CN104079483A - Multistage security routing method for delay tolerant network and based on network codes - Google Patents

Abstract

The present invention provides a multi-stage secure routing method based on network coding in a delay-tolerant network. By optimizing the distribution of coded data packets and according to the requirements of maximum forwarding performance between nodes, a multi-stage routing method based on the probability of node damage in probability encounters is designed. , reduce the probability of message damage, and improve the overall network throughput; in the design of network coding, the hybrid security network coding scheme in DTN is realized, which can jointly resist various attacks, such as: eavesdropping attack, Sybil attack, Byzantine attack and discarding attack wait. For selective data discarding attacks, a limited redundancy factor is dynamically added to the source node in a timely manner to improve the fault tolerance of link failures; mutual authentication between relay nodes is used to resist Sybil and Byzantine attacks, reducing the source node in previous schemes. The overhead of node authentication; design a double boycott strategy to reduce the impact of nodes from Byzantine attacks.

Description

A multi-stage secure routing method based on network coding in delay-tolerant networks

technical field

The invention is a multi-stage safe routing algorithm based on network coding and multiple attack resistance, and belongs to the field of safe routing algorithms in delay-tolerant networks.

the

Background technique

Delay/Disruption Tolerant Network (DTN) is a "Challenged Network (CN)", which is mainly concentrated in high-latency space communications and heterogeneous network collaboration environments lacking continuous connections. . DTN communication is based on information exchange, and data units may be information, packets or bundles, and bundles refer to information units that are aggregated and transmitted together. Different from the hierarchical structure of the traditional network, Burleigh et al. proposed an end-to-end overlay network protocol called "bundling" on the basis of the DTN network layer.

Network Coding (Network Coding, NC) is the first effective algorithm proposed by Ahlswede et al. for the efficient transmission of information in large-scale distributed systems without central scheduling. Network coding supports relay nodes to re-encode data packets. When a source node sends a data packet to a destination node, all or part of the rest of the relay nodes on the path between the two nodes are combined and forwarded with a certain probability to receive a linearly encoded packet of the message (similar to in XOR operation) to the next node. A sufficiently linear and independent encoding beam is received at the destination node, and the decoding matrix is converted into a triangular form using the Gaussian elimination method (used to solve thousands of equations and unknowns, and the extremely large equations of millions of equations are solved by iterative method) matrix, and finally decode all the original messages. Compared with traditional schemes, network coding can calculate scheduling strategies to optimize the use of limited available network resources, improve network system throughput and topology robustness, and reduce the overall energy consumption of wireless network nodes in special environments, which has potential security advantages.

Most of the current research on delay-tolerant networks is based on the ideal assumption that nodes are completely reliable, or they focus on pursuing good performance while ignoring security issues, resulting in many security holes in the system; or focusing on security , while ignoring the network performance, so that the advantages of network coding in improving network performance cannot be fully utilized.

The present invention addresses the above-mentioned problems, namely (1) lack of continuous and reliable connection; (2) actual environment nodes are not necessarily reliable; (3) performance and security of network coding cannot be taken into account; (4) traditional routing schemes are not suitable for Compromised latency tolerant network environment. According to the characteristics of "store-carry-forward" opportunistic routing of delay-tolerant network nodes, a network coding scheme for damaged environments is proposed. The source node dynamically adds redundancy factors to the network in a timely manner to resist discarding attacks and improve link efficiency. Fault tolerance; mutual verification of messages between nodes to resist pollution attacks and sybil attacks, avoiding excessive reliance on source nodes in traditional methods; design of multi-stage routing based on the probability of node damage probability to further improve network throughput.

model definition

network model

Assuming that the communication network model in the delay-tolerant network environment is represented by a directed graph G=(V,E), V represents the set of nodes in the network, and E represents the set of directed links (or channels) in the network. The invention is based on bundle sessions between a unique source node S and one or more destination nodes D. P represents the set of paths between S and D. from S along the path The number of shared paths traversed to D is s _k , and the link The reliable probability is , this paper regards the upstream node risk probability of link e as ,path The damage probability is . Indicates the packet transmission rate, is the network throughput, Represents the trade-off factor between security and performance.

node model

The source node sends t messages to be transmitted The composed message bundles are sent to the destination node, the messages form a matrix O, and the same bundle of messages has the same unique universal identifier . For simplicity, assume all messages are of equal length. Relay nodes are able to generate and propagate data belonging to the same A linear combination of messages, encoded packets are a tuple ,in is the front of the message O elements, is the authentication information.

attacker model

In this model, it is assumed that the attacker is omnipotent, that is, it has the ability to eavesdrop on each link in the DTN, and understands the codec algorithm between the source node S and the destination node D. Different attackers will impose one or one For the above attack, it can inject at most a damaged data packets into the network, assuming that it forms a matrix A. It is capable of injecting compromised packets into any link in the network, pretending that they are part of the data flow from S to D through masking or identity theft. At the same time, it is assumed that in our protocol design, there is at most one attacker on each selected path from S to D. The path set between S and D can be obtained by the attacker through traffic analysis and estimation. In addition, since the selected path is a node-disjoint path, there is at most one attacker attacking on one path among attackers colluding with each other. In addition, there are two kinds of network damage conditions in this scheme. The path damage condition means that if and only if at least one link on when damaged, The path k above will be damaged by the attack. The damage condition of the whole network is when the number of damaged shared paths is greater than or equal to the number of messages in a bunch of data of the source node When , all messages transmitted from the source node S to the destination node D along the path set P will be compromised.

Optimal Allocation Model of Coding Packets in Each Transmission Path

In this model, it is assumed that there are totally |L| paths l ₁ , l ₂ ,...,l _|L| with nodes disjoint from S to D. The core of our research is how to select a secure transmission path between S and D, and distribute the source node message copies on these disjoint paths after encoding, so as to minimize the security risk of DTN message transmission, and at the same time obtain the ideal transmission rate and network throughput.

The routing protocol in the present invention is a path-dependent multi-stage routing protocol, which is transmitted on disjoint paths of multiple nodes, so that data transmitted on different paths can be coded together and protected safely.

In this routing protocol, if the original message is to be recovered, the destination node needs to jointly decode a set of encoded data packets. We formalize the distribution of packets on a set of paths, minimizing the security risk of routing, while reducing the transmission rate limited below the ideal value. Attackers try their best to increase the security risk and unreachability rate. The above description can establish the following optimization model, and the following represents the reliability probability of the reserved part of the network :

  

Therefore, the optimized data packet allocation optimization binary group can be obtained , Assign the number of data packets on each path from the source node to the destination node, for the path Probability of damage:

 

At the same time, the number n of data packets finally generated by the source node after encoding is represented by the following formula, where |P ^* | is the number of paths selected for transmission sharing, be the path belonging to P ^* , is the compromise factor:

Under the premise of satisfying the derived r ^* , we propose an algorithm to solve the optimal path set P ^* from S to D. Its entry parameter is a multi-path routing selection algorithm to establish a path set P, and store the damage probability value of the neighbor node in the memory of each node at the same time. If the path k∈P, continue to judge whether it satisfies the above inequality constraints, if so, in P Reserve the path, return the new path P value, and set P ^* =P.

Multi-stage routing design scheme based on secure network coding

In this part, we add identifier bits and authentication information bits in the data packet design, and increase the anti-eavesdropping feature of the link; at the same time, introduce the DTN hybrid security network coding scheme to jointly resist various attacks, such as: eavesdropping attacks, Sybil attack, Byzantine attack, and drop attack, etc.

The secure network coding scheme refers to that for selective data discarding attacks, a limited redundancy factor is dynamically added to the source node in a timely manner to improve the fault tolerance of link failures; mutual authentication between relay nodes is used to resist witches and Byzantine attack reduces the overhead of source node authentication in previous schemes; designs a dual boycott strategy to reduce the impact of nodes from Byzantine attacks. For the sake of simplicity, a beam processing flow is studied in the present invention, and the transmission between a source node and a destination node is considered, but this scheme is also applicable to a multicast flow environment.

Contents of the invention

Based on the above analysis, the present invention provides a multi-stage secure routing method based on network coding in a delay-tolerant network, which includes the following steps:

Step 1: source node encoding and processing;

A packet consists of m symbols in the finite field F _q , adding A redundant label; a bundle of data is represented by a matrix O, and the matrix The i-th row of represents the i-th message in a bunch of data, and the right side of the matrix O is a The identity matrix of order; the z data packets injected by the attacker into each bundle of data are represented by the matrix A:

by matrix It can be seen that the original message length of a bunch of data is , solving the matrix equation Redundancy available a column vector;

where R is order redundant matrix, R is derived from the finite field selected from independent standard random symbols; will be The column vectors of the matrix are superimposed one by one;

According to the matrix equation above, the source node puts the data bundle encoded as encoded packets to be transmitted, where representation matrix First OK, Represents the coefficient of random linear encoding of the message in the original data packet;

Finally, S transmits the encoded n coded packets to D, and allocates the number of data packets on each path from the source node to the destination node can be determined by the above introduced equation and multi-stage routing algorithm;

The source node first signs, and the signature scheme is in a bilinear tuple execute on, where are of the same prime order Cyclic multiplication groups of , in which the algebraic logarithm problem is considered computationally infeasible, is an efficient computable map with bilinear and non-degenerate properties, is an efficient computable isomorphism;

The source node has the key , the public key pair ,in , which uses the homomorphic hash function :

in, yes A random element known to all nodes in , is a cryptographic hash function, is the message length, with the sign news The signature of is as follows:

;

Step 2: Relay node encoding and processing;

Similar to hashes, signatures also have isomorphism, for signed packages , the signature is the following:

Assuming that the relay node only accepts encoded packets from the same source node in a routing process, the relay node determines whether the newly received encoded packet and the existing encoded packet in the memory come from the same source node by verifying whether the following formula is satisfied;

Simultaneous And the above formula can deduce another form of node data packet verification, as shown in the following formula; after the relay node receives the encoded packet M ₁ transmitted by the upstream node, if the cache of the relay node is empty at this time, it will directly send the encoded packet Store it in memory; otherwise, first extract the bundle identifier id hash value of the 33-48 bits of the encoded packet, and compare it with the existing encoded packet M ₂ bundle identifier id hash value in the memory, if the following formula is satisfied, If the signature package is authenticated successfully, it indicates that the two encoded packages come from the same source node, and are not damaged packages injected by pollution attacks or Sybil attackers, and the encoded packages with the same bundle identifier id hash value can be further jointly encoded;

Then, if s _k ^* ≧ 2, each relay node on the path k combines the received data packets with the output related to the number of transmitted data packets in linear coding; otherwise, the relay nodes do not correct the received data packets carry out any processing;

In this way, there is no need for other additional verification conditions and the participation of the source node. After the relay node receives the encoded packet, it can determine whether the encoded packet can be received and further encoded only through mutual verification, which limits the delay-tolerant network. Sybil attacks in

    Step 3: Destination node decoding and processing;

First, the destination node needs to detect the link; when the selective data discarding attack occurs, it needs to measure the transmission rate of a flow and send the estimated transmission rate to the sending node; when the sending node receives the feedback from its receiving end, it sends The node dynamically adjusts the redundancy factor to slow down the decrease in the transmission rate caused by the attack; assuming that the average transmission rate observed by the receiver is , and the corresponding redundancy coefficient is ;Redundancy factor of the sending node The calculation formula is as follows, where Indicates the currently observed transmission rate sent by the receiving node, when for a period of time less than When , the destination node notifies the source node to inject redundancy factors into the network;

The decoding process is based on the decoding scheme in DTN; a bundle of data in DTN is transformed according to the following equation, where O represents the original data packet sent by the source node, T represents the linear transformation from the source node to the destination node, and T _a represents Linear transformation from attacker to destination node;

The destination node D is from the matrix Arbitrarily choose k+z linearly independent columns to form a matrix , where the relevant column vectors selected in the source node data packet matrix O and the attacker’s injected data packet matrix A into the network are respectively denoted by and , so the above formula is further rewritten into the following equation:

if matrix When it exists, the following formula holds:

Express the first mk columns of matrix E as E ^' , and write matrix O as O=[O ₁ , O ₂ , O ₃ ], where O ₁ is related to the first z columns of matrix O, and O ₃ is related to the last k of matrix O column correlation, so the above equation can be converted into the following formula; where, O _k ^z represents the first z columns of matrix O _k , E _z ^' represents the first z columns of matrix E ^' , and E _i ^' represents the last i columns of matrix E ^' :

Simultaneous And the above formula can get the following formula; where, Represents the matrix Y composed of encoded packets received by the destination node List, Represents the encoded packet matrix received by the destination node The remaining part, Represents a column-by-column superposition of matrices The resulting column vector, representation matrix The elements of the i-th row and column j, I is a k-dimensional identity matrix, and the dimension of the zero matrix is , the identity matrix The dimension of is ;

In this way, if the encoded packet received by the destination node is related to the pollution packet transmitted by the source node and injected by the attacker, when the destination node receives at least k+z data packets of a bunch of data, and the matrix B is full rank, then etc. Equation (22) has and only has a unique solution; therefore, even if there are malicious packets injected by attackers that have not been verified and excluded by relay nodes, the destination node can still successfully decode the original data packet sent by the source node, realizing Double resistance to packet pollution attacks;

Step 4: Multi-stage routing and forwarding;

In the multi-stage routing and forwarding of the message with the probability of encountering node damage, it is assumed that only the source node is a trusted node, that is, any node can receive a message from the source node; It can be seen that among the two nodes related to link e, the risk probability risk of the upstream node is the following formula;

When a node with this risk probability carries a message and encounters an attacker, the probability of sending a copy of the message to the attacker is risk; the risk probability of damage to nodes in the network may be group-based, which makes the transmission of encoded packets more challenging ;The goal of the source node is to transmit the message to the destination node while preventing it from being exposed to the attacker;

In this scheme, the update strategy of the probability of node encounter node damage probability is that the initial damage probability of each node and the possible encounter node is risk, after the relay node n _i-1 performs a route, if the selected node n _i represents the actual cost of transmitting unit data this time as c _i , then after completing a route, the damage probability of n _i nodes saved in n _i-1 is updated to risk-0.001c _i ;

Since the reliability probability of the upstream node of the link e is r _e , to analyze the impact of the attacker on the secure transmission, the number of message copies L _min required for the transmission rate d _r before the message expiration period t _d is shown in the following formula, where is the exponential distribution law of the number of encounters between nodes, For the current number of attackers in the network:

 

Assuming that the probability of nodes in the first stage of multi-stage routing meets the node damage probability after sorting A node is a trusted node, which can carry a copy of the message, that is ; In the second stage, the probability of nodes encountering node damage probability is at the bottom after sorting One is a partially trusted node, which can carry a copy of the message, that is, , the total number of nodes carrying message replicas: ; to get the target transfer rate , the start time of the second phase , need to satisfy the following constant inequality:

The brief proof process is as follows: Let the random variable Indicates the multi-stage routing target transmission rate, Represents the probability density function of any one of the L nodes meeting the destination node, is the cumulative distribution function of the probability that any one of the L nodes does not meet the common gathering point; in the first stage, the cumulative distribution function along with grows; however, if no transmission occurs in the first phase (with probability ), at the beginning of the second stage, its probability density function in terms of transmission is given by nodes, the transmission risk is determined by each transmission node value decision;

Since this value needs to be greater than the given transfer rate , so the inequality satisfied by TTL ₁ can be obtained; from the above analysis, for a given parameter set , in order to achieve a higher transmission rate for multi-stage routing, the start time of the third stage Should not be less than the following constant inequality:

 

In the DTN network environment and transmission objectives, in order to achieve a compromise between network performance and security, we combined the above to propose a multi-stage routing algorithm based on the probability of nodes encountering node damage probability; the input parameter at the entrance is the node to be forwarded The damage probability value of the node with which it may meet; then, for the node Perform a quick sort on the damaged probability value in the memory; in the first step of routing, the node According to the FTS model, only the copy of the encoded packet is transmitted to the node with the highest damage probability value, and the timer is started at the same time, set to , if in If the time fails to meet the most damaged node, the second step of routing is performed; during the second step of routing, the node According to the TFS model, only a copy of the encoded packet is transmitted to the second damaged node (the node whose damage probability value is in the top three ranks of the sorting group), and the timer is started at the same time. , if in If the most damaged node is not encountered within the time limit, the third step of routing is performed; the subsequent routing adopts the AS model, that is, the node transmits the encoded packet to the first encountered node after the AS routing model is enabled; in order to optimize network performance, and Take the minimum value within its limited range.

The multi-stage routing refers to setting a reasonable forwarding time waiting interval between different stages and setting a reasonable routing and forwarding mode in different forwarding stages on the basis of comprehensive consideration of network integrity and performance compromise, so as to realize the network coding mechanism Combining with the traditional delay-tolerant network routing scheme, the routing efficiency and security performance are improved.

The present invention is a multi-stage routing method based on secure network coding in a delay-tolerant network. The purpose of the invention is to reduce the routing efficiency due to intermittent connectivity and long delay in the delay-tolerant network and the security that may occur in the delay-tolerant network problem, and nodes use network coding and other nodes' encoded data packets to verify each other to determine whether to allow encoding of received data packets, and select appropriate probabilistic encounter nodes to forward messages according to multi-stage routing rules. After that, modify the damage probability of the probabilistic meeting node, and the node will re-establish the routing path according to the damage probability of the probabilistic meeting node in the next routing selection process; the routing algorithm based on most delay-tolerant networks is not efficient and vulnerable In order to solve the problems of security threats and small network throughput, an optimal coding packet distribution mechanism for each path is established, and a network coding scheme in a damaged delay-tolerant network environment is proposed, and the multi-stage routing and forwarding of message bundles is carried out according to the probability of node damage in probability encounters. The node's resistance mechanism when it is threatened by an attack and the probability encounter node damage probability update mechanism after multi-stage routing and forwarding establish a safe and efficient node routing and forwarding scheme in a delay-tolerant network environment.

the

Beneficial effects: the present invention aims at opportunistic routing of "storage-carry-forward" of delay-tolerant network nodes, and proposes a network coding scheme for damaged environments. The source node resists discarding attacks by dynamically increasing redundancy factors in a timely manner, and improves link fault tolerance ; Mutual verification of messages between nodes to resist pollution attacks and sybil attacks, avoiding excessive dependence on source nodes; design a multi-stage routing based on the probability of node damage probability to further improve the overall routing performance of the network. The security analysis and simulation results show that by choosing a reasonable trade-off coefficient, the joint attack can be effectively resisted and the network performance can be optimized. At the same time, compared with existing solutions, the algorithm of the present invention has obvious improvements in routing performance parameters such as routing overhead, transmission delay, transmission risk, effective transmission rate and network throughput.

the

Description of drawings

Figure 1 is a network node coding diagram.

Figure 2 is a flow chart of the algorithm for solving the optimal path set.

Figure 3 is the encoding packet format.

Fig. 4 is a flow chart of relay node encoding processing.           

Fig. 5 is a flowchart of a multi-stage routing algorithm.

Fig. 6 is a diagram showing the variation of routing overhead with simulation time.

Figure 7 is a graph of throughput versus simulation time.

Figure 8 is a graph showing the variation of effective transmission rate with the number of attackers.

Figure 9 is a graph showing the variation of transmission delay with the number of attackers.

Figure 10 is a graph showing the variation of single transmission risk with the number of attackers.

Figure 11 is a graph of joint transmission risk as a function of the number of attackers.

Figure 12 is a graph showing the relationship between trade-off coefficients and network performance and risk.

Detailed ways

The invention will be described in further detail below in conjunction with the accompanying drawings.

Embodiment one

Network Coding Implementation

Network coding supports relay nodes to re-encode data packets. When a source node sends a data packet to a destination node, all or part of the rest of the relay nodes on the path between the two nodes are combined and forwarded with a certain probability to receive a linearly encoded packet of the message (similar to in XOR operation) to the next node, as shown in Figure 1. A sufficiently linear and independent encoding beam is received at the destination node, and the decoding matrix is converted into a triangular form using the Gaussian elimination method (used to solve thousands of equations and unknowns, and the extremely large equations of millions of equations are solved by iterative method) matrix, and finally decode all the original messages. Compared with traditional schemes, network coding can calculate scheduling strategies to optimize the use of limited available network resources, improve network system throughput and topology robustness, and reduce the overall energy consumption of wireless network nodes in special environments, which has potential security advantages.

Optimal Allocation Model of Transmission Path Coding Packets

Under the premise of satisfying the following formula

We propose to solve the set of optimal paths from S to D The process of Algorithm 1 is shown in Figure 2. Its entry parameter establishes a path set for the multipath routing algorithm , and store the damage probability value of the neighbor node in the memory of each node at the same time, if the path , continue to judge whether it satisfies the inequality constraint (4),

If satisfied, in Reserving the path in , return the new path value, at the same time .

Routing Algorithm Packet Format Design

The packet format definition is shown in Figure 3. The data packet has a total word length of l=96 subsections: the encoding vector refers to each group of linear encoding coefficients used by the node to re-encode the original message, occupying 8 bits, and filling the insufficient bits with 0 (below The same); the authentication information is a parameter for mutual authentication between messages, which occupies 8 bits; the processing control character field is a 16-bit field, which stores various control characters, such as whether to support managed delivery, whether confirmation is required, etc.; bundle identifier id field Occupying 16 bits, it stores the hash value corresponding to the bundle, which is convenient for mutual authentication between nodes; the probability of node damage is 16 bits, which stores the probability of node damage; the data segment stores the content of the message, which is A 32-bit variable-length field.

Relay node network coding process flow

The processing flow of the relay node is shown in Figure 4. After the relay node receives the encoded packet M ₁ transmitted by the upstream node, if the cache of the relay node is empty at this time, it will directly store the encoded packet into the memory; otherwise, first extract the bundle of 33-48 bits of the encoded packet The hash value of the identifier id is compared with the hash value of the identifier id of the existing coded package _M2 bundle in the memory. If the following formula is satisfied, the signature package authentication is successful, indicating that the two coded packages come from the same source node, not Pollution attacks or damaged packets injected by Sybil attackers can further jointly encode encoded packets with the same bundle identifier id hash value.

Then, if s _k ^* ≧ 2, each relay node on the path k combines the received data packets with the output related to the number of transmitted data packets in linear coding; otherwise, the relay nodes do not correct the received data packets Do any processing.

Multi-stage efficient security routing algorithm process

Figure 5 shows the flow chart of the multi-stage routing algorithm based on the probability of nodes encountering node damage probability. The input parameter at the entrance is the damage probability value of the message to be forwarded node a and the node it may meet. Next, perform a quick sort on the damaged probability values in the memory of node a. In the first step of routing, node a only transmits a copy of the coded packet to the node with the highest damage probability value according to the FTS model, and at the same time starts the timer and sets it to TTL _1. If it fails to meet the most damaged node within TTL ₁ , the second step of routing is performed. In the second step of routing, node a only transmits a copy of the encoded packet to the second damaged node (the node whose damage probability value is in the top three of the sorting group) according to the TFS model, and starts the timer at the same time, set TTL ₂ , if the TTL ₂ If the most damaged node is not encountered within the time limit, the third step of routing is performed. The subsequent routing adopts the AS model, that is, the node transmits the encoded packet to the first encountered node after the AS routing model is enabled. To optimize network performance, both TTL ₁ and TTL ₂ take the minimum value within their limits.

Experimental environment parameter setting

This experiment is implemented with the help of the Opnet simulation platform. 150 common mobile nodes are deployed within the range of 3000m*3000m, and the radio frequency power range of each node is 20m (Note: These parameters constitute a DTN with sparse nodes, which is very common in the actual environment), and the channel capacity is 2Mbps, assuming all nodes are identical. The MAC layer protocol uses the IEEE802.11 wireless LAN standard protocol. The network topology is randomly generated. The simulation running time is set to 2h, and the number of seeds is set to 13. Table 1 shows the key parameters of the simulation.

Table 1 Simulation key parameter configuration

We evaluated our proposed scheme with the Jet Routing Algorithm (SRNC) based on Network Coding, Intelligent Routing Algorithm (IRNC) Network Performance and Security. At configuration time, we pass the normal distribution Generate the link e∈E reliability value in DTN. Our simulations assume that the transmission is set up in the worst case where the set of paths is known to all attackers and there is at most one attacker on each path. It is found through observation that the maximum number of paths in the optimal path set P ^* in the experiment is 13.

Routing Cost and Throughput

Routing overhead refers to the quotient of the total number of hops from the source node to the destination node in multi-path routing and the minimum number of hops in single-path routing, and the routing overhead c calculation formula of the multi-stage routing algorithm based on the probability of nodes encountering node damage probability as follows:

       

Figure 6 shows the routing overhead that increases with the simulation time, and the overall routing overhead tends to rise as the simulation time goes by. In the SRNC scheme, as the simulation time goes by, there are attackers in the network, which makes more and more data packets discarded, that is, the coded packets of the source node need more overhead to reach the destination node, and even some coded packets are seriously discarded. , the routing cost is infinite, that is, the destination node cannot be reached at all. As the simulation time goes by, the IRNC scheme shows a gradual increase in routing overhead, but because the source node has redundant packet injection, it will show a relatively good routing overhead when the simulation time is long, but at the beginning of the simulation When , due to the existence of redundant packets, the routing overhead will be large. In our scheme MRNC, since the destination node only detects the selective data discarding attack in the network, it will notify the source node to generate a redundancy factor to improve the link tolerance, and based on the multiplicity of adjacent node damage probability Stage routing optimizes the rationality of path selection, so the routing overhead has little effect with the increase of simulation time.

The throughput in the simulation refers to the amount of coded packets passing through the DTN network in unit time, which is expressed by the equation

We can proceed further as follows:

when , the network throughput of the first-stage routing can be calculated as V ₁ ; the network throughput of the second-stage routing can be pushed to be similar to V ₂ . Since the third-stage routing adopts the AS model, its throughput can be approximately regarded as a constant , so the total network throughput V is V ₁ , V ₂ and Sum.

It can be seen from Figure 7 that the SRNC scheme completely ignores the security performance and realizes the delivery of packets as much as possible through spray routing, so its network throughput is relatively large in the initial stage of the simulation, but as the simulation time goes by, attacks appear in the network Or, its network throughput presents a negative growth trend. In the IRNC scheme, because only completely damaged nodes are selected each time, the network throughput is small and does not change much. At the beginning, our scheme needs to calculate parameters such as the damage probability of adjacent nodes of each node, and the initial network throughput is not large. In terms of throughput, it shows a big advantage.

Effective transmission rate and transmission delay

In order to more clearly observe the relationship between the effective transmission rate and transmission delay with the number of attackers, the number of attackers is set to 0, 2, 4, 6, 8, 10, and 12 in this simulation. At the same time, the effective transmission rate of a node refers to the quotient of the data packets arriving at the destination node and all the data packets generated by the source node, and its calculation formula is as follows:

In order to be able to clearly compare the effective transmission rates of the three schemes, two configurations are performed: when the number of attackers is not greater than 4, one ferry node is introduced in the network; when the number of attackers is greater than 4, three ferry nodes are introduced . The so-called ferry node is to use the controllable mobile device in the simulation tool to move according to the preset path between different geographical areas, collect node information and forward it when it encounters the destination node. At this time, except for the ferry node, no other common Nodes perform routing functions, thereby simplifying the DTN routing protocol and obtaining changes in the effective transmission rate more clearly. It can be seen from Figure 8 that as the simulation time increases, compared with the other two schemes, the effective transmission rate of our scheme does not decrease significantly.

Due to the intermittent connection characteristics of the delay-tolerant network, its transmission delay is usually large. The transmission delay t _delay refers to the time for the message to be transmitted from the source node to the destination node. The calculation formula is as follows, where t _s is the time when the message is sent from the source node, t _r is the time of the message received by the destination node, and t is the time to be transmitted number of messages.

It can be seen from Figure 9 that in the SRNC scheme, nodes usually route message copies with any nodes they meet, so that each node in the network participates in routing with approximately the same probability, and most of the transmission delay is spent on message waiting and at nodes. There are two aspects of the transfer process. However, in a compromised DTN environment, due to the existence of attackers, its transmission delay will be greatly affected. In the IRNC scheme, the nodes forward data packets according to a certain policy, and the transmission delay is mainly consumed in three aspects: policy execution, message waiting, and the transmission process between nodes. As the number of attackers in the network increases, the strategy weakens the impact of the attack behavior on the transmission delay to a certain extent, so the transmission delay due to the SRNC scheme appears in the later period. The MRNC scheme we proposed, although it will take some time for the source node to hash the id and authenticate each other between nodes, it has good transmission delay performance when considering multiple attack resistance, combined with multi-stage routing, it improves data The probability of the destination node of the packet transmission further reduces the network delay.

transmission risk

In order to more clearly observe the relationship between the transmission risk and the effective transmission rate as the number of attackers changes, the number of attackers is set to 0, 2, 4, 6, 8, 10, and 12 in this simulation, and the risk types are divided into single risk and joint risk. Single transmission risk refers to the probability of message damage during transmission under the threat of a certain attack. The single transmission risk risk _s calculation formula is related to the node risk value at each link end of a transmission path. Figure 10 shows the single-transmission risk under different numbers of attackers (all attackers have the same attack type). The figure shows that as the number of attackers increases, the risk of single transfer increases significantly. Obviously, the risk value of our proposed scheme is much smaller than that of SRNC and IRNC schemes, and this value is not the optimal value of our algorithm. The simulation results confirm that our scheme further enhances the security of DTN in the worst environment.

(34)

(35)

Joint transmission risk refers to the probability of message damage during transmission under the threat of more than one attack. The joint transmission risk risk _j is related to the ability of each path in the network to resist the above-mentioned threats. Figure 11 shows the joint transmission risk under different numbers of attackers (including more than one attack type). Compared with the SRNC and IRNC schemes, our scheme has outstanding performance in resisting joint risks. , the change in transmission risk is not very obvious. However, if the number of attackers t≧|P _* |, almost all encoded packets will be corrupted.

trade-off factor

trade-off factor To measure the trade-off relationship between network performance and transmission risk. The formula for the number of data packets finally generated by the source node in the coded packet distribution model is optimized according to each path Further derivation shows that:

When simulating, define . With the trade-off coefficient From 0.65 to 0.75, it can be seen that the transmission risk value is decreasing, and the network performance is also decreasing, that is, the above-mentioned parameters such as throughput, transmission delay and effective transmission rate decrease. by adjusting , we can get a better security risk value, just as the analysis of the number n of encoded data packets finally generated by the source node of the equation, as increases, security risks and transmission rates will decrease. From the three-dimensional relationship in Figure 12, it can be seen that in our MRNC scheme, with the change of the trade-off coefficient, the overall network performance and transmission risk both change in the same direction. Therefore, it is proved that our scheme achieves an optimal trade-off between network performance and transmission risk.

Claims (1)

1. the present invention provides a kind of multi-stage security routing method based on network coding in delay-tolerant network, it is characterized in that, comprises the following steps: Step 1: source node encoding and processing; A packet consists of m symbols in the finite field F _q , adding A redundant label; a bundle of data is represented by a matrix O, and the matrix The i-th row of represents the i-th message in a bunch of data, and the right side of the matrix O is a The identity matrix of order; the z data packets injected by the attacker into each bundle of data are represented by the matrix A: by matrix It can be seen that the original message length of a bunch of data is , solving the matrix equation Redundancy available a column vector; where R is order redundant matrix, R is derived from the finite field selected from independent standard random symbols; will be The column vectors of the matrix are superimposed one by one; According to the matrix equation above, the source node puts the data bundle encoded as encoded packets to be transmitted, where representation matrix First OK, Represents the coefficient of random linear encoding of the message in the original data packet; Finally, S transmits the encoded n coded packets to D, and allocates the number of data packets on each path from the source node to the destination node can be determined by the above introduced equation and multi-stage routing algorithm; The source node first signs, and the signature scheme is in a bilinear tuple execute on, where are of the same prime order Cyclic multiplication groups of , in which the algebraic logarithm problem is considered computationally infeasible, is an efficient computable map with bilinear and non-degenerate properties, is an efficient computable isomorphism; The source node has the key , the public key pair ,in , which uses the homomorphic hash function : in, yes A random element known to all nodes in , is a cryptographic hash function, is the message length, with the sign news The signature of is as follows: ; Step 2: Relay node encoding and processing; Similar to hashes, signatures also have isomorphism, for signed packages , the signature is the following: Assuming that the relay node only accepts encoded packets from the same source node in a routing process, the relay node determines whether the newly received encoded packet and the existing encoded packet in the memory come from the same source node by verifying whether the following formula is satisfied; Simultaneous And the above formula can deduce another form of node data packet verification, as shown in the following formula; after the relay node receives the encoded packet M ₁ transmitted by the upstream node, if the cache of the relay node is empty at this time, it will directly send the encoded packet Store it in memory; otherwise, first extract the bundle identifier id hash value of the 33-48 bits of the encoded packet, and compare it with the existing encoded packet M ₂ bundle identifier id hash value in the memory, if the following formula is satisfied, If the signature package is authenticated successfully, it indicates that the two encoded packages come from the same source node, and are not damaged packages injected by pollution attacks or Sybil attackers, and the encoded packages with the same bundle identifier id hash value can be further jointly encoded; Then, if s _k ^* ≧ 2, each relay node on the path k combines the received data packets with the output related to the number of transmitted data packets in linear coding; otherwise, the relay nodes do not correct the received data packets carry out any processing; In this way, there is no need for other additional verification conditions and the participation of the source node. After the relay node receives the encoded packet, it can determine whether the encoded packet can be received and further encoded only through mutual verification, which limits the delay-tolerant network. Sybil attacks in     Step 3: Destination node decoding and processing; First, the destination node needs to detect the link; when the selective data discarding attack occurs, it is needed to measure the transmission rate of a flow and send the estimated transmission rate to the sending node; when the sending node receives the feedback from its receiving end, it sends The node dynamically adjusts the redundancy factor to slow down the decrease in the transmission rate caused by the attack; assuming that the average transmission rate observed by the receiver is , and the corresponding redundancy coefficient is ;Redundancy factor of the sending node The calculation formula is as follows, where Indicates the currently observed transmission rate sent by the receiving node, when for a period of time less than When , the destination node notifies the source node to inject redundancy factors into the network; The decoding process is based on the decoding scheme in DTN; a bundle of data in DTN is transformed according to the following equation, where O represents the original data packet sent by the source node, T represents the linear transformation from the source node to the destination node, and T _a represents Linear transformation from attacker to destination node; The destination node D is from the matrix Arbitrarily choose k+z linearly independent columns to form a matrix , where the relevant column vectors selected in the source node data packet matrix O and the attacker’s injected data packet matrix A into the network are respectively denoted by and , so the above formula is further rewritten into the following equation: if matrix When it exists, the following formula holds: Express the first mk columns of matrix E as E ^' , and write matrix O as O=[O ₁ , O ₂ , O ₃ ], where O ₁ is related to the first z columns of matrix O, and O ₃ is related to the last k of matrix O column correlation, so the above equation can be converted into the following formula; where, O _k ^z represents the first z columns of matrix O _k , E _z ^' represents the first z columns of matrix E ^' , and E _i ^' represents the last i columns of matrix E ^' : Simultaneous And the above formula can get the following formula; where, Represents the matrix Y composed of encoded packets received by the destination node List, Represents the encoded packet matrix received by the destination node The remaining part, Represents a column-by-column superposition of matrices The resulting column vector, representation matrix The elements of the i-th row and column j, I is a k-dimensional identity matrix, and the dimension of the zero matrix is , the identity matrix The dimension of is ; In this way, if the encoded packet received by the destination node is related to the pollution packet transmitted by the source node and injected by the attacker, when the destination node receives at least k+z data packets of a bunch of data, and the matrix B is full rank, then etc. Equation (22) has and only has a unique solution; therefore, even if there are malicious packets injected by attackers that have not been verified and excluded by relay nodes, the destination node can still successfully decode the original data packet sent by the source node, realizing Double resistance to packet pollution attacks; Step 4: Multi-stage routing and forwarding; In the multi-stage routing and forwarding of the message with the probability of encountering node damage, it is assumed that only the source node is a trusted node, that is, any node can receive a message from the source node; It can be seen that among the two nodes related to link e, the risk probability risk of the upstream node is the following formula; When a node with this risk probability carries a message and encounters an attacker, the probability of sending a copy of the message to the attacker is risk; the risk probability of damage to nodes in the network may be group-based, which makes the transmission of encoded packets more challenging ;The goal of the source node is to transmit the message to the destination node while preventing it from being exposed to the attacker; In this scheme, the update strategy of the probability of node encounter node damage probability is that the initial damage probability of each node and the possible encounter node is risk, after the relay node n _i-1 performs a route, if the selected node n _i represents the actual cost of transmitting unit data this time as c _i , then after completing a route, the damage probability of n _i nodes saved in n _i-1 is updated to risk-0.001c _i ; Since the reliability probability of the upstream node of the link e is r _e , to analyze the impact of the attacker on the secure transmission, the number of message copies L _min required for the transmission rate d _r before the message expiration period t _d is shown in the following formula, where is the exponential distribution law of the number of encounters between nodes, For the current number of attackers in the network:   Assuming that the probability of nodes in the first stage of multi-stage routing meets the node damage probability after sorting A node is a trusted node, which can carry a copy of the message, that is ; In the second stage, the probability of nodes encountering node damage probability is at the bottom after sorting One is a partially trusted node, which can carry a copy of the message, that is, , the total number of nodes carrying message replicas: ; to get the target transfer rate , the start time of the second phase , need to satisfy the following constant inequality: The brief proof process is as follows: Let the random variable Indicates the multi-stage routing target transmission rate, Represents the probability density function of any one of the L nodes meeting the destination node, is the cumulative distribution function of the probability that any one of the L nodes does not meet the common gathering point; in the first stage, the cumulative distribution function along with grows; however, if no transmission occurs in the first phase (with probability ), at the beginning of the second stage, its probability density function in terms of transmission is given by nodes, the transmission risk is determined by each transmission node value decision; Since this value needs to be greater than the given transfer rate , so the inequality satisfied by TTL ₁ can be obtained; from the above analysis, for a given parameter set , in order to achieve a higher transmission rate for multi-stage routing, the start time of the third stage Should not be less than the following constant inequality:   In the DTN network environment and transmission objectives, in order to achieve a compromise between network performance and security, we combined the above to propose a multi-stage routing algorithm based on the probability of nodes encountering node damage probability; the input parameter at the entrance is the node to be forwarded The damage probability value of the node with which it may meet; then, for the node Perform a quick sort on the damaged probability value in the memory; in the first step of routing, the node According to the FTS model, only the copy of the encoded packet is transmitted to the node with the highest damage probability value, and the timer is started at the same time, set to , if in If the time fails to meet the most damaged node, the second step of routing is performed; during the second step of routing, the node According to the TFS model, only a copy of the encoded packet is transmitted to the second damaged node (the node whose damage probability value is in the top three ranks of the sorting group), and the timer is started at the same time. , if in If the most damaged node is not encountered within the time limit, the third step of routing is performed; the subsequent routing adopts the AS model, that is, the node transmits the encoded packet to the first encountered node after the AS routing model is enabled; in order to optimize network performance, and Take the minimum value within its limited range.