, pocket computer or palmtop PC.
During practical implementation:
The course of work of effective safe route ESRS (Efficient and Secure Routing Scheme) is except that comprising two processes of route discovery similar with DSR and route maintenance; Also comprise and add Ad Hoc network; Set up the process of informational table of nodes, specify these three courses of work below:
(a) set up informational table of nodes
At first, new node adds before the Ad Hoc network, and private key (SK) and PKI PK that it must obtain own node are right, obtains the IP address of oneself then according to formula (1).
sucvID=HMAC-?SHA1-(SHA1(MAC),SHA1(PK)) (1)
Use the MAC Address of node to serve as a mark, then can avoid producing the resource consumption of random number, and MAC Address can increase the possibility that sucvID clashes as the distinctive data of node, also be an aspect of entity authentication simultaneously.
Clash for fear of the IP address configuration, initiate node must use DAD (Duplicate Address Detection) protocol detection repeat to address (RA) (though the probability that clashes is very low).
Secondly, new node need be broadcast to the node that exists in the network with the peculiar information (such as comprising address ip, PKI PK and MAC Address) of oneself.Owing to adopted broadcast mode; Even fault occurred or existed under the situation of certain malicious node at certain bar link of former connection; Each node in the Ad Hoc network also all can be received this broadcast message; As shown in Figure 2: when link broke down between < n 1 >, node 1 can obtain the information of new node n through node 4, and other node is unaffected; When node 1 is malicious node m; It possibly abandon the message of node n, and its downstream node 2 can obtain the information of new node n through node 7, and node 4 can obtain through node 3; If m distorts the message of node n, this message will can not be dropped through the verification of node 2 and 4 so.
After node in the network is received the broadcast message of new node, according to the flow process shown in Fig. 3 the infomational message of new node is handled, through neighbours' study, new node can obtain the information of the original node of network.
(b) safe route discovery
Fig. 4 has showed the topological structure description of safe route finding process.Listed employed symbolic significance in the literary composition in the table 1.
Table 1 symbolic significance instruction card
| Symbol | Explanation |
| IPX | The IP address of nodes X |
| Seq | The sequence number of banner message |
| SKX | The private key of nodes X |
| PKX | The PKI of nodes X |
| KSD | Shared key between node S, D |
| [message] SKX | Use the private key of nodes X that message is carried out digital signature |
| [message] PKX | Use the PKI of nodes X that message is encrypted |
Safe route discovery comprises route requests and route replies again:
Route requests: source node S expectation and destination node D set up communication, but do not have the routing iinformation that arrives destination node D in the buffer memory own, and S will broadcast route request information RREQ, and form is:
RREQ={IPS,IPD,Seq,(route?list),[IPS,IPD,Seq]SKS,[KSD]PKD}
After middle node was received the RREQ message of S node, accomplish two processes that DSR agreement itself requires verification: (1) checked whether oneself has received this message; (2) whether has the path that arrives the specified destination node D of this message in the inspection buffer memory.When not arriving the routing iinformation of the specified destination node of this message in the intermediate node cache table, node is the processing procedure of DSR agreement to the processing procedure of RREQ message.There is the situation of buffering route information for intermediate node, will in route replies, describes.
Route replies: route replies can be divided into again that destination node D returns RREP and intermediate node S returns CREP; Wherein destination node D returns RREP and is: when the route request information RREQ of node S arrived destination node D, node D did following processing: the sequence number of the RREQ that whether once received greater than it of the sequence number in the checking prediction message at first; Retrieve the informational table of nodes of oneself then according to the source node address in the message, thereby obtain the public key information PKS of source node; The digital signature of terminal check source node in RREQ message; If RREQ message is through above-mentioned verification, node D will at first utilize private key deciphering acquisition of oneself and the shared key K SD of node S, return route replies message RREP according to the content of address list in the RREQ message (route list) then, and form is: RREP={IPD, IPS; Seq, (IPF, IPE, IPA); [IPD, IPS, Seq, (IPF; IPE, IPA)] KSD}, otherwise, dropping packets.
Intermediate node S returns CREP: after said process finishes; S ' initiation destination address is the route requests of D, and is as shown in Figure 4, and this moment is because node S has the routing iinformation that arrives destination node D; It just can response buffer route replies message CREP so, and form is:
RREP={IPS,IPS,Seq,(IPF,IPE,IPA,IPS,IPJ),[IPS,IPS,Seq,(IPF,IPE,IPA,IPS,IPJ)]SKS},
At this moment, source node S ' can only be based on PKI to the authentication of intermediate node S.
(c) safe route maintenance
After the completion of route discovery stage; Source node S has obtained every jumping route of destination node D; Then, node S uses the source routing mode to send data, and each node will be responsible for all confirming that data have passed to next node on the way; Be the reliable transmission that A is responsible for A → E link, E is responsible for the reliable transmission of E → F link etc.
If data failed arrives next node; For example because the link fails of F → D; Perhaps because the moving of node F, but make its coverage area that no longer belongs to node D etc., node D will be responsible for sending route RRER (Route Error) message of makeing mistakes to source node S so.The RRER message of sending for node D will comprise: the digital signature [IPD, IPS, IPF, IPJ] of source address IPD, destination address IPS, unreachable node address IPF and node E] SKD].
After RRER message arrived node S, whether node S inspection source node D was the node on the source routing path, then the digital signature of node E is verified.
The utility model does not relate to all identical with the prior art prior art that maybe can adopt of part to be realized.
Claims (3)
1. secure router towards mobile ad hoc network; It is characterized in that it comprises input interface, output interface, packet forwarding/Switching Module and route processing module; Described input interface is used for the input of route data, is stored to packet forwarding/Switching Module, and packet forwarding/Switching Module is connected with the route processing module is two-way; Packet forwarding/Switching Module is transmitted, is exchanged data, exports through output interface.
2. the secure router towards mobile ad hoc network according to claim 1 is characterized in that the input of described router, and the network that output interface inserts is for moving Ad Hoc network.
3. the secure router towards mobile ad hoc network according to claim 1 is characterized in that in the described mobile ad hoc network, main frame all is mobile devices, comprises PDA, pocket computer or palmtop PC.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201120449937 CN202488761U (en) | 2011-11-14 | 2011-11-14 | Safe router of mobile self-organized network |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN 201120449937 CN202488761U (en) | 2011-11-14 | 2011-11-14 | Safe router of mobile self-organized network |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN202488761U true CN202488761U (en) | 2012-10-10 |
Family
ID=46963144
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN 201120449937 Expired - Fee Related CN202488761U (en) | 2011-11-14 | 2011-11-14 | Safe router of mobile self-organized network |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN202488761U (en) |
Cited By (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104780588A (en) * | 2014-01-10 | 2015-07-15 | 中国电信股份有限公司 | Method of controlling adding of sensing node and sink node |
| US20180330101A1 (en) * | 2017-05-15 | 2018-11-15 | International Business Machines Corporation | Identifying computer program security access control violations using static analysis |
-
2011
- 2011-11-14 CN CN 201120449937 patent/CN202488761U/en not_active Expired - Fee Related
Cited By (6)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104780588A (en) * | 2014-01-10 | 2015-07-15 | 中国电信股份有限公司 | Method of controlling adding of sensing node and sink node |
| US20180330101A1 (en) * | 2017-05-15 | 2018-11-15 | International Business Machines Corporation | Identifying computer program security access control violations using static analysis |
| US10614224B2 (en) | 2017-05-15 | 2020-04-07 | International Business Machines Corporation | Identifying computer program security access control violations using static analysis |
| US10650149B2 (en) * | 2017-05-15 | 2020-05-12 | International Business Machines Corporation | Identifying computer program security access control violations using static analysis |
| US10956580B2 (en) | 2017-05-15 | 2021-03-23 | International Business Machines Corporation | Identifying computer program security access control violations using static analysis |
| US11163891B2 (en) | 2017-05-15 | 2021-11-02 | International Business Machines Corporation | Identifying computer program security access control violations using static analysis |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Papadimitratos et al. | Secure link state routing for mobile ad hoc networks | |
| US7401217B2 (en) | Secure routing protocol for an ad hoc network using one-way/one-time hash functions | |
| CN101969661B (en) | Method, device and system for transmitting data in mobile Ad hoc network | |
| Saetang et al. | Caodv free blackhole attack in ad hoc networks | |
| WO2011121713A1 (en) | Node, transfer method, and transfer program | |
| Lu et al. | Delay/disruption tolerant network and its application in military communications | |
| CN202488761U (en) | Safe router of mobile self-organized network | |
| CN101499942A (en) | Method, system and apparatus for seamless switching | |
| CN103108408A (en) | Security router orienting to a mobile Ad-Hoc network | |
| CN103095858A (en) | Method, network equipment and system of processing messages of address resolution protocol (ARP) | |
| Fang et al. | An Energy-efficient Secure AODV Protocol in Industrial Sensor Network | |
| Li et al. | A new method to resist flooding attacks in ad hoc networks | |
| Diwaker et al. | Detection of blackhole attack In DSR based MANET | |
| CN101835195A (en) | A Byzantine Fault Tolerance Method for Improving the Reliability of Wireless Mesh Backbone Network | |
| Baburaj et al. | An efficient secure routing mechanism for preventing wormhole and black hole attacks in a trusted DTN environment | |
| Li et al. | Domain‐based autoconfiguration framework for large‐scale MANETs | |
| Singh | Security Threats and Maintaince in Mobile Adhoc Networks | |
| Wu et al. | Routing and data security scheme based on double encryption in mobile ad hoc networks | |
| MS et al. | Implementation of Protected Routing to Defend Byzantine Attacks for MANET's. | |
| Wang et al. | A transparent cache-based mechanism for mobile ad hoc networks | |
| Rathi et al. | A Secure and Fault tolerant framework for Mobile IPv6 based networks | |
| Jing et al. | Stable topology support for tracing DDoS attackers in MANET | |
| Soliman et al. | Enhancing AODV routing protocol over mobile ad hoc sensor networks | |
| Jara et al. | Secure mobility management scheme for 6lowpan id/locator split architecture | |
| Brian et al. | Security scheme for mobility management in the internet of things |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant | ||
| CF01 | Termination of patent right due to non-payment of annual fee |
Granted publication date: 20121010 Termination date: 20151114 |
|
| EXPY | Termination of patent right or utility model |