【作者】 穆海冰；

【导师】 孙玉； 刘云；

【作者基本信息】 北京交通大学 ， 通信与信息系统， 2007， 博士

【摘要】 在移动Ad Hoc网络(MANET：Mobile Ad Hoc Networks)中，节点必须通过相互之间的合作互助才能完成一系列工作，而组播主要支持一些以组或协作为特点的网络应用，二者共有的群组通信特性，使得移动Ad Hoc网络中的组播成为新的研究热点。然而，移动Ad Hoc网络的开放性和受限性，又使得组播通信的密钥管理和访问控制等安全问题愈发突出，且难以采用传统的方式去解决，阻碍了移动Ad Hoc网络组播在实际应用中的发展。因此，分析移动Ad Hoc网络组播安全的特殊需求，给出适合的安全解决方案，对移动Ad Hoc网络组播安全的技术发展与应用都具有重要的意义。本论文从组密钥管理、证书撤销机制、访问控制和安全性评估等几个方面研究了移动Ad Hoc网络的组播安全问题，并提出了相应的解决方案。本论文的研究工作受到了国家自然科学基金项目‘’Ad Hoc网络中公钥管理与性能评估技术的研究(No.60572035)”和通信与信息系统北京市重点实验室项目(No.JD100040513)的资助。针对移动Ad Hoc网络组播安全，论文的主要工作与创新点如下：1．提出了一种基于网格的部分分布式组播密钥管理方案。该方案利用服务器组形成分布式组密钥管理核心，把对组播组成员的信任限制在可控范围内，从而提高了安全性；同时通过维护基于网格的服务器组，提高了组密钥服务的易获得性。2．提出了一个基于树与分簇结构的分层组密钥管理方案。该方案首先对节点进行分簇处理，然后在簇首之间建立全局分布式逻辑密钥树，并在各簇内部建立本地集中式的逻辑密钥树，构成了一个两级结构的组密钥管理框架。两级逻辑密钥树的建立降低了簇首之间以及各簇内部密钥更新的开销，而分簇将密钥更新的大部分通信开销限制在一簇之内，并且由多个并发的局部通信或计算代替全局串行处理过程，降低了处理时延，减小了安全空窗期，提高了系统安全性。3．提出了一种可逆的节点证书状态转换模型以改进证书撤销机制的性能。在模型中，节点证书的信任度决定于其历史记录以及其他节点发出的信任度因子的加权和，可以根据证书信任度的计算结果确定其状态。为了避免证书的频繁撤销和重新颁发，模型在原来的直接撤销之前增加了一种挂起状态，并允许将某些处于挂起状态的证书信任度提高，使之重新有效，这样既可以延长这些证书的生命期，避免误码和干扰等环境问题带来的误判，也减少了重新颁发证书的计算量与通信开销。4．提出了一种基于角色的组播访问控制模型。模型结合分布式的组成员监控机制，通过引入用户角色证书和策略证书，来实现对组用户发送与接收权限的细粒度访问控制。利用角色和策略证书，不仅可以控制组播成员的权限，而且降低了成员与权限的关联性，增强其对动态环境的适应性。5．提出了静态与动态的系统安全性评估模型。静态模型研究了MANET网络节点数量和节点被俘获概率对秘密共享方案门限值的影响，并通过这两个参数来量化系统的安全性；此外，利用随机过程方法，对网络系统受到的攻击过程建立了攻击流模型，并在此基础上建立了动态安全性能评估模型。利用该模型可以预测系统的最大危险时刻和系统安全门限值，以便给出MANET网络系统安全性随时间的动态变化趋势。移动Ad Hoc网络的组播应用刚刚起步，其安全问题的研究也将随着应用领域的广泛而逐渐深入，得到长足的发展。更多还原

【Abstract】 In Mobile Ad Hoc Networks (MANET), tasks need carrying out by a group of nodes while multicast is a suitable technique for collaborative applications. The group communication nature makes the combination of these two techniques a new application direction. According to the openness and resource lacking in MANET, security mechanisms and schemes tailored for wired networks and multicast environment will not work well if being introduced into MANET multicast directly. Security issues become the drawback in the extensive application of MANET multicast. It is necessary to study its special requirements and propose some efficient security mechanisms suitable for multicast over MANET.The thesis studies the security issues of the multicast over MANET from the view of group key management, certificate revocation, access control and security evaluation. Some schemes are provided in this thesis to resolve the issues.The research work of this thesis is supported by National Natural Science Foundation of China (No.60572035) and Beijing Municipality Key Laboratory of Communication and Information System (No. JD100040513).The main innovations of the thesis are as follows:1. A partial distributed multicast key management scheme based on mesh is proposed. It applies a distributed group key management center made up of a group of server nodes. The center limits the trust of the group member to a controllable range which promotes the security. The maintenance of the server group based on mesh improves the availability of group key service.2. A tree and cluster based group key management architecture is proposed here. Nodes are grouped into clusters and select a cluster-head for each cluster. A distributed logical key tree (LKT) is built among all the cluster-heads which is named global LKT (GLKT). There is also a centered local LKT (LLKT) ruled by cluster-head in every cluster whose leaves are corresponding to ordinary nodes. The two-level architecture integrates the advantages of the cluster and LKT which can limit most key updating overhead to local area with clustering and decrease the cost of contributory key negotiation among cluster-head by building GLKT. The time delay in key updating is reduced for the global serial processing is instead of multi-local parallel processing. 3. A certificate state management model with reversible characteristic is proposed to improve the performance of the certificatie revocation. A certificate credit is decided by other’s opinion about its history credit record and transform factor according to its behavior. The certificate state can be deduced by the computation result of the credit. A certificate suspending process is introduced as a middle state before its revocation and a certificate in suspending can be promoted to be reactivating. The reversible states can prolong the lifetime of the good certificate and avoid its frequent revocation and reissue. The computation and communication overhead is also reduced.4. An RBAC model is proposed to provide sender and receiver access control for the group member. The model introduces user role certificate and policy certificate which are combined with group member monitoring mechanism to realize a fine-grained sender and receiver access control. The permissions of multicast member are controlled by roles which can weaken the relationship between member and permissions and enhance their adaptability to the dynamic environment.5. The static and dynamic security evaluation models are proposed for the security service based on threshold cryptography in MANET. The probability of the compromised nodes during the whole lifetime and the influence to the threshold of the secret share scheme are studied in static model. The number and the compromised probability of the nodes can be used to evaluate the system security quantitatively. On the other hand, using stochastic process approach the attack process and attack model are studied firstly, based on which a dynamic evaluation model is followed. The models can help predict the tendency of the network security and give the proper value of threshold and updating period of sharing secret.The research work on multicast security in Ad Hoc networks will be further on with the extention of its application.更多还原