【作者】 王秋华；

【导师】 王匡； 陈惠芳；

【作者基本信息】 浙江大学 ， 信息与通信工程， 2013， 博士

【摘要】 随着无线通信及其相关技术的飞速发展,无线网络在各个领域的应用也越来越广泛。然而,由于传输介质的开放性与无线设备资源的受限性,使无线网络较传统的有线网络面临更严峻的安全挑战,无线网络的安全性成为人们关注的焦点。密钥分配与协商是保证无线网络安全的重要基础和关键技术,因此,研究适用于无线网络的密钥分配与协商技术具有重要意义。本文针对无线网络的密钥分配与协商技术进行了较为深入的研究与分析,并取得了一些有意义的研究成果,主要贡献如下：1.无线网络的对密钥管理以资源受限的无线传感器网络为网络环境,对基于预分配机制的对密钥管理方案进行了研究。(1)首先针对基本的随机密钥预分配方案连通率较低的问题,提出了一种提高全局安全连通率的密钥预分配方案。通过执行一个“邻居”节点扩展协议,使安全孤立节点与一跳以外的节点进行共享密钥发现,从而找到至少一条安全路径保证网络的安全连通性。仿真结果表明,所提出的方案以有限的额外密钥协商开销为代价,提高了网络全局安全连通率、可用节点总能量和安全性。(2)针对传统密钥预分配方案中路径密钥建立路径长,通信开销大,且实施路径密钥建立阶段后,网络安全连通率增长速度较慢等诸多问题,提出了一种建立路径密钥的增强方案。方案充分利用了共享密钥发现阶段连通邻居节点中预分配的密钥,增加了用于路径密钥协商的节点数,显著提高了网络安全连通率和抗捕获能力。仿真结果表明,实施增强方案后,网络安全连通率明显提高,可以很快达到100%；同时,为达到预期的网络安全连通率,增强方案所需的预置密钥数也较少。2.无线网络的组密钥管理主要对无线网络的自愈组密钥分配方案进行了深入研究。(1)针对现有基于撤销多项式的自愈组密钥分配方案中生命期受限的问题,提出了一种长生命期的δ-自愈组密钥分配方案,解决了现有方案中生命期的延长问题。方案基于δ-滑动窗口模式,在方案中,组成员节点的私钥在每个会话期都进行更新,并采用了部分撤销模式,延长了方案的安全运行时间,方案可以支持无限个会话。(2)针对现有基于访问多项式和hash链技术的方案不能抵抗撤销用户和新加入用户的共谋攻击,允许的最大合法组用户数少,以及密钥更新广播包的结构中存在大量冗余信息等问题,提出一种基于访问多项式和双向hash链的自愈组密钥分配增强方案。方案对双向hash链进行了结构性改造,在有撤销用户的会话中,用随机值替换前向密钥,使已撤销用户不能和新加入用户共谋获取未被授权的会话密钥,解决了共谋攻击抵制问题,增强了方案的安全性；同时,方案还提出新方法构造用户私钥、访问多项式和密钥更新广播包,在未增加存储与通信开销的情况下,消除了最大允许合法组用户数的限制；方案还考虑了在实际网络环境中,并非在每个会话都有用户被撤销的情况,进一步减少了通信开销和能量消耗,延长了网络的生命期。(3)针对在最大密钥更新广播包的限制下,现有基于撤销多项式的方案中,允许撤销的用户数受限、通信开销较大、抗攻击能力不强的缺点提出三种增强方案,主要面向的是资源受限的网络,如基于ZigBee技术的无线网络。在增强方案中,(a)提出了一种新的抗共谋攻击方法,采用一种特殊方法利用单向hash链,解决了基于单向hash链的自愈组密钥分配方案中不抗共谋攻击的缺点；(b)通过把用户加入组通信的时间和用户恢复会话密钥的能力相结合,提出一种新方法构造撤销多项式、私钥多项式和广播多项式,在不增加存储与通信开销的前提下,可撤销的用户数与可抗共谋攻击的用户数都扩大了m倍,具有更强的安全性能；(c)考虑了并不是在每个会话期都有新用户加入的实际情况,赋予在不同会话期加入组通信的用户不同的随机会话标识,在每个会话,根据用户的加入时间构造不同的撤销多项式,并在每个会话使用不同的hash密钥链,进一步减少了通信冗余。(4)针对现有基于访问多项式的方案中允许的最大合法组用户数少,以及密钥更新广播包结构中存在大量冗余信息等问题,提出了一种基于访问多项式的自愈组密钥分配增强方案,主要面向的也是资源较为受限的基于ZigBee技术的一类网络。方案考虑了并不是在每一个会话期都有新用户加入的实际情况,改变了用户私钥多项式、访问多项式和会话密钥更新广播包的构成方式,在每个会话,根据用户的加入时间构造不同的访问多项式,同时在每个会话使用不同的hash密钥链,解决了现有基于访问多项式的方案中合法用户数受限的缺点,增加了合法组通信用户数,在未增加存储开销的情况下,减少了通信开销。3.信息理论安全的密钥协商主要对基于公开讨论的信息理论安全的密钥协商问题进行了深入研究。(1)提出了一种获取初始随机相关信息的新模型。新模型与原信源模型和信道模型在功能上等价,但新模型提高了密钥协商的总信息率。(2)提出了一种新的比特对优先提取/退化协议。新协议在使合法通信双方的互信息快速提取的同时,退化了窃听方的互信息,提高了密钥协商协议的总信息率。(3)详细分析了密钥协商过程的三个阶段(优先提取、信息协调和保密增强)及其相互间的制约关系；分析了如何选取各阶段的参数以最大化密钥协商的总信息率,以及得到满足长度要求的密钥所需的初始数据串长度。更多还原

【Abstract】 With the rapid development of wireless communication and its related technologies, the application wireless network in all fields is also becoming more and more widely. However, compared with the traditional wired networks, wireless networks risk much more due to their open wireless channels and constrained resources on wireless devices. The wireless network security becomes the focus. The key distribution and agreement is the base and critical technology for ensuring the wireless network security. Therefore, it is highly significant to study the key distribution and agreement techniques in wireless networks.In this dissertation, we focus on the research and analysis of the key distribution and agreement techniques in wireless networks, and have achieved some meaningful research results. The main contributions are summarized as follows:1. Pair-wise key management in wireless networksUsing the resource-constrained wireless sensor networks as the network environment, we mainly study the pair-wise key pre-distribution management schemes.(1) First, for the low connectivity problem in the basic random key pre-distribution schemes, we proposed a key management scheme with improved global secure connectivity. Through a’neighboring" node expansion protocol, secure isolated nodes find the sharing key(s) with nodes beyond the one-hop so that they establish at least one secure path to guarantee the network secure connectivity. Analysis and simulation results show that our proposed scheme has higher global connectivity, higher security performance and larger total usable energy compared with the original scheme. And the performance improvement of the proposed scheme is in the price of limited additional negotiation overhead.(2) In the path-key establishment phase of existing pre-distribution key management schemes for wireless sensor networks. there are still many problems, such as long path-key establishment path, high communication overhead. and low secure network connectivity growth rate. In order to resolve these problems, an enhanced scheme for establishing the path-key was proposed. In path-key set up phase, the proposed scheme makes full use of the pre-distributed keys in the securely connected neighbors within the communication range of the node, and increases the number of nodes used to negotiate the path-key, improve the network secure connectivity and anti-capture capability. Simulation results show that with the enhanced scheme, secure network connectivity rate is obviously improved, and it achieves to100%quickly. Moreover, the enhanced scheme needs much less pre-distributed keys to achieve the prospective network connectivity rate.2. Group key management in wireless networksWe mainly study the self-healing group key distribution schemes in wireless networks.(1) In order to resolve the problem that the life span is limited in current revocation polynomial-based self-healing group key distribution schemes, we proposed an efficient long lived δ-self-healing group key distribution scheme. The proposed scheme is based on the sliding window mode and is capable of supporting infinite sessions by updating the personal secret of group members during each session and performing a partial revocation.(2) To resolve the problems in access polynomial and hash chain-based self-healing group key distribution schemes, such as the lack of collusion attack resistance capability between revoked users and new joined users, the limited number of allowed active group members, and the much communication redundancy in the session key updating broadcast packets, we proposed an enchanced self-healing group key distribution scheme based on the access polynomial and the dual directional hash chain (DDHC) for resource-constrained wireless networks. In our proposed scheme, the structure of DDHC is improved by replacing the forward key with a random value in sessions with revoked users, which makes that revoked users cannot collude with new joined users to recover unauthorized session keys. Hence, the problem of collusion attack resistance is solved, and the security is hence enhanced. Moreover, some novel methods to construct the personal secret, the access polynomial and the session key updating broadcast packet were presented. These methods contribute to eliminating the limit of maximum allowed number of active group members without the increase of storage and communication overheads. The fact that users are revoked from the group not in all sessions in a real-world network is taken into consideration, which contributes to further reducing the communication overhead and energy consumption, and prolonging the lifetime of wireless networks.(3) With the constrain of the maximum key updating broadcast packet, the existing revocation polynomial-based self-healing group key distribution schemes have some defects, such as the limited number of allowed revoked/colluding users, the larger communication overhead and the weak collusion attack resistance capability. In order to resolve above problems, we proposed three enhanced schemes for resource-constrained wireless networks, such as ZigBee-based wireless networks. In our proposed schemes,(a) a new anti-collusion attack method was proposed, in which a special utilization method of one-way hash chain was proposed to resolve the collusion attack resistance problem in hash chain based schemes.(b) by binding the time at which the user joins the group with the capability of recovering previous session keys, some new methods to construct the revocation polynomial, the personal secret polynomial and the broadcast polynomial were proposed, which contributes to expanding the maximum allowed number of revoked/colluding users m times without increasing the storage and communication overheads. The proposed scheme has stronger security.(c) the fact that new users join the group not in all sessions in real-world networks is considered. In our proposed schemes, users joining the group in different sessions are allocated different random session identify, different revocation polynomials are constructed according to the time of their joining in each session, and different hash key chain is used in each session, which contribute to further reducing the communication redundancy.(4) To resolve the problems in existing access polynomial based self-healing group key distribution schemes, such as the limited number of allowed active group members and the significant communication redundancy in session key updating broadcast packets, we proposed an enhanced access polynomial-based self-healing group key distribution scheme for resource-constrained ZigBee-based wireless networks. In our proposed scheme, the fact that new users join the group not in all sessions in real network environments is considered, and some novel structures of the personal secret, access polynomial and the key updating broadcast packet were introduced. We construct different access polynomials according to the time of users" joining and use different one-way hash chains for each session, which resolves the problem that the number of allowed active group members is limited in existing access polynomial based self-healing group key distribution schemes and increases the number of active group members. Our proposed scheme reduces the communication overhead without increasing the storage overhead.3. Information-theoretic secure secret key agreementWe mainly study the information-theoretic secure secret key agreement from public discussion.(1) A new model to obtain the initial random related information was proposed. The new model is equivalent in function to the source model and the channel model, however, the total efficiency of the key agreement under the new model is increased.(2) A new bit pair interation advantage distillation/advantage degeneration protocol was proposed. In the new protocol, the mutual information between legitimate communication paties is distilled quickly, and at the same time, the mutual information of the eavesdropper is also degenerated. Thus, the total efficiecy of the whole secret-key agreement is improved.(3) We analyze the three phases of the information-theoretically secure secret-key agreement and their mutual restrictive relationship in detail, analyze how to select parameters of each phase to maximize the total efficiency of the whole secret-key agreement, and also give the required initial random key string length to meet the key length requirements.更多还原