【作者】 刘志远；

【导师】 崔国华；

【作者基本信息】 华中科技大学 ， 信息安全， 2007， 博士

【摘要】 无线自组网络(无线Ad hoc网络)是由一组带有无线收发装置的移动终端组成的一个多跳临时性自治系统,移动终端具有路由功能,可以通过无线连接构成任意的网络拓扑,这种网络可以独立工作,也可以与Internet或蜂窝无线网络连接。与普通的移动网络和固定网络相比,无线Ad Hoc网络具有无中心、自组织、多跳路由、动态拓扑等特点。这些特点使得无线Ad Hoc网络在体系结构、网络组织、协议设计等方面都与普通的蜂窝移动通信网络和固定通信网络有着显著的区别。无线信道的开放性和不稳定性使得无线Ad Hoc网络面临着较大的安全风险;由于和有线网络的巨大差异,现有众多的安全方案和技术并不能直接用于无线Ad Hoc网络,而且无线Ad Hoc网络环境的复杂性和不稳定性也使得安全目标的实现比较困难。从Ad Hoc网路的安全需求和现实基础出发,对相关理论和关键技术进行了广泛深入的研究。着重分析了无线Ad Hoc网络易于遭受的攻击,并集中了讨论无线Ad Hoc网络的路由安全、密钥管理等关键问题。主要工作包括以下几个方面:(1)采用具有信息论安全的非交互可验证承诺方案,结合Shamir门限秘密共享方法,构造了一个非交互式可验证的生成(k, n)门限秘密共享的多方安全计算方案。协议中的验证过程可以防止参与者的欺骗行为,可以抵抗少于k个参与者的合谋攻击,具有高安全性。秘密共享的产生是非交互式的,具有较高的效率;(2)对移动自组织网络节点间的认证技术进行了研究。分析了目前移动自组网络中适用的认证协议和方法,设计了一种基于签密的无线Ad Hoc网络身份认证方案,并且通过分析证明,该方案在无线Ad Hoc网络环境中有较高的安全性;(3)研究了移动自组织网络的组密钥管理技术。结合基于身份的认证技术和门限密码技术,设计了一种基于身份的分布式组密钥管理方案IBDGK。方案具有安全、健壮和自适应性特点,能容忍恶意节点的参与,并且能有效地追踪恶意节点和抵制合谋。模拟实验表明与其它一些方案相比,当组规模不大时,方案在性能上具有显著的优势。而在大规模条件下性能差别不大;(4)对无线Ad Hoc网络中的信任问题进行了研究。为了更好的抵御行为异常节点对路由机制的干扰,在节点推荐的基础上设计了一种基于移动自组网络环境的信任模型,并给出了该模型的数学分析和分布式实现方法;(5)对无线传感器网络中路由协议的安全问题进行研究,分析了LEACH路由协议可能受到的攻击。设计了一种安全的LEACH协议(SLEACH),引入了节点间的安全认证方案,并对该方案通过BAN逻辑语言进行了证明。通过信誉机制遏制内部异常节点的自私行为。仿真结果显示,SLEACH在性能上的影响是可以接受的;(6)对无线传感器网络访问控制技术进行了研究。分析了无线传感器网络访问控制中隐私资源保护的安全目标,设计了一种基于属性的隐私资源保护方案。方案不仅满足安全目标,而且一次通信就能完成隐私资源的交换。最后方案还被证明具有IND-CCA2语义安全性。另外,在无线Ad Hoc安全理论和应用等研究问题上还提出了一些新的想法,这些可能是将来值得研究的内容。更多还原

【Abstract】 Wireless Ad Hoc network is a multi-hop temporary autonomous network system with a group of wireless mobile terminals. The terminals have the routing function, and it can construct any network topology. Ad Hoc networks can work solely, and it also connects internet or cellular networks. Comparing with regular mobile network and fixed network, Ad Hoc networks are non-center, self-organize, multi-hop and dynamic topology. These characteristic makes many differences in architecture, network organization and protocol designing. Wireless networks risk much more due to their open and instable wireless channels. As ad hoc networking somewhat varies from the traditional approaches, the security aspects that are valid in the networks of the past are not fully applicable in wireless Ad Hoc networks. And it is difficult to realize the security goals for Wireless Ad hoc network because of its complexity and instability.Aiming the secure requirement and practical base, this paper researches the related theory and pivotal technology. We study the security goals to be achieved and the threats wireless Ad Hoc network faces, and we focus primarily on the routing security and key management in wireless Ad Hoc network. The main tasks include several aspects:(1) Based on the non-interactive and information-theoretic secure verifiable commitment scheme and combined with Shamir’s threshold secret sharing scheme, a multi-party secure computation scheme that generates a (k, n) threshold secret sharing was constructed in this paper. The scheme enjoys high security at the verifying stage. It can avoid any participant to cheat in the protocol and resist less than k participants’coalition. The scheme is high efficient, because the generation of shares of the secret is non-interactive. In addition, we gave the proof of security and analyzed the performance of our scheme.(2) Analyzes mobile node authentication in Mobile Ad Hoc Networks. The proposed authentication scheme based on Signcryption could be used to realize efficient and secure authentication in distributed mobility environment, and to generate non-interactive session keys between two mobile nodes.(2) Studies the group key management scheme in Ad Hoc Networks. Based on the identity-based authentication mechanism and threshold cryptography, a new identity-based distributed group key management scheme (IBDGK) is proposed. The proposed scheme has the characters of security, robustness and self-adaptability. It can resist coalition attacks and effectively trace the malicious nodes. Compared with other relevant research work, the proposed schemes have better security and efficiency.(3) Studies the trust management in Ad hoc Network. Presents a novel global trust model and gives a distributed implementation method. Mathematic analyses show that, compared to the current global trust model, the proposed model is more robust on trust security problems.(4) Analyzes the wireless network secure problem and proposes a secure LEACH routing protocol. It induces the secure authentication and uses the BAN proving it. The reputation mechanism ensures that the selfish node will abide the protocol. The result of simulation shows that SLEACH has the acceptable affect.(5) Privacy preservation is the vital problem to access control of the Wireless Sensor Networks. The schemes proposed recently can not resolve those troubles in privacy preservation very well, such as confidentiality, or leaking additional privacy information. The target of security about privacy preservation is discussed, then an identify based privacy preservation scheme is proposed, which not only satisfies the security target, but also need only one communication. Finally, the scheme proposed is IND-CCA2 secure.Additionally, some new considerations are discussed in Ad Hoc Networks, which will possibly be the valuable research fields in future.更多还原