【作者】 李冲；

【导师】 张志鸿；

【作者基本信息】 郑州大学 ， 计算机软件与理论， 2011， 硕士

【摘要】 由于Ad Hoc具有动态拓扑结构、缺乏固定基础设施的特点,因此它的安全性面临着特殊的困难。在Ad Hoc安全体系中,密钥管理处在核心位置,并且起着基础性作用。本文在对当前密钥管理进行深入研究基础上,重点研究基于簇的密钥管理协议。在研究中,本文引入结点移动性、分类预配置、次级簇头域、任务分派四种基础机制,在此基础上,按照结点位置关系建立四种类型身份认证与密钥协商协议。考虑到簇头的核心作用,本文引入Subsequent Cluster Head Domain(SCHD)概念,它是簇头的分布式镜像,并且它以冗余的形式保存簇内信息。此外,结点移动性可以交换公钥证书与建立信任关系,本文在研究中把它作为增强网络扩展性与优化网络性能的基础机制。鉴于移动终端计算与存储能力的增长,本文引入分类预配置机制,它不仅使得不同结点在物理上趋于同质化,而且使得它们执行异质化任务能力增强。本文中,任务分派机制作为任务分派网关,它的作用首先确定结点位置关系,然后决定相应身份认证与密钥协商模式。在不同模式下,协议主体按照信任值的高低,从SCHD选取结点作为CA。当协议发起者向CA发起请求时,CA使用主动推送机制把发起者信息推送给协议响应者。本文利用strand space证明了不同模式下协议的可认证性与私密性。通过这些工作,本文提出的密钥管理协议最大限度避免单点失败出现、有效抵抗被动流量攻击、简化群组密钥协商、增强网络扩展性、优化网络性能。更多还原

【Abstract】 Because Ad Hoc have the features of lack of fixed infrastructure and rapid deployment, so, the security of it face the special difficulties. Key Management is at the core of security system of Ad Hoc, and plays a fundamental role. This paper makes a deep research of the current Key Management programs, and especially the cluster-based Key Management. In the research, this paper pulls in the fundamental mechanism of Node mobility、classified pre-configured、Subsequent Cluster Head Domain(SCHD)、task dispatch, on the base of them, according to the position relationship of nodes, this paper develops four kinds of authentication and key management protocol. Considering the coral function of cluster head, this paper introduces SCHD, which is the distributed image of cluster head and memory the information of cluster in redundancy. Besides, node mobility exchange public key certificate and establish trust relationship, which is considered as fundamental mechanism of enhanced network extension and optimal network performance. In term of the increase of mobile terminal’s computation and memory, this paper introduce classified pre-configure mechanism, which not only make different node tend to homogenization in physics, but also, make them enhance the capacity of execution of heterogeneity task. In this paper, task dispatch which is act as gateway of task dispatch, whose function is to determine the position relationship of nodes, then decide the relevant authentication and key management. In different programs, according to the trust value, the principals select the node as CA from SCHD. When the initiator requests to CA, the CA node actively pushes the information of initiator to responder. This paper make use of strand space to verify the authentication and confidential of protocols base on different programs. The Key Management protocol this paper to maximum extent avoid the failure of single node、efficiently defend the attack of passive flow analysis、simplify the key management of group、enhance network extension、optimize network performance.更多还原