引用本文
  • 张永棠.HiMAC:一种用于消息认证和加密的分层安全协议[J].信息安全学报,2022,7(3):107-118    [点击复制]
  • ZHANG Yongtang.HiMAC:A Hierarchical Security Protocol for Message Authentication and Encryption[J].Journal of Cyber Security,2022,7(3):107-118   [点击复制]
【打印本页】 【下载PDF全文】 查看/发表评论下载PDF阅读器关闭

←前一篇|后一篇→

过刊浏览    高级检索

本文已被:浏览 2429次   下载 2042 本文二维码信息
码上扫一扫!
HiMAC:一种用于消息认证和加密的分层安全协议
张永棠1,2
0
(1.广东东软学院计算机学院 佛山 中国 528225;2.南昌工程学院江西省协同感知与先进计算技术研究所 南昌 中国 330003)
摘要:
为检测并阻止恶意节点伪装成新的可信节点攻击移动自组织网络,该文提出了一种用于消息认证和加密的分层安全协议(HiMAC)。该协议将分层消息认证码用于保护移动Ad-Hoc网络中的数据传播。在源和目标之间的由中间节点转发分组时动态地计算可信路由,在每个中间节点对数据包进行签名和加密,防止攻击者篡改数据包或修改其跳数,实现数据可信传输。在NS2模拟器中,运用Crypto++库中的RSA算法对HiMAC进行测试。结果表明:HiMAC可以检测和阻止对MANET节点和数据包的攻击;与原有的A-SAODV安全机制相比,HiMAC平均跳数减少了47.1%,平均队列长度减小了35.5%,节点数据包数量降低2.5倍,其性能明显优于A-SAODV。尽管HiMAC的密码操作给路由协议带来了额外的开销,但由于HiMAC采用基于信任机制动态建立安全路由,使得节点能够动态地选择路径上的下一个节点,不必始终保持安全路由,使得HiMAC中的增减开销可以相互抵消达到平衡。
关键词:  网络安全  基于身份的密码学  消息认证  可信计算  移动自组织网络
DOI:10.19363/J.cnki.cn10-1380/tn.2022.05.07
投稿时间:2021-02-04修订日期:2021-05-17
基金项目:本课程得到国家自然科学基金(No.61663029),广东省高校重点平台与特色创新项目(No.2020KTSCX771)资助。
HiMAC:A Hierarchical Security Protocol for Message Authentication and Encryption
ZHANG Yongtang1,2
(1.School of Computer, Guangdong Neusoft Institute, Foshan 528225, China;2.Institute of Cooperative Sensing and Advanced Computing Technology, Nanchang Technology Institute, Nanchang 330003, China)
Abstract:
In order to detect and prevent malicious nodes from pretending to be new trusted nodes attacking mobile Ad-Hoc network, a Hierarchical Message Authentication Code (HiMAC) for message authentication and encryption is proposed in this paper. The protocol uses layered message authentication code to protect data transmission in mobile Ad-Hoc networks. When the packet is forwarded between the source and the target, the trusted route is calculated dynamically, and the packet is signed and encrypted at each intermediate node to prevent the attacker from tampering with the packet or modifying its hop number, so as to realize the trusted transmission of the data. In NS2 simulator, the RSA algorithm in Crypto library is used to test HiMAC. The results show that HiMAC can detect and prevent attacks on MANET nodes and packets. Compared with the original A-SAODV security mechanism, the average hop number of HiMAC is reduced by 47.1%, the average queue length is reduced by 35.5%, and the number of node packets is reduced by 2.5 times. Although the password operation of HiMAC brings additional overhead to the routing protocol, because HiMAC uses trust-based mechanism to dynamically establish secure routing, nodes can dynamically select the next node on the path without always maintaining a secure route. So that the increase and decrease in HiMAC can offset each other to strike a balance.
Key words:  network security  identity-based cryptography  message authentication  trusted computing  mobile Ad-Hoc networks