【作者】 张长伦；

【导师】 何德全； 刘云；

【作者基本信息】 北京交通大学 ， 信息网络与安全， 2008， 博士

【摘要】 移动Ad Hoc网络是一种新型的无线移动网络,它不需要预先铺设基础设施,组网快速灵活,具有广阔的应用前景。然而,网络拓扑结构动态变化、无线传输带宽有限和移动终端能源受限等特性也带来了许多新的安全问题,所以需要研究适合移动Ad Hoc网络的新的安全方案和安全策略。保密性是许多安全服务的内在假设,而密钥管理是其成功实施的关键。由于不需要复杂的安全引导过程,自组织公钥管理已成为移动Ad Hoc网络密钥管理的一类重要可选方案。但是,现有的方案大多存在着认证成功率低、预热期长和扩展性差等问题。因此,分析移动Ad Hoc网络自组织公钥管理的特殊需求,给出合适的解决方案,对移动Ad Hoc网络安全技术的发展与应用都具有重要意义。本论文对移动Ad Hoc网络自组织公钥管理方案重点关注的认证度量、认证成功率、预热期、证书存储和通信量等关键指标及其影响因素进行了研究,并提出了相应的解决方案。本论文的研究工作受到了国家自然科学基金项目“Ad Hoc网络中公钥管理与性能评估技术的研究(No.60572035)”和通信与信息系统北京市重点实验室项目“智能化无线安全网关项目(No.JD100040513)”的资助。论文的主要工作与创新点如下:1.针对一些采用信任分级来度量信任关系的应用环境,提出了一种基于离散度量的云信任模型。模型引入信任基云和接受因子对实体之问的信任关系进行描述,将实体之间的信任程度和信任的不确定性统一起来,表达了信任表述和推理中存在的模糊性和随机性,相应的信任推理机制可以处理信任推荐和多路径信任综合,实现信任关系的传播。仿真实验表明:与现有模型相比,本模型的信任推理能产生较高的合作成功率及良好的抗攻击能力。2.针对网络层数据等信任数据源多采用连续度量模式处理的应用环境,提出了一种基于连续度量的云信任模型。模型基于上下文环境等因素给出新的信任云的定义和计算方法,在充分考虑不同信任云的权重对信任结果的影响下,给出基于连续度量的信任云推理机制,并利用信任数乘处理不同上下文环境的信任综合。仿真实验表明:该模型能够很好的评估节点问的信任关系,有效的检测恶意节点。3.提出了一种路由已知的信任路径查找方法。该方法充分利用局部信任信息以及可能存在的路由信息,缩小信任路径查找的范围,降低了通信量。4.提出了一种产生小世界证书图的方法。该方法对移动Ad Hoc网络进行分簇,在随机选取的两个簇首之间以一定的概率签发少量的证书,使形成的证书图具有明显的小世界现象,从而提高了节点交换和收集证书信息的效率以及公钥认证的成功率。仿真实验表明:基于这种小世界特性的证书图认证成功率可以达到80%以上,比原有方案约50%的成功率有很大提高,同时也缩短了预热期。5.提出了一种增强的移动Ad Hoc网络自组织公钥管理方案。该方案在证书库创建的过程中采用主要依靠局部信息交换的原则,同时把小世界特性和信任模型应用到公钥管理的证书颁发、证书维护和公钥认证等各个操作之中。分析表明:增强的自组织公钥管理方案较已有方案提高了认证度量的可靠性,减小了证书库创建的通信量,降低了算法的复杂性,具有良好的可扩展性。随着移动Ad Hoc网络的自组织公钥管理方案的性能不断改善,其应用领域也会逐步推广,研究工作会得到进一步发展。更多还原

【Abstract】 A mobile Ad Hoc network(MANET) is a new special type of wireless network.It has wide application prospect without the need of previous fixed infrastructure,which brings about flexibility as well as new secure issues.It needs some new security schemes and policies for its dynamic network topology,limited bandwidth and deficient terminal power.Cryptography is an internal assumption for most of security services,and key management is the core for its implementation.Requiring no heavy infrastructure and complex bootstrapping,self-organized public key management has become a potential candidate for key management in MANET.However,most of existing schemes have a long warm-up period,low authentication success rate and poor scalability.It is necessary to study its special requirements and propose an efficient self-organized public key management scheme suitable for MANET.This thesis studies self-organized public key management in MANET and two important factors influencing its efficiency:small world characters of certificate graph and public key authentication metric in MANET.Some schemes are provided in this thesis to resolve the issues.The research work of this thesis is supported by National Natural Science Foundation of China(No.60572035) and Beijing Municipality Key Laboratory of Communication and Information System(No.JD100040513).The main innovations of the thesis are as follows:1.A new cloud-based discrete metric trust management model is proposed for the hierarchical trust metric.According to the limitation of the reasoning mechanism of the existing cloud-based discrete metric trust model,base-cloud and accept factor are introduced to unite the trust degree with its uncertainty and solve the problem of fuzziness and randomicity in description and reasoning of trust relationship.The reasoning mechanism of trust cloud can deal with the trust recommendation and synthesis of multiple trust paths,and implement the propagation of trust relationship.The simulation results show that the proposed model can lead to higher cooperation successful rate comparing to the previous models.2.A new cloud-based continuous metric trust management model is proposed for some application in which data source of trust relationship are processed in continuous metric.The model gives new definition of trust cloud and its computing approach.Considering the weight of trust cloud,a series of trust cloud operations are designed to implement the trust recommendation and trust propagation. Simulation results show that the proposed trust model can evaluate the trust relationships among nodes and detect malicious nodes effectively.3.A route-aware trust path searching approach is proposed.It uses local trust and route information to reduce path searching range and communication overhead.4.A new approach is proposed to create small world certificate graph based on clustering.The certificate graph emerges apparent small world phenomenon by signing a few certificates among cluster heads,which increases the efficiency of exchanging and collecting certificates.Simulation results show that the proposed small world certificate graph can reduce the warm-up period and increase the authentication success rate to about 80%which is higher than previous schemes’5.An enhanced self-organized public key management scheme is proposed which depends on local information exchange in building certificate repository.In the scheme,the small world property and trust model are utilized in the operations, such as certificate issue,certificate maintenance and key authentication.Analysis and simulation results show that the enhanced scheme increases the reliability of authentication,reduces the communication overhead and complexity in building local certificate repository,and has well scalability.The research work on self-organized public key management in Ad Hoc networks will be further on with the extension of its application.更多还原