移动自组网基于CA的部分分布式认证研究
|
摘要
Ad hoc网络是由移动节点构成的,不依赖任何固定基础设施(例如基站)的无线网络。这种网络结构在军事、灾难救助、探险等通信基础设施无法覆盖或者遭到破坏的环境中有很好的应用前景。而在商业应用中,Ad hoc网络同样可以为无基础设施的环境提供强壮的通信服务,例如移动会议、传感器网络等。
Ad hoc网络与传统网络不同,它不依靠预先构建的基础设施,因此传统网络采用CA实现集中式认证的方法并不适合这种网络。本文引入信任分散的安全策略,提出运用分群思想和概率签名的部分分布式认证方案,将Ad hoc网络的证书服务功能分布到网络中,并对分群部分签名概率算法进行了仿真试验分析。相比传统的部分分布式认证方案,本方案针对群首和普通级别的服务节点设置了不同的部分签名概率,既克服了传统认证需要可信第三方的限制,又提高了系统的安全性和认证效率。
Ad hoc network is a collection of mobile computing devices that communicate by using wireless links, forming dynamically a wireless network without the use of any static network infrastructure such as base stations. Such networks are useful in military and other tactical applications, e.g., emergency rescue or exploration missions, where cellular infrastructure is unavailable or unusable. Commercial applications are also likely where there is a need for ubiquitous communication services without the presence or use of a fixed infrastructure including on-the-fly conferencing applications, sensors, etc.
Other than traditional network, Ad hoc network has no fixed infrastructure, so the centralized Certificate Authority services in fixed infrastructure networks are no longer suitable for this network. By introducing a policy of trust decentralization, we apply the thought of the cluster model and the probability weight rule into the partially distributed Authentication scheme to distribute the Certificate Authority services into the network .Then we simulate the clustering algorithm of partially signature probability. Compared with traditional partially distributed Authentication scheme, it adds the cluster head and common server nodes a distinct partially signature probability that reflects the security ranks. This scheme overcomes the limit of traditional Certificate Authority services which need trusted third party, the security and authentication efficiency of the system is enhanced as well.
Ad hoc网络与传统网络不同,它不依靠预先构建的基础设施,因此传统网络采用CA实现集中式认证的方法并不适合这种网络。本文引入信任分散的安全策略,提出运用分群思想和概率签名的部分分布式认证方案,将Ad hoc网络的证书服务功能分布到网络中,并对分群部分签名概率算法进行了仿真试验分析。相比传统的部分分布式认证方案,本方案针对群首和普通级别的服务节点设置了不同的部分签名概率,既克服了传统认证需要可信第三方的限制,又提高了系统的安全性和认证效率。
Ad hoc network is a collection of mobile computing devices that communicate by using wireless links, forming dynamically a wireless network without the use of any static network infrastructure such as base stations. Such networks are useful in military and other tactical applications, e.g., emergency rescue or exploration missions, where cellular infrastructure is unavailable or unusable. Commercial applications are also likely where there is a need for ubiquitous communication services without the presence or use of a fixed infrastructure including on-the-fly conferencing applications, sensors, etc.
Other than traditional network, Ad hoc network has no fixed infrastructure, so the centralized Certificate Authority services in fixed infrastructure networks are no longer suitable for this network. By introducing a policy of trust decentralization, we apply the thought of the cluster model and the probability weight rule into the partially distributed Authentication scheme to distribute the Certificate Authority services into the network .Then we simulate the clustering algorithm of partially signature probability. Compared with traditional partially distributed Authentication scheme, it adds the cluster head and common server nodes a distinct partially signature probability that reflects the security ranks. This scheme overcomes the limit of traditional Certificate Authority services which need trusted third party, the security and authentication efficiency of the system is enhanced as well.
引文
[1] Zhou Lidong, Hass ZJ . Securing Ad Hoc Networks. IEEE Network, 1999 , 13(6): 24-30
[2] H Luo, S Lu. ubiquitous and robust authentication services for ad hoc wireless networks. Technical Report, UCLA Computer Science Department, 2000
[3] Shamir A. How to Share a Secret. Communications of the ACM, 1979, 24(11): 612-613
[4] C.Perkin:.Ad Hoc Networking.Boston:Addison WiSley Professional, 2000
[5] A.Khal 111, J.Katz, W.Arbaugh.Toward Secure Key Distribution in Truly Ad-Hoc NetworkS.2000 Symp. Applications and the Internet Workshops (SAINT 03 Workshops), IEEE CS Press, 2003, 342-346
[6]J.Hubaux, L.Buttyan, 5.Capkun.Self-organized Public-Key Management for Mobile Ad Hoc Networks.IEEE Trans.on Mobile Computing, 2003, 2(1):52-64
[7]C.Davis.A localized trust management scheme for Ad Hoc networks.In Proeeedings of 3rd International Conference on Networking(ICN' 04), 2004.3:78-90
[8]H.Yang, X.Meng, S.Lu.Self-Organized Network-Layer Security in Mobile Ad Hoc Networks, IEEE Journal on Selected Areas in Communications,2006.24(2):261-273
[9]H.Luo, J.Kong, P.Zerfos, etal.Self-Securing AdHoc Wireless Networks, IEEE Symposium on Computers and Communications, 2002.15(3):146-158
[10]N.Saxena, GTsudik, H.Jeong.Identity-based Aceess Control for Ad-Hoc Groups.In Proeeeding of International Conference on Information Security and CryPtology,Seoul, 2004 [1] Zhou Lidong , Hass ZJ . Securing Ad Hoc Networks . IEEE Network, 1999 ,13(6): 24-30
[11] J. Mackarand S.Corson, RFC2501, Mobile Ad Hoc Networking(MANET)
[12] V Rodoplu,T Meng.Mnimum Energy Mobile Wireless Networks.IEEE Journal on Selected Areas in Communication, 1999,17(8): 1333-1344
[13] Levente Butty an, Jean-Pierre Hubaux.Report on a Working Session on Security in Wireless Ad Hoc Networks.ACM Mobile Computing and Communications Review.Vol.7,No.1, 2003
[14] L. Zhou, F. B. Schneider, and R. van Renesse, COCA: a secure distributed on-line certification authority,ACM Trans. Computer Syst., vol.20, no. 4, pp. 329 - 368, Nov. 2002
[15] M.Ilyas, Handbook of Ad Hoc Wireless Networks. CRC Press LLC,2003,3001-3151
[16] MS Corson,JP Macker,GH Cirincione.Internet-Based Mobile Ad hoc Networking.IEEE Internet Computing, 1999,3(4):63-70
[17] ZJ Haas,M Gerla,DB Johnson,et al.Special issue on wireless Ad hoc networks.IEEE Journal on Selected Areas in Communication,1999,17(8):1466~1487
[18] Levente Butty an, Jean-Pierre Hubaux.Report on a Working Session on Security in Wireless Ad Hoc Networks.ACM Mobile Computing and Communications Review.Vol.7,No.1,Jan 2003
[19] Jiejun Kong, Haiyun Luo, et al. Adaptive security for multtilevel ad hoc networks. Wireless Communications And Mobile Computing. Wirel Commom Mob Comput,2002,2(5):533-547
[20] Carlise Adams Steve Lloyd,冯登国等译.公开密钥基础设施:概念、标准和实施/(美).北京:人民邮电出版社,2001
[21] Y. Desmedt and Y. Franke Threshold Cryptosystem, In Prec. Of Crypto'89 Lecture Notes in Computer Science,LNCS 435,Springer Verlag,pp307-315,1990
[22] William Stallings,刘玉珍等译.密码编码学与网络安全:原理与实践:第三版/(美).北京:电子工业出版社,2004
[23] 王育民,刘建伟,通信网的安全理论与技术.西安:西安电子科技大学出版社,1999
[24] 吴挺,一个安全有效的RSA门限签名体制.通信技术,2001,119(8):93~95
[25] 熊焰,苗付友,张伟超,王行甫,移动自组网中基于多跳步加密签名函数签名的分布式认证.电子学报,2003 31(2):161~165
[26] S. Yi, P. Naldurg and R. Kravets. Security-Aware Ad-hoc Routing for Wireless Networks. Report No.UIUCDCS-R-2002-2290, UIUC, 2002
[27] Bing Wu ,Jie Wu: Secure and Efficient Key Management in Mobile Ad Hoc Networks. Proc. of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS' 05)
[28] Y. Dong, H. W. Go. Providing Distributed Certificate Authority Service in Mobile Ad Hoc Networks. Pro. of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, 2005
[29] Haiyun Luo, Jiejun Kong. URSA: ubiquitous and robust access control for mobile ad hoc networks. Ieee/Acm Transactions on Networking, Vol. 12, No. 6, pp. 1049-1063, DECEMBER 2004
[30] 郑相全等著.无线自组织网技术实用教程.北京:清华大学出版社,2004
[31] Wang Hai tao.Tian Chang,Zheng Shao ren.A novel clustering algorithm in ad Hoc network and its performance simulations.Journal of System Simulation,Feb.2003,15(2): 193~197
[32] CMU monarch extensions to ns.http://www.monarch.cs.cmu.edu/
[33] 徐雷鸣,庞博,赵耀.NS与网络模拟.北京,人民邮电出版社,2003
[2] H Luo, S Lu. ubiquitous and robust authentication services for ad hoc wireless networks. Technical Report, UCLA Computer Science Department, 2000
[3] Shamir A. How to Share a Secret. Communications of the ACM, 1979, 24(11): 612-613
[4] C.Perkin:.Ad Hoc Networking.Boston:Addison WiSley Professional, 2000
[5] A.Khal 111, J.Katz, W.Arbaugh.Toward Secure Key Distribution in Truly Ad-Hoc NetworkS.2000 Symp. Applications and the Internet Workshops (SAINT 03 Workshops), IEEE CS Press, 2003, 342-346
[6]J.Hubaux, L.Buttyan, 5.Capkun.Self-organized Public-Key Management for Mobile Ad Hoc Networks.IEEE Trans.on Mobile Computing, 2003, 2(1):52-64
[7]C.Davis.A localized trust management scheme for Ad Hoc networks.In Proeeedings of 3rd International Conference on Networking(ICN' 04), 2004.3:78-90
[8]H.Yang, X.Meng, S.Lu.Self-Organized Network-Layer Security in Mobile Ad Hoc Networks, IEEE Journal on Selected Areas in Communications,2006.24(2):261-273
[9]H.Luo, J.Kong, P.Zerfos, etal.Self-Securing AdHoc Wireless Networks, IEEE Symposium on Computers and Communications, 2002.15(3):146-158
[10]N.Saxena, GTsudik, H.Jeong.Identity-based Aceess Control for Ad-Hoc Groups.In Proeeeding of International Conference on Information Security and CryPtology,Seoul, 2004 [1] Zhou Lidong , Hass ZJ . Securing Ad Hoc Networks . IEEE Network, 1999 ,13(6): 24-30
[11] J. Mackarand S.Corson, RFC2501, Mobile Ad Hoc Networking(MANET)
[12] V Rodoplu,T Meng.Mnimum Energy Mobile Wireless Networks.IEEE Journal on Selected Areas in Communication, 1999,17(8): 1333-1344
[13] Levente Butty an, Jean-Pierre Hubaux.Report on a Working Session on Security in Wireless Ad Hoc Networks.ACM Mobile Computing and Communications Review.Vol.7,No.1, 2003
[14] L. Zhou, F. B. Schneider, and R. van Renesse, COCA: a secure distributed on-line certification authority,ACM Trans. Computer Syst., vol.20, no. 4, pp. 329 - 368, Nov. 2002
[15] M.Ilyas, Handbook of Ad Hoc Wireless Networks. CRC Press LLC,2003,3001-3151
[16] MS Corson,JP Macker,GH Cirincione.Internet-Based Mobile Ad hoc Networking.IEEE Internet Computing, 1999,3(4):63-70
[17] ZJ Haas,M Gerla,DB Johnson,et al.Special issue on wireless Ad hoc networks.IEEE Journal on Selected Areas in Communication,1999,17(8):1466~1487
[18] Levente Butty an, Jean-Pierre Hubaux.Report on a Working Session on Security in Wireless Ad Hoc Networks.ACM Mobile Computing and Communications Review.Vol.7,No.1,Jan 2003
[19] Jiejun Kong, Haiyun Luo, et al. Adaptive security for multtilevel ad hoc networks. Wireless Communications And Mobile Computing. Wirel Commom Mob Comput,2002,2(5):533-547
[20] Carlise Adams Steve Lloyd,冯登国等译.公开密钥基础设施:概念、标准和实施/(美).北京:人民邮电出版社,2001
[21] Y. Desmedt and Y. Franke Threshold Cryptosystem, In Prec. Of Crypto'89 Lecture Notes in Computer Science,LNCS 435,Springer Verlag,pp307-315,1990
[22] William Stallings,刘玉珍等译.密码编码学与网络安全:原理与实践:第三版/(美).北京:电子工业出版社,2004
[23] 王育民,刘建伟,通信网的安全理论与技术.西安:西安电子科技大学出版社,1999
[24] 吴挺,一个安全有效的RSA门限签名体制.通信技术,2001,119(8):93~95
[25] 熊焰,苗付友,张伟超,王行甫,移动自组网中基于多跳步加密签名函数签名的分布式认证.电子学报,2003 31(2):161~165
[26] S. Yi, P. Naldurg and R. Kravets. Security-Aware Ad-hoc Routing for Wireless Networks. Report No.UIUCDCS-R-2002-2290, UIUC, 2002
[27] Bing Wu ,Jie Wu: Secure and Efficient Key Management in Mobile Ad Hoc Networks. Proc. of the 19th IEEE International Parallel and Distributed Processing Symposium (IPDPS' 05)
[28] Y. Dong, H. W. Go. Providing Distributed Certificate Authority Service in Mobile Ad Hoc Networks. Pro. of the First International Conference on Security and Privacy for Emerging Areas in Communications Networks, 2005
[29] Haiyun Luo, Jiejun Kong. URSA: ubiquitous and robust access control for mobile ad hoc networks. Ieee/Acm Transactions on Networking, Vol. 12, No. 6, pp. 1049-1063, DECEMBER 2004
[30] 郑相全等著.无线自组织网技术实用教程.北京:清华大学出版社,2004
[31] Wang Hai tao.Tian Chang,Zheng Shao ren.A novel clustering algorithm in ad Hoc network and its performance simulations.Journal of System Simulation,Feb.2003,15(2): 193~197
[32] CMU monarch extensions to ns.http://www.monarch.cs.cmu.edu/
[33] 徐雷鸣,庞博,赵耀.NS与网络模拟.北京,人民邮电出版社,2003