정보처리학회논문지C (The KIPS Transactions:PartC)

한국정보처리학회 (Korea Information Processing Society)
권호 표지
DOI QR코드

DOI QR Code

애드혹 네트워크에서의 one-time 전자 서명을 이용한 라우팅 보안 메커니즘

Secure Routing Mechanism using one-time digital signature in Ad-hoc Networks

  • 편혜진 (삼성전자(주) 정보통신총괄 무선사업부) ;
  • 도인실 (이화여자대학교 컴퓨터학과) ;
  • 채기준 (이화여자대학교 컴퓨터학과)
  • 발행 : 2005.10.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

애드혹 네트워크는 기존의 유무선 네트워크의 고정된 기반시설(infrastructure) 없이 이동 호스트들만으로 구성된 무선 환경의 네트워크이다. 애드혹 네트워크의 기본 특성, 즉, 링크의 불안정성, 각 노드의 물리적 보호의 한계, 노드간 연결의 산재성, 토폴로지의 동적인 변화 뿐 아니라 악의적인 노드의 활동으로 인해 라우팅 보안에 대한 위험성은 매우 높다 따라서 본 논문에서는 애드혹 네트워크에서 경로 탐색이나 설정 과정중 악의적인 노드가 라우팅 메시지를 변조, 위조하거나 다른 노드를 가장하여 잘못된 라우팅 정보를 네트워크에 주입시키는 공격을 방지하기 위하여 일방향 해쉬 함수를 기초로 한 one-time 전자 서명을 이용한 라우팅 보안 메커니즘을 제안한다. 제안하는 메커니즘에서 노드들은 라우팅 메시지를 서명하기 위하여 공개키 요소의 첫 세트를 반복적으로 해쉬 함수에 적용함으로써 해쉬 체인을 생성하고, 생성된 해쉬 체인으로부터 공개키 요소들을 여러 세트 유도하여 해쉬 테이블을 생성한다. 해쉬 테이블 생성 후, 노드들은 자신의 공개키 요소를 다른 노드들에게 공표하고 라우팅 메시지를 전송할 경우 one-time 전자 서명을 포함한다. 이러한 one-time 전자 서명은 라우팅 메시지를 인증하고 메시지에 무결성을 제공한다. 제안하는 라우팅 보안 메커니즘은 이동성이 높은 네트워크 환경에서는 보안을 고려하지 않은 라우팅 메커니즘에 비해 라우팅 오버헤드가 좀더 높아지지만, 경로를 탐색하고 설정하는 과정에서 악의적인 노드의 공격에 대하여 훨씬 높은 안전성을 제공함을 시뮬레이션을 통해서 확인할 수 있다.

In ad-hoc network, there is no fixed infrastructure such as base stations or mobile switching centers. The security of ad-hoc network is more vulnerable than traditional networks because of the basic characteristics of ad-hoc network, and current muting protocols for ad-hoc networks allow many different types of attacks by malicious nodes. Malicious nodes can disrupt the correct functioning of a routing protocol by modifying routing information, by fabricating false routing information and by impersonating other nodes. We propose a routing suity mechanism based on one-time digital signature. In our proposal, we use one-time digital signatures based on one-way hash functions in order to limit or prevent attacks of malicious nodes. For the purpose of generating and keeping a large number of public key sets, we derive multiple sets of the keys from hash chains by repeated hashing of the public key elements in the first set. After that, each node publishes its own public keys, broadcasts routing message including one-time digital signature during route discovery and route setup. This mechanism provides authentication and message integrity and prevents attacks from malicious nodes. Simulation results indicate that our mechanism increases the routing overhead in a highly mobile environment, but provides great security in the route discovery process and increases the network efficiency.

키워드

참고문헌

  1. C. E. Perkins, 'ad-hoc Networking,' New York, Addison-Wesley, 2001
  2. Yih-Chun Hu, Adrian Perrig, 'A survey of secure wireless ad hoc routing,' Wireless Networks, Vol.11, pp.21-38, January, 2005 https://doi.org/10.1007/s11276-004-4744-y
  3. D. B. Johnson, 'Routing in Ad Hoc Networks of Mobile Hosts,' In Proc. IEEE Workshop on Mobile Computing Systems and Applications (WMCSA'94), IEEE Press, 1994, pp.158-163 https://doi.org/10.1109/MCSA.1994.513476
  4. Yih-Chun Hu, Adrian Perrig, David B. Johnson, 'Ariadne : A Secure On Demand Routing Protocol for Ad Hoc Networks,' Wireless Networks, Vol.11, pp.21-38, January, 2005 https://doi.org/10.1007/s11276-004-4744-y
  5. A. Perrig et al., 'Efficient Authentication and Signing of Multicast Streams over Lossy Channels,' In Proc. IEEE Symp. Security and Privacy, IEEE Press, 2000, pp.56-73 https://doi.org/10.1109/SECPRI.2000.848446
  6. C. E. Perkins and P. Bhagwat, 'Highly Dynamic Destination-Sequenced Distance-Vector Routing (DSDV) for Mobile Computers,' In Proc. SIGCOMM '94 Conf. Communications Architectures, Protocols and Applications, ACM Press, 1994, pp.234-244 https://doi.org/10.1145/190314.190336
  7. Yih-Chun Hu David B. Johnson Adrian Perrig, 'SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks,' In Fourth IEEE Workshop on Mobile Computing Systems and Applications (WMCSA'02), June, 2002 https://doi.org/10.1109/MCSA.2002.1017480
  8. C.E. Perkins and E.M. Royer, 'Ad-Hoc On-Demand Distance Vector Routing,' In Proc. of 2nd IEEE Workshop Mobile Computing Systems and Applications(WMCSA'99), IEEE Press, 1999, pp.90-100 https://doi.org/10.1109/MCSA.1999.749281
  9. R.C. Merkle, 'Protocols for Public Key Cryptosystems,' In Proc. IEEE Symp, Research in Security and Privacy, IEEE Press, 1980, pp.122-133 https://doi.org/10.1109/SP.1980.10006
  10. C. Perkins and E. Royer, 'Ad hoc On-Demand Distance Vector Routing,' In Proc. IEEE Workshop on Mobile Computing Systems and Applications, 1999 https://doi.org/10.1109/MCSA.1999.749281
  11. P. Papadimitratos and Z. J. Haas, 'Secure Routing for Mobile ad-hoc Networks,' SCS Communication Networks and Distributed Systems Modeling and Simulation Conference (CNDS 2002), San Antonio, TX, January, pp.27-31, 2002
  12. Y. C. Hu, A. Perrig, and D.B. Johnson, 'Packet Lea-shes: A Defense against Wormhole Attacks in Wireless Ad HocNetworks,' In Proc. of 22nd Ann. Joint Conf. IEEE Computerand Communications Societies (INFOCOM 2003), IEEE Press, 2003, pp.1976-1986
  13. Manel Guerrero Zapata and N. Asokan, 'Securing ad-hoc Routing Protocols,' In Proc. of ACM Workshop on Wireless Security (WiSe 2002), pp.1-10, September, 2002 https://doi.org/10.1145/570681.570682
  14. Kimaya Sanzgiri et al, 'A Secure Routing Protocol for Ad hoc Networks,' In Proc. of the 10th IEEE inter-national Conference on Network Protocols(ICNP). 2002
  15. Niki Pissihou, Tirthankkar Ghosh and Kia Makki, 'Collaborative Trust-Based Secure Routing in multihop Ad Hoc Networks,' LNCS 3042, April, 2004 https://doi.org/10.1007/b97826
  16. K. Zhang, 'Efficient protocols for signing routing messages,' In Proc. of the 1998 Internet Society (ISOC) Symposium on Network and Distributed System Security, San Diego, California, March, 1998
  17. W. Diffie and M. Hellman, 'Net Directions in Cryptography,' IEEE Trans. on Information Theory, IT-22, pp.644-654, November, 1976
  18. L. Lamport, 'Construction digital signatures from oneway function,' Technical Report SRI-CSL-98, SRI International, October, 1979
  19. R. C. Merkle, 'A Digital Signature Based on a Conventional Encryption Function,' In Proc. of CRYPTO'87, LNCS 293, pp.369-378, 1987
  20. R. C. Merkle, 'A Certified Digital Signature,' In Proc. of CRYPTO'89, LNCS 435, Springer Verlag, pp.218-238, 1990
  21. Ronald Rivest: The MD5 Message Digest Algorithm, RFC1321, April, 1992, ftp://ftp.rfc-editor.org/in-notes/rfc1321.txt