Distributed Key Management And Certificate Research For Wireless Mobile Ad Hoc Networks

Mobile Ad Hoc Network (MANET) is a multi-hop and high dynamic topology network where a set of mobile device communicate among themselves using wireless transmission without the support of fixed or stationary infrastructure. This kind of wireless network has features in temporary and rapid deployment, no control center and anti-destroyed, which can be widely used in military communication and commercial system. However, since its wireless link, dynamic topology, absence of central management and limit resources, it is vulnerable and easy to be attacked, moreover, traditional security mechanism does not fit MANET, which heavily prevents its applications. Therefore, our thesis focuses on researches in distributed key management and certificate for MANET, which detailed includes four parts:1. Research threshold elliptic curve digital signature scheme (TECDSS), and proposed threshold elliptic curve digital signature scheme based secure multi-party computation. Since elliptic curve cryptography (ECC) has advantages in strong security, low computation, less memory, more adaptive MANET application. The existing TECDSS are based on Takaragi-Miyazaki threshold scheme, therefore, we research Takaragi-Miyazaki threshold scheme and Taong-Sun proved that Takaragi-Miyazaki threshold scheme can not defend insider forgery attack, eventually, we apply standard elliptic curve digital signature algorithm (ECDSA) to constructing threshold elliptic curve digital signature scheme based secure multi-party computation. By comparing to Takaragi-Miyazaki threshold scheme, we describe that our scheme is secure. TECDSS can be used as signature algorithm of certification service in key management for MANET.2. Deeply research partial distributed key management and certificate scheme based threshold mechanism, analyse key management service and share refreshing service, and point out its limitations. We also research fully distributed key management and certificate scheme, its trust model, its certification services(certification issuing, certification signature share verification, certification revocation and CRL), key share distributed self-initialization and verification, and key share renewal, finally we also indicate its limitations.3. Deeply research self-organized key management scheme proposed by Hubaux, based on statistics and analysis of PGP keys, we advance improved maximum degree algorithm for building local certification storage, the simulation on PGP certification graph shows that improved maximum degree algorithm can achieve higher authentication successful rate than that of before; under the condition of equal authentication successful rate, improved algorithm requeirs less certification storage. At the same time, we also propose bounded paths authentication, bounded multi paths authentication, bounded independent paths authentication and bounded k-joint paths authentication with higher metric when existing false certification, the simulation on PGP certification graph shows that, when existing false certification, improved maximum degree algorithm can achieve more higher performance than that of before, which indicates that the scheme with improved algorithm adapt better for real MANET environment.4. Based on summary and analysis of threshold scheme and certification chain scheme, we propose hybrid key management and certificate scheme. The scheme integrates threshold mechanism and certification chain mechanism, and distributes CA function to achieve strong security, and applies trust value of certification to improve availability of certification services, and simulation shows that with less communication overhead increase, our scheme better balances security and availability. Moreover, in the certificate process based certification chain, we also improve the security of certification chain since middle node is CA or certificated by CAs. Therefore, hybrid scheme satisfies with the security needs of MANET.