CN113258986B - Block chain technology-based satellite self-organizing network OLSR (on-line analytical system) secure routing system - Google Patents

Block chain technology-based satellite self-organizing network OLSR (on-line analytical system) secure routing system Download PDF

Info

Publication number
CN113258986B
CN113258986B CN202110518821.4A CN202110518821A CN113258986B CN 113258986 B CN113258986 B CN 113258986B CN 202110518821 A CN202110518821 A CN 202110518821A CN 113258986 B CN113258986 B CN 113258986B
Authority
CN
China
Prior art keywords
node
satellite
block
message
network
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN202110518821.4A
Other languages
Chinese (zh)
Other versions
CN113258986A (en
Inventor
李宇峰
张艺
章小宁
严开宇
付伟达
姚雨迎
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN202110518821.4A priority Critical patent/CN113258986B/en
Publication of CN113258986A publication Critical patent/CN113258986A/en
Application granted granted Critical
Publication of CN113258986B publication Critical patent/CN113258986B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04BTRANSMISSION
    • H04B7/00Radio transmission systems, i.e. using radiation field
    • H04B7/14Relay systems
    • H04B7/15Active relay systems
    • H04B7/185Space-based or airborne stations; Stations for satellite systems
    • H04B7/18521Systems of inter linked satellites, i.e. inter satellite service
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/01Protocols
    • H04L67/10Protocols in which an application is distributed across nodes in the network
    • H04L67/104Peer-to-peer [P2P] networks
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3236Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions
    • H04L9/3239Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials using cryptographic hash functions involving non-keyed hash functions, e.g. modification detection codes [MDCs], MD5, SHA or RIPEMD
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/32Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
    • H04L9/3247Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials involving digital signatures
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W40/00Communication routing or communication path finding
    • H04W40/24Connectivity information management, e.g. connectivity discovery or connectivity update
    • H04W40/30Connectivity information management, e.g. connectivity discovery or connectivity update for proactive routing

Abstract

The invention discloses a block chain technology-based satellite self-organizing network (OLSR) secure routing system, which comprises a network facility layer, a consensus layer, a functional layer and an application layer. The network facility layer comprises all satellite nodes forming a small satellite self-organizing network; the consensus layer completes accounting through a consensus mechanism; the functional layer realizes credible recording of the node HELLO message, the node malicious behavior announcement and the current credit value of the node, and stores the records between the nodes in a distributed manner; the application layer provides functions of message deception attack identification, credit reference and the like for the satellite nodes based on the credible records of the underlying network. When a malicious node initiates a message spoofing attack, other satellite nodes can identify a HELLO message and a TC message containing false contents, defense against the message spoofing attack is achieved, meanwhile, punishment is carried out on the malicious node through a credit reference function provided by a security framework, the malicious node cannot continuously damage a network, and flow security of the network is guaranteed.

Description

Block chain technology-based satellite self-organizing network OLSR (on-line analytical system) secure routing system
Technical Field
The invention relates to the technical field of a micro/nano satellite constellation network, in particular to a satellite self-organizing network (OLSR) safety routing system based on a block chain technology.
Background
In recent years, with the rapid development of wireless communication and mobile communication, a great number of new mobile communication technologies have emerged that enable people to exchange various information with others at any time and any place in any manner. Among them, the rapid development of satellite networks has made satellite communication one of the most important communication methods in mobile communication technology. With the increasing demand of users for communication, the traditional method of realizing communication between areas by only relying on network links on the ground is far from enough, and when various complex terrains such as mountains, oceans and islands are encountered, the communication network on the ground is difficult to realize comprehensive coverage. Meanwhile, severe natural disasters such as earthquake and flood are likely to damage the ground communication link, which leads to instability of the communication network and interruption of information transmission. The rapid development of the satellite communication network is promoted by various problems and defects of the traditional ground communication network, the satellite network can realize global coverage, can provide higher bandwidth, ensures higher transmission rate, and supports a flexible network structure with larger scale. Besides being used as a supplement and improvement of a ground network, the satellite network can simultaneously and independently form a backbone network of a space-based integrated information network, so that land, sea, sky and space information can be mutually transmitted and exchanged in the space-based network. The remarkable advantages of the satellite network in all aspects enable the satellite communication technology to have important research and application values in various fields such as communication broadcasting, weather prediction, resource detection, environment monitoring, disaster early warning, navigation positioning, digital cities, digital earth and the like.
With the development of the air-ground integrated network and the aerospace mission, the requirement of micro-nano satellite networking becomes more and more urgent. Aiming at the efficient self-organizing network of the small satellite constellation, how to provide safe and reliable information communication guarantee for the on-orbit task of the small satellite constellation is particularly important.
After years of research, a large number of routing protocol schemes of the satellite self-organizing network are proposed successively, and the OLSR routing protocol is taken as a representative of the routing protocol schemes and is widely applied to the fields of micro-nano satellite constellation networking and communication.
Optimized Link State Routing (OLSR) is typically a table-driven proactive Routing protocol. The OLSR routing protocol requires the satellite nodes to periodically exchange various Control packets including Hello packets and Topology Control (TC) packets, and perform distributed computation to establish a network Topology. Compared with a post-response routing (on-demand routing) protocol represented by DSR and AODV, the OLSR protocol can significantly reduce the time delay of upper-layer services, and is mainly characterized in that:
(1) only nodes selected as multipoint relay nodes (MPRs) generate and periodically flood topology control messages, which can significantly reduce the number of control packets broadcast in the network;
(2) only part of the nodes are selected as relay nodes of the control packet to reduce the overhead of routing control information. Any node only selects part of neighbor nodes as its relay nodes, only the selected relay nodes forward control packets in the whole network range, and other neighbor nodes only process but not forward the control packets sent by the node when receiving the control packets. This significantly reduces the number of control packets broadcast in the network. Such nodes are called multipoint relay nodes;
(3) the length of the control packet is reduced. A node does not publish link information associated with all neighboring nodes, but only a subset of links associated with some neighbors.
The micro-nano satellite constellation network is a distributed low-orbit satellite network, and is different from a traditional ground networking technology that the topology is relatively static, the satellite moves ceaselessly along a track, and the topology of the satellite network is constantly changed. Message Spoofing Attacks (Message Spoofing Attacks) are a common attack means for the OLSR protocol, and an attacker can launch an attack by generating a control Message containing false link information, thereby causing a series of problems such as incapability of accessing some nodes, link circulation, and routing table pollution. The existing method for defending the link spoofing attack has the problems of overlarge cost, unrealistic performance, limited attack defending times and the like, and is difficult to defend in a micro-nano satellite constellation network scene.
The block chain is a distributed account book technology and adopts a decentralized infrastructure and a distributed storage consensus technology. Bitcoin is the most primitive and essential application of the Blockchain as crypto digital currency, and in recent years, the Blockchain has gradually evolved from crypto digital currency to a platform providing trusted Blockchain as a Service (BaaS), and various industries have gained favor over Blockchain.
The conventional OLSR routing protocol has the following security problems in the satellite ad hoc network:
(1) the malicious node is easier to launch message spoofing attack by adding false content into the control message in the satellite ad hoc network, and the attack is difficult to identify and defend.
(2) The malicious nodes which start attacks cannot be punished effectively, and the malicious nodes can continue to start attacks to damage the network.
Disclosure of Invention
Aiming at the defects in the prior art, the invention provides a block chain technology-based satellite self-organizing network OLSR (on-line analytical system) security routing system, which aims to solve the problem that when a malicious node initiates a message spoofing attack, other satellite nodes can identify a HELLO message and a TC message containing false contents through a block chain-based security framework, so that the defense of the message spoofing attack is realized, and meanwhile, the malicious node is punished through a credit reference function provided by the security framework, so that the malicious node cannot continuously damage a network, and the flow security of the network is guaranteed.
In order to achieve the purpose of the invention, the invention adopts the technical scheme that:
a block chain technology-based satellite self-organizing network (OLSR) secure routing system comprises a network facility layer, a consensus layer, a functional layer and an application layer;
the network facility layer comprises all satellite nodes forming a small satellite self-organizing network; each satellite node performs data propagation based on a P2P network by adopting an OLSR routing protocol;
the consensus layer comprises a decentralized alliance chain which is jointly constructed by all satellite nodes and used for generating and broadcasting a new block according to a consensus mechanism, and chaining the new block after the authenticity of the new block is verified by other satellite nodes;
the functional layer is used for announcing HELLO messages and satellite node malicious behaviors in the small satellite self-organizing network and carrying out credible recording on the current credit value of each satellite node;
and the application layer is used for carrying out message spoofing attack identification and malicious node punishment on the small satellite self-organizing network according to the malicious behavior bulletin provided by the functional layer and the credible record of the current reputation value of each satellite node.
Further, the generating and broadcasting of the new block by the consensus layer according to the consensus mechanism specifically comprises:
when the HELLO message is newly generated by the satellite node, the HELLO message is directly loaded into a new block, and the new block is broadcasted to the whole network.
Further, the new block includes a timestamp, a block sequence number, a hash value of the previous block, a node address and identification information for generating the block, and a HELLO packet generated by the satellite node at this time.
Further, the generating and broadcasting of the new block by the consensus layer according to the consensus mechanism specifically comprises:
when the control message of the message deception attack behavior of the satellite node is identified, the malicious behavior of the satellite node and the announcement of the current credit value are directly loaded into a new block, and the new block is broadcasted to the whole network.
Further, the new block includes a timestamp, a block sequence number, a hash value of a previous block, a node address and identification information for generating the block, a malicious node address, an error HELLO packet or TC packet sent by a malicious node, and a current reputation value of the malicious node.
Further, the uplink of the new block after the validity of the new block is verified by other satellite nodes in the common layer specifically includes:
when other satellite nodes of the data plane receive the broadcast new block, whether the new block is a new block is judged according to the timestamp contained in the new block, whether the identity of the satellite node is authentic is authenticated through the digital signature, whether the address of the node initiating the block is matched with the identity information of the node is verified, and if yes, the new block is linked.
Furthermore, all satellite nodes of each data plane in the functional layer maintain a block chain account book together, when a network is initialized, a fixed initial credit value is distributed to all satellite nodes by a creation block, when the satellite nodes are identified to have message deception attack behaviors, the malicious behaviors are announced to the whole network, and the credit value of one unit of the malicious nodes is deducted.
Further, the identification of the message spoofing attack on the moonlet self-organizing network by the application layer according to the malicious behavior bulletin provided by the function layer specifically comprises:
when a satellite node receives a HELLO message sent by a neighbor node, whether a sequence number of a block where the HELLO message is located exists or not after a neighbor node address in a neighbor address list contained in the HELLO message is checked, whether the referenced HELLO message is in an aging period or not is checked, whether a referenced HELLO message creator is matched with a neighbor node address in the neighbor address list or not is checked, and whether an address of the currently received HELLO message creator exists in the neighbor address list of the referenced HELLO message is checked.
Further, the identification of the message spoofing attack on the moonlet self-organizing network by the application layer according to the malicious behavior bulletin provided by the function layer specifically comprises:
when a satellite node receives a TC message sent by a neighbor node, whether a serial number of a block where the HELLO message is located is quoted or not after the address of the multipoint relay selection node is checked, whether the quoted HELLO message is in an aging period or not is checked, whether the quoted HELLO message creator is matched with the address of the multipoint relay selection node is checked, and whether the address of the TC message creator exists in a neighbor list of the multipoint relay selection node LINK or not is checked.
Further, the punishment of the malicious nodes by the application layer according to the malicious behavior announcements provided by the functional layer and the credible record of the current reputation value of each satellite node is specifically as follows:
when multiple Dijkstra algorithm is adopted for route calculation, if the credit value of the satellite node on the route path is lower than a first threshold value, the weight value of the satellite node related link is reduced during route calculation; if the reputation value held by the neighbor node is lower than a second threshold value, the neighbor node is not considered as a possible relay node on the routing path during routing calculation; if the malicious node initiates the control message deception attack for multiple times, reducing the number of data packets forwarded by the malicious node; and if the malicious node still initiates the control message spoofing attack, directly deleting the malicious node from the reason table.
The invention has the following beneficial effects:
(1) the defects of poor safety, easiness in suffering from message deception attack, difficulty in recovery after attack and the like in the traditional OLSR routing protocol are overcome, and the idea of credit reference is added, so that the satellite node can punish the malicious node according to the credit record in the block chain, and the network flow safety is guaranteed.
(2) The invention introduces the block chain technology into the micro-nano satellite self-organizing network, and provides a reliable message spoofing attack defense method for the satellite network adopting the OLSR routing protocol; compared with the existing message spoofing attack defense method of the OLSR protocol, the block chain technology-based security framework is more suitable for the decentralized characteristic of the micro-nano satellite self-organized network, meanwhile, the block chain consensus process is concise, the attack identification process is concise, a complex operation process is not needed, the precious energy and computing power of the satellite are saved, the method is suitable for the special environment of satellite communication, the message spoofing attack can be defended repeatedly, and the security risk that the satellite self-organized network adopting the OLSR routing protocol suffers the message spoofing attack is remarkably reduced.
(3) The invention adopts the idea of credit reference, when the attack of the malicious node is identified, the security framework deducts the credit value of the node, and other nodes punish the malicious node with low credit value according to the credit value record provided by the security framework, so that the malicious node can not continuously damage the network, thereby reducing the influence of the malicious node on the network; compared with other centralized reputation information databases, the reputation value record of the invention is based on the block chain technology, has high decentralization degree, strong damage resistance and better safety, and is suitable for the micro-nano satellite self-organizing network.
Drawings
FIG. 1 is a schematic structural diagram of an OLSR secure routing system of a satellite ad hoc network based on a block chain technology according to the present invention;
fig. 2 is a block structure diagram of recording a HELLO packet according to the present invention;
FIG. 3 is a block diagram of the present invention for recording malicious activities and reputation values;
fig. 4 is a schematic flow chart of the satellite node identification message spoofing attack in the invention.
Detailed Description
The following description of the embodiments of the present invention is provided to facilitate the understanding of the present invention by those skilled in the art, but it should be understood that the present invention is not limited to the scope of the embodiments, and it will be apparent to those skilled in the art that various changes may be made without departing from the spirit and scope of the invention as defined and defined in the appended claims, and all matters produced by the invention using the inventive concept are protected.
As shown in fig. 1, an embodiment of the present invention provides a block chain technology-based satellite ad hoc network OLSR secure routing system, which includes a network facility layer, a consensus layer, a functional layer, and an application layer;
the network facility layer comprises all satellite nodes forming a small satellite self-organizing network; each satellite node adopts an OLSR routing protocol to carry out data propagation based on a P2P network;
the consensus layer comprises a decentralized alliance chain which is jointly constructed by all satellite nodes and used for generating and broadcasting a new block according to a consensus mechanism, and chaining the new block after the authenticity of the new block is verified by other satellite nodes;
the functional layer is used for announcing HELLO messages and satellite node malicious behaviors in the small satellite self-organizing network and carrying out credible recording on the current credit value of each satellite node;
and the application layer is used for carrying out message spoofing attack identification and malicious node punishment on the small satellite self-organizing network according to the malicious behavior bulletin provided by the functional layer and the credible record of the current reputation value of each satellite node.
In this embodiment, the blockchain is located in the small satellite ad hoc network, and each satellite node maintains a federation chain together. Each satellite node joins the alliance chain system with alliance chain membership, no specific privileged node exists in the whole system, and P2P protocol is adopted to complete the transaction between the nodes and transmit block data. The satellite node issues a unique public key, a private key and a digital certificate for proving the identity of the satellite node by a ground station for managing the constellation, the public key informs the whole network node, and the private key is stored by the node. A node may ensure that information actually came from a signing node by verifying the digital signature of the information.
In the embodiment, the invention adopts a P2P network for data propagation. Each satellite node in the P2P network will take care of network routing, verifying block data, etc., and it is also necessary to ensure data consistency. Therefore, it is necessary to add the necessary consensus mechanism, generate and broadcast a new block according to the consensus mechanism at the consensus layer, and other satellite nodes verify the authenticity of the new block and uplink the new block.
When the routing action of the satellite node is recorded, the situation that each node in the small satellite network is insufficient in computing power and limited in energy is considered, the traditional consensus mechanism is high in cost, large in resource consumption and low in block generation efficiency, and the small satellite network is not suitable for the small satellite network. In order to simplify the block generation process, when the node newly generates a HELLO message or identifies a control message with deceptive behavior, the HELLO message or the notice of the malicious behavior of the node is directly loaded into a new block and the new block is broadcasted, so that a complex consensus process is avoided.
When other satellite nodes of the data plane receive the broadcast new block, whether the new block is a new block is judged according to the timestamp contained in the new block, whether the identity of the satellite node is authentic is authenticated through the digital signature, whether the address of the node initiating the block is matched with the identity information of the node is verified, and if yes, the new block is linked.
In this embodiment, the functional layer implements, on the basis of the network facility layer and the consensus layer, a trusted record of HELLO packets, node malicious behavior announcements, and a current reputation value of each satellite node in the small satellite network using the OLSR routing protocol.
Specifically, when the HELLO message is to be newly generated by the satellite node, the HELLO message is directly loaded into a new block, and the new block is broadcasted to the whole network.
As shown in fig. 2, the newly generated block includes a timestamp, a block sequence number, a hash value of the previous block, an address and identification information of the node that generated the block (HELLO packet), and the HELLO packet generated by the satellite node at this time. The time stamp is used for recording the time of generating the block and is also the time of generating the hello message; the block sequence number is used for searching subsequent HELLO messages.
And after the new block is generated, the new block is broadcasted to the whole network, each node verifies whether the address of the node initiating the block is matched with the certification information of the node, and the new block is linked up after the node passes the verification.
When the control message of the message deception attack behavior of the satellite node is identified, the malicious behavior of the satellite node and the announcement of the current credit value are directly loaded into a new block, and the new block is broadcasted to the whole network.
As shown in fig. 3, the newly generated block includes a timestamp, a block sequence number, a hash value of a previous block, a node address and identification information for generating the block (HELLO packet), a malicious node address, an incorrect HELLO packet or TC packet sent by a malicious node, and a current reputation value of the malicious node. Wherein the identification information includes a digital signature or the like.
And generating and broadcasting a new block, verifying whether the content of the new block is real by other nodes in the network, linking the new block if the verification is passed, and realizing announcement of control message cheating behaviors and recording of the current credit value of the node at a functional layer through the process.
All satellite nodes of each data plane in the functional layer maintain a block chain account book together, and when a network is initialized, a creating block allocates fixed initial credit values to all satellite nodes, wherein the initial credit values are set to be 10 units; when the satellite node is identified to have the message deception attack behavior, the malicious behavior is announced to the whole network, and the credit value of one unit of the malicious node is deducted.
In this embodiment, the application layer provides functions such as HELLO message spoofing attack recognition, TC message spoofing attack recognition, reputation reference, and the like for the satellite node using the OLSR routing protocol based on the trusted record of the underlying network.
In an OLSR protocol, a malicious node adds false contents in a HELLO control message and a TC control message to realize message spoofing attack on a micro-nano satellite constellation network, and the false contents in the HELLO control message and the TC control message need to be identified in order to realize defense against the message spoofing attack.
In the invention, the Neighbor Address list (Neighbor Interface Address) in the HELLO message not only stores the Neighbor node Address, but also refers to the proof that the Neighbor node is really the Neighbor of the HELLO message creator, namely the serial number of the HELLO message block of the Neighbor node, and the node receiving the HELLO message can inquire the specific block according to the serial number to know whether the Neighbor node in the HELLO message is the Neighbor of the HELLO message creator or not, so as to identify the false content in the HELLO message.
Because the node is in the most original link discovery phase when just networking, part of nodes may not have the HELLO message declaration of the quoted neighbor node, the node is allowed to quote the HELLO message with the empty neighbor node list when initially networking, and the node which is newly added subsequently quotes the HELLO message according to the rule.
The referenced message must be a HELLO message in the guarantee period, and the time stamp in the block can provide the generation time of the HELLO message so as to calculate whether the message is still in the time limit, can be referenced in the time limit and cannot be referenced outside the time limit.
When a satellite node receives a HELLO message sent by a neighbor node, whether a sequence number of a block where the HELLO message is located exists or not after a neighbor node address in a neighbor address list contained in the HELLO message is checked, whether the referenced HELLO message is in an aging period or not is checked, whether a referenced HELLO message creator is matched with a neighbor node address in the neighbor address list or not is checked, and whether an address of the currently received HELLO message creator exists in the neighbor address list of the referenced HELLO message is checked.
The satellite node can realize the identification of the false content of the HELLO message at an application layer by means of a security framework through the process. As shown in fig. 4, the neighbor node of node a is node B, the address and reference of node B are stored in the neighbor address list, and node a packs the HELLO packet into a new block and uplinks when sending the HELLO packet to the neighbor. The neighbors of the node B are a node A and a node C, and the node B stores the Address of the node A and then refers to the sequence number of the block where the HELLO message of the node A is located in a Neighbor Address list (Neighbor Interface Address) of the HELLO message sent to the C by the node B. After receiving the HELLO message from the node B, the node C verifies whether the quote of the node B declares the node a to be the neighbor node is true, inquires the block according to the serial number of the quote block to obtain the HELLO message of the quoted node a, if the HELLO message is really created by the node a and the address of the node B is also in the neighbor list in the aging period, the node C can consider that the node a is really the neighbor node of the node B, and updates the own two-hop neighbor list. The neighbor node of the malicious node E is the node D, the node E launches message deception attack, declares the node A to be the neighbor node of the node E, and sends a HELLO message containing deception content to the node D, wherein the neighbor address list of the node D, the address of the node A and the reference of the address are contained in the neighbor address list. And after receiving the HELLO message sent by the E, the node D checks whether the quote is true, if the node E does not quote or the quoted HELLO message is expired, the node D directly considers that the HELLO message of the node E has deceptive content, if the node E does not quote or the quoted HELLO message passes through the two items, the content of the quote message is continuously checked, the message is found not to be created by the node A or the quoted HELLO message of the node A is found not to declare the node D as a neighbor node of the node A, the HELLO message of the node E is considered to have deceptive content, and the HELLO message deceptive attack identification of the malicious node E is completed.
The TC message false identification method is similar to the HELLO message spoofing attack identification method. The Address (MPR Selector Address) of the multipoint relay selection node of the TC message also needs to be attached with the sequence number of the block where the referenced HELLO message is located, the referenced HELLO message needs to be in time efficiency, the Address of the initiator of the HELLO message matches with the Address of the MPR Selector, and the Address of the initiator of the TC message exists in the neighbor list where the linkdode LINK type in the referenced HELLO message is MPR LINK.
When a satellite node receives a TC message sent by a neighbor node, whether a serial number of a block where the HELLO message is located is quoted or not after the address of the multipoint relay selection node is checked, whether the quoted HELLO message is in an aging period or not is checked, whether the quoted HELLO message creator is matched with the address of the multipoint relay selection node is checked, and whether the address of the TC message creator exists in a neighbor list of the multipoint relay selection node LINK or not is checked. If all the four items pass through, the information in the TC message is considered to be correct, and the topological table and the routing table are updated according to the OLSR protocol rule. If one item does not pass through, the TC message is considered to have false content, and the identification of the TC message cheating attack is realized.
The functional layer provides notice of malicious behaviors and records of the current reputation value of each node, on the basis, the application layer provides reliable reputation reference for node routing selection, and the nodes can punish the malicious nodes with lower reputation values according to the reputation reference provided by the security framework, and the method specifically comprises the following steps:
when multiple Dijkstra algorithm is adopted for route calculation, if the credit value of the satellite node on the route path is lower than a first threshold value, the weight value of the satellite node related link is reduced during route calculation; if the reputation value held by the neighbor node is lower than a second threshold value, the neighbor node is not considered as a possible relay node on the routing path during routing calculation; if the malicious node initiates the control message deception attack for multiple times, reducing the number of data packets forwarded by the malicious node; and if the malicious node still initiates the control message spoofing attack, directly deleting the malicious node from the reason table.
Specifically, the routing algorithm adopts a multiple Dijkstra algorithm for routing calculation on the basis of the topological graph, and if the credit value of a certain node on the path is lower than 5 units, the weight value of a link related to the node is reduced in the routing calculation process, so that the probability of selecting the node as a relay node on the path is reduced. When the reputation value held by the neighbor node is lower than 2 units, the node is not considered as a possible relay node on the path in the process of route calculation. If a malicious node initiates control message spoofing attack for many times, the malicious node is identified by other satellite nodes in the network and the number of data packets forwarded by the malicious node is reduced, and if the node still initiates message spoofing attack, other nodes in the network directly remove the malicious node from a routing table, so that the isolation of the malicious node in the whole network is realized, and the flow security of the network is ensured.
The present invention is described with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems), and computer program products according to embodiments of the invention. It will be understood that each flow and/or block of the flow diagrams and/or block diagrams, and combinations of flows and/or blocks in the flow diagrams and/or block diagrams, can be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, embedded processor, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer-readable memory that can direct a computer or other programmable data processing apparatus to function in a particular manner, such that the instructions stored in the computer-readable memory produce an article of manufacture including instruction means which implement the function specified in the flowchart flow or flows and/or block diagram block or blocks.
These computer program instructions may also be loaded onto a computer or other programmable data processing apparatus to cause a series of operational steps to be performed on the computer or other programmable apparatus to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide steps for implementing the functions specified in the flowchart flow or flows and/or block diagram block or blocks.
The principle and the implementation mode of the invention are explained by applying specific embodiments in the invention, and the description of the embodiments is only used for helping to understand the method and the core idea of the invention; meanwhile, for a person skilled in the art, according to the idea of the present invention, there may be variations in the specific embodiments and the application scope, and in summary, the content of the present specification should not be construed as a limitation to the present invention.
It will be appreciated by those of ordinary skill in the art that the embodiments described herein are intended to assist the reader in understanding the principles of the invention and are to be construed as being without limitation to such specifically recited embodiments and examples. Those skilled in the art can make various other specific changes and combinations based on the teachings of the present invention without departing from the spirit of the invention, and these changes and combinations are within the scope of the invention.

Claims (8)

1. A satellite self-organizing network OLSR safety routing system based on block chain technology is characterized by comprising a network facility layer, a consensus layer, a functional layer and an application layer;
the network facility layer comprises all satellite nodes forming a small satellite self-organizing network; each satellite node performs data propagation based on a P2P network by adopting an OLSR routing protocol;
the consensus layer comprises a decentralized alliance chain which is jointly constructed by all satellite nodes and used for generating and broadcasting a new block according to a consensus mechanism, and chaining the new block after the authenticity of the new block is verified by other satellite nodes;
the functional layer is used for announcing HELLO messages and satellite node malicious behaviors in the small satellite self-organizing network and carrying out credible recording on the current credit value of each satellite node;
the application layer is used for carrying out message deception attack identification and malicious node punishment on the small satellite self-organizing network according to the malicious behavior bulletin provided by the functional layer and the credible record of the current reputation value of each satellite node, and specifically comprises the following steps:
when a satellite node receives a HELLO message sent by a neighbor node, whether a sequence number of a block where the HELLO message is located exists or not after a neighbor node address in a neighbor address list contained in the HELLO message is checked, whether the quoted HELLO message is in an aging period or not is checked, whether a quoted HELLO message creator is matched with a neighbor node address in the neighbor address list or not is checked, and whether an address of the received HELLO message creator currently exists in the neighbor address list of the quoted HELLO message is checked;
when a satellite node receives a TC message sent by a neighbor node, whether a serial number of a block where the HELLO message is located is quoted or not after the address of the multipoint relay selection node is checked, whether the quoted HELLO message is in an aging period or not is checked, whether the quoted HELLO message creator is matched with the address of the multipoint relay selection node is checked, and whether the address of the TC message creator exists in a neighbor list of the multipoint relay selection node LINK or not is checked.
2. The OLSR secure routing system based on block chain technology of claim 1, wherein said consensus layer generates new blocks according to a consensus mechanism and broadcasts:
when the HELLO message is newly generated by the satellite node, the HELLO message is directly loaded into a new block, and the new block is broadcasted to the whole network.
3. The OLSR security routing system for satellite ad hoc network based on block chaining technology as claimed in claim 2, wherein said new block includes timestamp, block sequence number, hash value of previous block, node address and identification information for generating this block, HELLO message generated by the satellite node at this time.
4. The OLSR secure routing system based on block chain technology of claim 1, wherein said consensus layer generates new blocks according to a consensus mechanism and broadcasts:
when the control message of the message deception attack behavior of the satellite node is identified, the malicious behavior of the satellite node and the announcement of the current credit value are directly loaded into a new block, and the new block is broadcasted to the whole network.
5. The OLSR security routing system of satellite ad hoc network based on block chaining technology as claimed in claim 4, wherein the new block includes timestamp, block sequence number, hash value of previous block, node address and identification information for generating the block, malicious node address, error HELLO message or TC message sent by malicious node, and current reputation value of malicious node.
6. The OLSR security routing system of claim 2, 3, 4, or 5 wherein the common layer links the new block after the authenticity of the new block is verified by other satellite nodes by:
when other satellite nodes of the data plane receive the broadcast new block, whether the new block is a new block is judged according to the timestamp contained in the new block, whether the identity of the satellite node is authentic is authenticated through the digital signature, whether the address of the node initiating the block is matched with the identity information of the node is verified, and if yes, the new block is linked.
7. The OLSR security routing system for satellite ad hoc network based on block chain technology as claimed in claim 1, wherein all satellite nodes of each data plane in the functional layer maintain a block chain book together, when the network is initialized, all satellite nodes are assigned with fixed initial reputation value by the creation block, when it is identified that there is message spoofing attack behavior in a satellite node, the malicious behavior is announced to the whole network, and the reputation value of one unit of the malicious node is deducted.
8. The system according to claim 1, wherein the application layer penalizes a malicious node according to the malicious behavior advertisement provided by the functional layer and the trusted record of the current reputation value of each satellite node specifically:
when multiple Dijkstra algorithm is adopted for route calculation, if the credit value of the satellite node on the route path is lower than a first threshold value, the weight value of the satellite node related link is reduced during route calculation; if the reputation value held by the neighbor node is lower than a second threshold value, the neighbor node is not considered as a possible relay node on the routing path during routing calculation; if the malicious node initiates the control message deception attack for multiple times, reducing the number of data packets forwarded by the malicious node; and if the malicious node still initiates the control message spoofing attack, directly deleting the malicious node from the routing table.
CN202110518821.4A 2021-05-12 2021-05-12 Block chain technology-based satellite self-organizing network OLSR (on-line analytical system) secure routing system Active CN113258986B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110518821.4A CN113258986B (en) 2021-05-12 2021-05-12 Block chain technology-based satellite self-organizing network OLSR (on-line analytical system) secure routing system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110518821.4A CN113258986B (en) 2021-05-12 2021-05-12 Block chain technology-based satellite self-organizing network OLSR (on-line analytical system) secure routing system

Publications (2)

Publication Number Publication Date
CN113258986A CN113258986A (en) 2021-08-13
CN113258986B true CN113258986B (en) 2022-03-25

Family

ID=77223222

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110518821.4A Active CN113258986B (en) 2021-05-12 2021-05-12 Block chain technology-based satellite self-organizing network OLSR (on-line analytical system) secure routing system

Country Status (1)

Country Link
CN (1) CN113258986B (en)

Families Citing this family (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20230050048A1 (en) * 2021-08-13 2023-02-16 Bank Of America Corporation Isolating And Reinstating Nodes In A Distributed Ledger Using Proof Of Innocence

Family Cites Families (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8948046B2 (en) * 2007-04-27 2015-02-03 Aerohive Networks, Inc. Routing method and system for a wireless network
EP3766190B1 (en) * 2017-03-16 2024-05-01 Lockheed Martin Corporation Distributed blockchain data management in a satellite environment
CN109508563B (en) * 2018-12-11 2021-11-16 南京大学 Block chain-based electronic file authenticity guarantee method
CN112688728B (en) * 2020-12-17 2022-02-08 西安电子科技大学 Inter-satellite authentication method, system, medium, equipment, terminal and application

Also Published As

Publication number Publication date
CN113258986A (en) 2021-08-13

Similar Documents

Publication Publication Date Title
Kumar et al. Black hole attack detection in vehicular ad-hoc network using secure AODV routing algorithm
Lai et al. SIRC: A secure incentive scheme for reliable cooperative downloading in highway VANETs
Rostamzadeh et al. A context-aware trust-based information dissemination framework for vehicular networks
Jaballah et al. Fast and secure multihop broadcast solutions for intervehicular communication
Bangotra et al. A trust based secure intelligent opportunistic routing protocol for wireless sensor networks
Ruan et al. DoS attack-tolerant TESLA-based broadcast authentication protocol in Internet of Things
Liao et al. Effectively changing pseudonyms for privacy protection in vanets
Paranjothi et al. GSTR: Secure multi-hop message dissemination in connected vehicles using social trust model
Haseeb et al. Efficient and trusted autonomous vehicle routing protocol for 6G networks with computational intelligence
Jin et al. DoS-resilient cooperative beacon verification for vehicular communication systems
Vasudev et al. A trust based secure communication for software defined VANETs
CN113258986B (en) Block chain technology-based satellite self-organizing network OLSR (on-line analytical system) secure routing system
Wei et al. Rethinking blockchains in the internet of things era from a wireless communication perspective
Zhu et al. LHAP: a lightweight network access control protocol for ad hoc networks
Ruan et al. A novel broadcast authentication protocol for internet of vehicles
Martinez et al. Evaluation of the use of guard nodes for securing the routing in VANETs
Liang et al. Bac-Crl: Blockchain-Assisted Coded Caching Certificate Revocation List for Authentication in Vanets
Sen et al. A distributed trust mechanism for mobile ad hoc networks
CN114339763A (en) Satellite self-organizing network security framework system and method for resisting black hole attack
Hemanand et al. FSSAM: A Five Stage Security Analysis Model for Detecting and Preventing Wormhole Attack in Mobile Ad-Hoc Networks Using Adaptive Atom Search Algorithm
Gao et al. World state attack to blockchain based IoV and efficient protection with hybrid RSUs architecture
Wang et al. AC: an NDN-based blockchain network with erasure coding
Singh et al. Performance Evaluation of a MANET based Secure and Energy Optimized Communication Protocol (E 2 S-AODV) for Underwater Disaster Response Network
Chavhan et al. Edge-enabled Blockchain-based V2X Scheme for Secure Communication within the Smart City Development
Limbasiya et al. Secure and effective geo-data transmission scheme for vehicle-to-vehicle communication

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant