CN104079483A - Multistage security routing method for delay tolerant network and based on network codes - Google Patents
Multistage security routing method for delay tolerant network and based on network codes Download PDFInfo
- Publication number
- CN104079483A CN104079483A CN201310107131.5A CN201310107131A CN104079483A CN 104079483 A CN104079483 A CN 104079483A CN 201310107131 A CN201310107131 A CN 201310107131A CN 104079483 A CN104079483 A CN 104079483A
- Authority
- CN
- China
- Prior art keywords
- node
- matrix
- probability
- network
- impaired
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
- Medicines That Contain Protein Lipid Enzymes And Other Medicines (AREA)
Abstract
The invention provides a multistage security routing method for a delay tolerant network and based on network codes. Coding data packet distribution is optimized, multistage routing based on the damaged probability of probability meeting nodes is designed according to the maximum transmission performance requirement between the nodes, the information damaging probability is reduced, the whole network throughput is improved, and the mixed security network coding scheme in a DTN is achieved in designing network cords to jointly boycott various kinds of attack of eavesdropping attack, Sybil attack, byzantine attack and discarding attack. To selective data discarding attack, limited redundant factors are dynamically added into source nodes timely to improve the fault-tolerant capability of link failure. Relay nodes are verified mutually to boycott the Sybil attach and byzantine attach and reduce the cost for verifying the source codes in existing schemes. A double-boycotting strategy is designed to reduce the effects of byzantine attack to the nodes.
Description
Technical field
The present invention is the multistage security-based routing that a kind of coding Network Based and multiple attack are resisted, and belongs to security-based routing field in Delay Tolerant Network.
Background technology
Rong Chi/appearance circuit network (Delay/Disruption Tolerant Network, DTN) be a kind of " limited network (Challenged Network; CN) ", be mainly gathered in the deep space communication of high latency with in the continuous heterogeneous network cooperative working environment being connected of shortage.The communication of DTN is based on information exchange, and data cell may be information, grouping or bundle, and bundle refers to the information unit of the transmission that condenses together.Be different from the hierarchical structure of legacy network, Burleigh etc. have proposed to be called the end-to-end cover layer procotol of " binding " on DTN network layer basis.
Network code (Network Coding, NC) is that the people such as Ahlswede are first for the efficient algorithm proposing without the large-scale distributed system information high efficiency of transmission of central schedule.Network code is supported via node recompile packet, when source node sends packet to destination node, all or part of uniform enconding bag (being similar to XOR) being combined into and forward receipt message with certain probability of all the other via nodes on two hops is to next node.Received the coded beams of enough Line independents in destination node, use Gaussian elimination method (for separating thousands of equatioies and unknown number, article 1000000, the very big equation group iterative method of equation) convert decoding matrix to triangular matrix, finally decode all origination messages.Than traditional scheme, network code can calculate scheduling strategy and utilize limited available network resource to optimize, and improves network system throughput and topological robustness, reduces the overall energy consumption of particular surroundings wireless network node, has potential security advantages.
At present most of relevant research of Delay Tolerant Network is to be all completely reliable this desirable hypothesis based on node, or focuses on and pursue good performance, and ignorance safety issue, causes occurring in system many security breaches; Or pay close attention to fail safe, and ignored network performance, the advantage aspect raising network performance of network code cannot be given full play to.
The present invention is directed to the individual problem of above-mentioned proposition, (1) lacks continuously connection reliably; (2) actual environment node may not be reliable; (3) performance of network code and fail safe cannot take into account; (4) traditional routing plan is not suitable for impaired Delay Tolerant Network environment.According to the feature of the chance route of Delay Tolerant Network node " store-carry-forward ", the network code scheme of impaired environment is proposed, source node, by time dynamically increasing redundancy factor in network, abandons attack to resist, and improves link fault-tolerant ability; Between node, checking message is attacked and Sybil attack to resist to pollute mutually, avoids the undue dependence for source node in conventional method; Design taking probability meet the impaired probability of node as tolerance multistage route, further improve network throughput.
model definition
network model
Suppose that the communication network model under Delay Tolerant Network environment is represented by directed graph G=(V, E), V represents the set of nodes, and E represents oriented link (or channel) set in network.The present invention is on the bundle session being based upon between unique source node S and one or more destination node D.P represents the set of paths between S and D.From S along path
the shared number of path that traverses D is s
k, link
probability of survival is
, herein the upstream node risk probability of link e is considered as
, path
impaired probability is
.
represent data packet transmission rate,
for network throughput,
represent the compromise coefficient between safety and performance.
nodal analysis method
Source node sends and comprises t message to be transmitted
the message bundle of composition is to destination node, and message composition matrix O, has identical unique general identifier with a branch of message
.For the purpose of simple, suppose that all message is isometric.Via node can generate and propagation belongs to same
the linear combination of message, encoded packets is a tuple
, wherein
before message O
individual element,
it is authentication information.
the Attacker Model
In this model, suppose that assailant is all-round, it is the ability that it possesses each link in eavesdropping DTN, and understand the code decode algorithm between source node S and destination node D, different assailants can impose more than a kind or a kind and attack, it can inject a damaged data bag at most in network, supposes its composition matrix A.It can inject damaged data bag to any link in network, and by covering up or usurp identity, to pretend them are the parts from S to D data flow., suppose in our Protocol Design to only have at most an assailant on every selected path between from S to D meanwhile.S can be obtained by flow analysis and estimation by assailant to the path collection between D.In addition,, because routing footpath is node-disjoint paths, the assailant who plays into each other's hands only has at most an assailant to attack at a paths.In addition, in this programme, there are 2 kinds of impaired conditions of network.The impaired condition in path refers to that and if only if
on at least one link
when impaired,
on the path k attack that just can be damaged.The impaired condition of the whole network is to be more than or equal to the message number in source node one beam data when impaired shared number of path
time, all message that source node S is transferred to destination node D along set of paths P attack that will suffer damage.
each transmission path encoded packets model of optimizing allocation
In this model, suppose from S to D always total | the mutually disjoint path l of L| bar node
1, l
2..., l
| L|.Our core of research is that How to choose S is to the safe transmission path between D, and will after source node message copy coding, be distributed on these selected disjoint paths, realize DTN transmission of messages security risk and minimize, obtain desired transmission rate and network throughput simultaneously.
Routing Protocol in the present invention is the multistage Routing Protocol of independent path, and it transmits on the disjoint path of multiple nodes, makes the data of transmitting on different paths jointly to encode and to be kept safe.
In this Routing Protocol, if want to recover origination message, destination node need to be to a group coding packet combined decoding.We have reduced the security risk of route, simultaneously by transfer rate by the allocation of packets formalization in set of paths as far as possible
be limited under ideal value.Assailant improves security risk and unreachable rate as possible, and foregoing description can be set up following optimal model, and lower expression network can reservation section reliable probability
:
Thereby, can obtain optimization data be responsible for assigning optimize two tuples
,
for source node is distributed in data packet number on each path to destination node,
for path
impaired probability:
Meanwhile, the number-of-packet n through the final generation of coding of source node is expressed from the next, wherein | and P
*| for being elected to be the shared number of path of transmission,
for belonging to P
*on path,
for compromise the factor:
Meet derivation gained r
*under prerequisite, we propose to solve the optimal path set P of S to D
*algorithm.Its suction parameter is that multi-path selection algorithm is set up set of paths P, deposits the impaired probable value of neighbor node in each node memory in simultaneously, if path k ∈ P, continue to judge whether it meets above-mentioned inequality constraints condition, if meet, in P, preengage this path, return to new path P value, with seasonal P
*=P.
based on secure network coding multistage routing Design scheme
In this section, we add identifier bit and authentication information position in packet design, have increased link anti-eavesdrop characteristic; Meanwhile, introduce DTN mixed security network code scheme, to boycott various attacks, as: eavesdropping attack, Sybil attack, Byzantium attack and abandon attack etc.
Described secure network encoding scheme, refers to for selective data and abandons attack, the in good time fault-tolerant ability that dynamically increases limited redundancy factor and improve link failure at source node; Checking each other between via node attacks to resist witch and Byzantium, reduced in scheme in the past the expense with source node certification; Design dual boycott strategy, reduce node and be subject to the impact that Byzantium attacks.For easy, in the present invention, study a bundle handling process, considers the transmission between a source node and a destination node, but that this scheme is generalized under Multicast Flows environment is also applicable.
Summary of the invention
Based on above-mentioned analysis, the invention provides the multistage safety routing method of coding Network Based in a kind of Delay Tolerant Network, it comprises the steps:
The first step: source node coding and processing;
A data handbag is drawn together m finite field F
qin symbol, add
individual redundancy indicates; Represent a beam data, matrix with matrix O
i line display one beam data in i message, matrix O right side is one
the unit matrix on rank; Assailant is represented by matrix A to z the packet injecting in each beam data:
By matrix
known, the origination message length of a beam data is
, solution matrix equation
can obtain redundancy
individual column vector;
Wherein R is
rank redundancy matrix, R is from finite field
in middle separate standards random mark, select;
will
the matrix column vector gained that superposes one by one;
According to matrix equation above, source node is data bundle
be encoded into
individual encoded packets to be transmitted, wherein
representing matrix
oK,
in expression raw data packets, message is carried out the coefficient of stochastic linear coding;
Finally, n encoded packets after coding is transferred to D by S, is distributed in the quantity of source node to packet on the each path of destination node
can be determined by above-mentioned equation and the multistage routing algorithm introduced;
First source node signs, and signature scheme is a bilinear element ancestral
upper execution, wherein
it is same Prime Orders
circulation take advantage of group, going through in these groups get it right several problems be considered as calculating infeasible,
be there is bilinearity and non degenerate characteristic efficiently can calculate mapping,
be one and efficiently can calculate isomorphism;
Source node has key
, PKI pair
, wherein
, it uses similar shape hash function
:
Wherein,
be
in the random element all known of all nodes,
keyed Hash function,
for message is long, there is sign
message
signature be following formula:
;
Second step: via node coding and processing;
Be similar to Hash, signature also has homoorganicity, for signature packets
, sign as following formula:
If via node is only accepted the encoded packets from identical sources node in a routing procedure, whether via node meets following formula by checking and judges in new received code bag and internal memory that whether existing encoded packets is from same source node;
Simultaneous
can derive node data bag with above formula and verify another form, be shown below; Via node receives the encoded packets M of upstream node transmission
1after, if now via node buffer memory is empty, directly deposit this encoded packets in internal memory; Otherwise the beam identification that first extracts the 33-48 bit of this encoded packets accords with id Hash value, with existing encoded packets M in internal memory
2beam identification symbol id cryptographic Hash compares, if meet following formula, this signature packets authentication success, shows that two encoded packets are from same source node, not the impaired bag that pollutes attack or Sybil attack person injection, can be by the further combined coding of encoded packets of same bundle identifier id cryptographic Hash;
Then, if s
k * ≤ 2, k upper each via node in path is joined together the packet receiving in the time of linear coding type with the output relevant to transmission data packet number; Otherwise via node does not carry out any processing to the packet of receiving;
Like this, without the participation of all the other additional identification conditions and source node, whether via node, after receiving encoded packets, only need just can be determined and this encoded packets can be received and further encode by checking each other, has limitedly avoided the Sybil attack in Delay Tolerant Network;
the 3rd step: destination node decoding and processing;
First, destination node need to detect link; In the time that selective data abandons attack generation, need it to weigh the transfer rate of a stream and estimated transfer rate is sent to sending node; In the time that sending node is received the feedback of its receiving terminal, sending node is dynamically adjusted redundancy coefficient and is slowed down the transfer rate decline causing due to this attack; Suppose that the average transmission rate that recipient observes is
, corresponding redundancy coefficient is
; The redundancy coefficient of sending node
calculating formula is as follows, wherein
represent the transfer rate of observing at present that receiving node sends, when
within a period of time, continue to be less than
time, destination node notification source node injects redundancy factor in network;
Decode procedure be based in decoding scheme; By a beam data in DTN, according to following equation mode conversion, wherein O represents the raw data packets that source node sends, and T represents the linear transformation from source node to destination node, T
arepresent the linear transformation from assailant to destination node;
Destination node D is from matrix
in select arbitrarily the row of k+z linear independence to form matrix
, wherein use respectively to the related column vector of choosing in injecting data bag matrix A in network source node data bag matrix O and assailant
with
represent, therefore above formula is further rewritten into following equation:
If matrix
while existence, have following formula to set up:
The front m-k list of matrix E is shown to E
' , matrix O is write as O=[O
1, O
2, O
3] form, wherein O
1relevant to the front z row of matrix O, O
3relevant to the rear k row of matrix O, therefore above-mentioned equation is convertible into following formula; Wherein, O
k zrepresenting matrix O
kfront z row, E
z ' representing matrix E
' front z row, E
i ' representing matrix E
' rear i row:
Simultaneous
can obtain following formula with above formula; Wherein,
the matrix Y of the encoded packets composition that expression destination node receives is last
row,
represent the encoded packets matrix that destination node receives
remainder,
represent to superpose by column matrix
the column vector obtaining,
representing matrix
the element of the capable j of i row, I is the unit matrix of k dimension, the dimension of null matrix is
, unit matrix
dimension be
;
Like this, if the pollution that the encoded packets that destination node receives and source node transmission and assailant inject is surrounded by pass, in the time that destination node at least receives k+z packet of a beam data, and matrix B is row full ranks, and equation (22) has and only have unique solution; Therefore, though have that assailant malice injects not by pollution bag that between via node, checking is got rid of each other time, destination node still can successfully decode the raw data packets that source node sends, and realizes bag is polluted to the dual resistance of attacking;
The 4th step: multistage routing forwarding;
The described probability impaired probability of node that meets carries out in the multistage routing forwarding of message, supposes that an active node is trusted node, and any node can be from source node receipt message; By
known, in two nodes relevant to link e, upstream node risk probability risk is following formula;
Run into assailant when there being the node of this risk probability to carry message, it is risk that message copy is sent to assailant's probability; The damaged risk probability of nodes may be based on group, and this makes the transmission of encoded packets more have challenge; Source node target is that transmission of messages is arrived to destination node, prevents from being exposed to assailant simultaneously;
In this programme, the probability of the node impaired probability update strategy of node that meets be each node is risk with the initial impaired probability of the node that may meet, and treats via node n
i-1after carrying out a route, if selected path other end node n
ithe actual overhead of showing these unit of transfer's data is c
i, complete after a route n
i-1the n of middle preservation
ithe impaired probability of node is updated to risk-0.001c
i;
Because the upstream node probability of survival of link e is r
e, analytical attack person is for the impact of safe transmission, at message expiration period t
dbefore, transfer rate is d
rrequired message copy quantity L
minshown in following formula, wherein
for the exponential distribution rule of the number of times that meets between node,
for assailant's quantity in current networking:
If the probability of node meets after the impaired probability of node is positioned at after sequence in route first stage multistage
individual is the node of trusted node, portability message copy,
; In second stage, the probability of node meets after the impaired probability of node is positioned at after sequence
individual is part trusted node, portability message copy,
, always carry message copy nodes:
; In order to obtain object transmission rate
, the time started of second stage
, need to meet a constant inequality below:
Its concise and to the point proof procedure is as follows: establish stochastic variable
represent multistage route target transfer rate,
represent in L node the probability density function that any one and destination node are met,
for any one not cumulative distribution function of collision probability of assembly place together in L node; In first stage, cumulative distribution function
along with
increase; But (probability is if the first stage transmits
), when second stage starts, its probability density function aspect transmission by
individual node determines, transmission risk is by each transmission node
value determines;
Because this value need to be greater than given transfer rate
, therefore can obtain TTL
1satisfied inequality; As the above analysis, for given parameters collection
, in order to make multistage route can obtain higher transfer rate, time started phase III
should be not less than following constant inequality:
Under DTN network environment and transmission objectives, in order to realize the compromise of network performance and fail safe, we are the meet multistage routing algorithm of the impaired probability of node of the probability based on node in conjunction with above-mentioned proposition; Porch input parameter is that message is treated forward node
impaired probable value with its node that may meet; Then, to node
in internal memory, impaired probable value is carried out quicksort one time; When first step route, node
press FTS model, only encoded packets copy is transferred to the node of impaired probable value maximum, open timer simultaneously, be made as
if,
in time, fail the most impaired node that meets, carry out second step route; When second step route, node
press TFS model, only encoded packets copy is transferred to time impaired node (impaired probable value is positioned at the node of ordered set front three), open timer simultaneously, establish
if,
in time limit, fail the most impaired node that meets, carry out the 3rd step by; Route afterwards adopts AS model, and node is transferred to encoded packets to open the first node running into after AS route matrix; For peak optimizating network performance,
with
all get minimum value in its limited range.
Described multistage route refers to and considers on network completeness and trade-off of performance basis, between different phase, setting rational forwarding time waits for interval and sets rational routing forwarding pattern in the different forwarding stages, realize the combination of network code mechanism and traditional Delay Tolerant Network routing plan, promoted router efficiency and security performance.
The present invention is the multistage method for routing based on secure network coding in a kind of Delay Tolerant Network, its goal of the invention is for causing issuable safety issue in router efficiency reduction and Delay Tolerant Network owing to being interrupted connectivity and long delay in Delay Tolerant Network, and packet is verified to determine whether to allow the packet receiving to encode mutually after node utilizes the coding of network code and other node, and select the suitable probability node forwarding messages that meets according to multistage routing rule.Afterwards, the meet impaired probability of node of probability is modified, this node re-establishes routed path according to the meet impaired probability of node of its probability in upper once routing procedure; Efficiency based on most of Delay Tolerant Network routing algorithm is not high, be subject to security threat and the little problem of network throughput, set up each path optimization encoded packets distribution mechanism, network code scheme under impaired Delay Tolerant Network environment is proposed, carry out the multistage routing forwarding of message bundle according to the probability impaired probability of node that meets, utilize probability after resistance mechanism and the multistage routing forwarding of each node in the time of the under attack threat impaired probability update mechanism of node of meeting, under Delay Tolerant Network environment, set up the scheme of node-routing forwarding safely and efficiently.
beneficial effect:the present invention is directed to the chance route of Delay Tolerant Network node " store-carry-forward ", propose the network code scheme of impaired environment, source node, by dynamically increase redundancy factor in good time, resists and abandons attack, improves link fault-tolerant ability; Between node, checking message is attacked and Sybil attack to resist to pollute mutually, avoids the undue dependence to source node; Design is met the impaired probability of node as the multistage route of tolerance taking probability, further improves the routing performance of network entirety.Safety analysis and simulation result show, weigh coefficient by choose reasonable, can effectively resist and gang up against and peak optimizating network performance.Meanwhile, in the routing performance parameters such as routing cost, transmission delay, transmission risk, effective transmission rate and network throughput, algorithm of the present invention has obvious improvement compared to existing program.
Brief description of the drawings
Fig. 1 is network node code pattern.
Fig. 2 is optimal path collection derivation algorithm flow chart.
Fig. 3 is encoded packets form.
Fig. 4 is via node coding process chart.
Fig. 5 is multistage routing algorithm flow chart.
Fig. 6 is that routing cost is with simulation time variation diagram.
Fig. 7 is that throughput is with simulation time variation diagram.
Fig. 8 is that effective transmission rate is with assailant's number change figure.
Fig. 9 is that propagation delay time is with assailant's number change figure.
Figure 10 is that single transport risk is with assailant's number change figure.
Figure 11 is that joint transmission risk is with assailant's number change figure.
Figure 12 is balance coefficient and network performance and risk graph of a relation.
Embodiment
Below in conjunction with Figure of description, the invention is described in further detail.
embodiment mono-
network code embodiment
Network code is supported via node recompile packet, when source node sends packet to destination node, the all or part of uniform enconding bag (being similar to XOR) being combined into and forward receipt message with certain probability of all the other via nodes on two hops is to next node, as shown in Figure 1.Received the coded beams of enough Line independents in destination node, use Gaussian elimination method (for separating thousands of equatioies and unknown number, article 1000000, the very big equation group iterative method of equation) convert decoding matrix to triangular matrix, finally decode all origination messages.Than traditional scheme, network code can calculate scheduling strategy and utilize limited available network resource to optimize, and improves network system throughput and topological robustness, reduces the overall energy consumption of particular surroundings wireless network node, has potential security advantages.
transmission path encoded packets model of optimizing allocation
Under the prerequisite that meets following formula
We propose to solve the optimal path set of S to D
algorithm 1 flow process as shown in Figure 2.Its suction parameter is that multi-path selection algorithm is set up set of paths
, deposit the impaired probable value of neighbor node in each node memory in, if path simultaneously
, continue to judge whether it meets inequality constraints condition (4),
If meet,
this path of middle reservation, returns to new path
value, with season
.
the design of routing algorithm data packet format
Packet format defines as shown in Figure 3, and this packet is word length l=96 son joint altogether: the each group of uniform enconding coefficient that coding vector dactylus point uses origination message recompile, account for 8 bits, and (lower same) filled with 0 above in deficiency position; Authentication information is the parameter of verifying each other between message, accounts for 8 bits; Whether processing controls symbol field is one and accounts for 16 bits, deposits various control symbol, as whether supported trustship transmission, need to confirm etc.; Beam identification symbol id field accounts for 16 bits, deposits the cryptographic Hash of this bundle correspondence, is convenient to internodal mutual certification; The probability impaired probability of node that meets is 16 bits, the probability of the depositing node impaired probability of node that meets; Data segment is deposited the content of message, is 32 bit variable length fields.
via node network code handling process
Via node handling process as shown in Figure 4.Via node receives the encoded packets M of upstream node transmission
1after, if now via node buffer memory is empty, directly deposit this encoded packets in internal memory; Otherwise the beam identification that first extracts the 33-48 bit of this encoded packets accords with id Hash value, with existing encoded packets M in internal memory
2beam identification symbol id cryptographic Hash compares, if meet following formula, this signature packets authentication success, shows that two encoded packets are from same source node, not the impaired bag that pollutes attack or Sybil attack person injection, can be by the further combined coding of encoded packets of same bundle identifier id cryptographic Hash.
Then, if s
k *≤ 2, k upper each via node in path is joined together the packet receiving in the time of linear coding type with the output relevant to transmission data packet number; Otherwise via node does not carry out any processing to the packet of receiving.
multistage highly effective and safe routing algorithm flow process
Be illustrated in figure 5 the meet multistage routing algorithm flow chart of the impaired probability of node of probability based on node.Porch input parameter is the impaired probable value that message is treated forward node a and its node that may meet.Then, impaired probable value in node a internal memory is carried out to quicksort one time.When first step route, node a presses FTS model, only encoded packets copy is transferred to the node of impaired probable value maximum, opens timer simultaneously, is made as TTL
1if, at TTL
1in time, fail the most impaired node that meets, carry out second step route.When second step route, node a presses TFS model, only encoded packets copy is transferred to time impaired node (impaired probable value is positioned at the node of ordered set front three), opens timer simultaneously, establishes TTL
2if, at TTL
2in time limit, fail the most impaired node that meets, carry out the 3rd step by.Route afterwards adopts AS model, and node is transferred to encoded packets to open the first node running into after AS route matrix.For peak optimizating network performance, TTL
1and TTL
2all get minimum value in its limited range.
experimental situation parameter arranges
This experiment realizes by Opnet emulation platform, within the scope of 3000m*3000m, dispose 150 common mobile nodes, each node radio-frequency power scope is 20m (note: the DTN that these parameter configuration nodes are sparse, very common in actual environment), channel capacity is 2Mbps, supposes that each node is identical.Mac-layer protocol uses IEEE802.11 WLAN standard agreement, and network topology structure is random generation, and the simulation run time is set as 2h, and seed number is set as 13, and table 1 is the setting of emulation key parameter.
The configuration of table 1 emulation key parameter
We by 6 parameter evaluations such as routing cost, transmission delay, transmission risk, effective transmission rate, throughput and balance coefficients network performance and the fail safe of intelligent routing algorithm (IRNC) of our scheme of proposing and the injection routing algorithm (SRNC) of coding Network Based, coding Network Based.In the time of configuration, we are by normal distribution
generate DTN link e ∈ E reliability values.Our emulation hypothesis transmission is based upon under worst case, and all assailants know on path collection and each path, to only have at most an assailant.Make discovery from observation, optimal path collection P in test
* middle maximum path quantity is 13.
routing cost and throughput
Routing cost refers in multipath route the business of minimum hop count in the total jumping figure from source node to destination node and single path route, and the meet routing cost c calculating formula of multistage routing algorithm of the impaired probability of node of the probability based on node is as follows:
Fig. 6 has shown the routing cost increasing along with simulation time, and along with simulation time is passed, routing cost is totally all in rising trend.In SRNC scheme, along with the passing of simulation time, in network, start to have assailant, the packet abandoning is got more and more, the encoded packets that is source node needs more expenses could arrive destination node, even part encoded packets abandons when serious, and routing cost is infinitely great, cannot arrive destination node at all.And IRNC scheme is along with simulation time is passed, the routing cost showing is also to increase gradually, but injects because source node has redundancy packet, in the time that simulation time is longer, can show routing cost relatively preferably, but at the beginning time, owing to there is redundancy packet, routing cost can be larger in emulation.In our scheme MRNC, because destination node only occurs in network that selective data abandons while attacking detecting, just can produce the disconnected property of the redundancy factor raising chain appearance of a street by notification source node, and the multistage routing optimality based on the impaired probability of adjacent node Path selection reasonability, therefore to increase impact with simulation time little for routing cost.
Throughput in emulation refers within the unit interval by the encoded packets amount of DTN network, by equation
We can further derive as follows:
When
time, can obtain first stage route network throughput is V
1calculating formula; The network throughput V of second stage route
2shift onto similar.Because phase III route adopts AS model, its throughput can be similar to regards constant as
therefore aggregate network throughput V is V
1, V
2with
sum.
As seen from Figure 7, SRNC scheme, because it ignores security performance completely, realizes the payment of bag as far as possible by spraying route, therefore its network throughput is larger in the emulation starting stage, but along with simulation time is passed, occurred assailant in network, its network throughput presents negative growth trend.In IRNC scheme, owing to only selecting complete impaired node at every turn, therefore network throughput is less, and changes little.And our scheme is calculated the parameters such as the impaired probability of each node adjacent node at the beginning due to needs, initial network throughput is also little, along with the passing of simulation time, owing to adopting safe route of multistage, our scheme is demonstrating larger advantage aspect emulation later stage network throughput.
effective transmission rate and propagation delay time
For more clear observation effective transmission rate and transmission delay are with assailant's number change relation, in this emulation, assailant's quantity is set to respectively to 0,2,4,6,8,10,12.Meanwhile, the effective transmission rate of node refers to the business of the packet and all packets that source node produces that arrive destination node, and its calculating formula is as follows:
In order to know the effective transmission rate of three schemes of comparison, carry out two kinds of configurations: in the time that assailant's quantity is not more than 4, in network, introduce 1 ferry-boat node; In the time that assailant's quantity is greater than 4, introduce 3 ferry-boat nodes.So-called ferry-boat node, use exactly in emulation tool controlled mobile device between different geographic areas by default path movement, acquisition node information also forwards in the time running into destination node, now except ferry-boat node, do not require other ordinary node execution routing function, thereby simplify DTN Routing Protocol, the variation that can more clearly draw effective transmission rate.As can be seen from Figure 8, along with the increase of simulation time, than other two schemes, our scheme effective transmission rate does not have clearly decline.
Due to the characteristic that Delay Tolerant Network discontinuity connects, its transmission delay is conventionally larger.Transmission delay t
delayrefer to that message is transferred to the time of destination node from source node, calculating formula is as follows, wherein t
sfor the time that message sends from source node, t
rbe the time message time that destination node receives, t is message number waiting for transmission.
As can be seen from Figure 9, in SRNC scheme, normal conditions lower node, all can route messages copy with any node that meets, makes each node in network all participate in route to be similar to equal probabilities, and transmission delay major part expends at Messages-Waiting with between node aspect transmitting procedure two.But under impaired DTN environment, due to assailant's existence, its transmission delay can be subject to very big impact.In IRNC scheme, node is according to certain tactful forwarding data bag, transmission delay mainly expends at strategy execution, Messages-Waiting and transmitting procedure three aspects: between node, therefore its time delay is greater than SRNC scheme in the time that assailant is less, but along with assailant's quantity in network increases, strategy has weakened the impact of attack on transmission delay to a certain extent, and therefore its later stage shows the transmission delay due to SRNC scheme.And the MRNC scheme that we propose, between hash and node, in certification, can expend part-time although id is carried out at source node each other, but in the time considering various attacks resistance, there is good transmission delay performance, in conjunction with multistage route, promote the probability of the destination node of data packet transmission, network delay is further reduced.
transmission risk
For more clear observation transmission risk and effective transmission rate are with assailant's number change relation, in this emulation, assailant's quantity is set to respectively to 0,2,4,6,8,10,12, risk type is divided into single risk and associating risk.Single transport risk refers to and is being subject under a certain attack threat, the impaired probability of message in transmitting procedure.Single transport risk risk
scalculating formula is relevant with the node risk value-at-risk of the end of the each link of a transmission paths.Figure 10 has shown the single transport risk under different assailant's quantity (each assailant's attack type is identical).In figure, show, along with assailant's quantity increases, single transport risk significantly rises.Obviously, the value-at-risk that we suggest plans is much smaller than SRNC and IRNC scheme, and this numerical value is not our algorithm optimal value.Simulation result confirmation, our scheme has further strengthened the fail safe of DTN under the worst environment.
(34)
(35)
Joint transmission risk refers to and is being subject under more than a kind kind attack threat, the impaired probability of message in transmitting procedure.Joint transmission risk risk
jto resist the above-mentioned threat ability of mentioning relevant to each paths in network.Figure 11 has shown that the joint transmission risk under different assailant's quantity (containing more than a kind attack type) is compared to SRNC and IRNC scheme, the performance of our scheme aspect resistance associating risk is very outstanding, in the time that multiple threat exists simultaneously, the variation of transmission risk is also non-fairly obvious.But, if assailant's quantity t≤| P
*| time, nearly all encoded packets all can be damaged.
balance coefficient
In emulation, utilize weighting factor
weigh the tradeoff between network performance and transmission risk.According to the number-of-packet formula through the final generation of coding of source node in each path optimization encoded packets apportion model
further derive known:
In the time of emulation, define
.Along with balance coefficient
change to 0.75 from 0.65, can find out that transmission value-at-risk is declining, and network performance is also reducing, the parameter value such as above-mentioned throughput, transmission delay and effective transmission rate reduces.By adjusting
, we can obtain more excellent security risk value, as analyzing about the number-of-packet n through the final generation of coding of equation source node, along with
increase, security risk and transfer rate can decline.Can find out from the three-dimensional relationship of Figure 12, in our MRNC scheme, along with the variation of balance coefficient, overall network performance and transmission risk are all variation tendency in the same way.Therefore, proved that our scheme has realized the optimum compromise of network performance and transmission risk.
Claims (1)
1. the multistage safety routing method that the invention provides coding Network Based in a kind of Delay Tolerant Network, is characterized in that, comprises following steps:
The first step: source node coding and processing;
A data handbag is drawn together m finite field F
qin symbol, add
individual redundancy indicates; Represent a beam data, matrix with matrix O
i line display one beam data in i message, matrix O right side is one
the unit matrix on rank; Assailant is represented by matrix A to z the packet injecting in each beam data:
By matrix
known, the origination message length of a beam data is
, solution matrix equation
can obtain redundancy
individual column vector;
Wherein R is
rank redundancy matrix, R is from finite field
in middle separate standards random mark, select;
will
the matrix column vector gained that superposes one by one;
According to matrix equation above, source node is data bundle
be encoded into
individual encoded packets to be transmitted, wherein
representing matrix
oK,
in expression raw data packets, message is carried out the coefficient of stochastic linear coding;
Finally, n encoded packets after coding is transferred to D by S, is distributed in the quantity of source node to packet on the each path of destination node
can be determined by above-mentioned equation and the multistage routing algorithm introduced;
First source node signs, and signature scheme is a bilinear element ancestral
upper execution, wherein
it is same Prime Orders
circulation take advantage of group, going through in these groups get it right several problems be considered as calculating infeasible,
be there is bilinearity and non degenerate characteristic efficiently can calculate mapping,
be one and efficiently can calculate isomorphism;
Source node has key
, PKI pair
, wherein
, it uses similar shape hash function
:
Wherein,
be
in the random element all known of all nodes,
keyed Hash function,
for message is long, there is sign
message
signature be following formula:
;
Second step: via node coding and processing;
Be similar to Hash, signature also has homoorganicity, for signature packets
, sign as following formula:
If via node is only accepted the encoded packets from identical sources node in a routing procedure, whether via node meets following formula by checking and judges in new received code bag and internal memory that whether existing encoded packets is from same source node;
Simultaneous
can derive node data bag with above formula and verify another form, be shown below; Via node receives the encoded packets M of upstream node transmission
1after, if now via node buffer memory is empty, directly deposit this encoded packets in internal memory; Otherwise the beam identification that first extracts the 33-48 bit of this encoded packets accords with id Hash value, with existing encoded packets M in internal memory
2beam identification symbol id cryptographic Hash compares, if meet following formula, this signature packets authentication success, shows that two encoded packets are from same source node, not the impaired bag that pollutes attack or Sybil attack person injection, can be by the further combined coding of encoded packets of same bundle identifier id cryptographic Hash;
Then, if s
k * ≤ 2, k upper each via node in path is joined together the packet receiving in the time of linear coding type with the output relevant to transmission data packet number; Otherwise via node does not carry out any processing to the packet of receiving;
Like this, without the participation of all the other additional identification conditions and source node, whether via node, after receiving encoded packets, only need just can be determined and this encoded packets can be received and further encode by checking each other, has limitedly avoided the Sybil attack in Delay Tolerant Network;
the 3rd step: destination node decoding and processing;
First, destination node need to detect link; In the time that selective data abandons attack generation, need it to weigh the transfer rate of a stream and estimated transfer rate is sent to sending node; In the time that sending node is received the feedback of its receiving terminal, sending node is dynamically adjusted redundancy coefficient and is slowed down the transfer rate decline causing due to this attack; Suppose that the average transmission rate that recipient observes is
, corresponding redundancy coefficient is
; The redundancy coefficient of sending node
calculating formula is as follows, wherein
represent the transfer rate of observing at present that receiving node sends, when
within a period of time, continue to be less than
time, destination node notification source node injects redundancy factor in network;
Decode procedure be based in decoding scheme; By a beam data in DTN, according to following equation mode conversion, wherein O represents the raw data packets that source node sends, and T represents the linear transformation from source node to destination node, T
arepresent the linear transformation from assailant to destination node;
Destination node D is from matrix
in select arbitrarily the row of k+z linear independence to form matrix
, wherein use respectively to the related column vector of choosing in injecting data bag matrix A in network source node data bag matrix O and assailant
with
represent, therefore above formula is further rewritten into following equation:
If matrix
while existence, have following formula to set up:
The front m-k list of matrix E is shown to E
' , matrix O is write as O=[O
1, O
2, O
3] form, wherein O
1relevant to the front z row of matrix O, O
3relevant to the rear k row of matrix O, therefore above-mentioned equation is convertible into following formula; Wherein, O
k zrepresenting matrix O
kfront z row, E
z ' representing matrix E
' front z row, E
i ' representing matrix E
' rear i row:
Simultaneous
can obtain following formula with above formula; Wherein,
the matrix Y of the encoded packets composition that expression destination node receives is last
row,
represent the encoded packets matrix that destination node receives
remainder,
represent to superpose by column matrix
the column vector obtaining,
representing matrix
the element of the capable j of i row, I is the unit matrix of k dimension, the dimension of null matrix is
, unit matrix
dimension be
;
Like this, if the pollution that the encoded packets that destination node receives and source node transmission and assailant inject is surrounded by pass, in the time that destination node at least receives k+z packet of a beam data, and matrix B is row full ranks, and equation (22) has and only have unique solution; Therefore, though have that assailant malice injects not by pollution bag that between via node, checking is got rid of each other time, destination node still can successfully decode the raw data packets that source node sends, and realizes bag is polluted to the dual resistance of attacking;
The 4th step: multistage routing forwarding;
The described probability impaired probability of node that meets carries out in the multistage routing forwarding of message, supposes that an active node is trusted node, and any node can be from source node receipt message; By
known, in two nodes relevant to link e, upstream node risk probability risk is following formula;
Run into assailant when there being the node of this risk probability to carry message, it is risk that message copy is sent to assailant's probability; The damaged risk probability of nodes may be based on group, and this makes the transmission of encoded packets more have challenge; Source node target is that transmission of messages is arrived to destination node, prevents from being exposed to assailant simultaneously;
In this programme, the probability of the node impaired probability update strategy of node that meets be each node is risk with the initial impaired probability of the node that may meet, and treats via node n
i-1after carrying out a route, if selected path other end node n
ithe actual overhead of showing these unit of transfer's data is c
i, complete after a route n
i-1the n of middle preservation
ithe impaired probability of node is updated to risk-0.001c
i;
Because the upstream node probability of survival of link e is r
e, analytical attack person is for the impact of safe transmission, at message expiration period t
dbefore, transfer rate is d
rrequired message copy quantity L
minshown in following formula, wherein
for the exponential distribution rule of the number of times that meets between node,
for assailant's quantity in current networking:
If the probability of node meets after the impaired probability of node is positioned at after sequence in route first stage multistage
individual is the node of trusted node, portability message copy,
; In second stage, the probability of node meets after the impaired probability of node is positioned at after sequence
individual is part trusted node, portability message copy,
, always carry message copy nodes:
; In order to obtain object transmission rate
, the time started of second stage
, need to meet a constant inequality below:
Its concise and to the point proof procedure is as follows: establish stochastic variable
represent multistage route target transfer rate,
represent in L node the probability density function that any one and destination node are met,
for any one not cumulative distribution function of collision probability of assembly place together in L node; In first stage, cumulative distribution function
along with
increase; But (probability is if the first stage transmits
), when second stage starts, its probability density function aspect transmission by
individual node determines, transmission risk is by each transmission node
value determines;
Because this value need to be greater than given transfer rate
, therefore can obtain TTL
1satisfied inequality; As the above analysis, for given parameters collection
, in order to make multistage route can obtain higher transfer rate, time started phase III
should be not less than following constant inequality:
Under DTN network environment and transmission objectives, in order to realize the compromise of network performance and fail safe, we are the meet multistage routing algorithm of the impaired probability of node of the probability based on node in conjunction with above-mentioned proposition; Porch input parameter is that message is treated forward node
impaired probable value with its node that may meet; Then, to node
in internal memory, impaired probable value is carried out quicksort one time; When first step route, node
press FTS model, only encoded packets copy is transferred to the node of impaired probable value maximum, open timer simultaneously, be made as
if,
in time, fail the most impaired node that meets, carry out second step route; When second step route, node
press TFS model, only encoded packets copy is transferred to time impaired node (impaired probable value is positioned at the node of ordered set front three), open timer simultaneously, establish
if,
in time limit, fail the most impaired node that meets, carry out the 3rd step by; Route afterwards adopts AS model, and node is transferred to encoded packets to open the first node running into after AS route matrix; For peak optimizating network performance,
with
all get minimum value in its limited range.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310107131.5A CN104079483B (en) | 2013-03-29 | 2013-03-29 | Multistage safety routing method based on network code in a kind of Delay Tolerant Network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201310107131.5A CN104079483B (en) | 2013-03-29 | 2013-03-29 | Multistage safety routing method based on network code in a kind of Delay Tolerant Network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN104079483A true CN104079483A (en) | 2014-10-01 |
CN104079483B CN104079483B (en) | 2017-12-29 |
Family
ID=51600535
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201310107131.5A Active CN104079483B (en) | 2013-03-29 | 2013-03-29 | Multistage safety routing method based on network code in a kind of Delay Tolerant Network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN104079483B (en) |
Cited By (10)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105933224A (en) * | 2016-04-15 | 2016-09-07 | 国网河北省电力公司 | Opportunistic routing method for improving reliability of communication network |
WO2019047558A1 (en) * | 2017-09-05 | 2019-03-14 | 东北大学 | Wmn anonymous communication method based on network coding |
CN110138432A (en) * | 2019-05-16 | 2019-08-16 | 哈尔滨工业大学(深圳) | DTN data transmission method based on network code and relaying caching auxiliary |
CN112055012A (en) * | 2018-07-24 | 2020-12-08 | 中国计量大学 | Distributed system |
CN112564712A (en) * | 2020-11-26 | 2021-03-26 | 中国科学院计算技术研究所 | Intelligent network coding method and equipment based on deep reinforcement learning |
CN113179256A (en) * | 2021-04-12 | 2021-07-27 | 中国电子科技集团公司第三十研究所 | Time information safety fusion method and system for time synchronization system |
CN113286302A (en) * | 2021-05-01 | 2021-08-20 | 贵州大学 | Node identity authentication scheme based on block chain for worm detection of wireless sensor network |
CN114205370A (en) * | 2020-08-28 | 2022-03-18 | 希捷科技有限公司 | Distributed secure edge heterogeneous storage network with Byzantine attack resilience |
CN114374613A (en) * | 2022-01-11 | 2022-04-19 | 江西理工大学 | Vehicle-mounted delay tolerant network coding maximum stream setting method based on soft interval support vector machine |
CN115242702A (en) * | 2022-09-22 | 2022-10-25 | 广州优刻谷科技有限公司 | Internet of things node optimal path planning method and system |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101667885A (en) * | 2009-09-29 | 2010-03-10 | 天津大学 | Method for reducing redundancy message by using network coding technique on DTN or ICN network |
JP2010068191A (en) * | 2008-09-10 | 2010-03-25 | Kddi Corp | Dtn data transfer method using network coding, fixed station performing the method, and system including fixed station and mobile terminal |
-
2013
- 2013-03-29 CN CN201310107131.5A patent/CN104079483B/en active Active
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
JP2010068191A (en) * | 2008-09-10 | 2010-03-25 | Kddi Corp | Dtn data transfer method using network coding, fixed station performing the method, and system including fixed station and mobile terminal |
CN101667885A (en) * | 2009-09-29 | 2010-03-10 | 天津大学 | Method for reducing redundancy message by using network coding technique on DTN or ICN network |
Non-Patent Citations (1)
Title |
---|
周瑞涛等: "《基于社区的容迟网络路由方法》", 《北京理工大学学报》 * |
Cited By (16)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN105933224B (en) * | 2016-04-15 | 2020-04-17 | 国网河北省电力公司 | Opportunistic routing method for improving reliability of communication network |
CN105933224A (en) * | 2016-04-15 | 2016-09-07 | 国网河北省电力公司 | Opportunistic routing method for improving reliability of communication network |
WO2019047558A1 (en) * | 2017-09-05 | 2019-03-14 | 东北大学 | Wmn anonymous communication method based on network coding |
CN112055012B (en) * | 2018-07-24 | 2022-11-25 | 中国计量大学 | Distributed system |
CN112055012A (en) * | 2018-07-24 | 2020-12-08 | 中国计量大学 | Distributed system |
CN110138432A (en) * | 2019-05-16 | 2019-08-16 | 哈尔滨工业大学(深圳) | DTN data transmission method based on network code and relaying caching auxiliary |
CN110138432B (en) * | 2019-05-16 | 2021-06-29 | 哈尔滨工业大学(深圳) | DTN data transmission method based on network coding and relay cache assistance |
CN114205370A (en) * | 2020-08-28 | 2022-03-18 | 希捷科技有限公司 | Distributed secure edge heterogeneous storage network with Byzantine attack resilience |
CN112564712A (en) * | 2020-11-26 | 2021-03-26 | 中国科学院计算技术研究所 | Intelligent network coding method and equipment based on deep reinforcement learning |
CN112564712B (en) * | 2020-11-26 | 2023-10-10 | 中国科学院计算技术研究所 | Intelligent network coding method and equipment based on deep reinforcement learning |
CN113179256A (en) * | 2021-04-12 | 2021-07-27 | 中国电子科技集团公司第三十研究所 | Time information safety fusion method and system for time synchronization system |
CN113179256B (en) * | 2021-04-12 | 2022-02-08 | 中国电子科技集团公司第三十研究所 | Time information safety fusion method and system for time synchronization system |
CN113286302A (en) * | 2021-05-01 | 2021-08-20 | 贵州大学 | Node identity authentication scheme based on block chain for worm detection of wireless sensor network |
CN114374613B (en) * | 2022-01-11 | 2023-09-15 | 江西理工大学 | Vehicle-mounted delay tolerant network coding maximum stream setting method based on soft interval support vector machine |
CN114374613A (en) * | 2022-01-11 | 2022-04-19 | 江西理工大学 | Vehicle-mounted delay tolerant network coding maximum stream setting method based on soft interval support vector machine |
CN115242702A (en) * | 2022-09-22 | 2022-10-25 | 广州优刻谷科技有限公司 | Internet of things node optimal path planning method and system |
Also Published As
Publication number | Publication date |
---|---|
CN104079483B (en) | 2017-12-29 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN104079483A (en) | Multistage security routing method for delay tolerant network and based on network codes | |
Hua et al. | Optimal routing and data aggregation for maximizing lifetime of wireless sensor networks | |
CN102170332B (en) | Opportunistic routing protocol data distributing method based on fountain code and network coding | |
Hassan et al. | Integrating African Buffalo optimization algorithm in AODV routing protocol for improving the QoS of MANET | |
CN101951556A (en) | Wireless sensor network data distribution method based on network coding | |
Liu et al. | Data dissemination with network coding in two-way vehicle-to-vehicle networks | |
CN101686521B (en) | Network coding based method for searching route of wireless Ad hoc network | |
Yang et al. | Network coding-based AOMDV routing in MANET | |
CN101965031A (en) | Maximum probability-based cognitive radio multi-path multicast routing method | |
Babulal et al. | Cross layer design for cooperative transmission in wireless sensor networks | |
Sekar et al. | Lightweight reliable and secure multicasting routing protocol based on cross‐layer for MANET | |
CN104469874A (en) | Message forwarding method of opportunistic network based on probability centrality | |
Wen et al. | Multiple stochastic paths scheme on partially-trusted relay quantum key distribution network | |
CN102970235A (en) | Multicast routing method based on intra-flow and inter-flow network encoding in wireless mesh network | |
CN103532667B (en) | Wireless sensor network data method for reliable transmission based on Chinese remainder theorem | |
ParandehGheibi et al. | Optimal reverse carpooling over wireless networks-a distributed optimization approach | |
CN106954242A (en) | A kind of satellite distributed dynamic multi-path method for routing based on network code | |
CN107770077A (en) | A kind of Information theoretical secure QoS routing system of selection based on network code | |
Johnson | QoS improvement in MANET using self organized balanced optimization | |
Haq et al. | Congestion avoidance adaptive routing protocol for manets using network coding | |
Farzinvash | Online network coding-based multicast routing in multichannel multiradio wireless mesh networks | |
Li et al. | Stochastic routing in quantum cryptography communication network based on cognitive resources | |
Wu et al. | QoS-aware multihop routing in wireless sensor networks with power control using demodulation-and-forward protocol | |
CN102006235B (en) | Flow control method and device in cognitive packet network | |
Mutthigarahalli Shankarappa et al. | Performance analysis of EEDR routing protocol for WSNs |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
C06 | Publication | ||
PB01 | Publication | ||
C10 | Entry into substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |