基于SCHD的Ad Hoc网络密钥管理协议研究
|
摘要
由于Ad Hoc具有动态拓扑结构、缺乏固定基础设施的特点,因此它的安全性面临着特殊的困难。在Ad Hoc安全体系中,密钥管理处在核心位置,并且起着基础性作用。本文在对当前密钥管理进行深入研究基础上,重点研究基于簇的密钥管理协议。在研究中,本文引入结点移动性、分类预配置、次级簇头域、任务分派四种基础机制,在此基础上,按照结点位置关系建立四种类型身份认证与密钥协商协议。考虑到簇头的核心作用,本文引入Subsequent Cluster Head Domain(SCHD)概念,它是簇头的分布式镜像,并且它以冗余的形式保存簇内信息。此外,结点移动性可以交换公钥证书与建立信任关系,本文在研究中把它作为增强网络扩展性与优化网络性能的基础机制。鉴于移动终端计算与存储能力的增长,本文引入分类预配置机制,它不仅使得不同结点在物理上趋于同质化,而且使得它们执行异质化任务能力增强。本文中,任务分派机制作为任务分派网关,它的作用首先确定结点位置关系,然后决定相应身份认证与密钥协商模式。在不同模式下,协议主体按照信任值的高低,从SCHD选取结点作为CA。当协议发起者向CA发起请求时,CA使用主动推送机制把发起者信息推送给协议响应者。本文利用strand space证明了不同模式下协议的可认证性与私密性。通过这些工作,本文提出的密钥管理协议最大限度避免单点失败出现、有效抵抗被动流量攻击、简化群组密钥协商、增强网络扩展性、优化网络性能。
Because Ad Hoc have the features of lack of fixed infrastructure and rapid deployment, so, the security of it face the special difficulties. Key Management is at the core of security system of Ad Hoc, and plays a fundamental role. This paper makes a deep research of the current Key Management programs, and especially the cluster-based Key Management. In the research, this paper pulls in the fundamental mechanism of Node mobility、classified pre-configured、Subsequent Cluster Head Domain(SCHD)、task dispatch, on the base of them, according to the position relationship of nodes, this paper develops four kinds of authentication and key management protocol. Considering the coral function of cluster head, this paper introduces SCHD, which is the distributed image of cluster head and memory the information of cluster in redundancy. Besides, node mobility exchange public key certificate and establish trust relationship, which is considered as fundamental mechanism of enhanced network extension and optimal network performance. In term of the increase of mobile terminal's computation and memory, this paper introduce classified pre-configure mechanism, which not only make different node tend to homogenization in physics, but also, make them enhance the capacity of execution of heterogeneity task. In this paper, task dispatch which is act as gateway of task dispatch, whose function is to determine the position relationship of nodes, then decide the relevant authentication and key management. In different programs, according to the trust value, the principals select the node as CA from SCHD. When the initiator requests to CA, the CA node actively pushes the information of initiator to responder. This paper make use of strand space to verify the authentication and confidential of protocols base on different programs. The Key Management protocol this paper to maximum extent avoid the failure of single node、efficiently defend the attack of passive flow analysis、simplify the key management of group、enhance network extension、optimize network performance.
Because Ad Hoc have the features of lack of fixed infrastructure and rapid deployment, so, the security of it face the special difficulties. Key Management is at the core of security system of Ad Hoc, and plays a fundamental role. This paper makes a deep research of the current Key Management programs, and especially the cluster-based Key Management. In the research, this paper pulls in the fundamental mechanism of Node mobility、classified pre-configured、Subsequent Cluster Head Domain(SCHD)、task dispatch, on the base of them, according to the position relationship of nodes, this paper develops four kinds of authentication and key management protocol. Considering the coral function of cluster head, this paper introduces SCHD, which is the distributed image of cluster head and memory the information of cluster in redundancy. Besides, node mobility exchange public key certificate and establish trust relationship, which is considered as fundamental mechanism of enhanced network extension and optimal network performance. In term of the increase of mobile terminal's computation and memory, this paper introduce classified pre-configure mechanism, which not only make different node tend to homogenization in physics, but also, make them enhance the capacity of execution of heterogeneity task. In this paper, task dispatch which is act as gateway of task dispatch, whose function is to determine the position relationship of nodes, then decide the relevant authentication and key management. In different programs, according to the trust value, the principals select the node as CA from SCHD. When the initiator requests to CA, the CA node actively pushes the information of initiator to responder. This paper make use of strand space to verify the authentication and confidential of protocols base on different programs. The Key Management protocol this paper to maximum extent avoid the failure of single node、efficiently defend the attack of passive flow analysis、simplify the key management of group、enhance network extension、optimize network performance.
引文
[1]Haas, Z.J.; Tabrizi, S.;, "On some challenges and design choices in ad-hoc communications," Military Communications Conference,1998. MILCOM 98. Proceedings., IEEE, vol.1, no., pp.187-192 vol.1,18-21 Oct 1998
[2]Johann Van Der Merwe, Dawoud Dawoud, and Stephen Mcdonald University of KwaZulu-Natal "A Survey on Peer-to-Peer Key Management for Mobile Ad Hoc Networks" ACM Computing Surveys, Vol.39, No.1, Article 1, Publication date:April 2007.
[3]Lidong Zhou; Haas, Z.J.;, "Securing ad hoc networks," Network, IEEE, vol.13, no.6, pp.24-30, Nov/Dec 1999
[4]S.Yi and R. Kravets, "MOCA:Mobile Certificate Authority for Wireless Ad Hoc Networks", 2nd Annual PKI Research Workshop Program (PKI 03), Gaithersburg, Maryland, April 2003.
[5]Haiyun Luo; Zerfos, P.; Jiejun Kong; Songwu Lu; Lixia Zhang;, "Self-securing ad hoc wireless networks," Computers and Communications,2002. Proceedings. ISCC 2002. Seventh International Symposium on, vol., no., pp.567-574,1-4 July 2002
[6]Khalili, A.; Katz, J.; Arbaugh, W.A.;, "Toward secure key distribution in truly ad-hoc networks," Applications and the Internet Workshops,2003. Proceedings.2003 Symposium on, vol., no., pp.342-346,27-31 Jan.2003
[7]J.-P. Hubaux, L. Buttyan, and S. Capkun. The quest for security in mobile ad hoc networks. In Proceeding of the ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC 01),2001.
[8]Capkun, S.; Buttyan, L.; Hubaux, J.-P.;, "Self-organized public-key management for mobile ad hoc networks," Mobile Computing, IEEE Transactions on, vol.2, no.l, pp.52-64, Jan.-March 2003
[9]Ngai, E.C.H.; Lyu, M.R.; Chin, R.T.;, "An authentication service against dishonest users in mobile ad hoc networks,"Aerospace Conference,2004. Proceedings.2004 IEEE, vol.2, no., pp.1275-1285 Vol.2,6-13 March 2004
[10]Laurent Eschenauer and Virgil D. Gligor.2002. A key-management scheme for distributed sensor networks. In Proceedings of the 9th ACM conference on Computer and communications security(CCS'02), Vijay Atluri (Ed.). ACM, New York, NY, USA,41-47.
[11]Haowen Chan; Perrig, A.; Song, D.:, "Random key predistribution schemes for sensor networks," Security and Privacy,2003. Proceedings.2003 Symposium on, vol., no., pp.197-213,11-14 May 2003
[12]Donggang Liu, Peng Ning, and Rongfang Li.2005. Establishing pairwise keys in distributed sensor networks. ACM Trans. Inf. Syst. Secur.8,1 (February 2005),41-77.
[13]Donggang Liu and Peng Ning.2003. Location-based pairwise key establishments for static sensor networks. In Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks (SASN'03). ACM, New York, NY, USA,72-82.
[14]Donggang Liu, Peng Ning, and Wenliang Du.2005. Group-based key pre-distribution in wireless sensor networks. In Proceedings of the 4th ACM workshop on Wireless security (WiSe'05). ACM, New York, NY, USA,11-20.
[15]Srdjan Capkun,Jean-Pierre Hubaux and Levente Butty.2003. Mobility helps security in ad hoc networks. In Proceedings of the 4th ACM international symposium on Mobile ad hoc networking & computing (MobiHoc'03). ACM, New York, NY, USA,46-56.
[16]S. Capkun, J.-P. Hubaux, and L. Buttyan, "Mobility Helps Peer-to-Peer Security," Technical report, no. IC/2003/81, EPFL-IC-LCA,2003.
[17]Yi, S.; Kravets, R.;, "Composite key management for ad hoc networks," Mobile and Ubiquitous Systems:Networking and Services,2004. MOBIQUITOUS 2004. The First Annual International Conference on, vol., no., pp.52-61,22-26 Aug.2004
[18]Bechler, M.; Hof, H.-J.; Kraft, D.; Pahlke, F.; Wolf, L.;, "A cluster-based security architecture for ad hoc networks,"INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies, vol.4, no., pp.2393-2403 vol.4,7-11 March 2004
[19]Vijay Varadharajan, Rajan Shankaran and Michael Hitchens "Security for cluster based ad hoc networks" computer communication volume 27 issue 5,20 March 2004, Pages 488-501
[20]J.S. Lee and C.C Chang, Secure communications for cluster-based ad hoc networks using node identities. Journal of Network and Computer Applications 30(2007)1377-1396.
[21]Ammayappan, K.; Sastry, V.N.; Negi, A.;, "Cluster based multihop security protocol in MANET using ECC," TENCON 2008-2008 IEEE Region 10 Conference, vol., no., pp.1-6, 19-21 Nov.2008
[22]Rachedi, A.; Benslimane, A.;, "Security and Pseudo-Anonymity with a Cluster-Based Approach for MANET," Global Telecommunications Conference,2008. IEEE GLOBECOM 2008. IEEE, vol., no., pp.1-6, Nov.30 2008-Dec.4 2008
[23]Abderrezak Rachedi and Abderrahim Benslimane "A Secure Architecture for Mobile Ad Hoc Networks" Mobile Ad-hoc and Sensor Networks lecture Notes in Computer Science,2006, Volume 4325/2006,424-435
[24]Guttman, J.D.; Thayer, F.J.;, "Authentication tests," Security and Privacy,2000. S&P 2000. Proceedings.2000 IEEE Symposium on, vol., no., pp.96-109,2000
[25]Thayer Fabrega, F.J.; Herzog, J.C.; Guttman, J.D.;, "Honest ideals on strand spaces," Computer Security Foundations Workshop,1998. Proceedings.11th IEEE, vol., no., pp.66-77,9-11 Jun 1998
[26]Fabrega, F.J.T.; Herzog, J.C.; Guttman, J.D.;, "Strand spaces:why is a security protocol correct?," Security and Privacy,1998. Proceedings.1998 IEEE Symposium on, vol., no., pp.160-171,3-6 May 1998
[27]Joshua D. Guttman, F. Javier Thayer, Authentication tests and the structure of bundles, Theoretical Computer Science, Volume 283, Issue 2,14 June 2002, Pages 333-380, ISSN 0304-3975
[28]Ranall K.Nichols,Panos C.Lekkas,无线安全-模型,威胁和解决方案[M].姚兰等译.北京:人民邮电出版社,2004.11.175-176
[29]王金龙,王呈贵,吴启晖等Ad Hoc移动无线网络[M].北京:国防工业出版社,2004.5.1~10,237
[30]Yongdae Kim, Adrian Perrig, and Gene Tsudik.2000. Simple and fault-tolerant key agreement for dynamic collaborative groups. In Proceedings of the 7th ACM conference on Computer and communications security (CCS'00), Pierangela Samarati (Ed.). ACM, New York, NY, USA,235-244.
[31]Yongdae Kim, Adrian Perrig, and Gene Tsudik.2004. Tree-based group key agreement. ACM Trans. Inf. Syst. Secur.7,1 (February 2004),60-96.
[32]James P. G. Sterbenz, Rajesh Krishnan, Regina Rosales Hain, Alden W. Jackson, David Levin, Ram Ramanathan, and John Zao.2002. Survivable mobile wireless networks:issues, challenges, and research directions. In Proceedings of the 1st ACM workshop on Wireless security (WiSE'02). ACM, New York, NY, USA,31-40.
[2]Johann Van Der Merwe, Dawoud Dawoud, and Stephen Mcdonald University of KwaZulu-Natal "A Survey on Peer-to-Peer Key Management for Mobile Ad Hoc Networks" ACM Computing Surveys, Vol.39, No.1, Article 1, Publication date:April 2007.
[3]Lidong Zhou; Haas, Z.J.;, "Securing ad hoc networks," Network, IEEE, vol.13, no.6, pp.24-30, Nov/Dec 1999
[4]S.Yi and R. Kravets, "MOCA:Mobile Certificate Authority for Wireless Ad Hoc Networks", 2nd Annual PKI Research Workshop Program (PKI 03), Gaithersburg, Maryland, April 2003.
[5]Haiyun Luo; Zerfos, P.; Jiejun Kong; Songwu Lu; Lixia Zhang;, "Self-securing ad hoc wireless networks," Computers and Communications,2002. Proceedings. ISCC 2002. Seventh International Symposium on, vol., no., pp.567-574,1-4 July 2002
[6]Khalili, A.; Katz, J.; Arbaugh, W.A.;, "Toward secure key distribution in truly ad-hoc networks," Applications and the Internet Workshops,2003. Proceedings.2003 Symposium on, vol., no., pp.342-346,27-31 Jan.2003
[7]J.-P. Hubaux, L. Buttyan, and S. Capkun. The quest for security in mobile ad hoc networks. In Proceeding of the ACM Symposium on Mobile Ad Hoc Networking and Computing (MobiHOC 01),2001.
[8]Capkun, S.; Buttyan, L.; Hubaux, J.-P.;, "Self-organized public-key management for mobile ad hoc networks," Mobile Computing, IEEE Transactions on, vol.2, no.l, pp.52-64, Jan.-March 2003
[9]Ngai, E.C.H.; Lyu, M.R.; Chin, R.T.;, "An authentication service against dishonest users in mobile ad hoc networks,"Aerospace Conference,2004. Proceedings.2004 IEEE, vol.2, no., pp.1275-1285 Vol.2,6-13 March 2004
[10]Laurent Eschenauer and Virgil D. Gligor.2002. A key-management scheme for distributed sensor networks. In Proceedings of the 9th ACM conference on Computer and communications security(CCS'02), Vijay Atluri (Ed.). ACM, New York, NY, USA,41-47.
[11]Haowen Chan; Perrig, A.; Song, D.:, "Random key predistribution schemes for sensor networks," Security and Privacy,2003. Proceedings.2003 Symposium on, vol., no., pp.197-213,11-14 May 2003
[12]Donggang Liu, Peng Ning, and Rongfang Li.2005. Establishing pairwise keys in distributed sensor networks. ACM Trans. Inf. Syst. Secur.8,1 (February 2005),41-77.
[13]Donggang Liu and Peng Ning.2003. Location-based pairwise key establishments for static sensor networks. In Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks (SASN'03). ACM, New York, NY, USA,72-82.
[14]Donggang Liu, Peng Ning, and Wenliang Du.2005. Group-based key pre-distribution in wireless sensor networks. In Proceedings of the 4th ACM workshop on Wireless security (WiSe'05). ACM, New York, NY, USA,11-20.
[15]Srdjan Capkun,Jean-Pierre Hubaux and Levente Butty.2003. Mobility helps security in ad hoc networks. In Proceedings of the 4th ACM international symposium on Mobile ad hoc networking & computing (MobiHoc'03). ACM, New York, NY, USA,46-56.
[16]S. Capkun, J.-P. Hubaux, and L. Buttyan, "Mobility Helps Peer-to-Peer Security," Technical report, no. IC/2003/81, EPFL-IC-LCA,2003.
[17]Yi, S.; Kravets, R.;, "Composite key management for ad hoc networks," Mobile and Ubiquitous Systems:Networking and Services,2004. MOBIQUITOUS 2004. The First Annual International Conference on, vol., no., pp.52-61,22-26 Aug.2004
[18]Bechler, M.; Hof, H.-J.; Kraft, D.; Pahlke, F.; Wolf, L.;, "A cluster-based security architecture for ad hoc networks,"INFOCOM 2004. Twenty-third AnnualJoint Conference of the IEEE Computer and Communications Societies, vol.4, no., pp.2393-2403 vol.4,7-11 March 2004
[19]Vijay Varadharajan, Rajan Shankaran and Michael Hitchens "Security for cluster based ad hoc networks" computer communication volume 27 issue 5,20 March 2004, Pages 488-501
[20]J.S. Lee and C.C Chang, Secure communications for cluster-based ad hoc networks using node identities. Journal of Network and Computer Applications 30(2007)1377-1396.
[21]Ammayappan, K.; Sastry, V.N.; Negi, A.;, "Cluster based multihop security protocol in MANET using ECC," TENCON 2008-2008 IEEE Region 10 Conference, vol., no., pp.1-6, 19-21 Nov.2008
[22]Rachedi, A.; Benslimane, A.;, "Security and Pseudo-Anonymity with a Cluster-Based Approach for MANET," Global Telecommunications Conference,2008. IEEE GLOBECOM 2008. IEEE, vol., no., pp.1-6, Nov.30 2008-Dec.4 2008
[23]Abderrezak Rachedi and Abderrahim Benslimane "A Secure Architecture for Mobile Ad Hoc Networks" Mobile Ad-hoc and Sensor Networks lecture Notes in Computer Science,2006, Volume 4325/2006,424-435
[24]Guttman, J.D.; Thayer, F.J.;, "Authentication tests," Security and Privacy,2000. S&P 2000. Proceedings.2000 IEEE Symposium on, vol., no., pp.96-109,2000
[25]Thayer Fabrega, F.J.; Herzog, J.C.; Guttman, J.D.;, "Honest ideals on strand spaces," Computer Security Foundations Workshop,1998. Proceedings.11th IEEE, vol., no., pp.66-77,9-11 Jun 1998
[26]Fabrega, F.J.T.; Herzog, J.C.; Guttman, J.D.;, "Strand spaces:why is a security protocol correct?," Security and Privacy,1998. Proceedings.1998 IEEE Symposium on, vol., no., pp.160-171,3-6 May 1998
[27]Joshua D. Guttman, F. Javier Thayer, Authentication tests and the structure of bundles, Theoretical Computer Science, Volume 283, Issue 2,14 June 2002, Pages 333-380, ISSN 0304-3975
[28]Ranall K.Nichols,Panos C.Lekkas,无线安全-模型,威胁和解决方案[M].姚兰等译.北京:人民邮电出版社,2004.11.175-176
[29]王金龙,王呈贵,吴启晖等Ad Hoc移动无线网络[M].北京:国防工业出版社,2004.5.1~10,237
[30]Yongdae Kim, Adrian Perrig, and Gene Tsudik.2000. Simple and fault-tolerant key agreement for dynamic collaborative groups. In Proceedings of the 7th ACM conference on Computer and communications security (CCS'00), Pierangela Samarati (Ed.). ACM, New York, NY, USA,235-244.
[31]Yongdae Kim, Adrian Perrig, and Gene Tsudik.2004. Tree-based group key agreement. ACM Trans. Inf. Syst. Secur.7,1 (February 2004),60-96.
[32]James P. G. Sterbenz, Rajesh Krishnan, Regina Rosales Hain, Alden W. Jackson, David Levin, Ram Ramanathan, and John Zao.2002. Survivable mobile wireless networks:issues, challenges, and research directions. In Proceedings of the 1st ACM workshop on Wireless security (WiSE'02). ACM, New York, NY, USA,31-40.