【作者】 韦潜；

【导师】 何泾沙；

【作者基本信息】 北京工业大学 ， 计算机应用技术， 2011， 博士

【摘要】 无线Mesh网络以部署灵活扩展快速的特点，在军事国防、公共安全、环境监测、健康医疗、城市交通、生产生活等诸多领域都显示出广阔的应用前景。在实际应用问题中，往往由于无线媒质的共享性、多跳的通信机制、动态拓扑、缺乏可信赖的控制中心和缺少对Mesh路由器的物理保护等原因，使无线Mesh网络容易受到各种恶意攻击的威胁。对于这样的问题，现有无线网络的安全保障方案不能完全适用，因为无线Mesh组网结构有别于点到多点的Wi-Fi和WiMAX等网络，也有别于多点到多点的无线传感器网络和移动Ad hoc网络。目前针对无线Mesh网络已经提出很多安全协议，但是缺少一种系统的措施来发现、防范和响应恶意攻击的威胁，使这些安全协议对抗恶意攻击的能力非常有限。本文以不完全信息动态博弈理论为基础，以密码学为支撑，围绕解决无线Mesh网络环境下节点间通信行为的安全问题，从节点的角度出发，针对博弈环境下的安全行为及保障方法主要从行为的安全可信评估、行为的安全保障和叛逆行为追踪这三个方面进行深入细致的研究，取得以下创新性研究成果。（1）提出无线Mesh网络中节点安全行为模型NodeEYE，解决行为的安全可信评估和现有安全模型不能完全满足节点间通信行为的安全和隐私需求问题。节点安全行为模型NodeEYE通过标识可信、行为可信和内容可信（三因素）的评估建立对通信对方节点安全性判定的可信逻辑；将评估结果与资源分配相关联实现资源的优化配置；通过属性、三因素递进评估模型和基于评估和风险的双因素贝叶斯决策模型刻画节点的状态和智能行为，描述节点为保障通信安全而预期采取的行为策略。与现有安全模型相比较，可以分析更为广泛的安全性质，变事后证明逻辑为事先证明逻辑，根据安全需要进行模型演变，使节点以一种主动的姿态应对恶意攻击，为通信协议的安全性分析奠定理论基础。（2）提出隐私增强的混合密钥协商方案、基于标识证书预分配的漫游即时认证方案和无线应急Mesh网络中群组准入方案，解决现有协商行为、漫游行为和群组加入行为的安全保障方案资源消耗较多和隐私保护欠缺的问题。针对协商行为的安全问题，隐私增强的混合密钥协商方案利用签密保证只有通信对方可以解密并且验证消息；利用对称密钥加密保护共享密钥生成元素；利用哈希函数代替数字签名实现密钥源的认证。与现有密钥协商方案相比较，能够更有效地保护通信双方的隐私，可节省计算资源约12.5%，通信资源约33.3%。针对漫游行为的安全问题，基于标识证书预分配的漫游即时认证方案通过引入轻量级标识证书降低公钥证书使用的复杂性；通过在访问网络认证中心、归属网络认证中心和网络接入点预先合理部署标识证书，使合法的移动节点可以从网络认证中心获得漫游通行证，进而实现域内漫游和域间漫游即时认证。与现有漫游认证方案相比较，能够节省访问网络和归属网络之间认证信息的交互，减少认证中心参与漫游认证的次数，节省网络资源，减小漫游认证延迟。针对群组加入行为的安全问题，无线应急Mesh网络中群组准入方案利用关联随机数把椭圆曲线ElGamal密码和有向签名相结合增强算法安全性和通信双方的隐私保护；利用椭圆曲线签密和参数复用保证通信的安全和效率。与基于传统椭圆曲线密码技术的群组准入方案相比较，隐私保护进一步增强，可节省计算资源约33.3%，通信资源约25%。（3）提出群组通信中动态叛逆者追踪方案iGOSDTT，解决群组通信中叛逆行为的追踪问题。动态叛逆者追踪方案iGOSDTT依据叛逆行为监测中心捕获的叛逆者归属群组信息和叛逆者数目信息锁定叛逆者疑似群组；运用轻量级组签密算法iGOS针对特定用户群组进行组密钥更新，实现对叛逆者疑似群组的持续二分子群划分，逐步缩小叛逆者疑似范围，直至追踪到叛逆者。动态叛逆者追踪方更多还原

【Abstract】 Wireless Mesh Networks (WMNs), with the characteristics of fast extension andflexible deployment, are inspiring broad applications in military defense, public safety,environmental monitoring, healthcare, urban transport, production, living, etc. Inpractice, WMNs are prone to various malicious attacks due to open wireless media,multihop communication mechanism, dynamic topology, lack of a trusted controlcenter, lack of a physical protection of mesh routers, etc. Therefore, it is not practicalfor WMNs to directly apply existing security protection methods used in wirelessnetworks since the wireless mesh connectivity is different from point-to-multipointarchitecture of Wi-Fi, WiMAX, etc. and from multipoint-to-multipoint connectivity ofwireless sensor networks (WSNs) and mobile ad hoc networks (MANETs). Manysecurity protocols proposed for WMNs show a limited power to counter maliciousattacks for lack of a systematic measure for discovery, prevention and response.In the dissertation, based on non-complete dynamic game theory, supported bycryptography, from three levels of behavioral trusted security evaluation, behavioralsecurity protection and behavioral traitor tracing and from the perspective of node, wethoroughly studied security behaviors and protection methods in game environment inorder to specially resolve the security problems of communication behaviors betweennodes in WMNs. The major contributions of this dissertation are stated as follows:(1) Propose a node security behavior model in WMNs named NodeEYE toresolve the problems of the behavioral trusted security evaluation and that existingsecurity models can not entirely satisfy the requirements on security and privacy ofcommunication behaviors between nodes.NodeEYE establishes a trusted logic for judging the security of peer party bymeans of evaluations of trusted identity, trusted behavior and trusted content(three-factor) and optimizes the allocation of resources by associating the results oftrusted security evaluation and resources allocation. Using attributes, progressivethree-factor evaluation model and two-factor Bayes decision-making model based onevaluation and risk, NodeEYE depicts node’s state and intelligent behaviors anddescribes how to adopt the next behavior strategy for protecting communicationsecurity. In comparison to existing security models, the proposed NodeEYE can beused to analyze more extensive security properties, transform a later proven logic to aprior proven logic, evolve according to security requirements, make a node countermalicious attacks in a proactive stance, and provide a stable theory foundation forsecurity analysis of communication protocols.(2) Propose privacy-enhanced hybrid key exchange schemes, an identificationcertificate predistribution based roaming instant authentication scheme and group admission schemes in emergency wireless mesh networks to resolve the problems thatexisting security protection methods of agreement behavior, roaming behavior andgroup entry behavior explore resources cost more and privacy protection less.To the agreement behavior security, the privacy-enhanced hybrid key exchangeschemes use signcryption to guarantee that only the peer party can decrypt and verifythe message, use symmetric encryption to protect original elements of a shared key,and use hash function to achieve key source authentication instead of digital signature.In comparison to existing key agreement methods, the schemes effectively protectboth parties’ privacy and preserve the resources of computation and communicationup to12.5%and33.3%, respectively.To the roaming behavior security, the identification certificate predistributionbased roaming instant authentication scheme descends the complexity of public keycertificate in use through importing a lightweight identification certificate, guaranteesthat any legitimate mobile node gains a roaming passport from an authenticationcenter and then achieves the intra-and inter-domain roaming instant authenticationthrough rationally pre-deploying identification certificates in authentication centers ofvisited and home networks and access points. In comparison to existing roamingauthentication methods, the scheme leaves out the authentication informationexchange between visited and home networks, reduces roaming authenticationnumbers with the participation of authentication centers, in the result, saves networkresources and shortens roaming authentication delay further.To the group entry behavior security, the group admission schemes in emergencyWMNs use associated random numbers to combine the elliptic curve ElGamal anddirected signature to enhance the security of algorithm and privacy of both parties anduse the elliptic curve signcryption and parameter reuse to guarantee the security andefficiency of communication. In comparison to traditional elliptic curve based groupadmission methods, the schemes achieve privacy enhanced further and resourcespreservation up to33.3%and25%in terms of computation and communication,respectively.(3) Propose a dynamic traitor tracing scheme in group communication namediGOSDTT to resolve the problem of the behavioral traitor tracing.The scheme locks suspicious traitor groups according to the information ofbelonging group and traitor’s number captured by a traitor behavior monitoring center,updates the group key to special groups using a lightweight group orientedsigncryption algorithm iGOS, divides the suspicious traitor groups in binary waycontinuously, reduces the suspicious area step by step until trace the traitors. Thescheme resolves the problem of traitor behavior tracing in group communication.更多还原