Dual-link wireless ad hoc network and security defense method in emergency scene

Abstract

Disclosed is a dual-link wireless ad hoc network and a security defense method in an emergency scene, aiming at comprehensively improving its security defense capability. The method comprises: sending, by a source node, the secret key and other messages which are not security defense messages through the second link; detecting, by a destination node, abnormal messages from the acquired valid messages after matching with abnormal message feature library, filtering the abnormal messages out, and quickly broadcasting the features of new abnormal messages through the first link; checking, by a new node to be added to the network, the identity and hardware state, authorizing the new node without abnormality, and broadcasting the authorization result information through the first link; adding, by other nodes receiving the security defense messages, the features of the new abnormal messages to their own abnormal message feature library, and allowing the entry of the new node.

Claims

1. A dual-link wireless ad hoc network in an emergency scene, comprising M+1 mobile nodes, where N={n.sub.1, n.sub.2, . . . n.sub.i, . . . n.sub.M}, M≥3, wherein n.sub.i represents the i-th mobile node, 1≤i≤M, each mobile node serves as both a source node and a destination node of other mobile nodes, as well as an intermediate node between two mobile nodes, and a first link for transmitting security defense messages and a second link for transmitting other messages not belonging to the security defense messages, public keys and encrypted AES keys are provided between any two mobile nodes; each mobile node is loaded with a security defense unit, which comprises: a private key, a public key, a RSA encryption module, a RSA decryption module, a Hash module, a digital signature module, an AES key, an AES encryption module, an AES decryption module, a digital signature verification module, an abnormal message feature library, a feature matching module, a TCP/IP filter module, a S.M.A.R.T module, a supervision engine module and a special broadcast queue module, wherein: the RSA encryption module is configured to encrypt the AES key; the RSA decryption module is configured to decrypt the encrypted AES key; the Hash module is configured to acquire message digest of a message; the digital signature module is configured to sign the message digest to generate a digital signature; the AES encryption module is configured to perform AES encryption on the message; the AES decryption module is configured to decrypt the AES encrypted message with the digital signature; the digital signature verification module is configured to strip the digital signature on the message; decrypt the signature of the digitally signed message digest; and verify whether the message digest that has been decrypted its signature is the same as the message digest of the decrypted message stripped of the digital signature which is acquired by the Hash module; the abnormal message feature library is configured to store a plurality of abnormal message features; the feature matching module is configured to match the message with the abnormal message features in the abnormal message feature library; the TCP/IP filter module is configured to filter out abnormal messages; the S.M.A.R.T module is configured to monitor the hardware state of the new node to be added to the dual-link wireless ad hoc network in the emergency scene; the supervision engine module is configured to judge the message received by the destination node and unsuccessfully matched with the feature matching module; add the features of abnormal messages which are unsuccessfully matched with the feature matching module to the special broadcast queue module and the abnormal message feature library loaded on the destination node; check an identity and a hardware state of a new node to be added to the dual-link wireless ad hoc network in the emergency scene; authorize the new node without abnormality; and add authorization result information to the special broadcast queue module loaded on the destination node; the special broadcast queue module is configured to encapsulate the features of abnormal messages which are unsuccessfully matched with the feature matching module and the authorization result information into security defense messages, and broadcast the security defense messages to all mobile nodes except the destination node in the dual-link wireless ad hoc network in the emergency scene through the first link.

2. The dual-link wireless ad hoc network in an emergency scene according to claim 1, wherein the hardware state of the new node to be added to the dual-link wireless ad hoc network in the emergency scene monitored by the S.M.A.R.T module refers to monitoring whether the new node is invaded and whether there is hardware failure.

3. A security defense method for a dual-link wireless ad hoc network in an emergency scene, comprising the steps of: (1) sending, by a source node n.sub.i, a secret key to destination node n.sub.j, wherein: an RSA encryption module loaded on the source node n.sub.i encrypts the AES key Z1 through a private key Y of n.sub.i to obtain an encrypted AES key, and sends Z1 and a public key X of the source node n.sub.i to the destination node n.sub.j through a second link, wherein 1≤i≤M, 1≤j≤M, i≠j; (2) sending, by the source node n.sub.i, a message to the destination node n.sub.j, wherein: (2a) a Hash module loaded on the source node n.sub.i calculates a hash of a message A to be sent by the source node n.sub.i, and takes the calculated hash value as a message digest B of the message A; (2b) a digital signature module loaded on the source node n.sub.i signs the message digest B through a private key Y of the source node n.sub.i to obtain a digital signature C of B, and attaches the digital signature C to the message A to obtain the message D with the digital signature; (2c) an AES encryption module loaded on the source node n.sub.i encrypts D through the AES key Z of the source node n.sub.i to obtain an AES encrypted message E; (2d) if the AES encrypted message E is a security defense message, the source node n.sub.i sends the message to the destination node n.sub.j through a first link; if the AES encrypted message E is another message, the source node n.sub.i sends the message to the destination node n.sub.j through the second link; in the transmission process, if the destination node n.sub.j is not in the communication range of the source node n.sub.i, the message is forwarded through an intermediate node; (3) acquiring, by the destination node n.sub.j, the AES encrypted message E, wherein: (3a) the destination node n.sub.j receives the encrypted AES key Z1 sent by the source node n.sub.i, the public key X of the source node n.sub.i and the AES encrypted message E; (3b) the RSA decryption module loaded on the destination node n.sub.j decrypts the encrypted AES key Z1 through the public key X of the source node n.sub.i to obtain the decrypted AES key Z2; (3c) the AES decryption module loaded on the destination node n.sub.j decrypts the AES encrypted message E through Z2 to obtain the AES decrypted message E′; (3d) the digital signature verification module loaded on the destination node n.sub.j strips the AES decrypted message E′ to obtain the message D′ and the digital signature C′ of E′; (3e) the digital signature verification module loaded on the destination node n.sub.j decrypts the digital signature C′ of E′ through the public key X of the source node n.sub.i to obtain message digest P; (3f) the Hash module loaded on the destination node n.sub.j calculates the message D′ and takes the calculated hash value as the message digest Q; (3g) the digital signature verification module loaded on the destination node n.sub.j judges whether the message digest P is the same as the message digest Q, if so, the message sent by the source node n.sub.i is consistent with the message received by the destination node n.sub.j, that is, the message received by the destination node n.sub.j is a valid message, otherwise, the message received by the destination node n.sub.j is an invalid message; (4) filtering, by the destination node n.sub.j, the abnormal message, wherein: (4a) the feature matching module loaded on the destination node n.sub.j matches the valid message with the abnormal message features in the abnormal message feature library, if they match successfully, the valid message is an abnormal message, and the abnormal message is filtered out to realize the defense against the abnormal message, otherwise, step (4b) is executed; (4b) the supervision engine module loaded on the destination node n.sub.j judges whether the valid message is normal through deep learning algorithm, if so, the valid message is a normal message, otherwise, the valid message is a new abnormal message, the features of the new abnormal message are added to the special broadcast queue module loaded on the destination node n.sub.j and the abnormal message feature library, and the new abnormal message is filtered out at the same time to realize the defense against the new abnormal message; (5) expanding, by the destination node n.sub.j, the abnormal message feature library, wherein: after receiving the normal message which is the security defense message in step (4b), the destination node n.sub.j adds the abnormal message features in the security defense message to the abnormal message feature library loaded on the destination node n.sub.j; (6) checking, by the new node to be added to the dual-link wireless ad hoc network in the emergency scene, its own security, wherein: the new node to be added to the dual-link wireless ad hoc network in the emergency scene is loaded with a security defense unit; its own hardware state is monitored by the S.M.A.R.T module to obtain the hardware state results of whether it is invaded and whether there is hardware failure; the supervision engine module checks whether its own identity and the hardware state monitored by the S.M.A.R.T module are normal. If so, it is authorized by the supervision engine module, and the authorization result information is added to the special broadcast queue module loaded on the new node through the supervision engine module. Otherwise, the new node is refused to be added to the network to realize the defense against the new node with abnormality to be added to the dual-link wireless ad hoc network in the emergency scene; (7) sending, by the new node to be added to the dual-link wireless ad hoc network in the emergency scene, a security defense message to M mobile nodes, wherein: the new node to be added to the dual-link wireless ad hoc network in the emergency scene is taken as a source node, and its own encrypted AES key is acquired according to the method in step (1). The encrypted AES key and its own public key are sent to M mobile nodes of the dual-link wireless ad hoc network in the emergency scene through the second link, and its own AES encrypted security defense message is acquired according to the method in step (2) at the same time, and is sent to M mobile nodes of the dual-link wireless ad hoc network in the emergency scene through the first link; (8) acquiring, by M mobile nodes of the dual-link wireless ad hoc network in the emergency scene, the security defense message sent by the new node, wherein: M mobile nodes of the dual-link wireless ad hoc network in the emergency scene acquire the valid message sent by the new node according to the method in step (3), and judge whether the valid message is a normal message, an abnormal message or a new abnormal message according to the method in step (4). If the valid message is an abnormal message, the abnormal message is filtered out. If the valid message is a new abnormal message, the features of the new abnormal message are added to the special broadcast queue module loaded on M mobile nodes and the abnormal message feature library, and the new abnormal message is filtered out at the same time. Otherwise, after the authorization result information of the new node in the normal message sent by the new node which is a security defense message is acquired, the new node is allowed to be added to the dual-link wireless ad hoc network in the emergency scene, and the dual-link wireless ad hoc network in the emergency scene of M+1 mobile nodes including the new node is obtained.

4. The security defense method for a dual-link wireless ad hoc network in an emergency scene according to claim 3, wherein the Hash module loaded on the source node n.sub.i in step (2a) calculates the message A to be sent by the source node n.sub.i, and the calculation method is that the Hash module loaded on the source node n.sub.i maps the message A into a unique, irreversible, fixed-length and compact string, which is a hash value.

5. The security defense method for a dual-link wireless ad hoc network in an emergency scene according to claim 3, wherein the supervision engine module loaded on the destination node n.sub.j in step (4b) judges whether the valid message is normal through the deep learning algorithm, and the judging method is to judge whether the valid message is normal or abnormal through the deep neural network model established by the deep learning algorithm, wherein a deep neural network model has learned the features of normal messages in the network monitored in history.

Description

BRIEF DESCRIPTION OF THE DRAWINGS

(1) FIG. 1 is a schematic structural diagram for a dual-link wireless ad hoc network in an emergency scene according to the present disclosure;

(2) FIG. 2 is an implementation flow chart of a security defense method for a dual-link wireless ad hoc network in an emergency scene according to the present disclosure;

(3) FIG. 3 is an implementation flow chart of sending messages from a source node to a destination node according to the present disclosure;

(4) FIG. 4 is an implementation flow chart of a destination node processing the received message according to the present disclosure.

DETAILED DESCRIPTION

(5) The present disclosure will be described in further detail with reference to the drawings and specific embodiments.

(6) With reference to FIG. 1, a dual-link wireless ad hoc network in an emergency scene includes: M mobile nodes, where N={n.sub.1, n.sub.2, . . . , n.sub.i, . . . , n.sub.M}, M≥3, wherein n.sub.i represents the i-th mobile node, 1≤i≤M. In this embodiment, M=18, each mobile node serves as both a source node and a destination node of other mobile nodes, as well as an intermediate node between two mobile nodes, and a first link for transmitting security defense messages and a second link for transmitting other messages not belonging to security defense messages, public keys and encrypted AES keys are provided between any two mobile nodes.

(7) The first link is independent of the second link, which do not influence each other and transmit their own information independently. At the same time, because the first link only transmits security defense messages, it avoids the redundancy of transmitting a large number of kinds of information by the second link, and has the characteristics of light weight and easy management.

(8) Each mobile node is loaded with a security defense unit, which comprises a private key, a public key, an RSA encryption module, an RSA decryption module, a Hash module, a digital signature module, an AES key, an AES encryption module, an AES decryption module, a digital signature verification module, an abnormal message feature library, a feature matching module, a TCP/IP filter module, an S.M.A.R.T module, a supervision engine module and a special broadcast queue module, wherein:

(9) the RSA encryption module is configured to encrypt the AES key;

(10) the RSA decryption module is configured to decrypt the encrypted AES key;

(11) the Hash module is configured to acquire message digest of the message;

(12) the digital signature module is configured to sign the message digest;

(13) the AES encryption module is configured to perform AES encryption on the message;

(14) the AES decryption module is configured to decrypt the AES encrypted message with the digital signature;

(15) the digital signature verification module is configured to strip the digital signature on the message; decrypt the signature of the digitally signed message digest; and verify whether the message digest that has been decrypted its signature is the same as the message digest of the decrypted message stripped of the digital signature which is acquired by the Hash module;

(16) the abnormal message feature library is configured to store a plurality of abnormal message features;

(17) the feature matching module is configured to match the message with the abnormal message features in the abnormal message feature library;

(18) the TCP/IP filter module is configured to filter out abnormal messages;

(19) the S.M.A.R.T module is configured to monitor the hardware state about whether the new node to be added to the dual-link wireless ad hoc network in the emergency scene is invaded and whether there is hardware failure;

(20) the supervision engine module is configured to judge the message received by the destination node and unsuccessfully matched with the feature matching module; add the features of abnormal messages which are unsuccessfully matched with the feature matching module to the special broadcast queue module and the abnormal message feature library loaded on the destination node; check the identity and hardware state of the new node to be added to the dual-link wireless ad hoc network in the emergency scene; authorize the new node without abnormality; and add authorization result information to the special broadcast queue module loaded on the destination node;

(21) the special broadcast queue module is configured to encapsulate the features of abnormal messages which are unsuccessfully matched with the feature matching module and the authorization result information into security defense messages, and broadcast the security defense messages to all mobile nodes except the destination node in the dual-link wireless ad hoc network in the emergency scene through the first link.

(22) By loading a security defense unit on each mobile node, the purpose of distributed intrusion detection can be achieved, so that even if the network is paralyzed in a large area, any mobile node can still independently carry out security defense, prevent malicious behavior of attackers and improve the invulnerability of the network.

(23) The TCP/IP filter module directly filters out the abnormal messages successfully matched with the feature matching module, which embodies the application of misuse detection in intrusion detection technology and gives full play to the advantage of fast detection speed; the supervision engine module uses the deep learning algorithm to judge the messages that are not successfully matched with the feature matching module, which embodies the application of abnormal detection and gives full play to the advantages of intelligent detection that can judge unknown types of messages. Through the mixed detection method of misuse detection and abnormal detection, the advantages of the two detection methods can be integrated and the detection rate can be improved.

(24) With reference to FIG. 2, the security defense method according to the present disclosure includes the following steps of.

(25) Step 1) a source node n.sub.1 sends a secret key to its destination node n.sub.9, wherein:

(26) the RSA encryption module loaded on the source node n.sub.1 encrypts the AES key Z through a private key Y of n.sub.1 to obtain the encrypted AES key, and sends Z1 and the public key X of the source node n.sub.1 to the destination node n.sub.9 through the second link, in the transmission process, because the destination node n.sub.9 is not in the communication range of the source node n.sub.1, the destination node n.sub.9 sends the key to the source node n.sub.1 through the forwarding of intermediate nodes n.sub.4 and n.sub.6.

(27) The RSA encryption module encrypts the AES key Z, so that it is difficult to crack the AES key Z and the security of AES encryption itself is improved.

(28) Step 2) The source node n.sub.1 sends a message to its destination node n.sub.9, and its implementation flow is shown in FIG. 3.

(29) Step 2a) the Hash module loaded on the source node n.sub.1 calculates the message A to be sent by the source node n.sub.1, and takes the calculated hash value as the message digest B of the message A,

(30) wherein the calculation method of Hash module is to map the message A into a unique, irreversible, fixed-length and compact string, which is a hash value.

(31) Step 2b) the digital signature module loaded on the source node n.sub.1 signs the message digest B through the private key Y of the source node n.sub.1 to obtain a digital signature C of B, and attaches the digital signature C to the message A to obtain the message D with the digital signature.

(32) Step 2c) the AES encryption module loaded on the source node n.sub.1 encrypts D through the AES key Z of the source node n.sub.1 to obtain an AES encrypted message E.

(33) The manner of mixing encryption of combining RSA asymmetric encryption with AES symmetric encryption and digital signature gives play to the advantage that it is difficult to crack RSA asymmetric encryption with two different keys and it is easy to distribute keys, the advantage that the AES symmetric encryption is fast in encryption speed and is suitable for encrypting a large number of data, and the advantage that digital signature can verify the authenticity of messages, so that it is difficult for attackers to crack and tamper with messages and the security and the anti-counterfeiting performance of messages is improved.

(34) Step 2d) if the AES encrypted message E is a security defense message, the source node n.sub.1 sends the message to the destination node n.sub.9 through the first link; if the AES encrypted message E is another message, the source node n.sub.1 sends the message to the destination node n.sub.9 through the second link; in the transmission process, since the destination node n.sub.9 is not in the communication range of the source node n.sub.1, the source node n.sub.1 sends the message to the destination node n.sub.9 through the forwarding of the intermediate nodes n.sub.4 and n.sub.6.

(35) The implementation flow of the destination node processing the received message from Step 3) to Step 5) is shown in FIG. 4.

(36) Step 3) the destination node n.sub.9 acquires the valid message.

(37) Step 3a) the destination node n.sub.9 receives the encrypted AES key Z1 sent by the source node n.sub.1, the public key X of the source node n.sub.1 and the AES encrypted message E.

(38) Step 3b) the RSA decryption module loaded on the destination node n.sub.9 decrypts the encrypted AES key Z1 through the public key X of the source node n.sub.1 to obtain the decrypted AES key Z2.

(39) Step 3c) the AES decryption module loaded on the destination node n.sub.9 decrypts the AES encrypted message E through Z2 to obtain the AES decrypted message E′.

(40) Step 3d) the digital signature verification module loaded on the destination node n.sub.9 strips the AES decrypted message E′ to obtain the message D′ and the digital signature C′ of E′.

(41) Step 3e) the digital signature verification module loaded on the destination node n.sub.9 decrypts the digital signature C′ of E′ through the public key X of the source node n.sub.1 to obtain message digest P.

(42) Step 3f) the Hash module loaded on the destination node n.sub.9 calculates the message D′ and takes the calculated hash value as the message digest Q,

(43) wherein the calculation method of Hash module is to map the message D′ into a unique, irreversible, fixed-length and compact string, which is a hash value.

(44) Step 3g) the digital signature verification module loaded on the destination node n.sub.9 judges whether the message digest P is the same as the message digest Q, if so, the message sent by the source node n.sub.1 is consistent with the message received by the destination node n.sub.9, that is, the message received by n.sub.9 is a valid message, otherwise, the message received by n.sub.9 is an invalid message.

(45) The consistency between the message sent by the source node n.sub.1 and the message received by the destination node n.sub.9 is verified by the digital signature verification module, which indicates that the message sent by the source node n.sub.1 has not been tampered by the attacker in the transmission process. Thus, the message is a valid message after being received by the destination node n.sub.9, and the next process can be continued. If the digital signature verification module judges that the message sent by the source node n.sub.1 is inconsistent with the message received by the destination node n.sub.9, it indicates that the message sent by the source node n.sub.1 has been tampered by the attacker in the transmission process, and the message is an invalid message. And the destination node discards the message and does not perform any operations on the message.

(46) Step 4) the destination node n.sub.9 filters the abnormal message.

(47) Step 4a) the feature matching module loaded on the destination node n.sub.9 matches the valid message with the abnormal message features in the abnormal message feature library. If they match successfully, the valid message is an abnormal message, and the abnormal message is filtered out to realize the defense against the abnormal message. Otherwise, step 4b) is executed.

(48) Step 4b) the supervision engine module loaded on the destination node n.sub.9 judges whether the valid message is normal through deep learning algorithm. If so, the valid message is a normal message. Otherwise, the valid message is a new abnormal message, and the features of the new abnormal message are added to the special broadcast queue module loaded on the destination node n.sub.9 and the abnormal message feature library, and the new abnormal message is filtered out at the same time to realize the defense against the new abnormal message; wherein the deep learning algorithm refers to the algorithm that judges whether the valid message is a normal message or an abnormal message through the deep neural network model established by the deep learning algorithm, wherein the deep neural network model has learned the feature of normal messages in the network monitored in history.

(49) In this step, the supervision engine module can quickly broadcast the features of the new abnormal message to other M−1 nodes except the destination node n.sub.9, i.e., 17 nodes, through the first link by adding the features of the new abnormal message to the special broadcast queue module loaded on the destination node n.sub.9, so that other M−1 nodes have already received the features of the new abnormal message in advance when the new abnormal message arrives, and can filter out the features directly by the TCP/IP filter module loaded on the node, which avoids the judgment process of the supervision engine module loaded on the node, increases the filtering ability of each node and the cooperation among nodes, gives full play to the advantages of distributed intrusion detection, improves the detection efficiency, and achieves the purpose of rapid security defense.

(50) Step 5) the destination node n.sub.9 expands the abnormal message feature library.

(51) After receiving the normal message which is the security defense message in step 4b), the destination node n.sub.9 adds the abnormal message features in the security defense message to the abnormal message feature library loaded on the destination node n.sub.9.

(52) Step 6) the new node to be added to the dual-link wireless ad hoc network in the emergency scene checks its own security.

(53) Because the nodes in the wireless ad hoc network can be disconnected and accessed at any time, it is very easy for attackers to take the chance to be added to the network under this dynamic situation, and then commit further malicious acts. Therefore, it is very important to check the new nodes to be added to the dual-link wireless ad hoc network in the emergency scene.

(54) The new node to be added to the dual-link wireless ad hoc network in the emergency scene is loaded with a security defense unit; its own hardware state is monitored by the S.M.A.R.T module to obtain the hardware state results of whether it is invaded and whether there is hardware failure; the supervision engine module checks whether its own identity and the hardware state monitored by the S.M.A.R.T module are normal. If so, it is authorized by the supervision engine module, and the authorization result information is added to the special broadcast queue module loaded on the new node through the supervision engine module. Otherwise, the new node is refused to be added to the network to realize the defense against the new node with abnormality to be added to the dual-link wireless ad hoc network in the emergency scene, and prevent the occurrence of malicious behavior from the source.

(55) Step 7) the new node to be added to the dual-link wireless ad hoc network in the emergency scene sends a security defense message to M mobile nodes.

(56) The new node to be added to the dual-link wireless ad hoc network in the emergency scene is taken as a source node, and its own encrypted AES key is acquired according to the method in step 1). The encrypted AES key and its own public key are sent to M mobile nodes of the dual-link wireless ad hoc network in the emergency scene through the second link, and its own AES encrypted security defense message is acquired according to the method in step 2) at the same time, and is sent to M mobile nodes of the dual-link wireless ad hoc network in the emergency scene through the first link.

(57) Step 8) M mobile nodes of the dual-link wireless ad hoc network in the emergency scene acquire the security defense message sent by the new node.

(58) M mobile nodes of the dual-link wireless ad hoc network in the emergency scene acquire the valid message sent by the new node according to the method in step 3), and judge whether the valid message is a normal message, an abnormal message or a new abnormal message according to the method in step 4). If the valid message is an abnormal message, the abnormal message is filtered out. If the valid message is a new abnormal message, the features of the new abnormal message are added to the special broadcast queue module loaded on M mobile nodes and the abnormal message feature library, and the new abnormal message is filtered out at the same time. Otherwise, after the authorization result information of the new node in the normal message sent by the new node which is a security defense message is acquired, the new node is allowed to be added to the dual-link wireless ad hoc network in the emergency scene, and the dual-link wireless ad hoc network in the emergency scene of M+1 mobile nodes including the new node is obtained.

Dual-link wireless ad hoc network and security defense method in emergency scene

Assignee

Inventors

Cpc classification

Classification Explorer

H04L9/3249

ELECTRICITY

Classification Explorer

H04W12/009

ELECTRICITY

Classification Explorer

H04W12/088

ELECTRICITY

Classification Explorer

H04W12/121

ELECTRICITY

Classification Explorer

H04L9/0825

ELECTRICITY

Classification Explorer

H04L9/3247

ELECTRICITY

Classification Explorer

H04W12/03

ELECTRICITY

Classification Explorer

G06N3/08

PHYSICS

Classification Explorer

G06N3/04

PHYSICS

Classification Explorer

H04L9/0631

ELECTRICITY

Classification Explorer

H04W12/108

ELECTRICITY

Classification Explorer

H04W84/18

ELECTRICITY

International classification

Classification Explorer

H04W12/00

ELECTRICITY

Classification Explorer

G06N3/04

PHYSICS

Classification Explorer

G06N3/08

PHYSICS

Classification Explorer

H04L9/32

ELECTRICITY

Abstract

Claims

Description