CN104703174A - Wireless Mesh network routing security protection method - Google Patents
Wireless Mesh network routing security protection method Download PDFInfo
- Publication number
- CN104703174A CN104703174A CN201510159336.7A CN201510159336A CN104703174A CN 104703174 A CN104703174 A CN 104703174A CN 201510159336 A CN201510159336 A CN 201510159336A CN 104703174 A CN104703174 A CN 104703174A
- Authority
- CN
- China
- Prior art keywords
- frame
- node
- field
- mode
- statement
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W40/00—Communication routing or communication path finding
- H04W40/02—Communication route or path selection, e.g. power-based or shortest path routing
- H04W40/04—Communication route or path selection, e.g. power-based or shortest path routing based on wireless node resources
Abstract
The invention relates to the technical field of wireless Mesh network routing protocols and security specifications, in particular to a wireless Mesh network routing security protection method based on an 802.11s standard routing protocol. The wireless Mesh network routing security protection method forms a novel security mechanism which is completely compatible with an original 802.11s security mechanism through adding an extension field based on an original frame structure; meanwhile, extended routing frame routing security protection which is aimed at features of a wireless Mesh network is provided to make up deficiencies of 802.11s standards in the aspect of routing security, higher security requirements can be achieved, a route transfer attack, a masking attack, a flood attack, a passive attack, a replay attack and the like can be effectively resisted, and deployment is easy to conduct in an existing wireless Mesh network system without additional facilities or equipment. The wireless Mesh network routing security protection method is suitable for vehicle-mounted networks, large-scale video monitoring networks, sensor networks, backbone networks and other wireless transmission and communication networks which are provided with routing security protection.
Description
Technical field
The present invention relates to Routing Protocols for Wireless Mesh Network and safety standard technical field, particularly relate to a kind of wireless Mesh netword routing safety guard method based on 802.11s standard routing protocol.
Background technology
For with a varied topography, bad environments environment, how to meet large-scale Internet network safely and efficiently to cover, the high bandwidth transmission of a large amount of creation data and positioning of mobile equipment and network insertion concern the major issue that can communication quality and related application business normally carry out in local area network (LAN).Although traditional cable network transmission bandwidth is higher, dispose under complicated adverse circumstances and the higher and limited coverage area of maintenance cost.Current wireless network access way is based on bridge technology, and there is restriction to the extensibility of network size, number of nodes, network, Wireless Mesh (grid) self-organizing network then can satisfy the demands.
Wireless Mesh netword (WMN), primarily of Mesh router and Mesh terminal composition, is a dynamic self-organizing, self-configuring network.Wireless Mesh netword has many characteristics such as wireless mesh topology, self-organizing, multi-hop transmission.Simultaneously, wireless Mesh netword is also born in the defect in some safety, the default route agreement of the wireless Mesh netword of current 802.11s defined is hybrid wireless Mesh agreement (HWMP), and HWMP is easy to be subject to multiple routing attack, such as Worm-hole attack, route interrupt attack, flood attack etc.The via node that malicious attack nodes serves as network forwards the data of other nodes, by distorting the content offensive attack of variable field in routing frame.
The characteristic of wireless Mesh netword in transmission medium and network construction form, the security threat that wireless Mesh netword is faced relative to cable network is more serious, but existing 802.11s Wireless Mesh self-organizing network protocol has only made regulation to network mac layer safety certification, and special solution is not proposed to network routing safety aspect.
Summary of the invention
While the technical problem to be solved in the present invention is to provide the original security mechanism of a kind of compatible 802.11s, the expansion routing frame done for wireless Mesh netword characteristic carries out the method for routing safety protection.
For solving the problems of the technologies described above, the invention provides the guard method of a kind of wireless Mesh netword routing safety, said method comprising the steps of:
Request authentication code field is set in route requests frame, described request authenticator field is encrypted with the mode of broadcast key encryption and a mode of jumping secret key encryption, and described route requests frame is transmitted in Wireless Mesh networking; Described route requests frame is transmitted by the mode of double bounce certification, until described route requests frame arrives destination node or arrives qualified via node;
After destination node receives described route requests frame, send route replies frame to described source node; Described route replies frame arranges response authentication code field, and described response authentication code field utilizes transient state key encryption mode and carries out and one jump the mode of secret key encryption and be encrypted, and is transmitted by the mode of described double bounce certification;
After qualified via node receives described route requests frame, send described route replies frame to described source node; Described via node sends described route replies frame to its next-hop node simultaneously, and described next-hop node verifies that the routed path of described via node replys described route replies frame effectively afterwards;
In described wireless Mesh netword during route path error, respective nodes sends routed path error message frame to its predecessor node, described routed path error message frame arranges path error authenticator field, described arrange path error authenticator field utilize transient state secret key to be encrypted mode that mode one jumps secret key encryption is encrypted, and to be transmitted by the mode of described double bounce certification.
Preferably, in described method, source node launches gateway statement frame in described wireless Mesh netword; Described gateway statement frame arranges gateway statement authenticator field, is encrypted with the mode of broadcast key encryption and a mode of jumping secret key encryption described gateway statement authenticator field, and is transmitted in Wireless Mesh networking by described gateway statement frame; Described gateway statement frame is transmitted by the mode of double bounce certification.
Preferably, the root node in described wireless Mesh netword sends and root statement frame; Described statement frame arranges root statement authenticator field, is encrypted with the mode of broadcast key encryption and a mode of jumping secret key encryption described statement authenticator field, and is transmitted in Wireless Mesh networking by described statement frame; Described statement frame is transmitted by the mode of double bounce certification.
Preferably, described request authenticator field, response authentication code field, path error authenticator field, gateway statement authenticator field and root statement authenticator field are all obtained by method:
The metric field arriving the hop count field of present node, corresponding current jumping figure cryptographic Hash field, corresponding maximum hop count field, corresponding top cryptographic Hash field, the corresponding predecessor node metric field of present node and the whole piece link from source node to present node is encrypted, carries out the authentication code that Hash operation obtains afterwards.
Preferably, described current jumping figure cryptographic Hash and top cryptographic Hash are the Hash to a random number, and described random number is by the node stochastic generation of correspondence.
Preferably, described route requests frame, route replies frame, routed path error message frame, gateway statement frame and root statement frame include signature field, and described signature field is that the constant field in corresponding frame uses signature mechanism to carry out signature to obtain.
Preferably, described signature mechanism adopts and signs based on the on-line/off-line signature scheme of ID.
Preferably, the mode of the described double bounce certification of described route requests frame is specially:
One hop neighbor of described source node receives described route requests frame, described one is utilized to jump route requests frame described in secret key decryption, and in described route requests frame, increase the request authentication code field of a described hop neighbor, form new route requests frame, two hop neighbors of described source node receive the new described route requests frame of a described hop neighbor transmitting, the broadcast key of described source node is utilized to decipher the request authentication code field of the described route requests frame that a described hop neighbor sends, carry out the checking whether a described hop neighbor is distorted, if distort, then terminate to transmit, otherwise in the described route requests frame that described two hop neighbors receive, increase the request authentication code field of described two hop neighbors, form new route requests frame,
Four hop neighbors of described source node and the node that is greater than four hop neighbors are called transmission node, the request authentication code field of the described route requests frame that the first predecessor node utilizing the second predecessor node broadcast key of described transmission node to decipher described transmission node sends, the checking whether the first predecessor node carrying out described transmission node is distorted, if distort, then terminate to transmit, otherwise in the described route requests frame that described transmission node receives, increase the request authentication code field of described transmission node, form new route requests frame
Technique scheme tool of the present invention has the following advantages: wireless Mesh netword routing safety provided by the invention guard method is operated in the intermediate layer of 802.11s Routing Protocol and mac layer security mechanism, Routing Protocol for upper strata provides safeguard protection and transparent to lower floor, the original security mechanism of complete compatible 802.11s, the expansion routing frame routing safety done for wireless Mesh netword characteristic protection is provided simultaneously, do not need to make any amendment to 802.11s standard, compensate for the deficiency of 802.11s standard in routing safety, stronger security requirement can be reached, effectively resist path transfer to attack, spoof attack, flood attack, passive attack and Replay Attack etc., and be easy to dispose in existing wireless Mesh netword system, do not need extra facility or equipment, the wireless Mesh netword routing safety guard method that theres is provided is provided and is applicable to the wireless transmission communication network such as In-vehicle networking, on a large scale video surveillance network, Sensor Network, backbone network, and provide routing safety to protect for above-mentioned network of relation.
Accompanying drawing explanation
Fig. 1 is the on-line/off-line identity verification scheme initialization based on ID that provides of the embodiment of the present invention and authenticating step flow chart;
Fig. 2 replys the certification of request and mutual schematic diagram between two nodes providing of the embodiment of the present invention;
Fig. 3 is that the destination node that the embodiment of the present invention provides replys the certification of request and mutual schematic diagram;
Fig. 4 is the certification of the node reverts back request of the mother that the embodiment of the present invention provides and mutual schematic diagram;
Fig. 5 replys the certification of response and mutual schematic diagram between two nodes providing of the embodiment of the present invention;
Fig. 6 is the routing frame expansion schematic diagram of the route requests frame that the embodiment of the present invention provides;
Fig. 7 is the routing frame expansion schematic diagram of the route replies frame that the embodiment of the present invention provides;
Fig. 8 is the routing frame expansion schematic diagram of the routed path error message frame that the embodiment of the present invention provides;
Fig. 9 is the routing frame expansion schematic diagram of the root statement frame that the embodiment of the present invention provides;
Figure 10 is the routing frame expansion schematic diagram of the gateway statement frame GANN that the embodiment of the present invention provides;
Figure 11 is a kind of wireless Mesh netword routing safety guard method flow chart of the present invention.
Embodiment
Below in conjunction with drawings and Examples, the specific embodiment of the present invention is described in further detail.Following examples for illustration of the present invention, but are not used for limiting the scope of the invention.
The invention provides the guard method of a kind of wireless Mesh netword routing safety, as shown in figure 11, said method comprising the steps of:
Request authentication code field is set in route requests frame, described request authenticator field is encrypted with the mode of broadcast key encryption and a mode of jumping secret key encryption, and described route requests frame is transmitted in Wireless Mesh networking; Described route requests frame is transmitted by the mode of double bounce certification, until described route requests frame arrives destination node or arrives qualified via node;
After destination node receives described route requests frame, send route replies frame to described source node; Described route replies frame arranges response authentication code field, and described response authentication code field utilizes transient state key encryption mode and carries out and one jump the mode of secret key encryption and be encrypted, and is transmitted by the mode of described double bounce certification;
After qualified via node receives described route requests frame, send described route replies frame to described source node; Described via node sends described route replies frame to its next-hop node simultaneously, and described next-hop node verifies that the routed path of described via node replys described route replies frame effectively afterwards;
In described wireless Mesh netword during route path error, respective nodes sends routed path error message frame to its predecessor node, described routed path error message frame arranges path error authenticator field, described arrange path error authenticator field utilize transient state secret key to be encrypted mode that mode one jumps secret key encryption is encrypted, and to be transmitted by the mode of described double bounce certification.
Above-mentioned frame comprises signature field, adopt the on-line/off-line signature scheme workflow based on ID, Identity based encryption algorithm uses the intrinsic ID of equipment itself to carry out identity ciphering, do not need PKIX (Public Key Infrastructure, PKI) system provides its public spoon certificate authenticated, and saves the expense of certificate management.The program is used for carrying out two encrypting and authenticatings to route claim frame, illegally distorts variable field to prevent intermediate node.
Multi-source broadcasts secret scheme, for realizing user's group encryption, can realize the encryption of two hop node groups in the communication process of Mesh network route discovery frame, stopping intermediate node illegally distorting the variable field in route discovery frame.Consider the authentication center (Certification Authority, CA) lacking absolute confidence in Mesh network, adopt off-line secret key distribution approach., namely there is multiple data source in multi-source broadcast encryption scheme, multiple data source all adopts broadcast encryption scheme to be encrypted sent data in network, and the encipherment scheme mutually coordinated.
Route discovery frame and route requests frame, for the routing frame of probing, checking, structure effective routing.
The certification of PREQ frame and reciprocal process.Node sends route requests frame (PREQ), in basic PREQ frame constant field use and sign based on the signature mechanism of ID, sign and be placed on the expansion of this frame.Because constant field can not change through intermediate node, intermediate node does not need to carry out authentication operation, so only sign to fields such as the address in HWMP PREQ frame, sequence number, life span, tag field, PREQ ID, frame lengths at source node.The certification of PREP frame and reciprocal process.When destination node or certain qualified via node receive a PREQ, namely a route replies frame (PREP) is returned, this frame uses the paired transient state key encryption generated by non-interactive type secret key distribution approach (do not need secret key generation side and secret key reciever to carry out online interaction, can pare down expenses compared to interactive secret key distribution approach).Hash operation message authentication code (Hash-based Message AuthenticationCode, HMAC) can use paired transient state secret key to protect variable field.When having had the routed path arriving destination node before certain intermediate node, this intermediate node can return a PREP frame and not need to continue broadcast PREQ frame after receiving PREQ frame.
Qualified via node: after source node sends PREQ frame, PREQ frame can forward through multi-hop, wherein each jumping is called via node, if some via nodes have the effective routing arriving destination node, i.e. so-called " eligible ", this via node is not forwarding PREQ frame but is directly returning a route replies frame.
The certification of PERR frame and reciprocal process.When node finds path loss, this node generates a routed path error message frame (PERR) and sends to its predecessor node.The extended field content of PERR frame comprises the constant field and routing frame life span (TTL) of encrypting based on ID.Whole PERR frame uses the paired main key encryption generated by SAE (simultaneous authentication ofequals, simultaneously peer authentication, verify the mechanism of reliability mutually between a kind of node).
The certification of GANN frame and reciprocal process, the certification of GANN frame is similar with PREQ with reciprocal process, and difference is that GANN is broadcast data frame, does not need to arrange destination node.
The certification of RANN frame and reciprocal process, Mesh root node needs to generate and send root statement frame (RANN), the certification of RANN frame is similar with GANN with reciprocal process, and difference is variable part including degree value in the expansion of RANN frame and forerunner's node metric.
PREQ routing frame is expanded, and is made up of type, length, reserved field, predecessor node metric, top cryptographic Hash, cryptographic Hash, signature, HMAC value field.Wherein, type shows the way by frame type; Length refers to the length of the type routing frame; Reserved field refers to retain in order to using from now on; Predecessor node metric refers to the link metric value of predecessor node; Top cryptographic Hash refers to be used as the top cryptographic Hash of jumping figure certification, and by initial value Hash n time, n gets maximum hop count; Cryptographic Hash refers to the Hash number of times gained cryptographic Hash that the actual jumping figure of current arrived node is corresponding; Signature refers to carry out to the constant field of 802.11s Routing Protocol frame the signature field that obtains based on the signature of ID; HMAC refers to the authentication code of Hash field, is obtained by multi-source broadcast encryption mechanisms.
PREP routing frame is expanded, and is made up of type, length, reserved field, predecessor node metric, top cryptographic Hash, cryptographic Hash, signature, HMAC value field.Each Field Definition leads to PREQ frame.
PERR routing frame is expanded, and is made up of type, length, reserved field, signature, HMAC value field.Each Field Definition leads to PREQ frame.
RANN routing frame is expanded, and is made up of type, length, reserved field, predecessor node metric, top cryptographic Hash, cryptographic Hash, signature, HMAC value field.Each Field Definition leads to PREQ frame.
GANN routing frame is expanded, and is made up of type, length, reserved field, predecessor node metric, top cryptographic Hash, cryptographic Hash, signature, HMAC value field.Each Field Definition leads to PREQ frame.
As shown in Figure 1, based on the on-line/off-line signature scheme initialization of ID, whole initialization and verification process should be divided into four steps: first start initial phase, this stage is at PKG (privatekey generator, private spoon generating center) complete, PKG generates common parameter params and the main secret key master-key of system according to the algorithm parameter of setting.Next enters private spoon generation phase, and this stage completes at PKG equally, and for each, independently ID, PKG calculate a corresponding private spoon (R, s) in conjunction with params and master-key.Again enter encrypting stage, this stage completes at sending node, is divided into online and off-line two steps.Wherein off-line encrypting stage does not need key information, and has repeatability, should node deployment or startup stage complete, to reduce the calculating and storage overhead that secret key generating algorithm brings.On-line stage when node send data time in conjunction with the main secret key master-key of off-line ciphertext C ' system and destination node ID generating ciphertext C.Finally enter Qualify Phase, this stage completes at receiving node, and receiving node generates individual private spoon (R, s) decrypting ciphertext in conjunction with PKG, finally completes proof procedure.
As shown in Figure 2, the certification of PREQ frame and reciprocal process.Whole PREQ frame uses one to jump the key encryption shared by source point, and (in mesh network, data carry out multi-hop transmission to a hop neighbor, the neighbor node of a hop neighbor and intuitivism apprehension, and down hop neighbours refer to the neighbor node of neighbor node.On multihop path, each is jumped all needs to accept, process and forward PREQ frame) this secret key can be used to decipher PREQ frame, corresponding change is done to the variable field in PREQ frame, increases jumping figure, upgrade the metric of this node and the metric of previous node.Oneself one is used to jump key encryption and broadcast afterwards.The broadcast secret key of source point is not contacted in whole deciphering, renewal, re-encrypted process.When a hop node broadcasts this PREQ again, the broadcast secret key that two hop neighbors use source node to distribute after receiving this PREQ decrypts HMAC field, and whether checking HMAC field has been done illegal modifications by intermediate node.This process can realize double bounce certification.After verifying all fields, two hop neighbor amendment PREQ respective field are changed, and increase jumping figure, upgrade the metric of this node degree value and previous node.Upgrade the HMAC (authenticator field) in extended field simultaneously, then again broadcast.This flow process is repeated until arrive destination node in PREQ frame communication process.
As shown in Figure 3, the certification of destination node PREP frame and reciprocal process.When destination node receives PREQ frame, then destination node has had the routed path arriving source node, therefore directly returns the clean culture PREP frame that is pointed to source node.The expansion of PREP frame is similar with PREQ, and difference is that the HMAC of PREP frame expansion uses transient state key encryption, and non-broadcasting secret key.
As shown in Figure 4, via node replys PREP frame certification and reciprocal process.When having had the routed path arriving destination node before certain intermediate node, this intermediate node can return a PREP frame and not need to continue broadcast PREQ frame after receiving PREQ frame.Its idiographic flow should be as shown in Figure 4, after the via node with routed path receives PREQ, reply PREP to the down hop request on routed path, down hop receives asks and verifies that routed path replys PREP effectively afterwards, encryption and the same destination node of transmission means.
As shown in Figure 5, the certification of PERR frame and reciprocal process.When node finds path loss, this node generates a routed path error message frame (PERR) and sends to its predecessor node.The extended field content of PERR frame comprises the constant field and routing frame life span (TTL) of encrypting based on ID.Whole PERR frame uses the paired main key encryption generated by SAE.
Fig. 7 be the embodiment of the present invention provide route replies frame, routed path error message frame, root statement frame, the routing frame expansion schematic diagram of gateway statement frame GANN.
In sum; wireless Mesh netword routing safety provided by the invention guard method is operated in the intermediate layer of 802.11s Routing Protocol and mac layer security mechanism; Routing Protocol for upper strata provides safeguard protection and transparent to lower floor; the original security mechanism of complete compatible 802.11s; the expansion routing frame routing safety done for wireless Mesh netword characteristic protection is provided simultaneously, does not need to make any amendment to 802.11s standard.Compensate for the deficiency of 802.11s standard in routing safety, stronger security requirement can be reached, effectively resist path transfer attack, spoof attack, flood attack, passive attack and Replay Attack etc.And be easy to dispose in existing wireless Mesh netword system, do not need extra facility or equipment.Wireless Mesh netword routing safety provided by the invention guard method is applicable to the wireless transmission communication network such as In-vehicle networking, on a large scale video surveillance network, Sensor Network, backbone network, and provides routing safety to protect for above-mentioned network of relation.
Last it is noted that above embodiment is only in order to illustrate technical scheme of the present invention, be not intended to limit; Although with reference to previous embodiment to invention has been detailed description, those of ordinary skill in the art is to be understood that: it still can be modified to the technical scheme described in foregoing embodiments, or carries out equivalent replacement to wherein portion of techniques feature; And these amendments or replacement, do not make the essence of appropriate technical solution depart from the spirit and scope of various embodiments of the present invention technical scheme.
Claims (8)
1. the guard method of wireless Mesh netword routing safety, is characterized in that, said method comprising the steps of:
Request authentication code field is set in route requests frame, described request authenticator field is encrypted with the mode of broadcast key encryption and a mode of jumping secret key encryption, and described route requests frame is transmitted in Wireless Mesh networking; Described route requests frame is transmitted by the mode of double bounce certification, until described route requests frame arrives destination node or arrives qualified via node;
After destination node receives described route requests frame, send route replies frame to described source node; Described route replies frame arranges response authentication code field, and described response authentication code field utilizes transient state key encryption mode and carries out and one jump the mode of secret key encryption and be encrypted, and is transmitted by the mode of described double bounce certification;
After qualified via node receives described route requests frame, send described route replies frame to described source node; Described via node sends described route replies frame to its next-hop node simultaneously, and described next-hop node verifies that the routed path of described via node replys described route replies frame effectively afterwards;
In described wireless Mesh netword during route path error, respective nodes sends routed path error message frame to its predecessor node, described routed path error message frame arranges path error authenticator field, described arrange path error authenticator field utilize transient state secret key to be encrypted mode that mode one jumps secret key encryption is encrypted, and to be transmitted by the mode of described double bounce certification.
2. method according to claim 1, is characterized in that, in described method, source node launches gateway statement frame in described wireless Mesh netword; Described gateway statement frame arranges gateway statement authenticator field, is encrypted with the mode of broadcast key encryption and a mode of jumping secret key encryption described gateway statement authenticator field, and is transmitted in Wireless Mesh networking by described gateway statement frame; Described gateway statement frame is transmitted by the mode of double bounce certification.
3. method according to claim 2, is characterized in that, the root node in described wireless Mesh netword sends and root statement frame; Described statement frame arranges root statement authenticator field, is encrypted with the mode of broadcast key encryption and a mode of jumping secret key encryption described statement authenticator field, and is transmitted in Wireless Mesh networking by described statement frame; Described statement frame is transmitted by the mode of double bounce certification.
4. method according to claim 3, is characterized in that, described request authenticator field, response authentication code field, path error authenticator field, gateway statement authenticator field and root statement authenticator field are all obtained by method:
The metric field arriving the hop count field of present node, corresponding current jumping figure cryptographic Hash field, corresponding maximum hop count field, corresponding top cryptographic Hash field, the corresponding predecessor node metric field of present node and the whole piece link from source node to present node is encrypted, carries out the authentication code that Hash operation obtains afterwards.
5. method according to claim 4, is characterized in that, described current jumping figure cryptographic Hash and top cryptographic Hash are the Hash to a random number, and described random number is by the node stochastic generation of correspondence.
6. method according to claim 5, it is characterized in that, described route requests frame, route replies frame, routed path error message frame, gateway statement frame and root statement frame include signature field, and described signature field is that the constant field in corresponding frame uses signature mechanism to carry out signature to obtain.
7. method according to claim 6, is characterized in that, described signature mechanism adopts and signs based on the on-line/off-line signature scheme of ID.
8. method according to claim 7, is characterized in that, the mode of the described double bounce certification of described route requests frame is specially:
One hop neighbor of described source node receives described route requests frame, described one is utilized to jump route requests frame described in secret key decryption, and in described route requests frame, increase the request authentication code field of a described hop neighbor, form new route requests frame, two hop neighbors of described source node receive the new described route requests frame of a described hop neighbor transmitting, the broadcast key of described source node is utilized to decipher the request authentication code field of the described route requests frame that a described hop neighbor sends, carry out the checking whether a described hop neighbor is distorted, if distort, then terminate to transmit, otherwise in the described route requests frame that described two hop neighbors receive, increase the request authentication code field of described two hop neighbors, form new route requests frame,
Four hop neighbors of described source node and the node that is greater than four hop neighbors are called transmission node, the request authentication code field of the described route requests frame that the first predecessor node utilizing the second predecessor node broadcast key of described transmission node to decipher described transmission node sends, the checking whether the first predecessor node carrying out described transmission node is distorted, if distort, then terminate to transmit, otherwise in the described route requests frame that described transmission node receives, increase the request authentication code field of described transmission node, form new route requests frame.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510159336.7A CN104703174B (en) | 2015-04-03 | 2015-04-03 | A kind of wireless Mesh netword routing safety guard method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201510159336.7A CN104703174B (en) | 2015-04-03 | 2015-04-03 | A kind of wireless Mesh netword routing safety guard method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN104703174A true CN104703174A (en) | 2015-06-10 |
| CN104703174B CN104703174B (en) | 2017-11-21 |
Family
ID=53349857
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201510159336.7A Active CN104703174B (en) | 2015-04-03 | 2015-04-03 | A kind of wireless Mesh netword routing safety guard method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN104703174B (en) |
Cited By (3)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN108848504A (en) * | 2018-06-30 | 2018-11-20 | 沈阳师范大学 | A kind of identification of wireless sensor network big data and intelligent analysis method and system based on Energy-aware routing protocol |
| CN113300927A (en) * | 2015-08-31 | 2021-08-24 | 松下电器(美国)知识产权公司 | Gateway device, in-vehicle network system, and transfer method |
| CN115002765A (en) * | 2021-03-01 | 2022-09-02 | 儒安物联科技集团有限公司 | Network system based on hash message authentication code and network security routing method |
Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080095059A1 (en) * | 2006-10-20 | 2008-04-24 | Stmicroelectronics, Inc. | System and method for providing an adaptive value of TTL (Time to Live) for broadcast/multicast messages in a mesh network using a hybrid wireless mesh protocol |
| CN101699873A (en) * | 2009-10-21 | 2010-04-28 | 南京邮电大学 | Classification security-based broadcast authentication design method |
| CN103037365A (en) * | 2012-12-12 | 2013-04-10 | 深圳市汇川控制技术有限公司 | Wireless Mesh network security system based on Ad-hoc and wireless Mesh network security method based on the Ad-hoc |
| CN103841553A (en) * | 2014-03-27 | 2014-06-04 | 福建师范大学 | Method for routing security and privacy protection of mixed wireless Mesh network |
-
2015
- 2015-04-03 CN CN201510159336.7A patent/CN104703174B/en active Active
Patent Citations (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20080095059A1 (en) * | 2006-10-20 | 2008-04-24 | Stmicroelectronics, Inc. | System and method for providing an adaptive value of TTL (Time to Live) for broadcast/multicast messages in a mesh network using a hybrid wireless mesh protocol |
| CN101699873A (en) * | 2009-10-21 | 2010-04-28 | 南京邮电大学 | Classification security-based broadcast authentication design method |
| CN103037365A (en) * | 2012-12-12 | 2013-04-10 | 深圳市汇川控制技术有限公司 | Wireless Mesh network security system based on Ad-hoc and wireless Mesh network security method based on the Ad-hoc |
| CN103841553A (en) * | 2014-03-27 | 2014-06-04 | 福建师范大学 | Method for routing security and privacy protection of mixed wireless Mesh network |
Non-Patent Citations (1)
| Title |
|---|
| 陈晓范: "新型无线Mesh网络安全性研究", 《电脑知识与技术》 * |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN113300927A (en) * | 2015-08-31 | 2021-08-24 | 松下电器(美国)知识产权公司 | Gateway device, in-vehicle network system, and transfer method |
| CN113300927B (en) * | 2015-08-31 | 2024-03-22 | 松下电器(美国)知识产权公司 | Gateway device, in-vehicle network system, and transfer method |
| CN108848504A (en) * | 2018-06-30 | 2018-11-20 | 沈阳师范大学 | A kind of identification of wireless sensor network big data and intelligent analysis method and system based on Energy-aware routing protocol |
| CN115002765A (en) * | 2021-03-01 | 2022-09-02 | 儒安物联科技集团有限公司 | Network system based on hash message authentication code and network security routing method |
Also Published As
| Publication number | Publication date |
|---|---|
| CN104703174B (en) | 2017-11-21 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Mick et al. | LASeR: Lightweight authentication and secured routing for NDN IoT in smart cities | |
| CN101222331B (en) | Authentication server, method and system for bidirectional authentication in mesh network | |
| US7596368B2 (en) | Wireless access point apparatus and method of establishing secure wireless links | |
| US8254581B2 (en) | Lightweight key distribution and management method for sensor networks | |
| US11804967B2 (en) | Systems and methods for verifying a route taken by a communication | |
| CN100512182C (en) | Fast switch method and system in wireless local area network | |
| Li et al. | Efficient authentication for fast handover in wireless mesh networks | |
| Liu et al. | A secure and efficient authentication protocol for satellite-terrestrial networks | |
| CN113595735B (en) | Supervised privacy protection block chain crossing system based on CP-ABE | |
| Khan et al. | Secure authentication and key management protocols for mobile multihop WiMAX networks | |
| Yang et al. | Improved handover authentication and key pre‐distribution for wireless mesh networks | |
| Wan et al. | Anonymous user communication for privacy protection in wireless metropolitan mesh networks | |
| CN104703174A (en) | Wireless Mesh network routing security protection method | |
| CN105981028B (en) | Network element certification on communication network | |
| Garikipati et al. | Secured cluster-based distributed fault diagnosis routing for MANET | |
| CN102572822A (en) | Method and device for realizing security routing | |
| Gharavi et al. | Dynamic key refreshment for smart grid mesh network security | |
| Martignon et al. | DSA‐Mesh: a distributed security architecture for wireless mesh networks | |
| Elgenaidi et al. | Trust security mechanism for marine wireless sensor networks | |
| Edake et al. | Secure Localization and Location Verification of Wireless Sensor Network | |
| Khan et al. | Mitigation of Non-Transparent Rouge Relay Stations in Mobile Multihop Relay Networks | |
| US20240146538A1 (en) | Systems and methods for verifying a route taken by a communication | |
| Zhao et al. | The Cooperative Authentication Mechanism and Performance Evaluation for Unmanned Systems | |
| Shin et al. | An Effective Authentication Scheme in Mobile Ad Hoc Network | |
| He et al. | A local joint fast handoff scheme in cognitive wireless mesh networks |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |