【作者】 王刚；

【导师】 温涛；

【作者基本信息】 东北大学 ， 计算机应用技术， 2009， 博士

【摘要】 近年来,由于移动自组网络应用于视频会议、学术交流、灾难救援和战场军事指挥等需多方通信和大量节点合作的场合,组播技术已成为移动自组网络研究领域中一个新的热点。然而,移动自组网络固有的动态性、资源受限和无网络基础设施等特性使其较传统网络更容易受到攻击,而传统的网络安全设施不能很好地适用于移动自组网络,因此,如何保证移动自组网络中组播的安全性已经成为一个迫切需要解决的问题。本文对移动自组网络中安全组播关键技术进行了深入研究,主要包含以下内容：(1)首先深入分析了移动自组网络中已有组密钥管理方案的问题和不足,并提出一种基于门限秘密共享的安全组密钥协商协议——TNSGKAP。该协议无需控制中心,所有成员基于门限秘密共享机制协商生成和更新组密钥,提高了方案的效率和安全性,并能很好地适应拓扑频繁变化的MANET环境。基于双线性对和椭圆曲线密码体制进一步提高了组密钥生成和更新的效率,同时组成员能够对接收的子密钥份额和组密钥份额进行有效认证,增加了方案的安全性。针对组密钥不一致造成节点孤立问题,提出基于组密钥服务中心(Group Key Service Center,GKSC)的一致性管理算法,有效解决了此问题,且基于GKSC的优化算法进一步减少了组密钥生成和更新过程中的通信和计算开销。(2)提出一种安全高效的簇组密钥管理方案——SEGKM。SEGKM基于提出的高性能层簇式CCQn网络模型,有效地减少了组密钥协商过程中的秘密贡献交互开销,且增加了协议的灵活性、可扩展性和容错性。针对A-GDH和TGDH等协议中组密钥更新发起者可能引起的安全隐患问题,设计了安全高效的签密和门限联合签名方案,确保簇首节点不能控制簇组密钥的生成和更新,增加了方案的安全性。SEGKM由秘密分发中心构造门限秘密共享,进一步提高了方案的效率。(3)在分析和研究传感器网络中已有组播源认证协议不足的基础上,给出了基于PKC的WSN安全协议研究进展,并提出基于身份的高效组播源认证协议——EMAP和EMAP-P。EMAP和EMAP-P协议分别具有消息恢复和部分消息恢复功能,可有效缩短签名长度,减少协议的通信开销和计算量,克服公钥密码体制开销大的缺点,更好地适用于资源受限的传感器等自组网络环境。(4)针对移动自组网络中组播路由协议设计面临的诸多挑战,提出了具有QoS保证的安全组播路由协议——SQMRP。SQMRP利用核心骨干网作为所有组播组的核心,每个组播组成员通过构建最短路径树与最优核心节点连接,以此提高了协议效率和健壮性,使之能很好地适应MANET拓扑频繁变化等特性。其中,核心骨干网基于交叉立方体结构构造,可进一步提高协议的容错性。在研究MANET流量特性的基础上,提出基于自相似特性的链路测量模型。模型中使用小波分析方法估计自相似参数,并基于此参数对网络性能进行测量,提高了测量精度,同时以测量结果作为QoS路由约束条件,优化了路由选择,有效保证了组播路由协议的QoS需求,且提出抖动因子等机制进一步完善了SQMRP协议。为确保协议的安全性,改进Ariadne协议安全机制,且提出基于初始密钥的身份识别机制,有效抵御了篡改、伪造和合谋等恶意攻击。(5)研究了串空间模型,对上述提出的TNSGKAP、SEGKM和SQMRP方案分别进行了形式化分析,验证了它们的安全性和正确性,并在随机预言模型下证明了EMAP和EMAP-P协议在适应性选择消息攻击和身份攻击下是存在性不可伪造的。同时,通过比较分析,分别验证了上述四种方案的性能功效。更多还原

【Abstract】 With more and more mobile ad hoc networks being applied to the multi-party communication and multi-node cooperative environments such as conference, academic, disaster relief and battlefields in recent years, multicast is a very hot area of mobile ad hoc networks and attracts attentions of many researchers. Meanwhile, mobile ad hoc networks are more vulnerable to attacks than stationary network due to its intrinsic properties such as the dynamic topology, node resource constraints and not any fixed infrastructure. Since the traditional network security facilities are not suitable to MANET, the security problem becomes the decisive factor for practical application of multicast techniques in MANET.The research works presented in this dissertation mainly focus on key techniques of secure multicast in mobile ad hoc networks.First of all, this dissertation extensively studies existent group key management schemes in mobile ad hoc networks and a secure group key agreement protocol based on threshold secret sharing (TNSGKAP) is proposed in order to overcome the drawback of existent schemes. TNSGKAP does not require a trusted dealer and only runs an interactive protocol to generate group sharing secret key among n parties. The protocol can adapt to topological change automatically and increase the security of the protocol. The applications of ECC and bilinear pairing improve the performance of group key generation algorithm and the verifications of the shares of sub-secret and group secret further enhance the security of the protocol. In the scheme, group rekeying and group key consistency management algorithms based on group key service center (GKSC) are also proposed, which can effectively reduce communication and computation overheads of the protocol and avoid the occurrence of isolated nodes caused by the group key inconsistency.Secondly, a secure and efficient group key management scheme (SEGKM) is proposed. SEGKM is based on the cluster-based CQn model (CCQn) that effectively reduces communication overhead and improves the flexibility, scalability and fault-tolerance of the protocol. Efficient signcryption and threshold signature schemes are also proposed and the verifications of the shares of sub-secret and group secret based on this scheme eliminate the security shortcomings of A-GDH and TGDH and enhance the security of the protocol. SEGKM uses the secret distribution center to generate group sharing secret key among n parties and further increases the performance and security of the scheme.Thirdly, in order to overcome the drawback of the existent multicast source authentication protocol in wireless sensor networks (WSN), the PKC-based services for WSN are explored and an efficient ID-based multicast authentication protocol is presented. The protocol with message recovery provides the feature that the message is recoverable from the signature and hence the communication and computation overheads of the protocol have been reduced greatly. The performance analysis results show that the proposed scheme can effectively reduce resource cost, adapt the characteristics of WSN and is clearly superior to the HESS, Zhang and BLS protocols.Fourthly, great challenges to designing the secure multicast routing protocol based on QoS have been brought because of the characteristics of MANET such as node resources constraints. In this dissertation, the characteristics of wireless network traffic are analyzed and a link prediction model based on self-similarity and a secure QoS-based multicast routing protocol (SQMRP) are respectively put forward. A core election algorithm in SQMRP is presented and used to generate a crossed cube-connected core network. The core network is the core of all multicast groups and connects each multicast group member using SPT. Therefore, the performance of SQMRP has been improved, which can adapt to the characteristics of MANET such as the dynamic topology. SQMRP estimates Hurst parameters by wavelet analysis, measures network traffic by Hurst parameters and solves measurement problems of multi-constraint QoS routing. SQMRP optimizes routing selection, enhances measure accuracy and provides the guarantee of QoS. Routing protocol design and routing optimization policy based on jitter factor and so on are also discussed. In order to guarantee the security of the protocol, a security scheme based on improved Ariadne is presented, which can effectively withstand the tampering attack, forgery attack and conspiracy attack, etc.Finally, strand spaces model is used to prove respectively the correctness and security of TNSGKAP, SEGKM and SQMRP. EMAP and EMAP-P are also proved secure against existential forgery under adaptive chosen message and ID attack in the random oracle model. The performance analysis and simulation results show that the above proposed schemes can effectively reduce resource cost, adapt the characteristics of MANET and is clearly superior to the existing protocols.更多还原