移动ad hoc网络预分配非对称密钥管理方案

为了降低移动ad hoc网络非对称密钥管理中的通信开销,基于组合公钥思想,将ElGamal方案与预分配密钥方式相结合,提出一种基于身份的预分配非对称密钥管理方案(PAKMS)。该方案通过私钥生成中心为节点预分配主密钥子集及基于时间获得节点密钥更新的方式,从方法上降低了移动ad hoc网络非对称密钥管理中的通信开销;私钥生成中心为节点预分配主密钥子集的方式也使节点在网络运行阶段不再依赖私钥生成中心为节点分配和更新密钥。由此,弱化了基于身份密钥管理中存在的私钥托管问题对网络安全的影响。与典型方案对比分析表明,该方案在提供节点密钥更新服务的情况下能够有效降低网络通信开销。此外,对方案的安全性进行了详细证明。     

适于ad hoc网络安全通信的新签密算法

首先提出了一个基于身份的新签密算法,并对其安全性和效率进行了分析及证明;结果表明,该算法在随机预言机模型下是可证明安全的,而且与已有基于身份的签密算法相比,其计算量和传输代价小,特别适合用于ad hoc网络的密钥管理、安全路由等通信安全协议.最后,以ad hoc网络分布式门限密钥管理中各服务节点所拥有的系统密钥份额的更新为例,说明了将新签密算法用于ad hoc网络安全协议的方法及其意义.     

基于属性的多授权中心身份认证方案

针对现有的基于属性的身份认证方案均是基于单授权中心实现的,存在密钥托管问题,即密钥生成中心知道所有用户的私钥,提出了一种基于属性的多授权中心的身份认证方案.所提方案结合分布式密钥生成技术实现用户属性私钥的(t,n)门限生成机制,可以抵抗最多来自t-1个授权中心的合谋攻击.利用双线性映射构造了所提方案,分析了所提方案的安...     

无可信中心的门限追踪ad hoc网络匿名认证

为解决ad hoc网络中的匿名认证问题,将民主签名与无中心的秘密分享方案相结合,提出一种无可信中心的门限追踪ad hoc网络匿名认证方案。方案的无中心性、自组织性很好地满足了ad hoc网络的特征,从而解决了传统网络中匿名认证方案由于需要可信中心而不适合ad hoc网络的问题;方案中认证者的匿名性、可追踪性和完备性(不可冒充性)满足了匿名认证的安全需求。     

基于簇的ad hoc网络密钥管理方案

将自认证公钥的概念和组合公钥的思想相结合,为ad hoc网络提出了一种新的门限密钥分发方案,在此基础上,和"簇"的组网方式结合,提出一种完整的密钥管理方案.该方案公钥自身具有认证功能,不需要证书管理,密钥分发过程简单,消除了IBE(identity-based encryption)方案中存在的密钥托管问题.方案能够灵活地适应ad hoc网络动态拓扑性,适用于各种规模的网络.理论和仿真分析表明,该方案计算量和通信量都比较小,与PKI、IBE方案相比,具有更高的安全性和实用性.     

基于身份密码的机载自组织网络动态密钥管理

针对现有机载自组织网络密钥管理存在的预分配密钥更新困难、公钥证书传递开销大、分布式身份密钥传递需要安全信道的问题,该文提出一种无需安全信道的基于身份密码体制的动态密钥管理方案。该方案包括系统密钥自组织生成和用户私钥分布式管理两个算法;采取遮蔽密钥的办法,确保私钥在公共信道中全程安全传递,使得密钥管理易于部署、方便扩展;最后分析了方案的正确性与安全性。结果证明方案理论正确,能够抵抗假冒、重放、中间人攻击。     

空间网络中基于身份的分布式密钥管理研究

为解决在空间网络中实施集中式密钥管理困难以及维护公钥证书开销过大等问题,论文设计了一种基于身份的分布式密钥管理方案。结合空间网络特点,给出了分布式私钥生成中心的构建方法。并利用Boneh和Franklin提出的基于身份的公钥加密体制,设计了私钥更新、主密钥分量更新和会话密钥协商等策略。分析和仿真验证,该方案能满足安全要求,具有较好的扩展性。     

基于椭圆曲线密码组合公钥的ad hoc密钥管理方案

Ad Hoc网络是一种独具特色的网络,作为一种新型的无线,多跳、无中心分布式控制网络,它无需网络基础设施,具有很强的自组织性,鲁棒性.抗毁性和容易构建的特点,其安全问题一直是研究的热点和难点.文中提出了一种改进的基于椭圆曲线密码组合公嘲的ad hoc密钥管理方案.与原方案相比,除了保持快捷地计算出节点的公私钥对、扩展性好、无需证书等特性外,新方案进一步提高了ad hoc网络的安全性,避免了单点失败.     

格上基于OBDD访问结构的抗密钥滥用属性加密方案

为了解决属性加密中的密钥安全问题,基于环上误差学习(RLWE)和有序二元决策图(OBDD)访问结构提出了一种抗密钥滥用的密文策略属性加密方案。首先,构造了2个不同的机构来共同生成用户的私钥,降低了机构泄露密钥的风险;其次,在每个私钥中嵌入了用户的特定信息,实现了密钥的可追踪性,并通过维护白名单避免了非法用户和恶意用户的访问。另外,所提方案采用有序二元决策图的访问结构,在支持属性与、或、门限操作的基础上增加了属性的正负值。分析表明,所提方案满足抗合谋攻击和选择明文攻击下的不可区分性安全,降低了存储和计算开销,和其他方案相比更具有实用性。     

Ad hoc网络中基于环Zn上椭圆曲线和RSA的密钥管理

探讨了ad hoc网络密钥管理问题,首次利用环Zn上椭圆曲线所构成的陷门离散对数的同态性质,结合Shamir秘密分享方案,提出了一种新的适用于ad hoc网络的密钥管理方案.在该方案中,新加入的成员向组内成员提供环Zn上的椭圆曲线加密体制,并保密相应的陷门.利用该加密体制的同态性,参与密钥分发的成员将关于新成员的子密钥加密后依次相加,新成员得到最后的和,然后解密;为防止攻击者来自于组内成员,在每次子密钥加密中都加入了混合因子.新方案具有很好的安全性,破解该方案的难度不低于破解RSA.     

Hexagonal Clustered Trust Based Distributed Group Key Agreement Scheme in Mobile Ad Hoc Networks

Secure and efficient group communication among mobile nodes is one of the significant aspects in mobile ad hoc networks (MANETs). The group key management (GKM) is a well established cryptographic technique to authorise and to maintain group key in a multicast communication, through secured channels. In a secure group communication, a one-time session key is required to be shared between the participants by using distributed group key agreement (GKA) schemes. Due to the resource constraints of ad hoc networks, the security protocols should be communication efficient with less overhead as possible. The GKM solutions from various researches lacks in considering the mobility features of ad hoc networks. In this paper, we propose a hexagonal clustered one round distributed group key agreement scheme with trust (HT-DGKA) in a public key infrastructure based MANET environment. The proposed HT-DGKA scheme guarantees an access control with key authentication and secrecy. The performance of HT-DGKA is evaluated by simulation analysis in terms of key agreement time and overhead for different number of nodes. Simulation results reveal that the proposed scheme guarantees better performance to secure mobile ad hoc network. It is demonstrated that the proposed scheme possesses a maximum of 2250 ms of key agreement time for the higher node velocity of 25 m/s and lower key agreement overhead. Also, the HT-DGKA scheme outperforms the existing schemes in terms of successful message rate, packet delivery ratio, level of security, computation complexity, number of round, number of exponentiations and number of message sent and received that contribute to the network performance.

     

Distributed node selection for threshold key management with intrusion detection in mobile ad hoc networks

In mobile ad hoc networks (MANETs), identity (ID)-based cryptography with threshold secret sharing is a popular approach for the security design. Most previous work for key management in this framework concentrates on the protocols and structures. Consequently, how to optimally conduct node selection in ID-based cryptography with threshold secret sharing is largely ignored. In this paper, we propose a distributed scheme to dynamically select nodes with master key shares to do the private key generation service. The proposed scheme can minimize the overall threat posed to the MANET while simultaneously taking into account of the cost (e.g., energy consumption) of using these nodes. Intrusion detection systems are modeled as noisy sensors to derive the system security situations. We use stochastic system to formulate the MANET to obtain the optimal policy. Simulation results are presented to illustrate the effectiveness of the proposed scheme.     

Cross-Layer Scheduling and Power Control Combined With Adaptive Modulation for Wireless Ad Hoc Networks

Efficient resource management is a major challenge in the operation of wireless systems, especially energy-constrained ad hoc networks. In this paper, we propose a cross-layer optimization framework to jointly design the scheduling and power control in wireless ad hoc networks. We study the system performance by combining scheduling, power control, and adaptive modulation. Specifically, the transmitted power and constellation size are dynamically adapted based on the packet arrival, quality of service (QoS) requirements, power limits, and channel conditions. A key feature of the proposed method is that it facilitates a distributed implementation, which is desirable in wireless ad hoc networks. The performance of our proposed methodology will be investigated in ad hoc networks supporting unicast as well as multicast traffic. Simulation results will show that the proposed scheme achieves significant gains in both the single-hop throughput and power efficiency compared with the existing method, which implements the scheduling through a central controller, and adopts power control with fixed modulation     

Local data control and admission control for QoS support in wireless ad hoc networks

Wireless ad hoc networks consist of nodes having a self-centrically broadcasting nature of communication. To provide quality of service (QoS) for ad hoc networks, many issues are involved, including routing, medium-access control (MAC), resource reservation, mobility management, etc. Carefully designed distributed medium-access techniques must be used for channel resources, so that mechanisms are needed to efficiently recover from inevitable frame collisions. For ad hoc wireless networks with a contention-based distributed MAC layer, QoS support and guarantee become extremely challenging. In this paper, we address this challenging issue. We first consider MAC and resource-reservation aspects for QoS support in one-hop ad hoc wireless networks. We propose two local data-control schemes and an admission-control scheme for ad hoc networks with the IEEE 802.11e MAC standard. In the proposed fully distributed local data control schemes, each node maps the measured traffic-load condition into backoff parameters locally and dynamically. In the proposed distributed admission-control scheme, based on measurements, each node makes decisions on the acceptances/rejections of flows by themselves, without the presence of access points. The proposed mechanisms are evaluated via extensive simulations. Studies show that, with the proposed schemes, QoS can be guaranteed under a clear channel condition while maintaining a good utilization. Discussions on applying the proposed schemes into multihop ad hoc networks are also included.     

A heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks

A mobile ad hoc network does not require fixed infrastructure to construct connections among nodes. Due to the particular characteristics of mobile ad hoc networks, most existing secure protocols in wired networks do not meet the security requirements for mobile ad hoc networks. Most secure protocols in mobile ad hoc networks, such as secure routing, key agreement and secure group communication protocols, assume that all nodes must have pre‐shared a secret, or pre‐obtained public‐key certificates before joining the network. However, this assumption has a practical weakness for some emergency applications, because some nodes without pre‐obtained certificates will be unable to join the network. In this paper, a heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks is proposed to remedy this weakness. Several heterogeneous networks (such as satellite, unmanned aerial vehicle, or cellular networks) provide wider service areas and ubiquitous connectivity. We adopt these wide‐covered heterogeneous networks to design a secure certificate distribution scheme that allows a mobile node without a pre‐obtained certificate to instantly get a certificate using the communication channel constructed by these wide‐covered heterogeneous networks. Therefore, this scheme enhances the security infrastructure of public key management for mobile ad hoc networks. Copyright © 2006 John Wiley & Sons, Ltd.     

An efficient identity-based secret key management scheme for MANETs

This paper put forward an identity-based key management scheme for mobile ad hoc networks (MANETs), it provids an efficient secret key management mechanism for security schemes, which be implemented over any cyclic group in that the strong Diffie-Hellman problem is supposed to be hard. By employing identity-based and threshold cryptography, the proposed scheme eliminates the burden of certificates management and can be high level tolerance to node compromise. The scheme is based on threshold Schnorr signature (TSch), for higher efficiency, we transform TSch to a simpler form, donated by SimpleTSch, and prove that SimpleTSch is unforgeable under passive attacks in the random oracle model. However, to cope with active attacks, we enforce the security by introducing Fiore et al's key agreement. We can say that the proposed key management scheme gives lots of help for design of security protocols in MANETs.     

一种基于位置和DHT的移动ad hoc网络服务发现方案

移动ad hoc网络中要求各节点问在缺乏预备知识的情况下进行相互通讯和协作，因此，对网络中各种服务的自动发现成为了其中的一个关键问题。将各节点的位置信息和DHT技术结合起来．提出了一种高效的面向移动ad hoc网络的服务发现方案。首先直接基于网络的物理拓扑结构来构建一种分布式哈希表．从而有效地消除了现有DHT方案的拓扑结构不匹配问题。然后提出了一种维度映射的方案．以将多维的服务描述信息映射到二维的哈希键值空间上。最后提出一种区域搜索算法，以高效地支持对服务的条件查询。     

A shared secret-based algorithm for securing the OLSR routing protocol

The strongest feature of ad hoc networks is its capability to be rapidly deployed anywhere and anytime without relying on a pre-existing infrastructure. From there, ad hoc networks offer the advantages to be auto-organized, ubiquitous, dynamic and completely autonomous. As a counter part, securing them becomes a more difficult task, especially because of the absence of centralized entities in the network. Inevitably, the security problem presents currently a hot topic raising more and more challenges within industrials and researchers, and many interesting securing solutions were meanwhile proposed, omitting however to suit to ad hoc networks characteristics and therefore disadvantaging them. In this paper, we propose a securing scheme for the OLSR routing protocol based on the secret sharing idea. We initially expose the general characteristics and the security problems related to ad hoc routing protocols. We then address the security requirements of ad hoc routing protocols and the security requirements we focus on. Finally, we define our completely and distributed securing algorithm based on threshold cryptography. A primary main conception objective being to suit as much as possible to ad hoc networks characteristics by avoiding as much as possible assumptions contradictory with the auto-organized and dynamic nature of ad hoc networks. Simulation results depict the additional delay due to security enhancements. Results show that this delay stills suitable to OLSR routing specifications.