基于置信度传播的网络编码安全方法的研究
发布时间:2018-07-23 19:16
【摘要】:网络编码是一种全新的网络传输形式,它提供了使网络吞吐量达到理论最大值的可能,还可以有效降低网络传输数据的能源消耗,提高网络中数据传输的可靠性。 在网络编码方法中,前向节点接收到数据分组后,会将其进行缓存并编码混合,得到新的数据分组后再向下游节点转发。因为网络编码所固有的特性,应用网络编码的系统在遭受污染攻击时十分脆弱。现有的应对污染攻击的处理机制会造成较大的计算量开销并削弱网络的编码的作用,因此提出了基于置信度传播的安全方案。 本文针对网络编码的安全性问题进行了以下研究。 (1)介绍了安全网络编码的研究背景,对污染攻击的主要形式及其对网络编码系统的危害进行了分析。着重论述了基于生日悖论构造hash碰撞的过程、基于置信度传播的安全方案及所存在的问题。 (2)针对基于置信度传播安全方案的不足提出一种改进方案。在改进方案中,中间节点依据前向节点的置信度值来滤除污染数据。同时,通过将置信节点与中间节点间的连接方式改为网状连接,扩大网络区域的覆盖范围,提高安全方案在实际应用中的灵活性。采用基于对数函数的延迟转发算法对置信度取值区间进行划分,依据其置信度值对应的区间选取转发概率,如不转发则计算延迟时间并调整转发概率,直到分组被转发为止。该算法通过延迟低置信度分组的转发,起到抑制污染数据传播、提高网络吞吐量的作用。 在此基础上提出基于DSDV的改进路由协议。通过将置信度信息写入DSDV协议的路由更新分组,使前向节点通过该分组获得其在下游节点中的置信度值。节点转发数据时,依据其置信度值选择合适的路由路径,进而达到加速可信分组的转发,阻滞不可信分组,提高网络吞吐量的目的。 (3)通过引入基于同态hash函数的快速签名算法改进安全方案的性能与执行效率。在基于置信度传播的安全方案中,由置信节点通过校验数字签名来判断数据分组是否为污染数据。因此,本文采用比原方案中有更低计算复杂度的签名算法,可以减小置信节点执行基于该算法的签名方案时的计算延时,进而提高安全方案总体运行效率。通过有效提高网络区域中置信节点检验污染数据的速度和效率,加快安全方案中受污染数据影响的中间节点置信度的收敛速度,达到更迅速有效的滤除污染数据、提高数据传输中有效数据的吞吐量并降低网络延时的目的。
[Abstract]:Network coding is a new form of network transmission. It provides the possibility that the network throughput can reach the maximum theoretical value. It can also effectively reduce the energy consumption of network data transmission and improve the reliability of data transmission in the network. In the network coding method, after the forward node receives the data packet, it will cache and encode the new data packet, and then forward the data packet to the downstream node. Because of the inherent characteristics of network coding, the system with network coding is vulnerable to pollution attack. The existing mechanism to deal with pollution attack will cause large computational overhead and weaken the role of network coding. Therefore, a security scheme based on confidence propagation is proposed. In this paper, the security of network coding is studied as follows. (1) the research background of secure network coding is introduced, and the main forms of pollution attack and its harm to network coding system are analyzed. In this paper, the process of constructing hash collision based on birthday paradox, the security scheme based on confidence propagation and the existing problems are discussed. (2) an improved scheme is proposed to overcome the shortcomings of the security scheme based on confidence propagation. In the improved scheme, the intermediate node filters the contaminated data according to the confidence value of the forward node. At the same time, by changing the connection mode between the confidence node and the middle node into a mesh connection, the coverage of the network area is expanded, and the flexibility of the security scheme in practical application is improved. The delay forwarding algorithm based on logarithmic function is used to divide the interval of confidence value, and the forwarding probability is selected according to the interval corresponding to the confidence value. If it is not forwarded, the delay time is calculated and the forwarding probability is adjusted until the packet is forwarded. By delaying the forwarding of low confidence packet, the algorithm can restrain the transmission of contaminated data and improve the network throughput. Based on this, an improved routing protocol based on DSDV is proposed. By writing the confidence information into the routing update packet of the DSDV protocol, the forward node obtains its confidence value in the downstream node through the packet. When the node forwards the data, it selects the appropriate routing path according to its confidence value, and then accelerates the forwarding of trusted packets and blocks the untrusted packets. The purpose of improving network throughput is to improve the performance and execution efficiency of the security scheme by introducing a fast signature algorithm based on homomorphic hash function. In the security scheme based on confidence propagation, the confidence node verifies the digital signature to determine whether the data packet is contaminated or not. Therefore, by using a signature algorithm with lower computational complexity than the original scheme, the computational delay of the confidence node in executing the signature scheme based on the algorithm can be reduced, and the overall efficiency of the security scheme can be improved. By effectively improving the speed and efficiency of testing contaminated data by confidence nodes in network regions, the convergence speed of confidence degree of intermediate nodes affected by contaminated data in safety schemes is accelerated, and the filtering of contaminated data is achieved more quickly and effectively. The purpose of improving the throughput of effective data and reducing the network delay in data transmission.
【学位授予单位】:辽宁大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
本文编号:2140390
[Abstract]:Network coding is a new form of network transmission. It provides the possibility that the network throughput can reach the maximum theoretical value. It can also effectively reduce the energy consumption of network data transmission and improve the reliability of data transmission in the network. In the network coding method, after the forward node receives the data packet, it will cache and encode the new data packet, and then forward the data packet to the downstream node. Because of the inherent characteristics of network coding, the system with network coding is vulnerable to pollution attack. The existing mechanism to deal with pollution attack will cause large computational overhead and weaken the role of network coding. Therefore, a security scheme based on confidence propagation is proposed. In this paper, the security of network coding is studied as follows. (1) the research background of secure network coding is introduced, and the main forms of pollution attack and its harm to network coding system are analyzed. In this paper, the process of constructing hash collision based on birthday paradox, the security scheme based on confidence propagation and the existing problems are discussed. (2) an improved scheme is proposed to overcome the shortcomings of the security scheme based on confidence propagation. In the improved scheme, the intermediate node filters the contaminated data according to the confidence value of the forward node. At the same time, by changing the connection mode between the confidence node and the middle node into a mesh connection, the coverage of the network area is expanded, and the flexibility of the security scheme in practical application is improved. The delay forwarding algorithm based on logarithmic function is used to divide the interval of confidence value, and the forwarding probability is selected according to the interval corresponding to the confidence value. If it is not forwarded, the delay time is calculated and the forwarding probability is adjusted until the packet is forwarded. By delaying the forwarding of low confidence packet, the algorithm can restrain the transmission of contaminated data and improve the network throughput. Based on this, an improved routing protocol based on DSDV is proposed. By writing the confidence information into the routing update packet of the DSDV protocol, the forward node obtains its confidence value in the downstream node through the packet. When the node forwards the data, it selects the appropriate routing path according to its confidence value, and then accelerates the forwarding of trusted packets and blocks the untrusted packets. The purpose of improving network throughput is to improve the performance and execution efficiency of the security scheme by introducing a fast signature algorithm based on homomorphic hash function. In the security scheme based on confidence propagation, the confidence node verifies the digital signature to determine whether the data packet is contaminated or not. Therefore, by using a signature algorithm with lower computational complexity than the original scheme, the computational delay of the confidence node in executing the signature scheme based on the algorithm can be reduced, and the overall efficiency of the security scheme can be improved. By effectively improving the speed and efficiency of testing contaminated data by confidence nodes in network regions, the convergence speed of confidence degree of intermediate nodes affected by contaminated data in safety schemes is accelerated, and the filtering of contaminated data is achieved more quickly and effectively. The purpose of improving the throughput of effective data and reducing the network delay in data transmission.
【学位授予单位】:辽宁大学
【学位级别】:硕士
【学位授予年份】:2014
【分类号】:TP393.08
【共引文献】
相关期刊论文 前6条
1 张祥丽;;一种基于指纹识别的云安全登录系统设计[J];电视技术;2013年13期
2 陈春良;陈新;;密集节点区域的自组织网络路由算法研究[J];单片机与嵌入式系统应用;2014年10期
3 裴恒利;尚涛;刘建伟;;融合时间戳和同态签名的安全网络编码方法[J];通信学报;2013年04期
4 屈天刚;;网络编码在战术数据链中的应用[J];通信技术;2013年05期
5 潘鲁远;周亚建;郭玉翠;徐国爱;;基于网络编码的ARQ机制在WiFi单播中的应用[J];北京电子科技学院学报;2013年04期
6 尚涛;裴恒利;刘建伟;;基于格签名的安全网络编码(英文)[J];中国通信;2014年01期
相关会议论文 前1条
1 陈海勇;朱诗兵;童菲;;基于网络编码的军事物联网防窃听研究[A];2011年全国电子信息技术与应用学术会议论文集[C];2011年
相关博士学位论文 前3条
1 刘光军;安全网络编码及其应用[D];西安电子科技大学;2013年
2 李博;物理层网络编码及其在非对称双向中继通信中的性能研究[D];哈尔滨工业大学;2013年
3 梁满;网络编码污染攻击的防御技术研究[D];复旦大学;2013年
,本文编号:2140390
本文链接:https://www.wllwen.com/guanlilunwen/ydhl/2140390.html
