【作者】 朱建明；

【导师】 马建峰；

【作者基本信息】 西安电子科技大学 ， 计算机应用技术， 2004， 博士

【摘要】 随着无线网络的普及和应用，人们对无线网络的依赖程度越来越高。与此同时无线网络的安全性成为人们关注的焦点。由于无线网络传输媒体的开放性、无线终端的移动性和网络拓扑结构的动态性，以及无线终端计算能力和存储能力的局限性，使得有线网络环境下的许多安全方案和技术不能直接应用于无线网络，同时也给安全方案的实施增加了许多限制。本文对无线网络的安全方法与技术进行了比较深入的研究，研究内容包括：无线网络认证协议的分析与设计、基于CK模型的可证安全的密钥交换协议的设计理论、群组密钥管理协议、无线网络的可生存性和移动电子商务微支付技术。主要研究成果有： 1．在分析现有无线网络认证协议的基础上，总结了认证协议分析与设计的基本方法和基本技术，提出了无线网络认证协议设计的一般要求，设计了一种新的具有用户匿名性的无线认证协议—WSAP，并对WSAP协议进行了形式化分析。 2．研究了无线网络环境下的认证的密钥交换与密钥协商协议的形式化设计方法，基于Canetti-Krawczyk模型，提出了无线网络环境下可证安全的密钥交换协议分析与设计的一般方法，并运用这种方法进行了协议的分析与设计。 3．研究了无线网络环境下的群组密钥管理协议设计的理论与方法，给出了安全群组密钥管理协议有关性质的形式化定义，基于单向积聚函数，提出了一种新的无线网络环境下的安全群组密钥管理协议。 4．从网络体系结构和安全协议设计两个方面研究了无线网络系统的可生存性，提出了一种可生存的无线网络服务器结构。以无线IP网络为例对无线网络的可生存性进行了研究，利用冗余技术，建立冗余的代理机制，提出了一种基于移动IP的无线网络系统的可生存方案。 5．研究了无线网络安全技术的应用，基于Hash函数，设计了一种移动电子商务中的多方微支付方案，重点解决了移动电子商务中的多方微支付中的安全问题。更多还原

【Abstract】 This research addresses network security issues in wireless network. The objective of this thesis is to provide secure communication to legitimate users, and to prevent fraudulent use of network resources by unauthorized individuals. Wireless network is susceptible to security attacks because its openness of transmission media and wireless network security is somewhat more concentrated and complex than that of wired network. Authentication is the most essential procedure to ensure that the service is properly used. But its limited resource, such as weak power supplies and limited bandwidth, must be taken into account in the design of security schemes. In this thesis, we focus on developing the design and analysis of authentication protocol, provably secure key exchange based on the CK model, scheme for group key management protocol, survivability for wireless network and micro-payment in mobile commerce. The key contributions are as follow.1. After analyzing current authentication protocols and summarizing the basic methods for designing authentication protocol, a new simple and efficient wireless authentication protocol providing user anonymity is proposed, which is called WSAP. Our protocol is based on hash function and smart cards, and mobile users only perform symmetric encryption and decryption. In our protocol, it takes only one round of message exchange between the mobile user and the visited network, and one round of message exchange between the visited network and the corresponding home network. The most significant feature is one-time use of key between mobile user and visited network.2. Protocols for key exchange and agreement provide the basis for secure communications and so it is important that they are designed correctly. Based on the discussion of the current formal approaches for designing the key exchange and agreement protocols and the CK model, we propose the general techniques to design the key exchange protocol in wireless network. With this technique, we can develop novel key exchange protocol in the CK model.3. Secure group communication in mobile networks is often dynamic and thus requires efficient and automated secure group management and seamless combination of secure groups with distributed applications running upon them. Existing approaches to secure group communication cannot satisfy these requirements. A new protocol for secure group key management scheme is presented, which is based on the concept of one-way accumulators. Our scheme does not require each node to maintain a membership list and efficiently handles dynamic membership events (nodes remove and join).4. Survivability has become increasingly important with social increasing dependence of critical infrastructures on wireless networks. The survivable server architecture for wireless network based on intrusion-tolerant mechanisms is presented. We utilize the techniques of both redundancy and diversity and threshold secret share schemes to implement the survivability of databases and to protect confidential data from compromised servers in the presence of intrusions. Comparing with the existingschemes, our approach has realized the security and robustness for the key functions of a database system by using the integration security strategy and multiple security measures. In mobile IP network, home agents and foreign agents are single points of failure and potential performance bottlenecks. Using the techniques of redundancy, a new mechanism is described. Redundant agents can take over from each other in case of failure. This scheme can improve the survivability of mobile IP network.5. As mobile communications become increasingly sophisticated and ubiquitous, there are a large number of different scale mobile networks, a huge variety of value added service providers (SPs) and millions of roaming users. A micro-payment scheme that is able to apply to several SPs using only one hash chain is proposed. This scheme is security and efficient.更多还原