Research On Secure Routing And Key Management Schemes In Opportunistic Networks

With the popularization of personal mobile computing devices, such as thecellphone and tablet PC, opportunistic networks received more and more attention inboth academic and industrial fields. In opportunistic networks, mobile nodescommunicate with each other through the encounter opportunities which areaccompanied by carriers’ social activities and contacts, and the messages are transmittedand shared in "Store-Carry-Forward" model. Unlike traditional wireless networks,opportunistic networks don’t assume that the integrated end-to-end routing paths exist.Mobile nodes compute and select the appropriate next hops by their local knowledgewithout the topology information of the whole network. Therefore, opportunisticnetworks can be applied to different scenarios even in extreme environment. However,due to the self-organizing, intermittent, mobility characteristics, the opportunisticnetworks have to face more challenges in security aspect. And the traditional securityschemes can’t be adapted in opportunistic networks. In this paper, we study the securerouting protocols, key management and trust management schemes in opportunisticnetworks. The main contributions of this thesis are as follows:(1) The social context information is exploited to formulate the routing andforwarding strategies in opportunistic networks. However, the social contextinformation is sensitive and users don’t want to expose such information to unfamiliarnodes. We propose a security scheme based on Searchable Encryption to protect theprivacy of nodes for social context-based routing in opportunistic networks. TheTrapdoor is set up for each node’s social attributes so that relay could compute thematching of social context between itself and destination node without getting anysocial attribute information from destination node. Simulation results show thatimplementing our security scheme will not induce any negative impact on the routingperformance, which indicates that our security scheme is practical and effective foropportunistic networks.(2) In opportunistic networks, compromised nodes can attack social context-basedrouting protocols by publishing the false social attributes information. To solve thisproblem, we propose a security scheme based on the identity-based threshold signaturewhich allows mobile nodes to jointly generate and distribute the secrets for socialattributes in a totally self-organized way without the need of any centralized authority.New joining nodes can reconstruct their own social attribute signatures by gettingenough partial signature services from encounter opportunities with the initial nodes.Mobile nodes need to testify whether the neighbors can provide valid attribute signatures for their routing advertisements in order to resist the potential routing attacks.Simulation results show that: by implementing of our security scheme, the networkdelivery probability of the social context-based routing protocol can be effectivelyimproved when there are large numbers of compromised nodes in opportunisticnetworks.(3) An on-demand key management scheme is proposed based on social attributes,which could conform to the characteristics of opportunistic networks. The mobile nodesselectively issue the identity certificates for each other to establish the web of trustbased on the matching of social attributes. Consequently, the performance of certificategraph is efficiently optimized comparing to the traditional methods. Meanwhile, thanksto checking the social attribute evidences, the invalid certificate chains caused bymalicious nodes are avoid to be built. Simulation result shows that, our scheme canprovide high success ratio for reconstruction of certificate chains and high userreachability through low network costs in opportunistic networks.(4) A novel trust management scheme is presented based on behavior feedbackinformation, in order to secure the routing protocols in opportunistic networks. Byutilizing the certificate chains, the mobile nodes build the local certificate graphsgradually which can realize the mutual identity authentication, and the “Identity Trust”relationship is formed. Meanwhile, the successors generate Verified Feedback Packetsfor each positive feedback behavior, and consequently the “Behavior Trust” relationshipis formed. Simulation result shows that, our trust management scheme can efficientlyexplore and select the trust nodes for forwarding protocols. Accordingly, the networkperformance is improved significantly, for cyber attacks which are launched by thecompromised nodes are blocked.