移动Ad hoc网络中的密钥管理

首先阐述了移动adhoc网络中密钥管理的重要性,接着探讨了几种密钥管理的方法,包括局部分布式认证授权中心、完全分布式认证授权中心、自发证书、安全Pebblenets、指示性标志、基于口令验证的密钥交换等,并对这些方法进行了较完整的概括总结和深入的比较分析,最后提出了一些研究移动adhoc网络中密钥管理方法所必须注意的问题。     

一种Ad hoc网络自组织密钥管理方案的本地证书库搜索算法

本文提出了一种Ad hoc网络自组织密钥管理中的本地证书库搜索算法.在算法中,节点与邻居节点互相颁发证书,并形成本地入度和出度证书库,类似蚁群算法,从最大被认证次数的节点开始进行搜索,查找源节点与目标节点之间的证书链.算法降低了搜索复杂度,为找到证书链提供了保证,同时节省了空间开销,是一个较优化的本地证书库搜索算法.     

安全高效的空间信息网中密钥管理方案

空间信息网是卫星通信系统的进一步发展,安全高效的密钥管理是保障空间信息网内安全通信的关键。分析了空间信息网中密钥管理方案的安全需求,提出了按需建立密钥的思想,并依据该思想提出一个适用于空间信息网的安全高效的密钥管理方案。方案采用完全分布式的管理模式,每个结点管理并维护自己的密钥列表,方案具有认证安全性、前向保密性等安全性特征。仿真结果表明,与现有的空间信息网密钥管理方案相比,该方案在网络规模较大时能极大地降低通信开销,具有良好的通信效率。     

基于身份的空间网络组密钥管理方案

针对现有组密钥管理方案无法适应空间网络的问题,提出了一种基于身份的空间网络组密钥管理方案.方案设置了一个由卫星节点组成的多播服务节点集合,协助多播群组完成公共参数的生成和广播,解决了组成员开销不平衡的问题;为同一群组提供服务的节点动态可变,避免了单点失效问题.与现有方案相比,本方案在满足安全要求的基础上,具有更小的计算、存储和通信开销.     

基于簇的ad hoc网络密钥管理方案

将自认证公钥的概念和组合公钥的思想相结合,为ad hoc网络提出了一种新的门限密钥分发方案,在此基础上,和"簇"的组网方式结合,提出一种完整的密钥管理方案.该方案公钥自身具有认证功能,不需要证书管理,密钥分发过程简单,消除了IBE(identity-based encryption)方案中存在的密钥托管问题.方案能够灵活地适应ad hoc网络动态拓扑性,适用于各种规模的网络.理论和仿真分析表明,该方案计算量和通信量都比较小,与PKI、IBE方案相比,具有更高的安全性和实用性.     

一种Ad—hoc密钥维护优化方案

Ad-hoc网络节点之间的无线连接越多，网络通信跳数相对越少，但网络需要的密钥量越大，加重了密钥维护的负担，因此在通信跳数可接受的情况下应该尽量减少密钥量。定义了网络付出的代价，用来描述通信跳数和密钥量。以网络付出的代价最小为原则，设计了一种简单的密钥维护优化方案。将方案应用于一个Ad-hoc场景，推算结果表明该方案对密钥维护的优化是有效的。     

移动Ad hoc网络中的安全问题

首先分析了Adhoc网络存在的安全问题和安全目标。然后简单介绍了路由协议的安全隐患,接着详细讨论了Adhoc网络的安全策略,最后说明了Adhoc网络安全性面临的挑战。     

Ad hoc网络中基于双线性配对的STR组密钥管理协议研究

STR组密钥管理协议具有较好的计算、通信和存储代价,但在安全性方面,由于没有提供密钥认证,不能抵御主动攻击.在分析STR协议基础上,引入双线性配对密码体制和三叉密钥树来实现组密钥管理,提出PSTR(bilinear pairing-based STR)协议,其中包括密钥产生过程及其6个子协议,对PSTR协议安全性进行分析,证明了PSTR协议在计算上是安全的.分析与比较了PSTR协议和STR协议的性能,结果表明PSTR协议在通信代价、计算代价和存储代价均优于STR协议,因此PSTR协议是ad hoc环境下一种新型、可靠的组密钥管理协议.     

一种基于信任值的Ad hoc密钥管理方案

Ad hoc网络的自组织性是其最大的优点。这种自组织性和无中心性给密钥管理带来了很大的难度。论文在将网络划分为簇的基础上,利用基于椭圆曲线的分布式密钥产生算法,提出了一种基于信任值的密钥管理方案,能够选取出合适的簇首担任CA服务器,实现了完全自组织的分布式密钥管理。     

基于分簇的Ad hoc网络分布式认证方案

认证是保证Ad hoc网络通信安全的重要技术。该文针对分布式认证方案分别运用在平面Ad hoc网络和分簇结构中的优缺点进行了比较研究,提出了一种区域认证方案,该方案采用分簇结构,将Ad hoc网络分割为相互独立的认证区域,既减少了网络开销,又增强了认证服务效率,且安全性和可扩展性较好,适用于大规模Ad hoc网络。     

适合ad hoc网络无需安全信道的密钥管理方案

密钥管理问题是构建ad hoc安全网络系统首要解决的关键问题之一.针对ad hoc网络特点,提出了一个无需安全信道的门限密钥管理方案.该方案中,可信中心的功能由局部注册中心和分布式密钥生成中心共同实现,避免了单点失效问题;通过门限技术,网络内部成员相互协作分布式地生成系统密钥;利用基于双线性对的公钥体制实现了用户和分布式密钥生成中心的双向认证;通过对用户私钥信息进行盲签名防止攻击者获取私钥信息,从而可以在公开信道上安全传输.分析表明该方案达到了第Ⅲ级信任,具有良好的容错性,并能抵御网络中的主动和被动攻击,在满足ad hoc网络安全需求的情况下,极大地降低了计算和存储开销.     

Multifold node authentication in mobile ad hoc networks

An ad hoc network is a collection of nodes that do not need to rely on a predefined infrastructure to keep the network connected. Nodes communicate amongst each other using wireless radios and operate by following a peer‐to‐peer network model. In this article, we propose a multifold node authentication approach for protecting mobile ad hoc networks. The security requirements for protecting data link and network layers are identified and the design criteria for creating secure ad hoc networks using multiple authentication protocols are analysed. Such protocols, which are based on zero‐knowledge and challenge‐response techniques, are presented through proofs and simulation results. Copyright © 2007 John Wiley & Sons, Ltd.     

A secure mutual authentication scheme with non‐repudiation for vehicular ad hoc networks

Vehicular ad hoc networks (VANETs) have been a research focus in recent years. VANETs are not only used to enhance the road safety and reduce the traffic accidents earlier but also conducted more researches in network value‐added service. As a result, the security requirements of vehicle communication are given more attention. In order to prevent the security threat of VANETs, the security requirements, such as the message integrity, availability, and confidentiality are needed to be guaranteed further. Therefore, a secured and efficient verification scheme for VANETs is proposed to satisfy these requirements and reduce the computational cost by combining the asymmetric and symmetric cryptology, certificate, digital signature, and session key update mechanism. In addition, our proposed scheme can resist malicious attacks or prevent illegal users' access via security and performance analysis. In summary, the proposed scheme is proved to achieve the requirements of resist known attacks, non‐repudiation, authentication, availability, integrity, and confidentiality. Copyright © 2015 John Wiley & Sons, Ltd.     

基于双信道的一种ad hoc网络路由策略

利用多个信道接口来改善ad hoc网络信道容量。即一个信道周期性的广播节点状态信息分组来维护全网所有节点的状态信息，而另一个信道利用此信息采用最短路径搜寻算法来获得到目的节点的路由并完成数据传输。这样充分结合了表驱动路由方法和按需式路由方法的优点。另外，信息维护与数据分组分别在两个信道内同时进行，避免了信息维护对数据分组传输的影响，提高了网络性能。     

A secure group key management scheme for hierarchical mobile ad hoc networks

In this paper, we present a secure group key management scheme for hierarchical mobile ad hoc networks. Our approach aims to improve both scalability and survivability of group key management for large-scale wireless ad hoc networks. To achieve our goal, we propose the following approaches: (1) a multi-level security model, which follows a modified Bell-La Padula security model that is suitable in a hierarchical mobile ad hoc networking environment, and (2) a decentralized group key management infrastructure to achieve such a multi-level security model. Our approaches reduce the key management overhead and improve resilience to any single point failure problem. In addition, we have developed a roaming protocol that is able to provide secure group communication involving group members from different groups without requiring new keys; an advantage of this protocol is that it is able to provide continuous group communication even when the group manager fails.     

An improved EAAP scheme for vehicular ad hoc networks

Recently, Maria Azees et al proposed an “EAAP: efficient anonymous authentication with conditional privacy‐preserving scheme for Vehicular Ad Hoc Networks.” Their scheme is mainly to solve the problem of high computation time of anonymous certificate and signature authentication, as well as the tracking problem of malicious vehicles. However, some improvements are needed in the protection of anonymous identity and the effective tracking of malicious vehicles. In this paper, our scheme realizes mutual authentication between OBU and RSU, and the RSU is authenticated without using certificate. In order to prevent the anonymous identity of the vehicles from being monitored and tracked, we use the negotiated short‐time key to encrypt the anonymous identity in the vehicle certificates. In addition, our scheme uses a new tracking method for malicious vehicles. Then, we prove the scheme through BAN logic, and it has the properties of authentication, anonymity, unlinkability, privacy protection, and traceability. Finally, we compare the computation cost and communication cost with other schemes, and the scheme has been greatly improved.     

Location-aware resource management in mobile ad hoc networks

We propose an innovative resource management scheme for TDMA based mobile ad hoc networks. Since communications between some important nodes in the network are more critical, they should be accepted by the network with high priority in terms of network resource usage and quality of service (QoS) support. In this scheme, we design a location-aware bandwidth pre-reservation mechanism, which takes advantage of each mobile node’s geographic location information to pre-reserve bandwidth for such high priority connections and thus greatly reduces potential scheduling conflicts for transmissions. In addition, an end-to-end bandwidth calculation and reservation algorithm is proposed to make use of the pre-reserved bandwidth. In this way, time slot collisions among different connections and in adjacent wireless links along a connection can be reduced so that more high priority connections can be accepted into the network without seriously hurting admissions of other connections. The salient feature of our scheme is the collaboration between the routing and MAC layer that results in the more efficient spatial reuse of limited resources, which demonstrates how cross-layer design leads to better performance in QoS support. Extensive simulations show that our scheme can successfully provide better communication quality to important nodes at a relatively low price. Finally, several design issues and future work are discussed. Xiang Chen received the B.E. and M.E. degrees in electrical engineering from Shanghai Jiao Tong University, Shanghai, China, in 1997 and 2000, respectively. Afterwards, he worked as a MTS (member of technical staff) in Bell Laboratories, Beijing, China. He is currently working toward the Ph.D. degree in the department of Electrical and Computer Engineering at the University of Florida. His research is focused on protocol design and performance evaluation in wireless networks, including cellular networks, wireless LANs, and mobile ad hoc networks. He is a member of Tau Beta Pi and a student member of IEEE. Wei Liu received the BE and ME degrees in electrical engineering from Huazhong University of Science and Technology, Wuhan, China, in 1998 and 2001, respectively. He is currently pursuing the P.hD. degree in the Department of Electrical and Computer Engineering, University of Florida, Gainesville, where he is a research assistant in the Wireless Networks Laboratory (WINET). His research interest includes QoS, secure and power efficient routing, and MAC protocols in mobile ad hoc networks and sensor networks. He is a student member of the IEEE. Hongqiang Zhai received the B.E. and M.E. degrees in electrical engineering from Tsinghua University, Beijing, China, in July 1999 and January 2002 respectively. He worked as a research intern in Bell Labs Research China from June 2001 to December 2001, and in Microsoft Research Asia from January 2002 to July 2002. Currently he is pursuing the Ph.D. degree in the Department of Electrical and Computer Engineering, University of Florida. He is a student member of IEEE. Yuguang Fang received a Ph.D. degree in Systems and Control Engineering from Case Western Reserve University in January 1994, and a Ph.D. degree in Electrical Engineering from Boston University in May 1997. From June 1997 to July 1998, he was a Visiting Assistant Professor in Department of Electrical Engineering at the University of Texas at Dallas. From July 1998 to May 2000, he was an Assistant Professor in the Department of Electrical and Computer Engineering at New Jersey Institute of Technology. In May 2000, he joined the Department of Electrical and Computer Engineering at University of Florida where he got the early promotion to Associate Professor with tenure in August 2003 and to Full Professor in August 2005. He has published over 180 papers in refereed professional journals and conferences. He received the National Science Foundation Faculty Early Career Award in 2001 and the Office of Naval Research Young Investigator Award in 2002. He is currently serving as an Editor for many journals including IEEE Transactions on Communications, IEEE Transactions on Wireless Communications, IEEETransactions on Mobile Computing, and ACM Wireless Networks. He is also actively participating in conference organization such as the Program Vice-Chair for IEEE INFOCOM’2005, Program Co-Chair for the Global Internet and Next Generation Networks Symposium in IEEE Globecom’2004 and the Program Vice Chair for 2000 IEEE Wireless Communications and Networking Conference (WCNC’2000).     

无可信中心的门限追踪ad hoc网络匿名认证

为解决ad hoc网络中的匿名认证问题,将民主签名与无中心的秘密分享方案相结合,提出一种无可信中心的门限追踪ad hoc网络匿名认证方案。方案的无中心性、自组织性很好地满足了ad hoc网络的特征,从而解决了传统网络中匿名认证方案由于需要可信中心而不适合ad hoc网络的问题;方案中认证者的匿名性、可追踪性和完备性(不可冒充性)满足了匿名认证的安全需求。     

TIDS: threshold and identity-based security scheme for wireless ad hoc networks

As various applications of wireless ad hoc network have been proposed, security has received increasing attentions as one of the critical research challenges. In this paper, we consider the security issues at network layer, wherein routing and packet forwarding are the main operations. We propose a novel efficient security scheme in order to provide various security characteristics, such as authentication, confidentiality, integrity and non-repudiation for wireless ad hoc networks. In our scheme, we deploy the recently developed concepts of identity-based signcryption and threshold secret sharing. We describe our proposed security solution in context of dynamic source routing (DSR) protocol. Without any assumption of pre-fixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide key generation and key management services using threshold secret sharing algorithm, which effectively solves the problem of single point of failure in the traditional public-key infrastructure (PKI) supported system. The identity-based signcryption mechanism is applied here not only to provide end-to-end authenticity and confidentiality in a single step, but also to save network bandwidth and computational power of wireless nodes. Moreover, one-way hash chain is used to protect hop-by-hop transmission.