西安电子科技大学学报

• 研究论文 • 上一篇    下一篇

利用节点可信度的安全链路状态路由协议

梁洪泉1,2;吴巍1,2   

  1. (1. 通信网信息传输与分发技术重点实验室,河北 石家庄  050081;
    2. 中国电子科技集团公司第五十四研究所,河北 石家庄  050081)
  • 收稿日期:2015-07-15 出版日期:2016-10-20 发布日期:2016-12-02
  • 通讯作者: 梁洪泉
  • 作者简介:梁洪泉(1981-),男,高级工程师,中国电子科技集团公司第五十四研究所博士研究生,E-mail:lianghongquan_1981@163.com.
  • 基金资助:

    国家部委基金资助项目(B1120131046);国家高技术研究发展计划(“863”计划)资助项目(2015A015701)

Secure link status routing protocol based on node trustworthiness

LIANG Hongquan1,2;WU Wei1,2   

  1. (1. Science and Technology on Information Transmission and Dissemination in Communication Networks Laboratory, Shijiazhuang  050081, China;
    2. The 54th Research Institute of China Electronics Technology Group Corporation, Shijiazhuang  050081, China)
  • Received:2015-07-15 Online:2016-10-20 Published:2016-12-02
  • Contact: LIANG Hongquan

摘要:

针对当前互联网中亟需解决的安全路由技术展开研究,在综合考虑节点身份和交互行为的基础上,引入一种基于动态贝叶斯网络的可信度量模型,将此模型应用于开放式最短路径优先路由协议,同时结合基于组合公钥的安全认证技术,提出了一种新的安全链路状态路由协议,能够为信息传输选择高安全可信的路径.仿真实验通过模拟拒绝服务攻击,验证了在同等条件下新安全链路状态路由协议在增强安全可信性的同时,并未显著增加协议的开销和复杂性,且在遭受网络攻击时具有较好的时效性和动态自适应能力,能够有效抑制异常实体的威胁.

关键词: 可信度量, 动态贝叶斯网络, 组合公钥, 可信平台模块, 网络安全

Abstract:

To develop secure routing technology for the current Internet, a trusted measurement model based on dynamic Bayesian networks(TMMDBN) is introduced by taking both node identity and its interaction into account. Combining the security authentication technology based on the combined public key(CPK), a new secure link state routing protocol(SLSRP) is proposed by applying the model to the OSPF protocol, which can determine a high security and trusted path for data transmission. Simulation results show that SLSRP achieves a much better security performance than OSPF with little increase in signaling overhead and computational complexity. Moreover, SLSRP has an adaptive capability and can quickly react to the denial of the service attack, which can effectively suppress the threat of an abnormal entity.

Key words: trusted measurement, Bayesian networks, combined public key, trusted platform module, network security