Research Of Security Key Technology For Clustered Tactical Internet

Tactical internet is the application of network-centric warfare in local battlefield. In modern warfare, tactical internet is information infrastructure of local battlefield to ensure digital army to fight smoothly. The security defects of tactical internet will lead to being defeated in battle. The security of tactical internet is the directly reflect of the security of informationized war's architecture.In tactical internet, the flow of command control and situational awareness information charactized as vertical mobility in whole, while the flow of collaborating voice information charactized as horizontal mobility in local. Those nodes who have the same goal move as a team. Dividing the network into clusters will reduce traffic during the routing process. Clustering based on combat unit will not only make the network structure correspond with the formation of soldiers but also reduce the communication between clusters. It can be in favor of the realization of security technologies.Researches of security framework and the key technologies of it for tactical internet, clustered based on combat unit, have been done in this paper. This security framework is an integrated realization scheme, which combined network model, trust model and secure operations in different levels. The network is clustered according to battle unit. Trust between nodes from the same cluster and different clusters are built up in different ways. The built trust provides the basement of security management, secure routing, secrete communication, and so on. According to the characters of trunk net and terminal subnet, an authentication scheme of tactical internet is presented in this paper. The main idea of this authentication scheme is that an assembly of redundant CA (Certificate Authority) is applied in trunk net and a distributed CA is applied in terminal subnets. In a terminal subnet, a distributed CA is built in a set of CHs (Cluster Heads) is the basement for authentication between clusters and a cluster-wide symmetric key is used to authenticate each other for nodes in the cluster.Distributed CA is important for the scheme of tactical internet security for the reason that tactical internet is a distributed and dynamic net. On other hands, the construct of distributed CA needs to adapt the changes of tactical net. Distributed CA has to change their private key to resist mobile attackers. So, the mean response time, the loss probability and the service success probability of application from other nodes to distributed CA and secure probability of itself are very important for its application. In this paper, those problems are analyzed by random-probability analysis and based on these analyses an optimizing model is set up and resolved. The purpose of trust evaluation is to improve the efficiency, reliability and security of tactical internet by getting rid of inactive and malevolence nodes. After the analysis of trust management applied in clustered tactical internet, the packet untransmitting and falsifying, denial of service attack, and the validity of distributed CA services are chosen as the proofs to compute the node's trust value. A model is set up to evaluate the trust value, which is based on extension multi-factorial evaluation method. In this model, link functions are built to suit characters of tactical internet and the weights of factors are decided by analytic hierarchy process.The routing protocol based on clustered network structure need to suit the flow of data and the movement of nodes in tactical internet. Security is especially important for wireless network. A new secure routing protocol, based on authentication scheme, is presented. In this secure routing protocol, nodes exchange their information at fixed period to refresh node topology inner clusters for transmitting of collaborating voice information and the on demand route discovery is used between clusters to suit the demand of reducing traffic. The exchanged information inner clusters can be protected by pre-shared symmetric key and routing information between clusters can be protected by distributed CA. The routing protocol is realized in NS2 and the result of experiments show that the performance is approving under the scene same as tactical internet.