【作者】 付玉兵；

【导师】 戴青；

【作者基本信息】 解放军信息工程大学 ， 密码学， 2008， 硕士

【摘要】 移动自组网是由移动节点通过分布式协议自组织起来的一种无线网络,网络中没有基站等固定的基础设施,当有线网络不可使用时,如在战场通讯和紧急救援等任务中,移动自组网络提供了一种可行的地面通信和信息存取技术。随着移动自组网广泛应用于军事通信、户外会议、应急通信以及其他需要临时通信的场合,移动自组网安全技术研究越来越受到人们的重视。密钥管理是移动自组网安全研究中的基本问题,也是当前该领域研究热点之一,研究移动自组网密钥管理问题具有十分重要的意义。针对目前移动自组网中分布式CA构建方案中,为防止移动对手攻击,需要更新节点的子密钥,存在计算复杂和需要通过安全旁路分发子密钥等问题。针对以上问题,基于多重秘密共享的思想提出了一种移动自组网分布式CA构建算法,该方法无需维持专门的安全信道,同时采用更新系统密钥而无需更新各节点的子密钥的方式来防止移动对手攻击,分析结果表明该方法在系统密钥更新时复杂度优于现有方案,具有易于实现的优点。为减少证书和密钥管理的复杂性,基于身份的密码学提出一个移动自组网密钥管理方案。方案结合门限秘密共享与基于身份的密码学,避免了复杂的证书管理过程;与现有的基于身份的密钥管理方案相比,IDKM降低了运算开销与网络开销,并在一定程度上增强了安全性。在基于身份的密钥管理方案基础上,基于MANET网络按需组播路由协议ODMRP(On-Demand Multicast Routing Protocol)和基于身份的公钥密码机制提出了一种安全组路由建立和组密钥生成算法SODMRP(Secure On-Demand Multicast RoutingProtocol),该算法在组播路由发现过程中加入了认证,同时在路由发现的过程中生成组密钥,减少由于组密钥生成带来的网络开销和延迟。仿真结果证明SODMRP在组密钥生成成功率和延迟方面明显好于现有组密钥生成算法。为实现对方案的性能分析,在研究分析网络仿真工具NS-2特点的基础上,通过扩展NS-2中应用层、传输层、定时器、数据包等相关组件与数据结构,仿真实验了文中所提方案的初始化、私钥更新算法及密钥协商协议的性能,实验结果验证了所提方案的有效性。更多还原

【Abstract】 A mobile ad hoc network (MANET) is a special wireless network that is self-organized by mobile nodes communicating with each other using distributed protocols. MANET can work in absence of fixed infrastructures, such as base stations. When wired networks are not available, e.g. in battlefield communication and emergent search-and-rescue scenarios, MANET provide a feasible way for communication and information access. With the growing military communication, outdoor meeting and emergency communication deployments of MANET, the security techonology receives increasing attention. Key management is the most essential issue and also one of the hotspots in MANET security research.Existing distribute CA constructing mostly is based on (n,k) threshold scheme in mobile ad hoc networks, the scheme need update node’s share for preventing mobile adversaries from attacks , which brings excessive overheads and need a secure channel to dispense secret share. Aiming at above problems, in this paper, a distribute CA constructing algorithm based on multi-secret sharing is proposed in mobile ad hoc networks. In this scheme, when system key is renewed, share does not need to be changed, furthermore it is unnecessary to maintain a secure channel in the period, and the analysis results show that the scheme proposed in this paper is simple, feasible and easy to be implemented.An identity-based cryptography key management scheme IDKM using bilinear pairs is proposed. Combining id-based cryptography with threshold sharing, the proposed scheme avoids the complicated certificate management, comparing with existing id-based schemes, the most significant advantage of the proposed scheme lies in the enhancement of security and reducing communication overhead, storage overhead and computation efficiency.SODMRP(Secure On-Demand Multicast Routing Protocol) is proposed based on ODMRP (on-demand multicast route protocol) and Identity-Based cryptography, which secures the multicast routing ,and establishes group key during the course of multicast routing discovery, it deceases overhead and delay greatly in the network. Simulation results demonstrate that SODMRP is better than current group key establishment algorithm in establishment success ratio and delay.Following the analysis the simulation tool NS-2, we simulate the proposed schemes by extending relative components and data structures including the application layer, transport layer, timer, packet etc. The emulation and analysis results demonstrate that our schemes are effective.更多还原