CN101883358A - Method for guaranteeing security of single-transceiver time-slot type distribution CR MAC (Cognitive Radio Multiple Access Control) protocol - Google Patents
Method for guaranteeing security of single-transceiver time-slot type distribution CR MAC (Cognitive Radio Multiple Access Control) protocol Download PDFInfo
- Publication number
- CN101883358A CN101883358A CN2010101760494A CN201010176049A CN101883358A CN 101883358 A CN101883358 A CN 101883358A CN 2010101760494 A CN2010101760494 A CN 2010101760494A CN 201010176049 A CN201010176049 A CN 201010176049A CN 101883358 A CN101883358 A CN 101883358A
- Authority
- CN
- China
- Prior art keywords
- channel
- signature
- information
- cognitive
- mac
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Abstract
The invention provides a security mechanism with combination of a secure channel switching strategy and a curtain-style digital signature scheme, which aims at guaranteeing the security of a single-transceiver time-slot type cognitive radio C-MAC (Cognitive-Multiple Access Control) protocol and preventing possible channel preemptive-type denial of service attack. The method comprises the following steps of: carrying out random sequencing and encrypting by utilizing an available channel list so that malicious nodes can not monitor channel consultation information between communicating parties, thereby avoiding the malicious nodes from seizing channels; and secondly, establishing a signature scheme with a curtain-type relational structure by adopting two hash functions to solve the problem that the correlation of a plurality of signature process needs to be guaranteed when a cognitive ratio network adopts digital signatures. The invention guarantees the suspensive communication caused by withdrawing a master user before the cognitive ratio C-MAC protocol can be accessed into an idle channel to continuously communicate under the situation of suffering from denial of service attack.
Description
Technical field
The present invention proposes the security mechanism that a kind of safe lane switchover policy and curtain formula digital signature scheme combine, purpose is the security of operation of bonding transceiver time insertion slot type cognitive radio C-MAC agreement, take precautions against contingent lchannel preempting formula Denial of Service attack, guarantee cognitive radio C-MAC agreement under the situation that has Denial of Service attack to take place, can insert idle channel and continue communication before because of keeping out of the way the communication that main user suspends.
Background technology
There is serious safety problem in the MAC layer of cognitive radio networks.Denial of Service attack is one of them.Present correlative study both domestic and external only is conceived to the demonstration of this risk of attack, and for how taking precautions against this attack, has the method for effect or not.Document " MAC-Layer Misbehaviors in Multi-Hop CognitiveRadio Networks " has been studied the Denial of Service attack in the cognition network in its cognitive model of oneself building, they think that Denial of Service attack is that the attacker weakens Common Control Channel by saturated control channel method, and then weaken the network Dynamic Resource Allocation for Multimedia.Because the MAC agreement has following weakness in the Distributed C R network: at first be to lack the authentication of MAC layer.In multi-hop CR MAC agreement, the enemy can forge channel negotiation frame easily and initiate DoS attack.Using this malice mac frame can saturated control channel, and the validated user control channel that just can not use them to share is consulted and the distribute data channel like this.The 3rd is the busy sequence of predictable control channel.If with the form exchange control frame of not encrypting, cognitive user comprises that the enemy can obtain the candidate channel tabulation easily arbitrarily, and then implements to attack.Document " Two types of attacks against Cognitive RadioNetwork MAC Protocols " is discussed the influence that distributed cognition network MAC layer Denial of Service attack is caused by emulation mode emphatically, has proved the significant damage of Denial of Service attack in the cognition network.
By the correlative study of above-mentioned cognitive radio networks MAC layer Denial of Service attack as can be seen, the reason that produces Denial of Service attack have following some:
1. the process of channel negotiation is disclosed, malicious node can the monitor channel negotiations process, in case obtained channel information, malicious node can pass through the predicted channel switching direction so, seize the destination channel that normal node will insert, make normal node can't insert predetermined channel, cause the generation of Denial of Service attack.
2. the current certificate scheme of realizing by digital signature all disperses in form, and adopts timestamp and random number to realize.Yet in cognitive radio networks, when cognitive user is kept out of the way main user under the situation that the generation of attacking is arranged, may just finally insert an idle channel through switching several times, this just require can front and back several times authentication dialog connect and guarantee whole fail safe, this also is desired in the IEEE 802.22 centralized drafts, yet this draft does not provide specific implementation.
Summary of the invention
The objective of the invention is to guarantee that cognitive radio single-transceiver time insertion slot type C-MAC agreement under the situation that has Denial of Service attack to take place, can insert idle channel and continue before because of keeping out of the way the communication that main user suspends.The present invention includes two parts: secured channels switchover policy and curtain formula digital signature scheme.The two-part Denial of Service attack that just can resist in the cognitive radio networks that is used in combination.
Technical solution of the present invention is: a kind of method that ensures single-transceiver time insertion slot type distribution CR MAC protocol security, and this method particular content is as follows:
At first, by setting up a kind of brand-new channel switchover policy,, make malicious node can't listen to the channel negotiation information of communicating pair, avoid malicious node to seize channel by available channel list is randomly ordered and it is encrypted; Concrete steps are as follows:
A: when recipient R communicated by letter on data channel with sender S, (Available Channels List was ACL) with the PKI E of list update time T with oneself for the irregular available channel list with oneself of R
RSend to S after the encryption.
After B:S receives this enciphered message, ACL and oneself current ACL that deciphering is obtained contrast, select both common available channels to form a shared available channel list (Shared Available ChannelsList, SACL) be kept in the buffer memory of oneself, S upgrades SACL at every turn after receiving the available channel list that R upgrades.
C: if when having PU needing to occur SU to keep out of the way on the current channel, S is out of order at random with SACL after inserting among the up-to-date SACL as clauses and subclauses current channel information, generates RLSC.
D:S encrypts RLSC with the PKI of R, sends to R, and R and S press the order switching channels of RLSC afterwards.
E: take place when S and R have DoS attack when data channel switches, S or R can't insert data channel, and S and R can it is believed that automatic switchover to next number according to the order of RLSC so, as C
2Also suffer to attack and can't insert, S and R press the channel order continuation switching among the RLSC so, all arrive the available channel of a free time up to both sides.Guarantee that this time keep out of the way the communication that back one finds available channel to suspend before continuing surely.
What the MAC agreement was consistent in RLSC and the cognitive radio only selects the channel choice mechanism of a best available channel of communication quality different in ACL, it selects all available channels that cognitive both sides have as alternative channel, and in case new communication is set up, current RLSC promptly cancels.
Secondly, adopt two hash construction of function to go out curtain formula relational structure, promptly be responsible for generating horizontal hash chain, be responsible for generating hash chain longitudinally with another function with a hash function.Concrete applying step is as follows:
When transmitting terminal S will be when receiving terminal R sends data, both sides generate a random number R at first respectively
SAnd R
RAnd with H separately
X1Random number calculating to oneself obtains final value respectively n time
With
, wherein n is enough big.Public key certificate and the final value separately of both sides' exchange afterwards
With
, be used for H
X1The checking of all forward direction values.Public key certificate only transmits on the RC channel.
Before the i time is withdrawed from current channel, S and R will
With
Exchange behind the public key encryption with the other side, wherein
Be to use H
X2Right
Calculate the final value that obtains after m time, wherein m is enough big.
The DoS attack that has that consideration is withdrawed from behind the current channel takes place, the situation that predetermined channel can't insert, and the access step on j bar channel is as follows:
Step 1:S sends the RTS beacon signature that has loaded authentication information to R:
Wherein, crID
xIt is the cognitive identify label of cognitive device x;
Step 2:R at first verifies the signature that whether can decipher S after receiving information, if success, then checking
Whether set up, wherein
Be that this keeps out of the way the signature value in the preceding authen session in back.If a preceding authen session is utter failure, then can checking by calculating
Obtain
If two steps card is all set up, then R thoroughly believes the identity of S.R returns CTS and Information Signature is as follows to S:
CTS and signature that step 3:S receives by above process verification.After checking, S returns SR information (SEND_READY) information of a signature, and notice R, S oneself have believed R's and carried out to send and prepare:
Step 4:R checking SEND_READY signature, by verifying RR information (REC_READY) signing messages that returns a signature after errorless, represent oneself to have carried out to receive and prepare:
Step 5:S begins to send Frame, and R just begins to receive data after having verified the REC_READY Information Signature.
If any step of above-mentioned handshake procedure is unsuccessful, then SU stops authen session, continues to wait for communication the opposing party's arrival.If rogue device is arranged, and data are seized channel or the RTS/CTS inundation is initiated Denial of Service attack by sending behind authentification failure.Authentication is taken the initiative and is kept out of the way reply so, presses RLSC
SRThe channel order switching channels of regulation.The opposing party SU can be because authentification failure switches to identical channel above the stand-by period after arriving this channel.Malicious node can only be forged playback and intercept and capture RTS/CTS on current channel, when it intercepts and captures the SR/RR information of using on the j channel, the SU both sides of communication are because of authentification failure or wait for that the sufficiently long time continues downward one channel and switch, and use another that forward direction hash value is newly authenticated.Malicious node can't be predicted cognitive both sides' channel switching direction, and the authentication information that malicious node is intercepted and captured on the j channel also can be owing to the expired meaning that loses playback.
Beneficial effect of the present invention is: owing to adopt technique scheme, the method of the security mechanism that the present invention combines by safe lane switchover policy and curtain formula digital signature scheme, guarantee cognitive radio C-MAC agreement can insert under the situation that has Denial of Service attack to take place idle channel continue communication before because of keeping out of the way the communication that main user suspends.
The explanation of accompanying drawing table
Fig. 1 is that the R and the channel between S of the present invention's method of ensureing single-transceiver time insertion slot type distribution CR MAC protocol security consulted flow chart.
Fig. 2 is that the S of the present invention's method of ensureing single-transceiver time insertion slot type distribution CR MAC protocol security handles up to the flow chart that generates the RLSC table ACL.
Fig. 3 the present invention ensures the curtain formula structure chart that two hash functions of the method for single-transceiver time insertion slot type distribution CR MAC protocol security generate.
Embodiment:
Below in conjunction with accompanying drawing technical scheme of the present invention is further specified.
When transmitting terminal S will be when receiving terminal R sends data, both sides generate a random number R at first respectively
SAnd R
RAnd with H separately
X1Random number calculating to oneself obtains final value respectively n time
With
, wherein n is enough big.Public key certificate and the final value separately of both sides' exchange afterwards
With
, be used for H
X1The checking of all forward direction values.Public key certificate only transmits on the RC channel.
Before the i time is withdrawed from current channel, S and R will
With
Exchange behind the public key encryption with the other side, wherein
Be to use H
X2Right
Calculate the final value that obtains after m time, wherein m is enough big.Said process as shown in Figure 3.
During transfer of data, R regularly sends to S with the ACL information of oneself.When main user occurred on current channel, S generated corresponding RLSC information, and will send to R after this information encryption, and as shown in Figure 2, also promising this channel that both sides exchange simultaneously switches the hash final value that produces
With
Subsequently, two nodes begin switching channels.
Suppose current will on j bar channel, the access.
After step 1:S arrived this channel, beginning sent the RTS beacon signature that has loaded authentication information to R:
Wherein, crID
xIt is the cognitive identify label of cognitive device x;
Step 2:R at first verifies the signature that whether can decipher S after receiving information, as success, then calculates
Whether set up, wherein
Be that this keeps out of the way the signature value in the preceding authen session in back; If a preceding authen session is utter failure, then can checking by calculating
Obtain
If two steps card is all set up, then R thoroughly believes the identity of S; R returns CTS and Information Signature is as follows to S:
CTS and signature that step 3:S receives by above process verification.After checking, S returns SR information (SEND_READY) information of a signature, and notice R, S oneself have believed the identity of R and carried out to send and prepare:
Step 4:R checking SEND_READY signature, by verifying RR information (REC_READY) signing messages that returns a signature after errorless, represent oneself to have carried out to receive and prepare:
Step 5:S begins to send Frame, and R just begins to receive data after having verified the REC_READY Information Signature.
If any step in the two step authen sessions is unsuccessful, then SU stops authen session, continues to wait for communication the opposing party's arrival.If rogue device is arranged, and data are seized channel or the RTS/CTS inundation is initiated DoS attack by sending behind authentification failure.Authentication is taken the initiative and is kept out of the way reply so, presses RLSC
SRThe channel order switching channels of regulation.The opposing party SU can be because authentification failure switches to identical channel above the stand-by period after arriving this channel.
Table 1 is the general format of ACL, SACL and RSCL, comprises sequence number, channel number, beacon time started and 4 attributes of channel switching times.
Table 1
Sequence number | Channel number | The beacon time started | The channel switching times |
??s 0 | Channel 0 | ??t 0 | ??n 0 |
??s 1 | Channel 1 | ??t 1 | ??n 1 |
??s 2 | Channel 2 | ??t 2 | ??n 2 |
??s 3 | Channel 3 | ??t 3 | ??n 3 |
Claims (2)
1. ensure the method for single-transceiver time insertion slot type distribution CR MAC protocol security, it is characterized in that, comprise following concrete steps:
At first, randomly ordered and it is encrypted by setting up a kind of brand-new channel switchover policy by available channel list, make malicious node can't listen to the channel negotiation information of communicating pair, avoid malicious node to seize channel; Concrete steps are as follows:
A: when recipient R communicated by letter on data channel with sender S, R was irregular with the ACL of oneself and the PKI E of list update time T usefulness oneself
RSend to S after the encryption;
After B:S received enciphered message in the above-mentioned steps, ACL and own current ACL contrast with deciphering obtains selected both common available channels to form a SACL and be kept in the oneself buffer memory SACL that S upgrades behind the ACL that is at every turn receiving the R renewal;
C: if when having PU needing to occur SU to keep out of the way on the current channel, S is out of order at random with SACL after inserting among the up-to-date SACL as clauses and subclauses current channel information, generates RLSC;
D:S encrypts RLSC with the PKI of R, and sends to R, and R and S are by the order switching channels that obtains RLSC in the above-mentioned steps;
Secondly, adopt two hash construction of function to go out curtain formula relational structure, promptly be responsible for generating horizontal hash chain, be responsible for generating hash chain longitudinally with another function with a hash function; Concrete steps are as follows:
A:S sends the RTS beacon signature that has loaded authentication information to R:
CrID wherein
xIt is the cognitive identify label of cognitive device X;
B:R at first verifies the signature that whether can decipher S after receiving information; If equation is then verified in success
Whether set up, wherein
Be that this keeps out of the way the signature value in the preceding authen session in back; If a preceding authen session is utter failure, then can checking by calculating
Obtain
If two steps card is all set up, then R thoroughly believes the identity of S.R returns CTS and Information Signature to S:
CTS and signature that C:S receives by above process verification.After checking, S returns the SEND_READY information of a signature:
Notice R oneself has believed R and has carried out to send preparation;
D:R checking SEND_READY signature, by verifying the REC_READY information of returning a signature after errorless:
Represent oneself to have carried out to receive and prepare.
E:S begins to send Frame, and R just begins to receive data after having verified the REC_READY Information Signature.
2. the method for guarantee single-transceiver time insertion slot type distribution CR MAC protocol security as claimed in claim 1, it is characterized in that, in the described step 1, comprise that also E. works as S and R has DoS attack to take place when data channel switches, S or R can't insert data channel, and S and R can it is believed that automatic switchover to next number according to the order of RLSC so.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010101760494A CN101883358A (en) | 2010-05-12 | 2010-05-12 | Method for guaranteeing security of single-transceiver time-slot type distribution CR MAC (Cognitive Radio Multiple Access Control) protocol |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN2010101760494A CN101883358A (en) | 2010-05-12 | 2010-05-12 | Method for guaranteeing security of single-transceiver time-slot type distribution CR MAC (Cognitive Radio Multiple Access Control) protocol |
Publications (1)
Publication Number | Publication Date |
---|---|
CN101883358A true CN101883358A (en) | 2010-11-10 |
Family
ID=43055209
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN2010101760494A Pending CN101883358A (en) | 2010-05-12 | 2010-05-12 | Method for guaranteeing security of single-transceiver time-slot type distribution CR MAC (Cognitive Radio Multiple Access Control) protocol |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN101883358A (en) |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102098683A (en) * | 2011-03-18 | 2011-06-15 | 上海交通大学 | Wireless sensor network dynamic spectrum access method adopting pseudorandom sequence retreat mechanism |
CN105636025A (en) * | 2015-07-08 | 2016-06-01 | 宇龙计算机通信科技(深圳)有限公司 | Secure data transmission method and system |
CN105792192A (en) * | 2016-02-25 | 2016-07-20 | 深圳普创天信科技发展有限公司 | Wireless communication method and system |
CN110266415A (en) * | 2019-06-24 | 2019-09-20 | 南京邮电大学 | A kind of robust active sniffing system based on cognition wireless network |
Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005013540A2 (en) * | 2003-07-30 | 2005-02-10 | Matsushita Electric Industrial Co., Ltd. | A secure scheme for software download |
US20070195956A1 (en) * | 2005-07-27 | 2007-08-23 | Sharp Laboratories Of America, Inc. | Association, authentication, and security in a network |
CN101119364A (en) * | 2007-09-13 | 2008-02-06 | 上海大学 | Authenticating Ad Hoc group cipher key negotiation protocol |
CN101420686A (en) * | 2008-11-28 | 2009-04-29 | 重庆邮电大学 | Industrial wireless network security communication implementation method based on cipher key |
CN101699873A (en) * | 2009-10-21 | 2010-04-28 | 南京邮电大学 | Classification security-based broadcast authentication design method |
-
2010
- 2010-05-12 CN CN2010101760494A patent/CN101883358A/en active Pending
Patent Citations (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
WO2005013540A2 (en) * | 2003-07-30 | 2005-02-10 | Matsushita Electric Industrial Co., Ltd. | A secure scheme for software download |
US20070195956A1 (en) * | 2005-07-27 | 2007-08-23 | Sharp Laboratories Of America, Inc. | Association, authentication, and security in a network |
CN101119364A (en) * | 2007-09-13 | 2008-02-06 | 上海大学 | Authenticating Ad Hoc group cipher key negotiation protocol |
CN101420686A (en) * | 2008-11-28 | 2009-04-29 | 重庆邮电大学 | Industrial wireless network security communication implementation method based on cipher key |
CN101699873A (en) * | 2009-10-21 | 2010-04-28 | 南京邮电大学 | Classification security-based broadcast authentication design method |
Non-Patent Citations (9)
Title |
---|
《Computer Science and Software Engineering, 2008》 20081214 Li Zhu 等 Two Types of Attacks against Cognitive Radio Network MAC Protocols , * |
《Embedded and Ubiquitous Computing, 2008. EUC "08.》 20081220 Nagel, N.R. 等 MAC Layer Misbehavior on Ad Hoc Networks , * |
《中国博士学位论文全文数据库 信息科技辑(月刊)》 20071215 吴华怡 无线自组网中带服务质量约束的路由协议研究 , * |
《电 波 科 学 学 报》 20060630 王丽娜等 MANETs中智能天线和功率控制的应用 第21卷, 第3期 * |
周健等: "大规模认知无线电网络多方密钥交换协议", 《计算机应用研究》 * |
周贤伟等: "认知无线电安全关键技术研究", 《电信科学》 * |
周贤伟等: "认知无线电物理层安全研究", 《电讯技术》 * |
薛楠等: "基于最短时延的认知无线电网络安全路由算法", 《计算机科学》 * |
薛楠等: "认知无线电网络自私行为问题及安全解决方案", 《北京科技大学学报》 * |
Cited By (5)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN102098683A (en) * | 2011-03-18 | 2011-06-15 | 上海交通大学 | Wireless sensor network dynamic spectrum access method adopting pseudorandom sequence retreat mechanism |
CN105636025A (en) * | 2015-07-08 | 2016-06-01 | 宇龙计算机通信科技(深圳)有限公司 | Secure data transmission method and system |
CN105792192A (en) * | 2016-02-25 | 2016-07-20 | 深圳普创天信科技发展有限公司 | Wireless communication method and system |
CN110266415A (en) * | 2019-06-24 | 2019-09-20 | 南京邮电大学 | A kind of robust active sniffing system based on cognition wireless network |
CN110266415B (en) * | 2019-06-24 | 2022-04-01 | 南京邮电大学 | Method for establishing robust active monitoring system based on cognitive radio network |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
EP3186992B1 (en) | System and method for securing pre-association service discovery | |
US7987363B2 (en) | Secure wireless communications system and related method | |
Luk et al. | MiniSec: a secure sensor network communication architecture | |
EP2850862B1 (en) | Secure paging | |
US9667413B2 (en) | Encryption realization method and system | |
US9614868B2 (en) | System and method for mitigation of denial of service attacks in networked computing systems | |
CN109768861B (en) | Massive D2D anonymous discovery authentication and key agreement method | |
KR101833955B1 (en) | Authenticating messages in a wireless communication | |
Wang et al. | Countermeasure uncooperative behaviors with dynamic trust-token in VANETs | |
Park et al. | Security protocol for IEEE 802.11 wireless local area network | |
CN101883358A (en) | Method for guaranteeing security of single-transceiver time-slot type distribution CR MAC (Cognitive Radio Multiple Access Control) protocol | |
US11019037B2 (en) | Security improvements in a wireless data exchange protocol | |
Roychoudhury et al. | A secure Device-to-Device communication scheme for massive Machine Type Communication | |
Misic et al. | Performance implications of periodic key exchanges and packet integrity overhead in an 802.15. 4 beacon enabled cluster | |
US8340301B2 (en) | Method for establishing a secret key between two nodes in a communication network | |
US8359470B1 (en) | Increased security during network entry of wireless communication devices | |
CN101489226B (en) | Wireless local area network switching authentication method based on elliptical curve | |
Safdar et al. | Performance analysis of novel randomly shifted certification authority authentication protocol for MANETs | |
Hu et al. | Secure authentication on WiMAX with neural cryptography | |
Khan et al. | Mitigation of Non-Transparent Rouge Relay Stations in Mobile Multihop Relay Networks | |
Soryal et al. | Byzantine attack isolation in IEEE 802.11 wireless ad-hoc networks | |
CN109379740B (en) | Wireless cooperative communication safety interaction method | |
Soni et al. | Analysis of security issues of mobile WiMAX 802.16 e and their solutions | |
Nilsson et al. | Low-cost key management for hierarchical wireless vehicle networks | |
Tang et al. | On the Security of WAI Protocol in the Third Version of WAPI |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
C02 | Deemed withdrawal of patent application after publication (patent law 2001) | ||
WD01 | Invention patent application deemed withdrawn after publication |
Application publication date: 20101110 |