计算机科学 ›› 2019, Vol. 46 ›› Issue (6): 153-161.doi: 10.11896/j.issn.1002-137X.2019.06.023

• 信息安全 • 上一篇    下一篇

物联网中基于信任抗丢包攻击的安全路由机制

张光华1,2, 杨耀红1, 张冬雯1, 李军3   

  1. (河北科技大学信息科学与工程学院 石家庄050018)1
    (西安电子科技大学综合业务网理论及关键技术国家重点实验室 西安 710071)2
    (河北师范大学数学与信息科学学院 石家庄050024)3
  • 收稿日期:2018-08-20 发布日期:2019-06-24
  • 通讯作者: 李 军(1976-),男,硕士,讲师,主要研究方向为网络与信息安全,E-mail:9099579@qq.com
  • 作者简介:张光华(1979-),男,博士,副教授,CCF会员,主要研究方向为网络与信息安全;杨耀红(1992-),女,硕士生,CCF会员,主要研究方向为网络与信息安全;张冬雯(1964-),女,博士,教授,CCF会员,主要研究方向为网络与信息安全;
  • 基金资助:
    国家重点研发计划项目(2016YFB0800703),国家自然科学基金项目(61572255),河北省高等学校科学技术研究项目(ZD2018236)资助。

Secure Routing Mechanism Based on Trust Against Packet Dropping Attack in Internet of Things

ZHANG Guang-hua1,2, YANG Yao-hong1, ZHANG Dong-wen1, LI Jun3   

  1. (College of Information Science and Engineering,Hebei University of Science and Technology,Shijiazhuang 050018,China)1
    (State Key Laboratory of Integrated Services Networks,Xidian University,Xi’an 710071,China)2
    (College of Mathematics and Information Science,Hebei Normal University,Shijiazhuang 050024,China)3
  • Received:2018-08-20 Published:2019-06-24

摘要: 在开放的物联网环境下,节点在路由过程中极易遭到恶意丢包攻击(包括黑洞攻击和灰洞攻击),这将严重影响网络的连通性,并导致网络的数据包投递率下降以及端到端延时增加。为此,在RPL协议的基础上,提出了一种基于信任的安全路由机制。根据节点在数据转发过程中的行为表现,引入惩罚因子来评估节点间的直接信任关系,通过熵为直接信任值和间接信任值分配权重,进而得到被评估节点的综合信任值。利用模糊集合理论对节点间的信任关系进行等级划分,为路由节点选取信任等级较高的邻居节点进行数据转发,而信任等级较低的邻居节点将被隔离出网络。此外,为了避免正常节点由于某些非入侵因素而被当作恶意节点隔离出网络,为这类节点提供一个给定的恢复时间,从而进一步判断是否将其隔离出网络。利用Contiki操作系统及其自带的Cooja网络模拟器对所提方案进行仿真,实验结果表明,在节点数目和恶意节点比例不同时,本方案的恶意节点检测率、误检率、数据包投递率和端到端延时4个指标均有所改善。在安全性方面,本方案的恶意节点检测率和误检率明显优于tRPL协议;在路由性能方面,本方案的数据包投递率和端到端延时明显优于tRPL协议和MRHOF-RPL协议。仿真分析结果充分说明:所提方案不仅能够有效识别恶意节点,而且能够在恶意攻击存在的情况下保持较好的路由性能。

关键词: RPL协议, 丢包攻击, 恶意检测, 物联网, 信任评估

Abstract: In an open Internet of Things environment,nodes are vulnerable to malicious packet dropping attacks (including black hole attacks and gray hole attacks) in the routing process,which will seriously affect the connectivity of the network and lead to the decrease of packet delivery rate and the increase of end-to-end delay.For this reason,this paper proposed a trust-based secure routing mechanism on the basis of RPL protocol.According to the behavior of the nodes in the data forwarding process,the penalty factor is introduced to evaluate the direct trust relationship between the nodes,the entropy is used to assign weights to the direct trust value and the indirect trust value,so that the comprehensive trust value of the evaluated nodes is obtained.The fuzzy set theory is used to classify the trust relationship between nodes,and the neighbor nodes with higher trust level are selected for the routing node to forward data,while the neighbor nodes with lower trust level are isolated from the network.In addition,in order to prevent normal nodes from being isolated from the network as malicious nodes due to some non-intrusion factors,a given recovery time will be provided to further determine whether to isolate them from the network.This paper used Contiki operating system and its Cooja network simulator to carry out the simulation experiment of this scheme.The results show that the malicious node detection rate,false detection rate,packet delivery rate and end-to-end delay of this scheme are improved when the number of nodes and the proportion of malicious nodes are different.In terms of security,the malicious node detection rate and false detection rate of this scheme are significantly better than tRPL protocol.In terms of routing performance,the packetdelivery rate and end-to-end delay of this scheme are significantly better than tRPL protocol and MRHOF-RPL protocol.The simulation analysis results fully demonstrate that this scheme can not only effectively identify malicious nodes,but also maintain better routing performance in the presence of malicious attacks.

Key words: Internet of things, Malicious detection, Packet dropping attack, RPL protocol, Trust evaluation

中图分类号: 

  • TP393
[1]ZHANG Y Q,ZHOU W,PENG A N.Survey of Internet of Things Security [J].Journal of Computer Research and Deve-lopment,2017,54(10):2130-2143.(in Chinese)
张玉清,周威,彭安妮.物联网安全综述[J].计算机研究与发展,2017,54(10):2130-2143.
[2]LIN J,YU W,ZHANG N,et al.A Survey on Internet of Things:Architecture,Enabling Technologies,Security and Privacy,and Applications[J].IEEE Internet of Things Journal,2017,4(5):1125-1142.
[3]ISLAM S M R,KWAK D,KABIR M H,et al.The Internet of Things for Health Care:A Comprehensive Survey [J].IEEE Access,2017,3:678-708.
[4]KURT M N,YILMAZ Y,WANG X.Distributed Quickest Detection of Cyber-Attacks in Smart Grid [J].IEEE Transactions on Information Forensics and Security,2018,13(99):1-16.
[5]ALFONSO V,JAMES F H,HUNG L H,et al.Predicts 2015:The Internet of Things[EB/OL].(2014-12-30) [2018-07-28].https://www.gartner.com/doc/2952822/predicts-internet-things.
[6]KSHIRSAGAR V H,KANTHE A M,SIMUNIC D.Trust Based Detection and Elimination of Packet Drop Attack in the Mobile Ad-Hoc Networks [J].Wireless Personal Communications,2018,100(2):311-320.
[7]HAN G,JIANG J,SHU L,et al.Management and Applications of Trust in Wireless Sensor Networks:A survey [J].Journal of Computer and System Sciences,2014,80(3):602-617.
[8]BAO F,CHEN I R,CHANG M,et al,Hierarchical Trust Mana-gement for Wireless Sensor Networks and Its Application to Trust-based Routing [C]∥Proceedings of ACM Symposium on Applied Computing.Taiwan:ACM,2011,1732-1738.
[9]BAO F,CHEN I R,CHANG M J,et al.Hierarchical Trust Management for Wireless Sensor Networks and its Applications to Trust-Based Routing and Intrusion Detection [J].IEEE Transactions on Network & Service Management,2012,9(2):169-183.
[10]HE D,CHEN C,CHAN S,et al.ReTrust:Attack-Resistant and Lightweight Trust Management for Medical Sensor Networks [J].IEEE Transactions on Information Technology in Biomedicine,2012,16(4):623-632.
[11]YANG B,YAMAMOTO R,TANAKA Y.Dempster-Shafer Evi-dence Theory based Trust Management Strategy against Coo-perative Black Hole Attacks and Gray Hole Attacks in MANETs[C]∥16th International Conference on Advanced Communi-cation Technology.Pyeongchang:IEEE,2014:223-232.
[12]WANG B,CHEN X,CHANG W.A Light-weight Trust-based QoS Routing Algorithm for Ad Hoc Networks [J].Pervasive and Mobile Computing,2014,13(2014):164-180.
[13]BAO F,CHEN I R.Trust Management for the Internet of Things and Its Application to Service Composition [C]∥2012 IEEE International Symposium on a World of Wireless,Mobile and Multimedia Networks (WoWMoM).San Francisco:IEEE,2012:1-6.
[14]YAN Z,ZHANG P,VASILAKOS A V.A Survey on Trust Management for Internet of Things [J].Journal of Network and Computer Applications,2014,42(3):120-134.
[15]KARKAZIS P,LELIGOU H C,SARAKIS L,et al.Design of Primary and Composite Routing Metrics for RPL-compliant Wireless Sensor Networks [C]∥2012 International Conference on Telecommunications and Multimedia (TEMU).Chania:IEEE,2012:13-18.
[16]SEEBER S,SEHGAL A,STELTE B,et al.Towards a Trust Computing Architecture for RPL in Cyber Physical Systems [C]∥Proceedings of the 9th International Conference on Network and Service Management (CNSM 2013).Zurich:IEEE,2013:134-137.
[17]DJEDJIG N,TANDJAOUI D,MEDJEK F.Trust-based RPL for the Internet of Things [C]∥2015 IEEE Symposium on Computers and Communication (ISCC).Larnaca:IEEE,2016:962-967.
[18]KHAN Z A,HERRMANN P.A Trust Based Distributed Intrusion Detection Mechanism for Internet of Things [C]∥2017 IEEE 31st International Conference on Advanced Information Networking and Applications (AINA).Taipei:IEEE,2017:1169-1176.
[19]KHAN Z A,ULLRICH J,VOYIATZIS A G,et al.A Trust-based Resilient Routing Mechanism for the Internet of Things [C]∥Proceedings of the 12th International Conference on Availability,Reliability and Security (ARES’17).Reggio Calabria:ACM,2017:1-6.
[20]THUBERT P,WINTER T,BRANDT A,et al.RPL:IPv6 Routing Protocol for Low power and Lossy Networks [J].Internet Requests for Comment,2012,6550(5):853-861.
[21]LUO J,LIU X,FAN M.A Trust Model based on Fuzzy Recommendation for Mobile Ad-hoc Networks [J].Computer Networks,2009,53(14):2396-2407.
[22]ZHOU Z P,SHAO N N.An Improved Trust Evaluation Model Based on Bayesian for WSNs [J].Chinese Journal of Sensors and Actuators,2016,29(6):927-933.(in Chinese)
周治平,邵楠楠.基于贝叶斯的改进WSNs信任评估模型[J].传感技术学报,2016,29(6):927-933.
[23]WU G,DU Z,HU Y,et al.A Dynamic Trust Model Exploiting the Time Slice in WSNs [J].Soft Computing,2014,18(9):1829-1840.
[24]VASSEUR J P,KIM M,PISTER K,et al.Routing Metrics Used for Path Calculation in Low-Power and Lossy Networks [S/OL].[2018-07-28].https://tools.ietf.org/pdf/rfc6551.pdf.
[25]OSTERLIND F,DUNKELS A,ERIKSSON J,et al.Cross-Level Sensor Network Simulation with COOJA [C]∥Proceedings.2006 31st IEEE Conference on Local Computer Networks.Tampa:IEEE,2011:641-648.
[26]QASEM M,ALTAWSSI H,YASSIEN M B,et al.Performance Evaluation of RPL Objective Functions [C]∥IEEE Internatio-nal Conference on Computer and Information Technology;Ubiquitous Computing and Communications;Dependable,Autonomic and Secure Computing;Pervasive Intelligence and Computing.Liverpool:IEEE,2015:1606-1613.
[1] 张翀宇, 陈彦明, 李炜.
边缘计算中面向数据流的实时任务调度算法
Task Offloading Online Algorithm for Data Stream Edge Computing
计算机科学, 2022, 49(7): 263-270. https://doi.org/10.11896/jsjkx.210300195
[2] 张翕然, 刘万平, 龙华.
物联网僵尸网络病毒的传播动力学模型与分析
Dynamic Model and Analysis of Spreading of Botnet Viruses over Internet of Things
计算机科学, 2022, 49(6A): 738-743. https://doi.org/10.11896/jsjkx.210300212
[3] 周天清, 岳亚莉.
超密集物联网络中多任务多步计算卸载算法研究
Multi-Task and Multi-Step Computation Offloading in Ultra-dense IoT Networks
计算机科学, 2022, 49(6): 12-18. https://doi.org/10.11896/jsjkx.211200147
[4] 董丹丹, 宋康.
RIS辅助双向物联网通信系统性能分析
Performance Analysis on Reconfigurable Intelligent Surface Aided Two-way Internet of Things Communication System
计算机科学, 2022, 49(6): 19-24. https://doi.org/10.11896/jsjkx.220100064
[5] 沈家芳, 钱丽萍, 杨超.
面向集能型中继窄带物联网的非正交多址接入和多维网络资源优化
Non-orthogonal Multiple Access and Multi-dimension Resource Optimization in EH Relay NB-IoT Networks
计算机科学, 2022, 49(5): 279-286. https://doi.org/10.11896/jsjkx.210400239
[6] 张振超, 刘亚丽, 殷新春.
适用于物联网环境的无证书广义签密方案
New Certificateless Generalized Signcryption Scheme for Internet of Things Environment
计算机科学, 2022, 49(3): 329-337. https://doi.org/10.11896/jsjkx.201200256
[7] 张叶, 李志华, 王长杰.
基于核密度估计的轻量级物联网异常流量检测方法
Kernel Density Estimation-based Lightweight IoT Anomaly Traffic Detection Method
计算机科学, 2021, 48(9): 337-344. https://doi.org/10.11896/jsjkx.200600108
[8] 李贝贝, 宋佳芮, 杜卿芸, 何俊江.
DRL-IDS:基于深度强化学习的工业物联网入侵检测系统
DRL-IDS:Deep Reinforcement Learning Based Intrusion Detection System for Industrial Internet of Things
计算机科学, 2021, 48(7): 47-54. https://doi.org/10.11896/jsjkx.210400021
[9] 李嘉明, 赵阔, 屈挺, 刘晓翔.
基于知识图谱的区块链物联网领域研究分析
Research and Analysis of Blockchain Internet of Things Based on Knowledge Graph
计算机科学, 2021, 48(6A): 563-567. https://doi.org/10.11896/jsjkx.200600071
[10] 王卫红, 陈震宇.
基于改进区块链的智能制造安全模型
Intelligent Manufacturing Security Model Based on Improved Blockchain
计算机科学, 2021, 48(2): 295-302. https://doi.org/10.11896/jsjkx.191200159
[11] 刘新, 黄缘缘, 刘子昂, 周睿.
IoTGuardEye:一种面向物联网服务的Web攻击检测方法
IoTGuardEye:A Web Attack Detection Method for IoT Services
计算机科学, 2021, 48(2): 324-329. https://doi.org/10.11896/jsjkx.200800030
[12] 王锡龙, 李鑫, 秦小麟.
电力物联网下分布式状态感知的源网荷储协同调度
Collaborative Scheduling of Source-Grid-Load-Storage with Distributed State Awareness UnderPower Internet of Things
计算机科学, 2021, 48(2): 23-32. https://doi.org/10.11896/jsjkx.200900209
[13] 张育龙, 王强, 陈明康, 孙静涛.
图像去雨算法在云物联网应用中的研究综述
Survey of Intelligent Rain Removal Algorithms for Cloud-IoT Systems
计算机科学, 2021, 48(12): 231-242. https://doi.org/10.11896/jsjkx.201000055
[14] 宗思洁, 覃天, 贺龙兵.
面向IOT芯片的安全启动算法分析与应用
Analysis and Application of Secure Boot Algorithm Based on IOT Chip
计算机科学, 2021, 48(11A): 552-556. https://doi.org/10.11896/jsjkx.210300237
[15] 刘炜, 阮敏捷, 佘维, 张志鸿, 田钊.
面向物联网的PBFT优化共识算法
PBFT Optimized Consensus Algorithm for Internet of Things
计算机科学, 2021, 48(11): 151-158. https://doi.org/10.11896/jsjkx.210500038
Viewed
Full text


Abstract

Cited

  Shared   
  Discussed   
No Suggested Reading articles found!