【作者】 胡光明；

【导师】 龚正虎；

【作者基本信息】 国防科学技术大学 ， 计算机科学与技术， 2007， 博士

【摘要】 移动自组网络是由移动节点通过分布式协议自组织起来的一种无线网络。它所具有的动态拓扑、无中心设施以及有限带宽与电能的特点,既使其具有广泛的应用前景,又使其面临很多问题与挑战。其中,安全问题就是移动自组网络所面临的重大挑战之一,也是当前该领域的研究热点。本文针对移动自组网络安全的关键技术进行了深入的研究,对安全分簇、密钥管理和信任管理及安全路由协议等重要问题提出了相应的算法、模型与解决方案。模拟实验与性能分析表明,这些算法、模型与方案能有效地提高移动自组网络的安全性能,具有重要理论意义与应用价值。本文的创新性工作主要体现在如下几个方面:1.提出了基于最大稳定链路数的安全分簇算法(MSLBSCA)本文提出了一种基于最大稳定链路数的安全分簇算法(MSLBSCA)。MSLBSCA算法采用了证书服务机制实现簇生成过程中消息的鉴别和授权节点的认证,还采用了DGKMF组密钥管理框架为每个授权节点生成相同的通信密钥。这样保证了分簇过程中通信报文的私密性,同时又降低了通信报文的加解密开销。此外,在簇首选择标准上,充分考虑了节点间的相对移动性。能依据连续接收到的邻居节点的信号强弱变化来判断节点间相对移动的方向与速率。MSLBSCA算法克服了类似研究中对信号传播模型的假设过于理想化的缺点,更适用于真实环境。模拟结果表明,MSLBSCA算法与同类算法相比,能生成更稳定的簇结构,具有更低的通信开销和更好的公平性。2.提出了一种适用于簇结构移动自组网络的密钥管理方案,并在此基础之上设计了一种基于加密认证的安全路由协议(CBSRP)为了给簇结构移动自组网络提供完整的安全保障,本文提出了一种适用于簇结构网络的密钥管理方案。此方案的密钥管理分为簇间与簇内两种情况:簇间采用了(k,n)门限加密思想;簇内密钥管理则通过簇首节点负责各成员节点的密钥协商与分发。这种分层管理模式极大地降低通信的时间开销与带宽需求。在此密钥管理方案基础上,设计了基于加密认证的安全路由协议(CBSRP)。CBSRP采用证书签名与加密相结合的机制协商共享会话密钥,并使用会话密钥来保证数据传输的安全性,加解密开销较小。安全分析表明,CBSRP协议能够有效地抵御伪造路由信息、修改路径长度等多种攻击。模拟结果表明,尽管密钥管理机制带来通信延迟时间的适度增加,但CBSRP协议在报文送达率、路由开销等方面都具有较好的性能。3.提出了一种适用于簇结构移动自组网络的信任管理模型(CMBTM),并在此基础之上设计了一种基于信任的安全路由协议(TBSRP)基于加密认证的路由协议无法有效地阻止授权节点被俘获或接管后对网络的蓄意破坏,而基于信任的路由协议则能够较好地解决此类问题。通过分析总结移动自组网络与人类社会网络的相似性,本文提出了基于中心性测量方法的信任模型(CMBTM)。CMBTM模型采用有向图及邻接矩阵构建信任关系模型,并通过分布式迭代算法求解信任矩阵,从而得到节点的全局可信度值。在此基础之上,设计了一种基于信任的安全路由协议(TBSRP)。分析与模拟结果表明,TBSRP协议在识别、抑制恶意节点、维护网络的良好运转等方面具有良好的性能。本文的研究是国家自然科学基金项目“大规模移动自组网络安全技术研究”的重要组成部分,其成果对于保证移动自组网络在敌对环境下的通信安全性,具有重要的作用。更多还原

【Abstract】 Mobile ad hoc networks (MANETs) are self-organized wireless networks that are formed by mobile nodes through distributed protocols. Although the features of dynamic topology, limited bandwidth and energy, and the non-existence of central facilities ensure their widespread application prospects, these features bring about many new problems and challenges. Among them, the security problem is the biggest challenge, but the hottest spot in these research areas.This dissertation conducts in-depth investigation into the key techniques of MANET security, and proposes algorithms, models and solutions to the key issues, such as security clustering, key & trust management, and security routing protocols, etc. Simulation experiments and performance analysis show that these algorithms, models and solutions can effectively improve the security of MANETs, and are of significant theoretical and practical values. The main research achievements of this dissertation include:1) This dissertation presents a maximum stable link based security clustering algorithm MSLBSCAThis dissertation presents a Maximum Stable Link Based Security Clustering Algorithm (MSLBSCA), which adopts certificate service mechanism to realize the identification of messages and the authentication of authorized nodes during cluster generation. It also adopts the DGKMF group key management framework to generate the same communication key for each authorized node, and thus ensures the privacy of communication messages during clustering, and decreases the encryption/decryption overheads of communication messages. Furthermore, MSLBSCA well takes into account the relative mobility of nodes on the criteria for clusterhead selection. According to intensity variation of the signals which are successively received from neighboring nodes, it decides the directions and velocities of the relative motions between the nodes. In this way, MSLBSCA overcomes the drawbacks of over-idealization assumptions about signal transmission models in similar research, and thus is more applicable to realistic environments. Simulation results show that the MSLBSCA algorithm can generate more stable clustering structure and has lower communication overheads and better fairness, compared with the homologous algorithms.2) This dissertation presents a key management scheme for clustered mobile Ad hoc networks, and designs an encryption authentication-based security routing protocol based on this schemeTo provide comprehensive security assurance for clustered MANETs, this dissertation presents an key management scheme which is suitable for clustered MANETs. The scheme has two cases, i.e., inter-cluster and intra-cluster cases. The inter-cluster case adopts the technique of (k, n) threshold encryption, while the intra-cluster case lets the clusterhead nodes to be responsible for the negotiation and distribution of the keys of the member nodes. This layered management mode significantly reduces the time overheads and bandwidth requirements of the communications. Based on this key management scheme, the dissertation designs an encryption authentication-based security routing protocol CBSRP. CBSRP adopts a combined scheme of certificate signature and encryption to negotiate the sharing of session keys. It uses the session keys to ensure the security of data transmission, and has lower encryption overheads. The security analysis shows that our CBSRP protocol can effectively defend the attacks such as forged routing information and changing path lengths. The simulation results show that, despite a moderate increase of the communication delays caused by this key management scheme, CBSRP has better performances on message delivery rate and routing overheads.3) This dissertation presents a trust management model CMBTM that is suitable for clustered MANETs, and designs a trust-based security routing protocol TBSRP based on CMBTMEncryption authentication-based routing protocols cannot effectively cope with the scenarios when malicious attacks occur after the authorized nodes have been captured or taken over, while trust-based routing protocols can well solve this kind of problems. Inspired by the similarity between MANETs and human society networks, this dissertation presents a centrality measurement-based trust model CMBTM. CMBTM adopts directed graphs and adjacent matrixes to construct the trust relationship models, and it uses distributed iterative algorithms to solve the trust matrixes, and hence get the global trust values of the nodes. Based on these, this dissertation designs a trust-based security routing protocol TBSRP. Simulations and analysis show that the TBSRP protocol has very good performance when it is used to identify and suppress malicious nodes, and to ensure the proper running of the networks.The research of this dissertation is an important part of the Chinese National Science Foundation project Security Issues in Massive Mobile Ad hoc Networks. The results provide important guidelines for ensuring the communication security under opposition environments.更多还原