Research On Self-Organized Key Management For MANET

Mobile Ad hoc Network (MANET) has great martial value and wide application prospect. In MANET, owing to many new characteristics, the security situation is more rigorous than that in traditional network. Cryptography is one of main security means in wireless communication environment. Key management (KM), which is the core of the cryptosystem, is composed of trust establishment, key generation, key distribution, key authentication and key storage etc. The security of cryptosystem highly depends on KM, nevertheless KM is much more vulnerable than encryption. Threrefore, KM is also a very weak link of MANET security.Until now, KM still has many problems to be solved: incomplete schemes, vulnerable security, heavy overheads and bad scalability. There are two essential issues in the research of MANET security: (1)scalability of schemes and (2) tradeoff between performance and overheads. Both issues are rooted in the complexity of MANET. Traditional techniques of network security base themselves on centrully controlled and static network, and can not solve above problems completely. Self-organization theory and method give a suit of efficient ways to describe and control complex network, and it shows power to promote the study of network. Therefore, we pay more attention to the theory and idea of network self-organization expecting to solve the contradiction between the security performance and resources consumption. Moreover, we hope to reveal some essential laws of MANET key management, which are useful to direct KM design.The major contributions of this thesis include:1. Research on self-organized KM schemes for different application requirements. Trust model is the soul of KM, and influences the basic structure and performance tendency of KM. Our work emphasizes the properly application of self-organized behavior patterns and nodes self-managing keys in the design of KM schemes.(1) Hierarchical trust model based PDKM (Proxy Delegated Key Management) scheme designed for applications with high security requirements. Hierarchical trust model has firm trusted foundation, and is suitable for tactical or governmental networks. Most existing schemes enhance the scalability through integrating several virtual CAs. In such schemes, the relations among CAs are vague and complex, and the cross CA authentications are needed. Design of PDKM is driven by scalability requirement of large scale MANET and inspired by technique of proxy signature. PDKM has two distinct merits: 1) trusted relations are very explicit, so the scheme avoids cross CA authentication; 2) the verification of a certificate by any user only needs validation computing of the signature once, so the computation and communication overhead is fairly low.(2) Web-of-trust model based HPWKM (High Performance Web-of-trust Key Management) scheme designed for applications with high flexibility and efficiency requirements. Web-of-trust model does not need any special control unit or trust authority and is suitable for constructing self-organized security system. In existing works, each node must maintian a local certificate repository, based on which the node finds the certificate chain for authentication. This method can not run efficiectly and has security problem in large scale MANET. HPWKM adopts a new design idea. We divide the large scale MANET into several security domains. In each domain, every node pre-issues certificates for public keys of certainly selected nodes following the same policy. When the authentication is needed, node runs the given algorithm to compute and obtain the certificate chains. HPWKM inherits the self-organization character of web-of-trust, and its scalability is enhanced by using security domain. Because nodes need not maintain certificate repositories, the scheme also has a lower overhead. Moreover, HPWKM can acquire a higher authentication ratio.(3) SPKM (Synthetic Public Key Management) scheme based on combination of hierarchical trust and web-of-trust, which is also an improvement to HPWKM. Though HPWKM is very efficient, it is not adequately secure. Composite trust model is then proposed to integrate the merits of hierarchical trust and web-of-trust, and is developed for improving allround performances of KM. Inside the security domain, SPKM uses the intra-domain authentication of HPWKM, and more certificate chains help to improve the fault tolerance and the security. In order to prevent various attacks towards remote authentication, hierarchical trust is applied to establish CA in every domain and CA's certificate is regarded as the trust intermediary. In the whole, SPKM can get an ideal tradeoff among security, overhead and flexibility.2. Research on secure clustering for MANET. Above KM schemes are all designed for large scale MANET, which depends on clustering technique to accomplish routing function. Moreover, many existing KM schemes are constructed on clustering directly. Therefore, clustering influences the security of KM directly. However, all the existing clustering algorithms do not consider security problem and will threaten KM. We propose Self-Organized Secure Clustering algorithm (SOS_Clustering). In the cluster based on SOS-Clustering, cluster head is trusted by all members, meanwhile its behavior is supervised by all cluster members. All messages from the clustering participants can be authenticated. The untrusted behavior will be supervised and spreaded, and will debase the credit. SOS-Clustering is self-organized and has lower overhead, so it can work well in MANET nodes.3. Research on self-organized evolution of web-of-trust KM system. Public key certificates form an overlay network in the web-of-trust KM system. The research on self-organized evolution is to explore the immanent rules in the evolvement of the certificate network. Such rules can help to study different influences of the public key certificates, to propose methods enhancing security of KM system, and to use the results of complex network research to direct KM designing. In our proposed abstract mathematic model, the network behavior is driven by the node's weighting between the information value and links maintaining. Our mathematic model describes the network evolution as a convergent stochastic process. Detailed deduction is given for the possible result of network evolution. For PGP certificate network, we also discuss other possible results of evolution, and point out that these results are consistent with self-organized criticality (SOC) theory.