【作者】 杨亚涛；

【导师】 胡正名；

【作者基本信息】 北京邮电大学 ， 信息安全， 2009， 博士

【摘要】 作为下一代宽带无线接入网络采用的架构,无线多跳网络大多没有完善的网络基础设施,无线信道完全开放,网络也缺乏自稳定性。数据在无线环境下进行多跳传输,失去了有线网络的封闭性保护,对无线多跳网络环境下的用户认证、授权、密钥管理、数据保护等相关安全机制也带来了更大的新的挑战。无线Adhoc网络是一种典型的不依赖于基础设施的由移动节点动态构建的无线多跳网络,它采用无中心的分布式控制方式,具有较强的自组织性和抗毁性;无线Mesh网络(Wireless Mesh Network,WMN)是从Adhoc网络分离出来,并承袭了部分WLAN技术的一种新的网络技术,具备多跳、高容量、高速率及分布式的特点。本文对无线多跳Adhoc网络和无线多跳Mesh网络的架构和安全机制进行了分析研究,重点研究了无线多跳Mesh网络的相关安全机制,提出了多个新的解决方案和观点。本文的研究成果及创新点体现在以下几个方面:1.针对分布式分级分簇的Adhoc网络,定义了一种基于信任值更新的数学模型,提出了基于信任值更新模型的簇头代理和成员监督的认证机制,增强了认证的安全性,减少了认证和密钥协商的数据通信量,提高了密钥传输的效率。2.描述了一种无线多跳Mesh网络下的认证框架与方法,该方案基于Kerberos机制,采用了身份认证与接入授权分开进行的设计思路,减少了周期性认证的交互流程,实现了分级授权。伪随机序列在无线多跳网络的用户认证、密钥协商、数据保护等方面具有重要的应用价值,基于超混沌模型,阐述了把超混沌序列降维后用来设计伪随机序列的思想,提出并设计了新型的降维算法,并对所设计的超混沌序列性能进行了深入地分析研究。研究表明:产生的新型混沌伪随机序列具有很好的复杂度和扩散均匀度,为新型伪随机序列的生成提供了另外一条解决思路。3.无线多跳Mesh网络的链路开放性,给用户通信数据的无线安全传输带来了较大挑战。为了能使用户在异地接入无线多跳Mesh网络的通信数据得以安全密态传输,提出了一种新的STA通过非归属MAP(Mesh AccessPoint)安全接入二层连通的无线多跳Mesh网络时的认证与密钥协商协议SAVAKA(Secure Access Visitor Domain Authentication and Key AgreementProtocol),保障了非归属MAP节点以及其他多跳MAP节点不能获取用户终端的数据通信信息。在Canetti-Krawczyk模型下完成了SAVAKA协议的设计与形式化安全性分析与证明,不依赖上层的安全方案保护,解决了STA通过非归属域接入Mesh网络时的用户通信数据私密性问题,方案还能支持多网关模式下无线多跳Mesh网络的用户无线接入。思路新颖,具有较强的实际意义和应用价值。4.为了解决移动用户通过无线多跳Mesh网络接入时的安全认证问题,首先提出了一种预认证的安全切换机制,该方法采用MN(Mobile Node)广播消息的方式,接入认证与安全切换同时进行,实现了双向的提前认证,减少了MN与归属域的交互流程,提高了接入时的认证效率。其次,基于Asmuth-Bloom门限机制,设计了多服务器的无线Mesh网络门限认证系统模型,描述了具体的无线接入和认证流程。在该系统中,采用门限机制,只有认证服务器组中的成员才可以执行有效的认证过程,保证了接入认证过程的安全性,也避免了假冒攻击和单个服务器被攻陷。5.无线Mesh网络环境下,信息通过开放环境下的多跳节点中继传输,种种不规范的网络行为难以监管和控制。为了解决用户通过无线Mesh网络进行发帖行为的不可抵赖问题,提出了一种基于用户行为认证码来实现用户通过Mesh网络接入Internet的网上业务操作不可抵赖的方法,设计了用户行为认证码,完成了在Mesh网络的MAC层对应用层数据的多网关模式的认证处理,通过对现有网络协议栈进行合理改进,实现了无线Mesh网络中用户的发帖行为可控,发帖事件可查的安全目标。6.在无线多跳网络中,由于动态变化的网状拓扑结构和不稳定的节点连通性,要建立任意两个通信节点间直接的信任关系会比较困难。提出了群推荐的概念,在基于群推荐的基础上,提出了一种新颖的动态的综合无线多跳网络安全信任模型,该模型克服了已有移动自组网络信任模型的若干局限性,通过对节点行为进行综合评估,为网络中节点之间的合作和安全决策提供更细致和精确的依据,并能动态反映信任关系的变化状况,为通信节点是否可信确立了一个较为明确的判断标准。本模型能够较好地抵抗恶意节点的欺骗行为,提高了节点的可信度,能有效解决认证机制中的盲目信任问题。更多还原

【Abstract】 As a framework being adopted by the Next Generation Broadband Wireless Access Network (NGBWAN), the channels in Wireless Multi-hop Network (WMHN) are open completely, its self-stability is scarce and fixed network infrastructure is also not perfect compared with wire internet network. The data is transmitted by multi-hop manner in wireless environment, its protection methods used in wire network can be missing, which brings more and new challenge to the secure mechanism such as authentication, authorization, key management, data protection in wireless multi-hop network.Being as a typical WMHN, Wireless Mobile Adhoc network (MANET) is composed by mobile nodes dynamically and is independent of fixed network infrastructure, it adopts the center-less and distributed control fashion, possesses many merits, such as self-organization and anti-destruction; Wireless Mesh Network (WMN) derives from wireless Adhoc network and holds some characters of WLAN, which has the feature of multi-hop, large capability, high speed and distributed. The secure structure and secure schemes in MANET and WMN are analyzed in the dissertation, the secure mechanisms related with WMN are researched emphatically, and then, many novel solutions and view points are proposed.The research production and innovations are mainly embodied from the following aspects:1. As for as distributed Layered and Grouped Structure (LGS) wireless Adhoc network, a Trust-value Updated Model (TUM) in LGS Adhoc network is defined, then, we put forward a new authentication mechanism with cluster head agent and member surveillance, which can cut down the data traffic of authentication and key agreement between nodes, hence the node authentication and key transmitting efficiency is improved. 2. An authentication framework and method in WMHN is described, based on the Kerberos method, it adopts the idea of actualizing identity authentication and access authorization by respectively, which reduces the periodic authentication flow and implements the classified authorization. Pseudorandom sequence has important application value in many security aspects, such as user authentication, key updating and data encryption in WMHN. Based on the hyperchaos model, we address the idea that hyperchaos system is applied to design the pseudorandom sequence after its dimension being decreased, the algorithm of novel dimension-lowered is proposed and designed, and the capability of hyperchaos sequence is analyzed in detail. Study shows that the novel chaos pseudorandom sequence has good complexity and well-proportioned stochastic diffusion, another stochastic sequence designing method is achieved.3. It causes a great challenge to user’s secure communication because of the exposed wireless channel in multi-hop Mesh network. To ensure the data security when user accesses wireless Mesh network through the visitor domain but not its home domain, a new Secure Access Visitor Domain Authentication and Key Agreement Protocol (SAVAKA) is proposed to accomplish the object that Station (STA) accesses the Connected Domain on Layer 2 (CDL2) in Mesh network through the Visitor Mesh Access Point (VMAP), which prevents the privacy information of mobile users from being acquired by Visitor-MAP nodes in wireless Mesh network. We analyze and prove the security of SAVAKA protocol by using of Canetti-Krawczyk model, without relying on the scheme protection from high layer, the issue of data privacy protection can be solved during STA accessing Mesh network through VMAP. Our mechanism also can support the wireless access with multi-gateway mode, which has better applied and referenced value.4. To solve the issue of user’s fast and secure authentication during the stage of access the wireless multi-hop Mesh network, a new secure handoff authentication with pre-authentication scheme is designed and proposed, in which, the access require messages from Mobile Node (MN) are broadcasted, the process of access authentication and handoff are carried out at the same time, proposed mechanism reduces the working flow between the mobile node and its home domain, and also can improve authentication efficiency during access period. Then, the scheme of threshold authentication with multi-servers is proposed based on the Asmuth-Bloom threshold technology, and then wireless access and authentication flow are designed and described. Only the members within Authentication Server Group (ASG) can carry out the valid authentication process, our method can avoid the fraudulent attack and can prevent single authentication server from being captured, so, the validity and security of authentication process can be guaranteed.5. It is not easy to supervise and manage the nonstandard and illegal network behaviors in open wireless environment with multi-hop relay transmission in Mesh network. To solve the problem of non-repudiation from user’s topic behavior in wireless Mesh network, a novel non-repudiation scheme for network-operation is proposed based on the user Behavior Authentication Code (BAC), we design the user BAC, and in MAC layer of Mesh network, reconstruct and improve the protocol stack and authentication frame from application layer in multi-gateway mode, which ensure the secure object of topic behavior’s controllability and detectability.6. There are many difficulties to establish the direct trust relation between any random nodes because of dynamical network topology structure and unstable node connectivity in wireless multi-hop network. The concept of Group Recommendation (GR) is presented. Based on GR, a novel dynamic trust model for multi-hop wireless network is proposed, which overcomes the disadvantages of trust models existed in current movable self organized network. More precise trust judgment for the cooperation and communication between nodes can be provided through integrated evaluation on the node’s behavior in model, furthermore, the status change of trust relationship can be revealed, and the integrative trust criterion between the nodes can be established effectively. This new method can stand against the cheating behavior from hostile nodes preferably, which solves the problem of blind trust effectively during the authentication process in multi-hop wireless network.更多还原