节点文献
MANET中安全认证与存取控制问题的研究
【作者】 朱杰;
【导师】 施荣华;
【作者基本信息】 中南大学 , 通信与信息系统, 2009, 硕士
【摘要】 MANET的发展已有很多年,很多相关技术都已非常成熟,但MANET中的安全问题一直都是阻碍其大规模普及应用的一个瓶颈,而MANET中存储控制方面的研究则相对较少。本文从两方面展开工作。安全认证方面,本文将MANET网络进行分域,各个安全域相对独立进行安全认证和通信加密。引入可验证秘密共享协议(VSS)进行局部域内的密钥共享,并在安全域内进行周期的密钥更新,有效防止移动敌手攻击。在节点通信安全方面应用基于域内终端领导者(EL)的验证方案,有效防止伪终端欺骗,在通信过程中通过对方的公钥进行信息的加密,有效地保证了通信的机密性,不被外界窃听。存取控制方面,在通过身份认证的基础上在安全域内引入基于角色的访问控制(RBAC)模型,在有备份终端领导者的前提下进行安全域内的权限集中控制,将角色与资源进行分类与分组,通过角色将用户与权限进行分离,通过对内权限管理以及对外权限管理的分割,有效保证了内部访问的及时性与灵活性以及对外访问的安全性。
【Abstract】 MANET has developed for many years, and many of its related technologies have been very mature. But the security problem of the MANET has been a bottle-neck hindering its large-scale application and popularization, and the research works about deposit && access control in it are not so abundant. This paper will make a research about these two aspects.About the problem of security identity authentication, the solution has divided the MANET network into several domains, with each security domain conducting its own relatively independent security authentication and communication encryption. The secrete sharing in the partial domain through introducing Verifiable Secret Sharing (VSS) Protocol and the periodic secrete sharing renewal in the security domain can prevent mobile adversary attacks effectively. As for the node communications security aspect, the verification program based on the end leader (EL) in the domain is applied to effectively prevent the false node deceit. The messages sent during the communication are encrypt by the sender using the receiver’s public key, by this way, confidentiality of communication is ensured effectively, and possible attacker also can not wiretap.As the aspect of deposit && access control, the RBAC model is imported into security domain with the basis of having finished the step of security identity authentication. First, we make a backup of the EL, then the solution choose centralized deposit && access control, roles and resources are grouped and classified, users and permissions are divided by roles, and management in security domain and within security domain are also split, with these ways, promptness and flexibility of in-domain access and security of within-domain access can be ensured effectively.