SIM：应用于MANET的安全IP协议

doi:10.3969/j.issn.1000-436x.2013.z1.015

摘要/Abstract

摘要：

参考IP Sec的核心思想，并结合MANET的具体实际，提出了一种安全的IP协议SIM（secure IP protocol for manet）。通过在网络层和数据链路层之间添加一个无连接的安全层，对进出协议栈的数据报文进行安全处理。通过将IP Sec的安全协定SA简化为轻量级的适合MANET的SSA，在保持IP安全性的同时降低了协议开销和部署复杂度。进行了基于Linux的协议栈设计和原型系统实现。

关键词: SIM, MANET, IPSec, SA

Abstract:

According to the core logic of IP Sec, a secure IP protocol was proposed for Mobile Ad Hoc network. Security deal to the packets in and out of the network protocol stack was done by adding a transparent secure layer between trans-port-layer and link-layer. By simplifying the complex security association to simple security association, SIM reduces the cost of initial IP protocol while keeping security. At last a prototype of the proposed protocol was also implemented.

Key words: secure IP protocol for manet, mobile ad hoc networks, IP security protocols, security association

李荣森,窦文华. SIM：应用于MANET的安全IP协议[J]. 通信学报, 2013, 34(Z1): 116-125.

Rong-sen LI,Wen-hua DOU. SIM: a secure IP protocol for MANET[J]. Journal on Communications, 2013, 34(Z1): 116-125.

图/表 18

图1

图2

图3

图4

图5

图6

图7

图8

图9

图10

图11

图12

图13

图14

图15

表1

图16

表2

参考文献 16

[1]	胡华平，胡光明，董攀等．大规模移动自组网络安全技术综述[J]．计算机研究与发展， 2007,44(4):545-552. HU H P , HU G M , DONG P , et al. Survey of security technology for large scale MANET[J]. Journal of Computer Research and Development, 2007,44(4):545-552.
[2]	刘永亮，高文，姚鸿勋等． Aydos等基于椭圆曲线密码学无线认证协议的安全性[J]．计算机研究与发展， 2006,43(12):2076-2081. LIU Y L , GAO W , YAO H , et al. Security on Aydos et al's elliptic curve cryptography based wireless authentication protocol[J]. Journal of Computer Research and Development, 2006,43(12):2076-2081.
[3]	冯涛，王毅琳，马建峰．一种新的基于椭圆曲线密码体制的Ad hoc组密钥管理方案[J]．电子学报， 2009,37(5):918-924. FENG T , WANG Y , MA J . A new Ad Hoc group key agreement scheme based on ECC[J]. Acta Electronica Sinica, 2009,37(5):918-924.
[4]	李慧贤，庞辽军，王育民等．适合Ad Hoc网络无需安全信道的密钥管理方案[J]．通信学报， 2010,31(1):112-117. LI H X , PANG L J , WANG Y M , et al. Key management scheme with-out secure channel for ad hoc networks[J]. Journal on Communica-tions, 2010,31(1):112-117.
[5]	张串绒，张玉清，李发根等．适于Ad Hoc网络安全通信的新签密算法[J]．通信学报， 2010,31(3):19-24. ZHANG C R , ZHANG Y Q , LI F G , et al. New signcryption algorithm for secure communication of ad hoc networks[J]. Journal on Commu-nications, 2010,31(3):19-24.
[6]	AHMAD M S , TADAKAMADLA S . Short paper: security evaluation of IEEE 802.11 w specification[A]. Proceedings of the Fourth ACM Conference on Wireless Network Security[C]. Hamburg, Germany, 2011.53-58.
[7]	李小青，李晖，杨凯等．一种基于D-S证据理论的Ad Hoc网络安全路由协议[J]．计算机研究与发展， 2011,48(8):1406-1413. LI X Q , LI H , YANG K , et al. A secure routing protocol based on D-S evidence theory in ad hoc networks[J]. Journal of Computer Research and Development, 2011,48(8):1406-1413.
[8]	忖颖芳，张兴，张婷等．无线mesh网络中的虫洞攻击检测研究[J]．通信学报， 2011,32(1):59-65. FU Y F , ZHANG X , ZHANG T , et al. Research on wormhole attacks in wireless mesh networks[J]. Journal on Communications, 2011,32(1):59-65.
[9]	SHU T , KRUNZ M . Detection of malicious packet dropping in wireless ad hoc networks based on privacy-preserving public auditing[A]. Pro-ceedings of the Fifth ACM Conference on Security and Privacy in Wire-less and Mobile Networks[C]. Tucson, Arizona, USA, 2012.87-98.
[10]	刘方斌，张琨，李海等．无可信中心的门限追踪Ad Hoc网络匿名认证[J]．通信学报， 2012,33(8):208-213. LIU F B , ZHANG K , LI H , et al. Threshold traceability anonymous authentication scheme without trusted center for Ad Hoc network[J]. Journal on Communications, 2012,33(8):208-213.
[11]	韩磊，刘吉强，韩臻等．移动Ad Hoc网络预分配非对称密钥管理方案[J]．通信学报， 2012,33(10):26-34. HAN L , LIU J Q , HAN Z , et al. Pre-distribution asymmetric key man-agement scheme for mobile ad hoc networks[J]. Journal on Commu-nications, 2012,33(10):26-34.
[12]	吴呈邑，熊焰，黄文超等．移动自组网中基于动态第三方的可信公平非抵赖协议[J]．电子学报， 2013,41(2):227-232. WU C Y , XIONG Y , HUANG W C , et al. A trusted fair non-repudiation protocol based on dynamic third party in mobile Ad Hoc networks[J]. Acta Electronica Sinica, 2013,41(2):227-232.
[13]	Kent S , Atkinson R . RFC2406: IP encapsulating security payload (EsP)[EB/OL]. .
[14]	Kent S , Atkinson R . RFC 2402: IP authentication header[EB/OL]. .
[15]	Harkins D , Carrel D . RFC 2409: The internet key exchange (IKE)[EB/OL]. .
[16]	Kaufman C . RFC 4306: internet key exchange (IKEv2) protocol[EB/OL]. .

攻击类型	攻击结果
FTP	成功检测并拦截
HTTP	成功检测并拦截
随机报文捕获与重放	检测拦截率100%

服务类型	可用情况
FTP	可正常使用
HTTP	可正常使用
视频流比特率	基本不变