【作者】 王浩；

【导师】 俞能海；

【作者基本信息】 中国科学技术大学 ， 信息安全， 2010， 硕士

【摘要】 Ad Hoc网络现正日趋成熟,在不同规模的组网中都有广泛的应用。随着Ad Hoc网络通信技术的发展,网络规模变得越来越庞大,网络安全在Ad Hoc网络通信中变得越来越重要。但无线网络的高移动性,高误码率,以及无线节点资源有限等特点限制,现有成熟的安全架构不能适用用于Ad Hoc网络。Ad Hoc网络在普及和带来便利的同时,存在如下的安全隐患:信道传输数据可以被第三方窃听;准备充分的攻击者可以对目标节点发送伪造的信息,造成目标做出错误的判断和错误的动作;信道的突发错误和长传播延迟可能影响传输的数据;拓扑结构变化快,并没有无可靠的节点作为中心节点。在Ad Hoc网络中建立一个有效的安全机制至关重要。如今比较成熟的安全机制都是为地面网络设计的,如IPSEC(Internet Security Protocol),SSL(Secure Socket Layer)等,但直接在Ad Hoc网络中应用已有协议会产生新的安全问题。在对已有安全机制研究的基础上,本论文重点研究在大规模Ad Hoc网络中建立可靠的安全架构,其创新点如下:1.针对大规模Ad Hoc网络中存在的不诚信问题,基于组合公钥技术和门限密码体制的结合,并引入双线性映射算法设计秘密分片验证机制,提出了一种新的支持不诚信行为发现的移动Ad Hoc网络密钥管理方案BMMS-DBD。通过与已有的密钥管理方案相比较,该方案在保证效率、安全和扩展性要求的前提下,具有较强的健壮性,能够适用于大规模移动Ad Hoc网络。2.针对Ad Hoc网络中数据传输大延时、高误码率的特点,考虑与密钥管理方案BMMS-DBD兼容,在SK协议的基础上,融合X509数字证书格式,设计了X509-BSK认证方案。该方案完成Ad Hoc网络密钥交换,并设计了基于椭圆曲线密码的数字证书格式、密钥交换协议和安全通信流程。通过安全分析,该方案有交互开销小、算法复杂性低、认证效率高等优点,适合用于Ad Hoc网络。3.综合了提出的密钥管理方案和认证方案,在网络协议架构的基础上,设计安全协议层次架构。在应用层、网络层、传输层、数据链路层、物理层针对可能的安全问题给出了防控方法,层次化地为无线网络协议提供了安全问题解决策略。更多还原

【Abstract】 Ad Hoc network become more and more mature, and is used in different scale networking. With development of Ad Hoc network communication technique, the scale of network turns into lager, network security in Ad Hoc network communication become more and more important. But Ad Hoc network has high mobility, high error rate, and resource of wireless points is limited, therefore existing security architecture in usual network can’t be suitable to apply in Ad Hoc network. When Ad Hoc network popularize and bring convenient to people, security in Ad Hoc network is challenged: The communication between Ad Hoc networks can be wiretapped by others;Attacker over prepare can send imitative message to target node, cause it make wrong judge and wrong action;Abrupt error and long transmission delay, affect the communication;The topology of Ad Hoc networks changes every second and no dependable node exist.Right now, most of mature security structures is designed for fixed networks, as IPSEC (Internet Security Protocol), SSL (Secure Socket Layer). Moving them to Ad Hoc networks straightway will product new security problem. Based on research in existing security protocol, this paper mainly research a security structure in large-scale Ad Hoc networks, the main contributions of this dissertation are as follows:1.In large-scale mobile Ad-Hoc network, there exists problem of nodes’dishonest behaviors. Due to this, we design a novel key management scheme with dishonest behavior discovery mechanism. The proposed scheme is based on techniques of combined public key and threshold secret sharing, and uses bilinear map algorithm to design the verification mechanism of secret shares. Comparisons with existing schemes show that the proposed scheme not only ensures good efficiency, security and scalability, but has strong robustness against dishonest nodes. The proposed scheme can suit large-scale mobile Ad-Hoc network well.2.Because Ad Hoc networks have high delay and high error rate, and consider be compatible with BMMS-DBD scheme. Based on SK protocol, unite X509 digital certificate, we designed X509-BSK authentication scheme. It completes key exchanging,defines the digital certificate and secure communication protocol. The research and analyses shows that the elliptic curve key agreement protocol have advantages of lower interaction cost, lower computing complexity and higher security strength compared to other protocols.3. Synthesize suggested key management scheme and authentication scheme, base on Ad Hoc network protocol framework, we propose security protocol architecture. The architectures give the resolve method in each layer for potential security problem, systematically provide security strategy for each network level.更多还原