【作者】 谢海涛；

【导师】 杨宗凯；

【作者基本信息】 华中科技大学 ， 通信与信息系统， 2009， 博士

【摘要】 随着无线自组织网络研究的逐渐深入，无线自组织网络的组播安全问题成为研究的热点之一，无线自组织网络中，很多网络功能，包括路由、邻居发现、密钥分发和拓扑控制都是面向群组的，需要一个发送节点将相同的信息发送给多个接收节点，对于需要机密传输的敏感信息，采用安全组播通信模式，能有效的降低网络传输负载，提高带宽利用率，因而在网络会议、车载通信、无线MESH网、战地自组织网等领域有着广泛的应用。组播密钥管理是组播安全研究的核心问题，在无线自组织网络中，由于其特有的移动性和开放性等特点，使得无线自组织网络的组密钥管理面临很大的挑战。首先，由于无线自组织网络无中心节点，无固定基础设施支持，如何在分布式的环境中对节点身份进行认证，是无线自组织网络组密钥管理面临的首要问题。对于大规模自组织网络，采用完全集中式或完全分布式的组密钥管理的方式容易形成系统单一失效点、产生网络分割、不同步等问题，实际应用中宜采用结合集中式和分布式优点的分散式的组密钥管理框架，子组中心管理和用户子组管理是框架的两个管理层次，对子组中心管理关注的是组密钥分发的安全性和效率，如何实现分布式身份可验证的组密钥分发是自组织网络组密钥管理的关键问题。其次，对于用户子组管理，由于只是在子组范围内的局部区域中进行的，一般采用树型的集中式管理方法，组密钥更新问题是目前该领域研究的重点，现有的方案大多基于平衡密钥树的思想进行构建，组密钥的更新问题主要是为了解决在成员加入和退出组时，能够提供满足组密钥更新的前向安全性和后向安全性条件下，如何提高组密钥更新的效率，尽量降低组密钥的更新开销，是自组织网络平衡树组密钥更新研究的核心问题之一。最后，采用非平衡的Huffman树可以保证理论上最佳的组密钥更新效率，实现平均用户密钥更新代价最低，但在实际应用中，由于成员加入或退出组的概率无法准确预估，而且Huffman树实际上是一个静态树，无法随着成员进出组的预估概率进行动态变化，如何提高Huffman树的动态性，提供实际可性的用户概率模型，是自组织网组密钥更新研究的另一个重要方向。本文针对上述问题，从如下三个方面研究无线自组织网络的组播密钥管理问题：(1)无线自组织网络组播密钥生成研究；(2)平衡树组播密钥更新研究(3)Huffman树组播密钥更新研究。以上工作得到了国家自然科学基金“基于网络效用最大化的无线传感器网络研究”(No．90104033)和“自组织认知无线电网络关键技术研究“(No．60602029)的资助。本文取得研究成果包括如下几个方面：1．无线自组织网络组密钥分发技术：对无线自组织网络的身份认证机制进行研究，针对无线自组织网络分布式无中心的特点，提出一种本地化的基于身份密码体制，简化身份认证过程；对无线自组织网络组密钥管理框架进行研究，并分析了子组中心管理、用户子组管理和子组间切换这三个关键技术，对子组中心管理问题，提出了一种分布式可容错的组密钥分发和重构算法，增强了分发的安全性和效率。2．平衡树组密钥更新技术：对子组中心管理方法进行分析，针对目前组密钥更新方案中离开节点更新开销大的问题，提出了一种基于M维几何球形的组密钥更新算法，并提出一种批量更新策略，降低了组密钥更新开销。3．Huffman树组密钥更新技术：针对现有算法中Huffman密钥树只能静态创建，而无法动态调整的问题，提出了一种根据用户进出组的频率而自适应调整的Huffman树组密钥更新算法，使得用户动态进出组时，实现在保证组密钥更新安全性前提下，能始终保持Huffman树用户平均密钥更新代价最小。更多还原

【Abstract】 With the rapid development of Mobile Ad hoc Network(MANET) and multicastcommunication techniques, the security of multicast key for MANET has attractedmore and more attention. How to realize a secure, efficient and facile group keymanagement for MANET via insecure wireless network is a challenge for research,Some typical scheme for group key management can’t be used in MANET directly.there are some problems existing in group key management for MANET asfollowing:Firstly, because the character of MANET is no central node for distributing andmanaging CA, and no node can be trusted by all other nodes in networks, how togenerate group key and distribute it to all members of group, securely and efficiently,fault torrent and distributed as well, is the most field be worth researching. For alarge-scale Ad hoe networks, because the number of nodes is numerous and mobile, itis easy to gernerate network split and un-synchronization, A cluster-based structurenetwork is often used to manage the route and member of group, but the roamproblem caused by hostility nodes who roam from one cluster to another frequently,will immerse network performance deteriorated deeply. How to provide security andusability of group key when some nodes roaming is an important challenge.Secondly, most of typical scheme for MANET multicast reking are based inbalanceable key tree, the most import problem of multicast reking is providingforward security when member leaves and backward security when member join, then,how to improve efficient of multicast reking, decrease the cost of reking, is the coreproblem of balanceable key tree for MANET multicast reking.Thirdly, Huffman key tree is used for providing the most efficent of grouprekeying theoretically, who can realize the least average cost of group rekeying. Butin fact, because the probability of leaving member can’t be predicted accurately, andthe Huffman tree is a static tree, How to provide an dynamitic and adaptive Huffmankey tree, is another important field of multicast rekeying. For solution of above three problem, this paper is focus on group keymanagement in MANET as follows: (1) research on generation and distribution ofgroup key for MANET; (2) research on balanceable key tree for group rekeying;(3) research on Huffman tree for group rekeying.(1) research on generation and distribution of group key: First we use secretshare and Id-based key technique to estabilish Id-based key system in MANET, inwhich system every node has an pair of key, the public key of nodes is his ID. Thenwe propose a fault-torrent and distributed group key generation and distributionscheme, by this scheme, we propose a group key management for cluster-based Adhoc network.(2) research on balanceable key tree for group rekeying: Because most ofrekeying cost is caused by leaving member, we propose an M-dimension spheremulticast rekeying scheme, in this scheme, cooperation of brother nodes can improvethe efficient of rekeying cost when leaving member. Then we propose an batchrekeying scheme by M-dimension sphere.(3) research on Huffman tree for group rekeying: For solving the problem thatHuffman key tree can’t be adjusted dynamically but be statically established inscheme by now, in this paper we propose an adaptive Huffman key tree scheme formulticast rekeying, in our scheme, we can adjust the structure Huffman key treeadaptively with the frequent of users join in or leave from multicast group before now,because that the frequent denote the probability of this group member who shouldjoin in or leave from group in future. By the analysis, we prove that our scheme canprovide the security of multicast rekeying, as well as can ensure the condition that theaverage cost of rekeying is minimum value, even when adjusting Huffman key treedynamically.更多还原