CN101848461B - Method for secure routing and channel allocation in cognitive Mesh network - Google Patents

Abstract

The invention discloses a method for secure routing and channel allocation in a cognitive Mesh network. The method comprises the following steps that: a network side measures and acquires data of trust degree of nodes of a Mesh router after being initialized; the network side measures and acquires the data of channel security metrics; and the network sides performs routing response and channel allocation after performing routing discovery and routing selection of the routing security metrics according to the data of the trust degree of the nodes of the Mesh router and the data of the channel security metrics. The method for the secure routing and the channel allocation in the cognitive Mesh network is used for solving the problems that a terminal user not only needs to acquire extended cognitive access bandwidth but also needs to acquire point-to-point and end-to-end secure transmission assurance because of real-time threats in the Mesh network.

Description

Safe route and method for channel allocation in a kind of cognitive Mesh network

Technical field

The present invention relates to the radio network technique field, be specifically related to safe route and method for channel allocation in a kind of cognitive Mesh network.

Background technology

Application aware radio (Cognitive Radio, CR) wireless Mesh netword of technology (wirelessmesh networks, WMN, based on wireless mesh network), be cognitive radio Mesh network (CWMN/CogMesh), seamless combination the two advantage of CR and WMN, not only with the Mesh networking technology, the realization honeycomb moves, WLAN, WiMAX, the fusion of the multiple heterogeneous wireless network such as WiFi and WPAN and unification, and the perception by node, understanding and adaptive wireless electric resources are (such as frequency spectrum, time, space and power), effectively improve the availability of frequency spectrum and network throughput, thereby broadband wireless network connects for media user provides flexibly.

The tradition such as wireless Mesh netword steals because the characteristics such as its open media, dynamic topology, multi-hop are not only comprised it easily that secret, information are distorted, routing attack, link layer attack, DoS attack or unauthorized access are attacked infringement, and face how novel security challenge, and such as: static configuration can't guarantee the safe enough of dynamic topology; The safety management that concentrates on radio network gateway will delay detection and the reply of network to attacking; Identical safety approach can't be applicable to gateway, router and the client of the differences such as mobility and energy restriction simultaneously; Need jamproof security strategy under the complex electromagnetic environment.In addition, CogMesh is because of its dynamic frequency spectrum deployment and the end-to-end characteristics such as reconfigurable, new potential safety hazard and attack make its safety problem more complicated such as simulated main customer attack (PUE), interfere with primary users, attack spectrum management, Common Control Channel interference, selfish behavior attack etc.At present, the main safe practice of WMN comprises: authentication access, information encryption, digital signature, key management, intrusion detection and routing iinformation protection etc., and commercial security solution is arranged, as: TroposMetro Mesh scheme and Nortel scheme in the 802.11Mesh net; For threat real-time in the wireless Mesh netword, the terminal use not only needs the cognitive access bandwidth that obtains to expand, and need to obtain point-to-point and the end-by-end security transmission guarantee, and therefore technical scheme of current needs solves the problem of CWMN safety.

Summary of the invention

Technical problem to be solved by this invention provides safe route and method for channel allocation in a kind of cognitive Mesh network, solve real-time threat in the wireless Mesh netword, the terminal use not only needs the cognitive access bandwidth that obtains to expand, and need to obtain point-to-point and the problem end-by-end security transmission guarantee.

In order to address the above problem, the invention provides safe route and method for channel allocation in a kind of cognitive Mesh network, comprising:

After network side carried out initialization, the data of degree of belief of the node of netted Mesh router are measured and obtained to this network side;

The data of channel safety tolerance are measured and obtained to described network side;

Described network side is according to the data of the degree of belief of the node of the described Mesh router that obtains and the data of channel safety tolerance, carry out the route discovery and Path selection of path security measure after, carry out route replies and channel allocation.

Further, said method also can comprise, described network side is measured and the data that obtain the degree of belief of Mesh router node comprise data and the indirect data of degree of belief of the direct degree of belief of described Mesh router node.

Further, said method can comprise that also the data of the direct degree of belief of Mesh router node are measured and obtained to described network side, specifically refers to:

All nodes that described network side will authenticate legal access wireless Mesh netword are namely judged node cmr after confirming as safety _iTo its neighbor node cmr _jDirect degree of belief DTD ₀(cmr _i→ cmr _j)=1 is in each predetermined period, if judge node cmr _iDetect for node cmr _jAttack, then with DTD (cmr _i→ cmr _j) successively decrease with the index step-length;

If perhaps judge in described predetermined period node cmr _iDo not detect node cmr _jRouting attack, then will once lose the DTD (cmr of some degree of beliefs _i→ cmr _j) the linear changing value that increases, the number of times of attack of resetting simultaneously is until node cmr _iTo node cmr _jReturn to maximum trust; Obtain the data of the direct degree of belief of Mesh router node.

Further, said method also can comprise, if described network side is judged node cmr _iDetect for node cmr _jAttack, then with DTD (cmr _i→ cmr _j) successively decrease with the index step-length, be to finish in the following manner:

Wherein t is the time, and Δ t is predetermined period, and λ is number of times of attack;

Wherein, if node cmr _iDetect for node cmr _jNumber of times of attack reach in limited time, make node cmr _iTo node cmr _jDirect degree of belief drop to 0;

Described network side will once lose the DTD (cmr of some degree of beliefs _i→ cmr _j) the linear changing value that increases, be to finish in the following manner:

DTD _t(cmr _i→ cmr _j)=DTD _{T-Δ t}(cmr _i→ cmr _j)+CV, CV ∈ (0,1), wherein CV is changing value.

Further, said method can comprise that also the data of the indirect degree of belief of Mesh router node are measured and obtained to described network side, specifically refers to:

Described network side is in the t moment, if judge node cmr _iCarry or obtain other node cmr by control channel by route request information RREQ _kThe degree of belief TD that sends _{T '}(cmr _k→ cmr _j) (t '＜t), then upgrade node cmr _kTo node cmr _jIndirect degree of belief ITD _t(cmr _k→ cmr _j);

Wherein, ITD (cmr _j) and node cmr _iTo node cmr _kDegree of belief TD (cmr _i→ cmr _k) relevant, TD (cmr _i→ cmr _k) higher, ITD (cmr then _j) the renewal degree larger.

Further, said method can comprise that also described network side upgrades node cmr _kTo node cmr _jIndirect degree of belief ITD _t(cmr _k→ cmr _j), be to finish in the following manner:

${\mathrm{ITD}}_t\left({\mathrm{cmr}}_j\right)=\frac{\underset{{\mathrm{cmr}}_k\&Element;\mathrm{CMR},k\&NotEqual;i\&NotEqual;j}{\mathrm{\&Sigma;}}{\mathrm{TD}}_{t^{\&prime;}}({\mathrm{cmr}}_k\&RightArrow;{\mathrm{cmr}}_j)\&times;{\mathrm{TD}}_{t^{\&prime;}}({\mathrm{cmr}}_i\&RightArrow;{\mathrm{cmr}}_k)}{\left|\mathrm{CMR}\right|-2}(t^{\&prime;}<t),$ Wherein, CMR is the Mesh set of routers.

Further, said method can comprise that also the data of channel safety tolerance are measured and obtained to described network side, may further comprise the steps:

Described network side confirm available channel that dynamically available data channel is concentrated be safe and reliable after, i.e. acknowledgement channel security measure CSM ₀(ch _Ij)=1; In each fixed length cycle Δ t, detect for channel ch if judge _IjAttack, then with CSM (ch _Ij) successively decrease with the index step-length;

If perhaps judge in the Δ t not to ch _IjChannel attack, then will once lose the CSM (ch of some degrees of safety _Ij) changing value CV of linear increase, the number of times of attack of resetting simultaneously is until channel ch _IjReturn to Maximum Safety, obtain the data of channel safety tolerance.

Further, said method can comprise that also described network side detects for channel ch if judge in each fixed length cycle Δ t _IjAttack, then with CSM (ch _Ij) successively decrease with the index step-length, be to finish in the following manner:

Wherein, λ is number of times of attack,

Wherein, in Δ t, detect ch _IjNumber of times of attack λ when reaching upper limit N, signaling channel ch _IjDegree of safety drop to 0;

If described network side is judged in the Δ t not to ch _IjChannel attack, then will once lose the CSM (ch of some degrees of safety _Ij) changing value CV of linear increase, be to finish in the following manner:

CSM _t(ch _ij)＝CSM _t-Δt(ch _ij)+CV，CV∈(0，1)。

Further, said method can comprise that also described network side carries out route discovery and the Path selection of path security measure according to the data of the degree of belief of the described Mesh router node that obtains and the data of channel safety tolerance, specifically refers to:

After the gateway node of described network side was received the data that terminal sends and do not had effective routing, this terminal node was by its control interface broadcast transmission RREQ; The gateway node of described network side is received a plurality of RREQ groupings after receiving first RREQ grouping, thereby obtain many disjoint paths, according to the data of the degree of belief of the described Mesh router node that obtains and the data of channel safety tolerance, therefrom select the shortest path of this service security demand of adaptation, finish Path selection.

Further, said method can comprise that also described network side carries out route replies and channel allocation, specifically refers to:

Behind the selected secure path of the gateway node of described network side, along this path reverse transmission route replies message RREP, channel allocation information between itself that carries in the RREP of the node extraction on the way grouping and the downstream node, for its with the upstream neighbor node between select one not conflict with downstream channel, the channel that adapts to the degree of safety value of this service security demand, and with in the channel allocation tabulation of carrying in this channel adding RREP grouping, continuation is transmitted to its upstream node, until described terminal node is received the gateway node of namely setting up after RREP divides into groups from this terminal node to network side, and also be safest route by way of the trust node and each hop channel that adapt to this service security demand, finish channel allocation.

Compared with prior art, use the present invention, utilize the cognitive available channel collection distribution of Mesh routing node to have discreteness and inhomogeneities, and in time with the variation of position and the characteristics that dynamically change, designed the collaborative cross-layer CWMN network security framework of MAC layer and network layer, namely based on joint route and channel assignment strategy (the Security Metric-based Channel Assignmentand Routing of security measure, SMCAR) with real-time reply Cyberthreat, make end-user service not only obtain the cognitive access bandwidth of expanding, and obtaining point-to-point and the end-by-end security transmission guarantee, complete CWMN security mechanism provides a kind of new thinking and trial in order to set up comprehensively.Use the commercialization process that the present invention has accelerated CWMN, and the demand for security that the sensitive data such as financial, military is transmitted provides guarantee.

Description of drawings

Fig. 1 is the flow chart of safe route and method for channel allocation in the cognitive Mesh network of the present invention;

Fig. 2 is the schematic diagram of the broadcasting process of RREQ route requests grouping among the present invention;

Fig. 3 is the SDF schematic diagram relatively of SMCAR and AODV among the present invention;

Fig. 4 is that rate schematic diagram is relatively submitted safely in the grouping of heterogeneous networks scale among the present invention;

Fig. 5 is the schematic diagram that network packet is submitted safely the relation of rate and the cognitive number of channel among the present invention.

Embodiment

The invention will be further described below in conjunction with the drawings and specific embodiments.

Cognitive radio Mesh network can abstractly be a directed graph G (CMR, DCS), and wherein CMR is cognitive Mesh router (Cognitive radio Mesh Router, CMR) set, | CMR| represents the CMR number among the CWMN; DCS is dynamically available set of data channels (Dynamic Channel Set) (the cognitive channel set of fixed allocation channel set ∪/complete cognitive channel set), | DCS| represents the number of channel.Two semiduplex radio transceivers of each cmr ∈ CMR configuration, one of them transceiver works in specific shared Common Control Channel, coordinates part or global communication by signalling; Another transceiver is dynamic switching channels on DCS according to route and frequency spectrum decision-making, avoids co-channel interference and channel attack, is specifically designed to Security Data Transmission.Shared data channel is arranged, namely between the CMR neighbor node

Ch _Ij∈ DCS.Wherein network side can refer to Mesh gateway node.

Point-to-point communication channel and multi-hop cognition Mesh routing node are that CWMN realizes that the terminal data relay forwarding is to the key of gateway node.The fail safe whether node cmr ∈ CMR can depend on data transmission channel between two factor: the one, cmr and the neighbours for package forward its neighbours safely, the confidence level of the 2nd, cmr neighbor node.Therefore, the present invention proposes two kinds of simple trusting relationships, the trust framework that is trusted or untrusted is improved, the trusting relationship of more accurate tolerance is set up in proposition between neighbor node, selecting the trusted path of an information storage and package forward for communicating by letter between Mesh terminal and Internet IAD, then is the high data channel of wireless transmission distribution degree of safety between the neighborhood of nodes on the basis of Route establishment.

As shown in Figure 1, safe route and method for channel allocation in the cognitive Mesh network of the present invention comprise:

After step 10, network side carry out initialization, the data of the degree of belief of the node of measurement and acquisition Mesh router;

CWMN can adopt machine-processed unauthorized node access network and the adding route of preventing of centralized or distributed authentication of WMN.But because authentication is attacked and the existence of routing attack, even so that the confidence level of the node of legal access CWMN, also may be along with network dynamically updates the Distributed Detection result of intrusion behavior (such as the PUE attack etc.).Therefore, in CWMN, initiate as required before the Route establishment for Business Stream, it is difficult to be necessary to set up with trusting relationship, loses easy thought and carries out setting up based on the trusting relationship that quantizes degree of belief between the neighbor node, and purpose is to determine to arrive the credible down hop of purpose CMR node for Routing Protocol.

Define 1 degree of belief (Trust Degree, TD): make TD _t(cmr _i→ cmr _j) ∈ [0,1] is illustrated in t constantly, cmr _iTo its neighbor node cmr _jTrusting degree.TD is unidirectional, i.e. TD _t(cmr _i→ cmr _j) ≠ TD _t(cmr _j→ cmr _i), and TD is that variation with the node safe condition of distributed Intrusion Detection Systems dynamically updates, namely

Wherein, cmr _jBe not only cmr _iNeighbours, also may be other node cmr in the network _k∈ CMR (the neighbours of k ≠ i ≠ j).Therefore, CMR node degree of belief TD _t(cmr _i→ cmr _j) quantification should comprise two parts: the one, cmr _iInitiatively observation obtain to cmr _jDirect degree of belief (Direct Trust Degree): DTD _t(cmr _i→ cmr _j), the 2nd, cmr _iOther node cmr that obtains _kTo cmr _jIndirect degree of belief (IndirectTrust Degree): ITD _t(cmr _j), that is:

TD _t(cmr _i→cmr _j)＝w ₁DTD _t(cmr _i→cmr _j)+w ₂ITD _t(cmr _j)

(w ₁，w ₂∈[0，1]，w ₁+w ₂＝1)

Wherein, weight w ₁, w ₂Expression DTD and ITD are quantizing TD (cmr _i→ cmr _j) time shared ratio, slander for the malice that prevents bad node, generally get w ₁＞w ₂

1, the directly measurement of degree of belief (Direct Trust Degree)

Measurement to the neighbor node degree of belief should be considered the security mechanism that it adopts, the node that security mechanism is more perfect, and reliability is higher, and its confidence level also should be higher.The present invention supposes that the CMR node all adopts identical security mechanism, namely puts aside different security mechanisms to the impact of node degree of belief, and might as well think netinit the time, all is safe and reliable by all CMR nodes that authenticate legal access CWMN, i.e. cmr _iTo its neighbours cmr _jDirect degree of belief DTD ₀(cmr _i→ cmr _j)=1.Afterwards, at each fixed length Δ t in the cycle, if cmr _iDetect for cmr _jAttack, DTD (cmr _i→ cmr _j) just with index step-length successively decrease (degree of belief loses easily):

${\mathrm{DTD}}_t({\mathrm{cmr}}_i\&RightArrow;{\mathrm{cmr}}_j)=\left\{\begin{array}{cc}{\mathrm{DTD}}_{t-\mathrm{\&Delta;t}}({\mathrm{cmr}}_i\&RightArrow;{\mathrm{cmr}}_j)-2^{\mathrm{\&lambda;}-N}\mathrm{DV}& \mathrm{DV}\&Element;\left(\mathrm{0,1}\right],\mathrm{\&lambda;},\&Element;[1,N)\\ 0& \mathrm{\&lambda;}=N\end{array}\right.$

Namely as the interior cmr of Δ t _iDetect cmr _jNumber of times of attack λ when reaching upper limit N, make cmr _iTo cmr _jDirect degree of belief drop to 0.If unmatchful cmr in the Δ t _jRouting attack, once lost the DTD (cmr of some degree of beliefs _i→ cmr _j) a linear changing value CV (degree of belief obtains difficult), that is: the DTD of increasing then _t(cmr _i→ cmr _j)=DTD _{T-Δ t}(cmr _i→ cmr _j)+CV, CV ∈ (0,1), the number of times of attack of resetting simultaneously λ=0 is until cmr _iTo cmr _jReturn to maximum trust, i.e. DTD (cmr _i→ cmr _j)=1.

2, the indirectly measurement of degree of belief (Indirect Trust Degree)

T works as cmr constantly _iIncidentally or by control channel obtain other node cmr by route request information (RREQ) _kThe TD that sends _{T '}(cmr _k→ cmr _j) (t '＜t), just upgrade it to cmr _jIndirect degree of belief ITD _t(cmr _k→ cmr _j):

${\mathrm{ITD}}_t\left({\mathrm{cmr}}_j\right)=\frac{\underset{{\mathrm{cmr}}_k\&Element;\mathrm{CMR},k\&NotEqual;i\&NotEqual;j}{\mathrm{\&Sigma;}}{\mathrm{TD}}_{t^{\&prime;}}({\mathrm{cmr}}_k\&RightArrow;{\mathrm{cmr}}_j)\&times;{\mathrm{TD}}_{t^{\&prime;}}({\mathrm{cmr}}_i\&RightArrow;{\mathrm{cmr}}_k)}{\left|\mathrm{CMR}\right|-2}(t^{\&prime;}<t)$

Obviously, ITD (cmr _j) and cmr _iTo cmr _kTrust metrics TD (cmr _i→ cmr _k) relevant, TD (cmr _i→ cmr _k) higher, ITD (cmr _j) the renewal degree larger, illustrate quantizing TD (cmr _i→ cmr _j) time, cmr _iTo other node cmr _kObserve the degree of adopting of suggestion, depend on cmr _iTrusting degree to these nodes.

The data of channel safety tolerance are measured and obtained to step 20, described network side;

The wireless transmission channel of CWMN equally also can suffer such as attacks such as intercepting and capturing, monitor, steal, makes the transmission of sensitivity, confidential data face security threat.So need to be on the basis of dynamic monitoring channel attack, safe coefficient and the cycle of tolerance channel upgrade, as the foundation that secure data channel is selected during reverse route replies in the Route establishment process.

Define 2 channel safeties tolerance (Channel Security Metric, CSM): make CSM _t(ch _Ij) ∈ [0,1] is illustrated in t constantly, neighbor node cmr _iWith cmr _jBetween shared data channel ch _IjThe safe coefficient of ∈ DCS, and CSM is that variation with the channel safety state of distributed Intrusion Detection Systems dynamically updates, namely

${\mathrm{CSM}}_{t_1}\left({\mathrm{ch}}_{\mathrm{ij}}\right)\&NotEqual;{\mathrm{CSM}}_{t_2}\left({\mathrm{ch}}_{\mathrm{ij}}\right)({\mathrm{<figure-callout\; id="1"\; label="t"\; filenames="HSA00000089036300041.png"\; state="\{\{state\}\}">t</figure-callout>}}_1\&NotEqual;t_2).$

The flow process of the measurement of channel safety tolerance is as follows: when supposing netinit, the available channel among the DCS all is safe and reliable, i.e. CSM ₀(ch _Ij)=1.Afterwards, in each fixed length cycle Δ t, if detect for channel ch _IjAttack, CSM (ch _Ij) just successively decrease with the index step-length:

${\mathrm{CSM}}_t({\mathrm{ch}}_{\mathrm{ij}})=\left\{\begin{array}{cc}{\mathrm{CSM}}_{t-\mathrm{\&Delta;t}}\left({\mathrm{ch}}_{\mathrm{ij}}\right)-2^{\mathrm{\&lambda;}-N}\mathrm{DV}& \mathrm{DV}\&Element;\left(\mathrm{0,1}\right],\mathrm{\&lambda;},\&Element;[1,N)\\ 0& \mathrm{\&lambda;}=N\end{array}\right.$

Namely in Δ t, detect ch _IjNumber of times of attack λ when reaching upper limit N, signaling channel ch _IjDegree of safety drop to 0.If unmatchful ch in the Δ t _IjChannel attack, once lost the CSM (ch of some degrees of safety _Ij) then linearly increase changing value CV, that is: a CSM _t(ch _Ij)=CSM _{T-Δ t}(ch _Ij)+CV, CV ∈ (0,1), the number of times of attack of resetting simultaneously λ=0 is until channel ch _IjReturn to Maximum Safety CSM (ch _Ij)=1.

Step 30, described network side are according to the data of the degree of belief of the node of the described Mesh router that obtains and the data of channel safety tolerance, after carrying out the route discovery and Path selection of path security measure, carry out route replies and channel allocation (being that described network side is based on joint route and the channel allocation of above-mentioned security measure).

More than about among the CWMN between the CMR node cycle of trusting relationship upgrade and the dynamic measurement of available data channels fail safe, can be used as the index of end-to-end pathfinding between this section CMR node and Internet IAD and the foundation of point-to-point channel distribution.The main thought of SMCAR is safe route discovery and the selection that realizes based on the path security measure, and reverse route is united the channel allocation of carrying out based on channel safety tolerance when confirming.The purpose of this cross-layer cooperation method is under the network safe state that CWMN constantly changes, for customer service provides current credible and secure multi-hop forward-path and a wireless transmission channel.So-called secure path should be to set up a chain of trust relationship along information transmission path in fact, and the degree of belief of node is higher, and the degree of safety of available channel is higher between the node, and the trusting relationship between the node is more reliable, and the fail safe of transfer of data is also just higher.

Define 3 trusting relationships (Trust Relation, TR): make TR _t(cmr _i→ cmr _j) ∈ [0,1] is illustrated in t constantly, cmr _iWith neighbor node cmr _jBetween trusting relationship.Affect TR _t(cmr _i→ cmr _j) principal element be TD _t(cmr _i→ cmr _j) and CSM _t(ch _Ij), because t may have a plurality of available channels between node constantly, thus the highest channel of security measure always selected, that is:

TR _t(cmr _i→cmr _j)＝d ₁TD _t(cmr _i→cmr _j)×d ₂max(CSM _t(ch _ij))

(d ₁，d ₂∈[0，1]，d ₁+d ₂＝1，ch _ij∈DCS)

Wherein, d ₁, d ₂Show that trusting relationship between the node is to the sensitivity of node degree of belief and channel safety tolerance.

From the fail safe of end-to-end path, if there is the trusting relationship between a pair of node unreliable in the path, transfer of data just can not get safety guarantee.So it is considered herein that the trusting relationship between node is concavity tolerance, and it is as follows therefore to define the path degree of safety:

Define 4 path security measures (Path Security Metric, PSM): if one from source cmr _sTo purpose cmr _dThe path be p=(cmr _s, cmr ₁, cmr ₂... cmr _i..., cmr _n, cmr _d), the security measure in t this path of the moment is so:

PSM _t(p)＝min{TR _t(cmr _s→cmr ₁)，TR _t(cmr ₁→cmr ₂)，...，TR _t(cmr _i-1→cmr _i)，...，TR _t(cmr _n→cmr _d)}，(1≤i≤n)

Wherein, joint route and the channel allocation based on security measure of SMCAR comprise following two processes:

1, route discovery and Path selection process:

When the Mesh terminal has data to send to Mesh gateway node and does not have effective routing, suppose to adopt the AODV basic procedure to start as required route discovery, the Mesh terminal node is by the grouping of its control interface broadcast transmission RREQ route requests, broadcasting ID and node IP address designation unique RREQ, intermediate node receives only and transmits once same RREQ grouping, and the sequence number information that has the purpose gateway node in the RREQ grouping guarantees that all routes are acyclic.Carry the PSM of current path in the RREQ grouping, as shown in Figure 2.Purpose Mesh gateway node namely starts timer after receiving first RREQ grouping, in time-out time, may receive a plurality of RREQ groupings, thereby obtain many disjoint paths, purpose Mesh gateway node is therefrom selected a shortest path that adapts to this service security demand according to the path security measure in the definition 4.

2, route replies and channel allocation:

Behind the selected secure path of Mesh gateway node, along the reverse transmission in this path RREP route replies message, channel allocation information between itself that carries in the RREP of the node extraction on the way grouping and the downstream node, for its with the upstream neighbor node between select one not conflict with downstream channel, the channel that adapts to the degree of safety value of this service security demand, and with in the channel allocation tabulation of carrying in this channel adding RREP grouping, continuation is transmitted to its upstream node, until the Mesh terminal node namely sets up from the Mesh terminal node to Mesh gateway node after receiving RREP grouping, also be safest route by way of the trust node and each hop channel that adapt to this service security demand.

The below carries out emulation and Performance Ratio with the SMCAR algorithm based on security measure of the present invention and traditional AODV algorithm.Set up the network topology of Mesh structure in NS-2, the CMR node is carried out many interfaces multichannel expansion, the number of available channels of network is 8, and each node selects wherein at least 3 channels as set of available channels at random.It is safe making the CWMN network of emulation initial time, and namely the degree of safety of the degree of belief of CMR node and data channel is 1.Make w ₁=0.8, w ₂=0.2, d ₁=d ₂=0.5, network is chosen UDP service, and packet size is 512bits, produces at random a plurality of duration and be 5 seconds CBR stream, and transmission rate is 100kbps.Total simulation time T=50s triggers channel attack and the CMR node is attacked simultaneously every 5s, selects at random target of attack (target can be attacked repeatedly) and upgrades CSM _t(ch _Ij) and TD _t(cmr _i→ cmr _j).In the AODV algorithm, node between selective channel and do not consider fail safe at random, emulation is submitted the rate index with the safety of dividing into groups and is assessed and compare SMCAR algorithm and AODV Algorithm Performance.

Define 5 network packet and submit safely rate (Safe Delivery Fraction, SDF): refer to that in the CWMN of n node network G for one group of Business Stream, safety is delivered to the packet count NUM of Mesh gateway node _SRP(Safe Received Packets) sends packet count NUM with the Mesh terminal node _SP(SendPackets) ratio, that is:

Experiment 1: simulate in identical scale (n=10) network, initiate two CBR Business Streams, relatively rate is submitted safely in the grouping of SMCAR and AODV.As shown in Figure 3, the SDF of SMCAR and AODV (G (10)) reduces gradually along with the passing of attack time, it is closely related to illustrate that network packet is submitted safely the safe condition of rate and network node and channel, but the SDF of AODV (G (10)) downward trend is faster, in simulation time, SDF _SMCAR(G (10)) compare SDF _AODV(G (10)) on average exceed about 50%, this is owing to can not initiatively get around bad node and insecure channels during AODV algorithm route data, and hide by target of attack during SMCAR algorithm route, therefore there is more excellent grouping to submit safely rate for the network that security threat is arranged. as far as possible

Experiment 2: in simulation different scales (n=20,49, the 100) network, in the certain situation of number of times of attack, observe the grouping of SMCAR and AODV and submit safely the rate situation of change.In the network of Mesh topological structure, CMR node spacing is set is respectively 150m, 100m and 60m, communication distance are 250m.Fig. 4 shows, in simulation time, not only is better than the SDF of AODV with the SDF of SMCAR under the scale, and in the situation that the two SDF improves gradually along with the increase of network node density, SDF _SMCAR(G (49)) compare SDF _SMCAR(G (20)) exceed about 11%, SDF _SMCAR(G (100)) are again than SDF _SMCAR(G (49)) exceed about 16%, and obviously the trend that improves of SMCAR algorithm is faster, illustrates that the SMCAR algorithm has better adaptability to catenet.

Experiment 3: mainly simulate in the situation that the cognitive number of channel of CWMN network increases gradually, the security packet of SMCAR algorithm is submitted the rate performance change.Produce at random 10 network topologies of n=25 node, in the simulation time of T=50s, initiate arbitrarily CBR and connect, maximum number of connections is 20.Make SMCAR-1 represent the situation that the cognitive number of channel increases, SMCAR-2 represents the situation that the number of channel is constant.Fig. 5 shows that the security packet of network is submitted rate to be increased gradually along with increasing progressively of node perception number of available channels, when | during DCS|=4, SDF _SMCAR-1(G (25)) are 47.8%, when | when DCS| is increased to 16, SDF _SMCAR-1(G (25)) have also brought up to 98%, and | the SDF of DCS|=4 _SMCAR-2(G (25)) remain at 47.8% constant, illustrate that the SMCAR algorithm can have the choice of more safe lanes in the CWMN that the spectrum cognitive function is arranged, thereby effectively tackle the attack for communication frequency.

In sum, for the characteristic of the cognitive radio Mesh net that has a extensive future and potential safety problem, the present invention is on the basis of distributed Intrusion Detection Systems, by the degree of belief of quantification cognitive Mesh routing node and the degree of safety of data transmission channel, set up between neighbor node the trusting relationship based on node degree of belief and channel safety degree, and the valley in the definition multi-hop chain of trust relationship is that security measure is as the foundation of Path selection, cross-layer SMCAR security strategy (SecurityMetric-based Channel Assignment and Routing by route layer and the associating of MAC layer, joint route and channel assignment strategy based on security measure) be military, finance etc. has the CWMN of demand for security professional, distribute the point-to-point safe lane that does not disturb conflict, and seek the believable secure path of end-to-end every jumping node.Emulation proves that the SMCAR strategy can avoid insincere node and insecure channels during real-time routing, thereby the safety of Effective Raise Business Stream be submitted rate according to the dynamic change of network safe state as far as possible, but and expanded application in extensive CWMN network.

The above; only for the better embodiment of the present invention, but protection scope of the present invention is not limited to this, anyly is familiar with the people of this technology in the disclosed technical scope of the present invention; the variation that can expect easily or replacement all should be encompassed within protection scope of the present invention.Therefore, protection scope of the present invention should be as the criterion with the protection range of claim.

Claims (10)

1. safe route and method for channel allocation in the cognitive Mesh network is characterized in that, comprising:

After network side carried out initialization, the data of degree of belief of the node of netted Mesh router are measured and obtained to this network side; Wherein degree of belief refers to: carve at a time the safe coefficient of the shared data channel between two neighbor nodes;

The data of channel safety tolerance are measured and obtained to described network side; Wherein channel safety tolerance refers to: carve at a time, a node is to the trusting degree of its neighbor node;

Described network side is according to the data of the degree of belief of the node of the described Mesh router that obtains and the data of channel safety tolerance, carry out the route discovery and Path selection of path security measure after, carry out route replies and channel allocation.

2. the method for claim 1 is characterized in that,

Described network side is measured and the data that obtain the degree of belief of Mesh router node comprise data and the indirect data of degree of belief of the direct degree of belief of described Mesh router node.

3. method as claimed in claim 2 is characterized in that,

The data of the direct degree of belief of Mesh router node are measured and obtained to described network side, specifically refers to:

All nodes that described network side will authenticate legal access wireless Mesh netword are namely judged node cmr after confirming as safety _iTo its neighbor node cmr _jDirect degree of belief DTD ₀(cmr _i→ cmr _j)=1 is in each predetermined period, if judge node cmr _iDetect for node cmr _jAttack, then with DTD (cmr _i→ cmr _j) successively decrease with the index step-length;

If perhaps judge in described predetermined period node cmr _iDo not detect node cmr _jRouting attack, then will once lose the DTD (cmr of some degree of beliefs _i→ cmr _j) the linear changing value that increases, the number of times of attack of resetting simultaneously is until node cmr _iTo node cmr _jReturn to maximum trust; Obtain the data of the direct degree of belief of Mesh router node.

4. method as claimed in claim 3 is characterized in that,

If described network side is judged node cmr _iDetect for node cmr _jAttack, then with DTD (cmr _i→ cmr _j) successively decrease with the index step-length, be to finish in the following manner:

Wherein t is the time, and Δ t is predetermined period, and λ is number of times of attack;

Wherein, if node cmr _iDetect for node cmr _jNumber of times of attack reach in limited time, make node cmr _iTo node cmr _jDirect degree of belief drop to 0;

Described network side will once lose the DTD (cmr of some degree of beliefs _i→ cmr _j) the linear changing value that increases, be to finish in the following manner:

DTD _t(cmr _i→ cmr _j)=DTD _{T-Δ t}(cmr _i→ cmr _j)+CV, CV ∈ (0,1), wherein CV is changing value.

5. method as claimed in claim 3 is characterized in that,

The data of the indirect degree of belief of Mesh router node are measured and obtained to described network side, specifically refers to:

Described network side is in the t moment, if judge node cmr _iCarry or obtain other node cmr by control channel by route request information RREQ _kThe degree of belief TD that sends _{T '}(cmr _k→ cmr _j) (t '＜t), then upgrade node cmr _kTo node cmr _jIndirect degree of belief ITD _t(cmr _k→ cmr _j);

Wherein, ITD (cmr _j) and node cmr _iTo node cmr _kDegree of belief TD (cmr _i→ cmr _k) relevant, TD (cmr _i→ cmr _k) higher, ITD (cmr then _j) the renewal degree larger.

6. method as claimed in claim 5 is characterized in that,

Described network side upgrades node cmr _kTo node cmr _jIndirect degree of belief ITD _t(cmr _k→ cmr _j), be to finish in the following manner:

Wherein, CMR is the Mesh set of routers, | CMR| represents the CMR number in the cognitive radio Mesh network.

7. the method for claim 1 is characterized in that,

The data of channel safety tolerance are measured and obtained to described network side, may further comprise the steps:

Described network side confirm available channel that dynamically available data channel is concentrated be safe and reliable after, i.e. acknowledgement channel security measure CSM ₀(ch _Ij)=1; In each fixed length cycle Δ t, detect for channel ch if judge _IjAttack, then with CSM (ch _Ij) successively decrease with the index step-length;

If perhaps judge in the Δ t not to ch _IjChannel attack, then will once lose the CSM (ch of some degrees of safety _Ij) changing value CV of linear increase, the number of times of attack of resetting simultaneously is until channel ch _IjReturn to Maximum Safety, obtain the data of channel safety tolerance.

8. method as claimed in claim 7 is characterized in that,

Described network side detects for channel ch if judge in each fixed length cycle Δ t _IjAttack, then with CSM (ch _Ij) successively decrease with the index step-length, be to finish in the following manner:

Wherein, λ is number of times of attack,

Wherein, in Δ t, detect ch _IjNumber of times of attack λ when reaching upper limit N, signaling channel ch _IjDegree of safety drop to 0;

If described network side is judged in the Δ t not to ch _IjChannel attack, then will once lose the CSM (ch of some degrees of safety _Ij) changing value CV of linear increase, be to finish in the following manner:

CSM _t(ch _ij)=CSM _t-Δt(ch _ij)+CV,CV∈(0,1)。

9. the method for claim 1 is characterized in that,

Described network side carries out route discovery and the Path selection of path security measure according to the data of the degree of belief of the described Mesh router node that obtains and the data of channel safety tolerance, specifically refers to:

After the gateway node of described network side was received the data that terminal sends and do not had effective routing, this terminal node was by the control interface broadcast transmission RREQ of this terminal node; The gateway node of described network side is received a plurality of RREQ groupings after receiving first RREQ grouping, thereby obtain many disjoint paths, according to the data of the degree of belief of the described Mesh router node that obtains and the data of channel safety tolerance, therefrom select the shortest path of an adaptation service security demand, finish Path selection.

10. method as claimed in claim 9 is characterized in that,

Described network side carries out route replies and channel allocation, specifically refers to:

Behind the selected secure path of the gateway node of described network side, along this path reverse transmission route replies message RREP, this node that carries in the RREP of the node extraction on the way grouping and the channel allocation information between the node of downstream, for selecting one not conflict with downstream channel between this node and the upstream neighbor node, the channel that adapts to the degree of safety value of this service security demand, and with in the channel allocation tabulation of carrying in this channel adding RREP grouping, continuation is transmitted to the upstream node of this node, until described terminal node is received the gateway node of namely setting up after RREP divides into groups from this terminal node to network side, and also be safest route by way of the trust node and each hop channel that adapt to this service security demand, finish channel allocation.

Images