【作者】 刘翔；

【导师】 黄杰；

【作者基本信息】 东南大学 ， 信息与通信工程， 2020， 博士

【摘要】 与传统的存储转发模式不同,通过允许中间节点对收到的数据进行合并,网络编码技术可以有效提高网络的带宽效率、增加网络的吞吐量、降低节点的能耗、改善网络的负载均衡以及提高网络的鲁棒性。无线传感器网络具备分布式、拓扑动态变化、节点资源受限等特点。因此,随着网络编码,特别是实用网络编码技术的发展,将其与无线自组织网络结合,从而提高无线自组织网络的能效、吞吐量、鲁棒性等性质,具备极高的研究意义与应用价值。然而,在带来上述优点的同时,网络编码对数据进行融合的性质也带来了一个严重的安全威胁:污染攻击。在网络编码使能的通信系统中,一旦某个参与通信的中间节点受到了污染攻击,会将污染数据与合法数据进行混合并发送给下游节点,导致下游节点也被污染,从而进一步造成污染在网络中的大面积扩散。现有的防污染攻击方案主要包含三类:基于信息论的方案、基于密码学的方案和污染节点定位方案。基于信息论的方案只能在目的节点通过纠错来提供有限的被动防御,致使中间节点浪费大量的能量和带宽资源转发无用的污染数据,不适用于资源有限的无线自组织网络。基于密码学的方案虽然可以在中间节点实现污染数据的检测和过滤,但是计算复杂度较高,且会带来额外的延迟、能量消耗等开销。另一方面,现有的污染节点定位方案也存在诸多弊端,使其无法直接应用于无线自组织网络。考虑到无线自组织网络有限的资源,需要针对污染攻击研究最优的防御策略,即在可行的防污染攻击安全机制的基础上,需要进一步研究如何使用该机制的最佳策略,从而实现防御效果与开销之间的最优均衡。针对以上问题,本文进行了“网络编码使能的无线自组织网络中防污染攻击及其策略优化”这一课题的研究,具体研究内容与主要贡献如下:(1)首先,针对实用网络编码中数据分代传输的特性,本文提出了一种隐私保护的同态签名方案,使得中间节点可以分布式地检测并过滤污染数据。该方案基于循环群中离散对数问题的困难性假设,通过在信源节点对数据包内容和代标识符同时计算一个同态签名,实现了在无密钥更新下的防代间污染攻击,大大降低了现有方案中由密钥更新带来的高昂通信开销。同时,通过对数据包的编码向量加密,本文提出的方案还以可以忽略不计的计算开销实现了对窃听攻击的抵御。(2)其次,针对无线自组织网络资源受限的特点,以及同态签名方案带来的额外开销问题,本文提出了一种基于博弈论的防污染攻击统一资源配置框架。在实际的无线自组织网络中,并不是需要每一个节点都被部署为防御节点,即可以检测并过滤污染数据的节点。例如,在一个规模为50个节点的网络中,当污染攻击节点只有1个时,部署少数(例如10个)防御节点就已足够。过多的防御节点不仅对提升防御效果没有帮助,且会造成经济上的浪费(假设防御节点的经济成本高于普通节点),还会导致不必要的资源开销。因此,如何制定最优的防御资源配置策略,从而针对特定的网络规模和攻击规模,部署合理数量的防御节点,是一个值得研究的问题。本论文在博弈论的理论基础上,针对污染攻击问题,在攻击者和防御者之间建立二人战略博弈模型,并合理构建双方的效用函数以代表各自的利益。效用函数综合考虑了防御者的防御效果和资源开销,因此通过最大化自身的效用函数,防御者可以最大化自身利益,制定最优的防御资源配置策略。(3)然后,在上述防御资源配置框架的基础上,进一步提出了防污染攻击安全策略优化方法。具体而言,通过上述防御资源配置优化的研究,可以得出针对一定的网络规模和攻击规模,需要在网络中配置多少防御资源,即部署多少防御节点。下一步需要研究的问题是,如何合理利用这些防御资源,即应该将这些防御节点部署在哪些位置,才能实现防御者的效益最大化。针对这一问题,本文在博弈论的基础上,进一步开展了防御者的防御策略优化研究。首先建立攻防双方之间的博弈模型,并构建双方的效用函数,然后通过求解防御者效用函数最大化的优化问题,求解最优的防御策略。然而,所得的优化问题为非凸优化问题,且随着网络规模的增加,优化问题的搜索空间急剧增加。针对这一问题,本文在模拟退火算法的基础上,针对模拟退火算法随机产生新解导致的收敛速度过慢的问题,提出一种新的解迭代方法,从而大大加快了搜索算法的收敛速度。通过实验对比表明,相较于现有的方案,本文提出的方案能实现更好的防御者效用函数,且具备更少的运行时间。同时,实验结果表明本文提出的算法能在很少的迭代次数下收敛至一个足够接近全局最优解的次优解,表明该方案非常适用于短会话的数据传输。(4)最后,本文提出了一种有效的污染攻击节点识别方案,且在此基础上结合博弈论提出了防御者识别策略优化方法。无论是基于信息论的方案还是基于密码学的方案,都只能实现针对污染攻击的被动防御,而更为有效的方法显然为识别出网络中的污染节点,并将其隔离,从而彻底断绝污染数据的源头。针对这一问题,本文在上述提出的同态签名方案的基础上,结合节点信誉机制,提出一种半分布式的污染节点识别方案。该方案在防御资源受限且攻击节点具备伪装正常节点的能力时,仍然能实现极高的识别准确率。该方案可分为两个阶段,分别为污染检测阶段和节点识别阶段。在污染检测阶段中,网络中防御节点分布式地对数据包进行污染检测,并根据检测结果计算其邻居节点的信誉值,污染检测检测阶段结束后所有防御节点将其所的节点信誉值上传至中心控制节点,由后者根据所有节点的最终信誉值来识别恶意节点。实验对比表明,相较于现有的污染节点识别方案,本文提出的方案在识别准确率和有效吞吐量方面均占据优势。在此基础上,本文进一步结合博弈论,提出了防御者的最优识别策略求解方案。更多还原

【Abstract】 Unlike the traditional store-and-forward mechanism,network coding allows intermediate nodes to combine the received packets before forwarding them,and hence can improve the bandwidth efficiency,throughput,energy efficiency,load balance,as well as the robustness of the network.Wireless ad hoc networks have the properties of distributiveness,dynamic topology,and limited node resources.Hence,implementing the network coding technique in wireless ad hoc networks can significantly enhance the energy efficiency,network throughput,robustness,and etc,and thus is of significant importance both academically and practically.However,at the same time of bring all the advantages mentioned above,the packetmixing nature of network coding also renders it more vulnerable to pollution attacks.In network coding based communication systems,once an intermediate node participating in data transmission receives polluted packets,it will combine them with those legal packets and then forwards them to their downstream neighbors.This will further pollute the downstream nodes and cause an epidemic propagation of pollution.Existing techniques to combat pollution attacks in network coding can be divided into three categories in general,namely,information-theoretic schemes,cryptographic schemes,and attacker locating schemes.Information-theoretic schemes can only provided limited security against pollution attacks via error correcting at destinations,and will bring significant communication overhead at the same time,therefore is not suitable to be applied in wireless ad hoc networks where node resources are limited.On the other hand,cryptographic schemes can enable intermediate nodes to detect and discard polluted packets on-the-fly.However,normally speaking,they are relatively computation-intensive,and will bring extra energy consumption,CPU delay,and etc.Moreover,most of the existing attackerlocating schemes have various drawbacks,which make them not applicable in wireless ad hoc networks.Considering the limited node resources in wireless ad hoc networks,it is necessary to investigate the optimal defense strategy from the defender’s point of view,i.e.,based on the feasible defense mechanism against pollution attacks,to further study the best manner to implement the defense mechanism,so as to achieve the optimal trade-off between the defense effectiveness and resource consumption.Therefore,we conducted the research on preventing pollution attacks and strategy optimization in network coded wireless ad hoc networks.In specific,the research details and main contributions can be listed as follows.(1)Firstly,aiming at the property of multi-generation transmission of practical network coding,we proposed a feasible pollution detecting scheme,which is resistant to inter-generation pollution attacks and based on the assumption of the hardness of the discrete logarithm over a cyclic group.The proposed scheme is resistant to both intrageneration and inter-generation pollution attacks,through authenticating both packet content and generation identifier simultaneously,without the need of key update.As a result,the communication overhead can be significantly reduced.Meanwhile,through encrypting the encoding vector of the packets,the proposed scheme is also resistant to eavesdropping attacks,at a cost of negligible computation overhead.(2)Secondly,aiming at the limited resources in wireless ad hoc networks,and the problem of extra consumption caused by the pollution attack defense mechanism,we proposed a universal defense resources allocation framework based on game theory.In practical wireless ad hoc networks,it is not necessary that every intermediate node should be deployed as a defensive node.For instance,in a 50-node network where only one is compromised,it is possible that a small number of defensive nodes,say 10,is sufficient.Deploying extra defensive nodes is not helpful to further improve the defense performance,but will bring unnecessary consumption and overhead.Therefore,it is necessary to investigate that how to figure out the optimal defense resource allocation strategy,i.e.,the number of defensive nodes,under different network scales and attack intensities.Based on game theory,we built a two-player strategic game model between the attacker and the defender,and then formulated the reasonable utility functions to represent the interests of the respective players.The formulation of the defender’s utility function comprehensively considers the defense performance and resource consumption.Therefore,via maximizing the utility function,the defender is able to figure out the optimal defense resource allocation strategy,and thus maximize its own interest.(3)Thirdly,based on the defense resource allocation framework mentioned above,we further proposed a defense strategy optimization method.In specific,after figuring out the optimal defense resource allocation strategy,the next step is to investigate how to optimally use those resources,i.e.,in which positions should we deploy those defense nodes,so as to maximize the defender’s utility.Aiming at that,we conducted the research of defense strategy optimization problem based on game theory.Through constructing the game model between the attacker and the defender,and then figuring out optimization problem of the defender’s utility.Unfortunately,the optimization problem is non-convex,and with the increase of the network scale,the searching space increases significantly.Therefore,based on the simulated annealing algorithm,aiming at the problem of low convergence speed,we proposed a novel solution iterating method,and as a result the convergence speed is well enhanced.Experimental results suggests that,compared to the existing schemes,our scheme can achieve a better utility for the defender,and is of less running time at the same time.Meanwhile,experimental results also show that the our scheme can converge to a sub-optimal solution which is sufficiently close to the globally optimal solution,which implies that our scheme can be implemented in the short-session transmission scenario.(4)Finally,we proposed a feasible pollution attacker identification scheme,and them further proposed a identification strategy optimization method based on game theory.the works mentioned above can only passive combat pollution attacks,a more effective way should be to identify the malicious nodes and then isolate them from the network,so the source of pollution can be totally cut down.Therefore,based on the proposed pollution detection mechanism mention above,and combining the node reputation mechanism,we proposed a semi-distributed malicious node identification scheme.The scheme can achieve an excellent identification accuracy,even under the situation where the defense resources are limited and the malicious nodes are able to imitate normal ones.The proposed scheme can be divided into two phases,namely,the pollution detection phase and the malicious node identification phase.In the pollution detection phase,all the defensive nodes carry out the pollution detection mechanism in a distributed manner,and calculate the reputation scores of their respective up-stream neighbors.After that,they upload the reputation scores to the central controller,so the latter can identify the malicious nodes from the normal ones according to the reputation scores in the node identification phase.Experimental results reveals that compared to existing scheme,our scheme have superiority in both identification accuracy and valid throughput.Based on that,we further combined the proposed identification scheme and game theory,and proposed an identification strategy optimization method.更多还原