【作者】 宋震；

【导师】 窦文华；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2007， 博士

【摘要】 移动自组织网络(MANET,Mobile Ad Hoc Network)是一种在没有固定基础设施的情况下,由系统中通信结点通过分布式协议互连或组织起来的自适应、自组织的信息网络。MANET的分布式特点以及移动特性赋予其高抗毁性、健壮性、快速网络部署等良好的应用特性,已成为了当前研究的热点。典型的MANET应用中,网络结点按组工作以共同完成一个特定的任务。因此,组播在MANET应用中扮演着重要角色,其技术的发展与完善是推动MANET应用不断成熟与深化的重要力量。安全问题对于MANET组播应用至关重要。由于MANET自身物理安全差、广播式通信方式下敌手攻击机会更多等因素,MANET组播面临的安全威胁更为严峻。同时,由于受到结点的移动性、网络的自组织特性以及有限的网络资源等因素的限制,提供安全的组播通信成为一个难题,适应于MANET自身特点的安全组播路由协议、组密钥管理方案等问题还没有得到充分的研究。研究并最终解决MANET组播的安全问题具有重要的现实意义和重大的研究价值。本文针对MANET环境下组播安全所面临的挑战及现有工作的不足,集中研究MANET环境下的公开密钥管理、组密钥管理及安全组播路由协议等关系到组播安全技术的关键问题,旨在为军事应用中MANET的组播通信提供安全支持。本文的主要工作包括:基于可控敌对应用环境的假设,采用门限秘密共享体制与分布式CA的基本思路,提出了一个基于身份标识的MANET公开密钥管理方案。方案中不需要公钥证书的存在,减少了系统通信开销以及结点的计算量和存储容量;在组网时依赖于一个离线的可信任机构,提高了系统的可信度;采用分布式CA模型,克服了传统集中式CAN用性与安全性的问题;依靠局域化的信任模型,对恶意结点进行了有效的处理,较好地解决了公钥撤销问题;密钥管理服务结点可动态调整,能够较好地适应MANET的动态特性。仿真试验表明,方案设计的密钥更新机制对网络影响较小,具有较好的应用特性。针对MANET自身特点,结合固定网络环境下具有最小通信量的组密钥协商协议STR协议及基于身份标识的公钥密码技术,提出了一个认证的基于身份标识的贡献式MANET组密钥协商管理协议CEAGKP,协议执行圈数为常数,且通信量较小,能够适应MANET无线通信的特点;当群组成员增加时,新成员的秘密份额可以作为计算群组密钥的一个参数,而且原有成员的秘密份额不需改变;当群组成员减少时,离开的群组成员的秘密份额不会参与新群组密钥的计算,保证了组密钥的前向安全性与后向安全性;协议提供了显式的密钥认证性,能够较好地适应于高安全性要求环境。仿真试验表明,CEAGKP协议伸缩性较好,但由于认证性带来的协议计算量较大,组密钥建立时间较长,而这在安全性要求较高的场合下是值得的。将规模和能量节省的原理引入网络分簇中,提出了一种基于规模一能量感知的分簇算法SECC。在对能量感知分簇算法WEAC分簇算法改进的基础上,引入规模的概念,对簇加以限制,以减少频繁更换簇首而增加的开销。仿真试验结果证明,采用SECC算法的分簇MANET网络生存性较WEAC算法更强,且SECC比WEAC更适合于大规模的网络,可避免网络频繁更换簇首的问题。考虑到分簇对网络结点能量的影响,在SECC分簇算法的基础上引入了TESLA认证方案,采用HiM-TORA的树形组播寻路机制,提出了一种基于SECC分簇的安全组播路由协议BCSMR。通过计算量较低的对称密钥算法的安全假设,能够安全地构建覆盖所有组播组成员的组播树,且在路由建立的阶段就能对成员的身份和相关信息进行认证,有效地防止了对组播路由的各种攻击。论文对MANET组播安全的关键技术进行了深入细致的研究,针对军事应用环境下组通信的安全问题给出了有效的解决方案。论文的研究成果在MANET中具有良好的应用前景。更多还原

【Abstract】 Mobile Ad Hoc Network(MANET) is a kind of self-adapted and self-organized information network characterized by lack of infrastructure,mobile nodes and distributed network protocols. The property of distributed processing and mobility gives MANET some good application features, such as high survivability,robustness and quick deployment.And now MANET is a hot topic in the network research.The typical application of MANET includes that mobile nodes achieve a certain job in groups. So multicast plays an important role in MANET.The development and perfection of multicast techniques is an important power to promote the wide spread of MANET.Security is critical to the application of MANET multicast.The security threat to MANET multicast is more severe due to the poor physical security,more attack chances by the broadcast communication mode,etc.With the limitation of mobility and self-organization and limited resource of MANET,providing secure multicast communication becomes a hard problem.The secure multicast protocol and group key management suitable to the character of MANET has not been sufficiently studied yet.Studying and eventually solving the security problem of MANET multicast has important practical meaning and great research significance.Considering the challenge of MANET multicast security and the deficiency of current work,this dissertation works on the key techniques of MANET multicast,such as public key management,group key management and secure multicast routing protocols,etc.,hoping to provide security mechanism to the multicast communication in military MANET applications.The main contribution of this dissertation includes:First,we present an ID-based public key management scheme using the basic ideas of secret sharing of threshold cryptography and the partially distributed CA under the assumption of managed hostile application environment.The scheme decreases the computation and storage of mobile nodes with reduced commutation overhead.The security is also improved for the initially existence of the off-line trued third party.The scheme provides high availability and security due to the distributed public key management model and gives a good solution to the problem of public key revocation dependent on the localized trust model.The server nodes of public key management can be dynamically adjusted to adapt to the dynamic nature of MANET.The simulation proves that the key refresh mechanism has little effect on MANET communication.Second,we put forward an ID-based authenticated group key management protocol CEAGKP. The algorithm introduces the key tree of STR protocol that has minimum traffic in fixed network environment combined with the ID-based public key cryptography.The protocol executes in constant round with small traffic and well suits the wireless communication mechanism of MANET. While group members increase,new member’s secret contribution will be an argument to calculate the new group key with no change to the original members’ share.And while the group member exits,the departed member’s secret contribution will not be involved in the new group key.The forward secrecy and backward secrecy property of the group key is kept.The protocol provides the explicit authenticity of the group key and is advisable to applications that have high security requirements.The simulation proves that CEAGKP scales well in MANET but the computation will be relatively large for the reason of authentication.Considering the security provided by CEAGKP,the computation is reasonable.Third,we introduces the principle of scale and energy to the network clustering and put forward a clustering algorithm named Scale-Energy Cognitive Clustering Algorithm(SECC ).It is an improvement to Warning Energy Aware Clusterhead by introducing the conception of scale to constrain the cluster’s size in order to reduce the change of clusterhead.The simulation proves the validity and feasibility of SECC by comparing the network survivability when using SECC and WEAC algorithm.SECC is more suitable to large MANET and can effectively avoid the problem of frequent changing clusterhead.Forth and the last one,we put forward a secure multicast routing protocol BCSMR.Considering the effects of clustering over node’s energy,BCSMR protocol builds on the base of SECC and the HiM-TORA routing mechanism,and introduces the TELSA authentication scheme which using the symmetry encryption algorithm that has low computation cost.BCSMR can securely build the multicast tree covering all group members and effectively prevent various attacks over multicast routing by means of authentication of the member’s identity and other information during the phase of route establishment.We give a thorough and detailed research on the key techniques of MANET multicast security in this dissertation and present effective solutions which exhibit excellent application futures under the assumption of military application environment.更多还原