【作者】 韩磊；

【导师】 魏学业；

【作者基本信息】 北京交通大学 ， 交通信息工程及控制， 2012， 博士

【摘要】 智能交通是移动自组网技术的重要应用领域之一,广泛的应用需求使移动自组网的安全性成为研究热点。其中,密钥管理是利用密码学技术解决移动自组网安全问题的前提和基础。如何改善密钥管理方式,提高密钥管理性能,进一步满足不同的应用需求是十分重要的问题。本文以移动自组网中的密钥管理方案和节点对密钥的保护机制为研究对象,以车辆安全通信为应用背景,紧紧围绕改善移动自组网密钥管理性能展开研究,提出了几种适用于不同需求的密钥管理方案。本文的创新性主要体现在以下几个方面：(1)针对现有基于CA的密钥管理方案无法实现分布式证书管理和管理模型复杂的问题,将轻量级CA认证框架与Shamir秘密分享方案相结合,提出了一种分布式轻量级CA密钥管理方案。该方案将轻量级CA分布到网络中,实现了节点认证的本地化,具有合法节点密钥更新和恶意节点密钥撤销机制,密钥使用时无需证书管理,简化了移动自组网中基于CA的分布式密钥管理过程。(2)针对移动自组网中基于身份的密钥管理通信开销大及私钥托管问题,借鉴组合公钥思想,为移动自组网提出预分配非对称密钥管理方案。方案降低了密钥管理过程中的通信开销,并通过预分配密钥的方式将私钥生成中心从在线服务转变为离线服务,使节点在网络运行阶段不再依赖私钥生成中心为节点分配和更新密钥,弱化了私钥托管问题对移动自组网安全的影响。(3)以提高移动自组网节点安全性为目标,基于可信计算思想,为移动自组网节点设计和实现了便携式可信平台模块；为确保密钥管理过程中密钥的安全和节点的可信,提出了一种基于便携式可信平台模块的密钥管理方案。方案利用便携式可信平台模块作为节点密钥分发、存储和管理的安全基础,保障了预分配密钥的安全性及节点本身的可信性。为移动自组网提供了具有硬件支撑的快速密钥管理服务及应用范例。(4)为了满足移动自组网节点管理、使用多个密钥的需求,提高节点使用密钥的灵活性,提出了移动自组网节点密钥管理方案。方案采用基于椭圆曲线密码学的组合公钥方式产生节点多个密钥,并利用便携式可信平台模块的保护存储结构保护和管理节点密钥,改善了密钥分配的方式和存储机制,能够满足节点使用、管理和安全存储多个密钥的需求。(5)针对智能交通中安全通信的需求,结合移动自组网基于身份的密钥管理方案和车辆通信中隐私保护和可归责性要求,提出了一种基于身份的密钥管理框架,并在该框架的基础上为路由协议设计了安全增强机制。该机制实现了对路由过程的保护,增强了路由协议的安全性与隐私保护能力。方案在实现安全通信的前提下,具有快速发现节点恶意行为和阻止攻击的能力,表明了所提框架能够较好地为路由协议提供密钥管理服务及满足安全通信需求。在利用密钥管理方案构建安全路由协议方面给出了实例。综上所述,本文以保障移动自组网安全为目标,对密钥管理方案及节点中密钥的保护机制进行了研究。从提高密钥管理方案的性能出发,提出了几种适用于不同应用需求的移动自组网密钥管理方案,为推进移动自组网的安全应用提供了新的解决思路。更多还原

【Abstract】 Intelligent transportation is one of important application fields for mobile ad hoc networks. Because of a wide range of application requirements the security of the mobile ad hoc networks has become a hot spot of research. Key management is the premise and foundation to solve the security problems in mobile ad hoc networks for the use of cryptographic technology. How to improve the model and the performance of key management as well as further to meet different application requirements are very important issues. In this dissertation, we focus on studying the key management schemes and key protection mechanisms, and take the vehicle secure communication as application background. The dissertation concentrates on improving application performances of key management schemes. Several key management schemes are proposed for different application requirements. The contributions of this dissertation are mainly embodied as follows.Firstly, a new distributed asymmetric key management scheme based on lightweight CA public key authentication framework and Shamir secret sharing scheme is presented so as to solve the problems of distributed certificate management and complex key management model in existing CA-based key management schemes of mobile ad hoc networks. The lightweight CA is distributed and the public key can be certified locally by the mechanism of distributed lightweight CA certification authentication, so the certification management is not needed in the scheme, which simplifies the process of key management based on CA. It also provides the mechanisms of legal node key update and malicious node key revocation.Secondly, aiming at reducing communication overhead and solving key escrow problem of identity-based asymmetric key management in mobile ad hoc networks, an identity-based pre-distribution asymmetric key management scheme (PAKMS) based on combined public key framework is presented. The scheme essentially reduces communication overhead of the asymmetric key management in mobile ad hoc networks and also makes the nodes obtain their keys and key update services by pre-distributing mode, which don’t need to rely on online PKG. Thus, the inherent key escrow problem existing in identity-based asymmetric key management is avoided to some degree.Thirdly, in order to improve node’s security in mobile ad hoc networks, a portable trusted platform module (PTPM) based on trusted computing has been designed and implemented for mobile ad hoc network node. Moreover, a PTPM-based key management scheme is proposed, so as to protect key and ensure trusted node in the process of pre-distribution asymmetric key management. In the scheme, PTPM is a basic secure hardware to pre-distribute, store and manage key, which provides a fast key management service with the secure support based on hardware for mobile ad hoc network. Meanwhile, a new application paradigm of key management based on PTPM is showed.Fourthly, for the purpose of meeting the requirements of managing and using multiple keys as well as improving the flexibility of node using keys, a new node key management scheme is presented for mobile ad hoc networks. In the scheme, the combined public key based on elliptic curve cryptography is adopted to generate multiple keys which are protected and managed by protected storage of PTPM. By this way, the scheme can improve the key distribution and storage mechanisms and meet the requirements of node managing and securely using multiple keys.Finally, to meet the requirements of secure communication in intelligent transportation system, an identity-based key management framework is described combined with privacy protection and accountability. Meanwhile, a secure enhancement mechanism of routing protocol based on the proposed identity-based key management framework is presented. This mechanism can protect routing and improve the security and the privacy of routing, by which routing can fast detect node malicious behaviors and prevent the attacks. The experimental results show that the proposed identity-based key management framework can effectively provide the key management service for secure routing and meet the requirements of secure communication. Meanwhile, an example is given in terms of using key management scheme to construct secure routing protocol.In a word, this dissertation takes the security of mobile ad hoc networks as target to research key management schemes and key protection mechanisms. To improve the performances of key management processes, several key management schemes are proposed for different application requirements. The work is useful for promoting the secure applications and provides new idea for key management schemes in mobile ad hoc networks.更多还原