无线移动网络Ad Hoc的安全策略研究
|
摘要
无线网络通常可以分为有中心网络和无中心网络,前者需要固定基础设施的支持,移动主机之间的通信通常借助基站来完成;后者主要是指无线移动ad hoc网络,它不需要固定的基础设施,能够快速地自动组网。与有中心网络相比,ad hoc网络更加灵活、健壮、投资少,因此具有良好的应用前景。在ad hoc网络中,每个移动节点兼备路由器和主机两种功能。作为主机,移动节点需要运行面向用户的应用程序;作为路由器,它需要运行相应的路由协议,参与数据分组转发工作和路由维护工作。每个节点可以在“任意时刻,任意地点”加入或离开网络。由于节点具有充分的能动性,导致网络拓扑结构容易发生变化,安全性比较差,严重影响了ad hoc网络的发展和应用,因此,迫切需要适合该网络特点的安全解决方案。
本文着眼点定位于认证的安全策略研究,希望设计出适应性广泛,具有良好的安全性和较高效率的认证系统。主要完成了3方面的工作:
1)设计并实现了基于PVSS[1]的认证系统。即在原有基于信任分担的认证模型基础上引入了PVSS的思想。系统包括:系统初始化,证书颁发,证书撤销和证书的更新;
2)(?)设计并实现了基于PVSS的密钥管理系统。系统包括:系统私钥分发,新加入节点的密钥片分配和密钥片的更新;
3)通过APE仿真平台对认证系统进行性能分析,重点模拟和分析了证书颁发过程。
Generally, wireless networks include networks that have center and have not center. The first one needs fixed basic infrastructure, then the second one mainly indicates wireless mobile ad hoc networks. It dose not need fixed infrastructure and can automatically form network. Compared with the network has center, ad hoc networks is more flexible, more vigorous and less wasting. So it has well foreground of application. Each node in ad hoc has two part : router and host. As host mobile node must run application program belongs to user; as router it need running router protocol. Every node may "freewill time, freewill place" enters network or leave. Since nodes have sufficient activity, the topological framework of network easily change and the security is awful, which block ad hoc networks' s developing and application.So, it urgently needs safe settle scheme that fits ad hoc networks.
The thesis focused on security strategy research of authentication And wish to designing abroad adaptability, finer security and higher efficiency authentication system .Mainly finished 3 parts work:
1) Designing and realizing authentication system based PVSS. That introduces PVSS idea in primary authentication system based rely partake. The system includes: system initialization, issueing certificate, retracting certificate and updating certificate;
2) Designing and realizing key management system based PVSS. The system includes: distributing system private key, distributing private key part and updating private key part;
3) Analysing performance through APE simulation. The keystone is issueing certificate.
本文着眼点定位于认证的安全策略研究,希望设计出适应性广泛,具有良好的安全性和较高效率的认证系统。主要完成了3方面的工作:
1)设计并实现了基于PVSS[1]的认证系统。即在原有基于信任分担的认证模型基础上引入了PVSS的思想。系统包括:系统初始化,证书颁发,证书撤销和证书的更新;
2)(?)设计并实现了基于PVSS的密钥管理系统。系统包括:系统私钥分发,新加入节点的密钥片分配和密钥片的更新;
3)通过APE仿真平台对认证系统进行性能分析,重点模拟和分析了证书颁发过程。
Generally, wireless networks include networks that have center and have not center. The first one needs fixed basic infrastructure, then the second one mainly indicates wireless mobile ad hoc networks. It dose not need fixed infrastructure and can automatically form network. Compared with the network has center, ad hoc networks is more flexible, more vigorous and less wasting. So it has well foreground of application. Each node in ad hoc has two part : router and host. As host mobile node must run application program belongs to user; as router it need running router protocol. Every node may "freewill time, freewill place" enters network or leave. Since nodes have sufficient activity, the topological framework of network easily change and the security is awful, which block ad hoc networks' s developing and application.So, it urgently needs safe settle scheme that fits ad hoc networks.
The thesis focused on security strategy research of authentication And wish to designing abroad adaptability, finer security and higher efficiency authentication system .Mainly finished 3 parts work:
1) Designing and realizing authentication system based PVSS. That introduces PVSS idea in primary authentication system based rely partake. The system includes: system initialization, issueing certificate, retracting certificate and updating certificate;
2) Designing and realizing key management system based PVSS. The system includes: distributing system private key, distributing private key part and updating private key part;
3) Analysing performance through APE simulation. The keystone is issueing certificate.
引文
[1] T. Rabin, M. Ben-Or. Verifiable secret sharing and multiparty protocols with honest majority. In Proceedings of the 21st annual ACM Symposium on the Theory of Computing ,1989
[2] Y. Frankel, P. Gemmell, P. MacKenzie, and M. Yung. Op-timal esilienceProactive Public-Key Cryptosystems. In FOCS, pages 384-393, 1997.
[3] S. Marti, T. Giuli, K. Lai, and M. Baker. Mitigating Routing Misbehavior in Mobile Ad Hoc Networks. In MOBICOM, 2001.
[4] L. Zhou and Z. J. Haas, "Securing Ad Hoc Networks", IEEE Networks, Volume 13, Issue 6 1999
[5] D. Balfanz, D. K. Smetters, P. Stewart and H. Chi Wong, "Talking To Strangers: Authen-tication in Ad-Hoc Wireless Networks", Internet Society, Conference Proceeding of NDSS Conference 2002
[6] Zhou L, Haas Z J. Securing ad hoc networks. IEEE Network , 1999
[7] 周海军,肖军模。Ad-hoc网络安全模型的研究。解放军理工大学学报(自然科学版,Vol.3 No.3。Jun 2002
[8] B. Schoenmakers. A simple publicly verifiable secret sharing scheme and its application to electronic voting . CRYPTO' 99,1999
[9] A. Shamir, "How to share a secret," Communications of ACM, 1979
[10] Shamir A . How to share a secret . Communications of the ACM, 1979
[11] G.J. Simmons. How to (really) share a secret. In Advaaces in Cryptology proceedings of CRYPTO 88 ,Lecture Notes in Computers Science ,1990
[12] Stadler, Markus. Publicly Verifiable Secret Sharing. Proceedings of Eurocrypt 1996
[13] APE project, Uppsala University Novermember 8,2002,
[14] How to build, install and run the APE testbed APE project, Uppsala University November 8, 2002
[15] Dynamic, Fault-Tolerant Key Management for Ad hoc Networks , Joseph S. Binder March 31, 2003
[16] Key Management in Ad Hoc Networks Examensarbete utfSrt i Informationsteori
Klas Fokin,2002
[17] Providing Robust and Ubiquitous Security Support for Mobile Ad-Hoc Networks University of California at Los Angeles
[18] Ubiquitous and Robust Authentication Services for Ad Hoc Wireless Networks Haiyun Luo, Songwu Lu October 2000
[19] On Trust Establishment in Mobile Ad-Hoc Networks by Laurent Eschenauer Advisor: Virgil D. Gligor
[2] Y. Frankel, P. Gemmell, P. MacKenzie, and M. Yung. Op-timal esilienceProactive Public-Key Cryptosystems. In FOCS, pages 384-393, 1997.
[3] S. Marti, T. Giuli, K. Lai, and M. Baker. Mitigating Routing Misbehavior in Mobile Ad Hoc Networks. In MOBICOM, 2001.
[4] L. Zhou and Z. J. Haas, "Securing Ad Hoc Networks", IEEE Networks, Volume 13, Issue 6 1999
[5] D. Balfanz, D. K. Smetters, P. Stewart and H. Chi Wong, "Talking To Strangers: Authen-tication in Ad-Hoc Wireless Networks", Internet Society, Conference Proceeding of NDSS Conference 2002
[6] Zhou L, Haas Z J. Securing ad hoc networks. IEEE Network , 1999
[7] 周海军,肖军模。Ad-hoc网络安全模型的研究。解放军理工大学学报(自然科学版,Vol.3 No.3。Jun 2002
[8] B. Schoenmakers. A simple publicly verifiable secret sharing scheme and its application to electronic voting . CRYPTO' 99,1999
[9] A. Shamir, "How to share a secret," Communications of ACM, 1979
[10] Shamir A . How to share a secret . Communications of the ACM, 1979
[11] G.J. Simmons. How to (really) share a secret. In Advaaces in Cryptology proceedings of CRYPTO 88 ,Lecture Notes in Computers Science ,1990
[12] Stadler, Markus. Publicly Verifiable Secret Sharing. Proceedings of Eurocrypt 1996
[13] APE project, Uppsala University Novermember 8,2002,
[14] How to build, install and run the APE testbed APE project, Uppsala University November 8, 2002
[15] Dynamic, Fault-Tolerant Key Management for Ad hoc Networks , Joseph S. Binder March 31, 2003
[16] Key Management in Ad Hoc Networks Examensarbete utfSrt i Informationsteori
Klas Fokin,2002
[17] Providing Robust and Ubiquitous Security Support for Mobile Ad-Hoc Networks University of California at Los Angeles
[18] Ubiquitous and Robust Authentication Services for Ad Hoc Wireless Networks Haiyun Luo, Songwu Lu October 2000
[19] On Trust Establishment in Mobile Ad-Hoc Networks by Laurent Eschenauer Advisor: Virgil D. Gligor