| As a framework being adopted by the Next Generation Broadband Wireless Access Network (NGBWAN), the channels in Wireless Multi-hop Network (WMHN) are open completely, its self-stability is scarce and fixed network infrastructure is also not perfect compared with wire internet network. The data is transmitted by multi-hop manner in wireless environment, its protection methods used in wire network can be missing, which brings more and new challenge to the secure mechanism such as authentication, authorization, key management, data protection in wireless multi-hop network.Being as a typical WMHN, Wireless Mobile Adhoc network (MANET) is composed by mobile nodes dynamically and is independent of fixed network infrastructure, it adopts the center-less and distributed control fashion, possesses many merits, such as self-organization and anti-destruction; Wireless Mesh Network (WMN) derives from wireless Adhoc network and holds some characters of WLAN, which has the feature of multi-hop, large capability, high speed and distributed. The secure structure and secure schemes in MANET and WMN are analyzed in the dissertation, the secure mechanisms related with WMN are researched emphatically, and then, many novel solutions and view points are proposed.The research production and innovations are mainly embodied from the following aspects:1. As for as distributed Layered and Grouped Structure (LGS) wireless Adhoc network, a Trust-value Updated Model (TUM) in LGS Adhoc network is defined, then, we put forward a new authentication mechanism with cluster head agent and member surveillance, which can cut down the data traffic of authentication and key agreement between nodes, hence the node authentication and key transmitting efficiency is improved. 2. An authentication framework and method in WMHN is described, based on the Kerberos method, it adopts the idea of actualizing identity authentication and access authorization by respectively, which reduces the periodic authentication flow and implements the classified authorization. Pseudorandom sequence has important application value in many security aspects, such as user authentication, key updating and data encryption in WMHN. Based on the hyperchaos model, we address the idea that hyperchaos system is applied to design the pseudorandom sequence after its dimension being decreased, the algorithm of novel dimension-lowered is proposed and designed, and the capability of hyperchaos sequence is analyzed in detail. Study shows that the novel chaos pseudorandom sequence has good complexity and well-proportioned stochastic diffusion, another stochastic sequence designing method is achieved.3. It causes a great challenge to user's secure communication because of the exposed wireless channel in multi-hop Mesh network. To ensure the data security when user accesses wireless Mesh network through the visitor domain but not its home domain, a new Secure Access Visitor Domain Authentication and Key Agreement Protocol (SAVAKA) is proposed to accomplish the object that Station (STA) accesses the Connected Domain on Layer 2 (CDL2) in Mesh network through the Visitor Mesh Access Point (VMAP), which prevents the privacy information of mobile users from being acquired by Visitor-MAP nodes in wireless Mesh network. We analyze and prove the security of SAVAKA protocol by using of Canetti-Krawczyk model, without relying on the scheme protection from high layer, the issue of data privacy protection can be solved during STA accessing Mesh network through VMAP. Our mechanism also can support the wireless access with multi-gateway mode, which has better applied and referenced value.4. To solve the issue of user's fast and secure authentication during the stage of access the wireless multi-hop Mesh network, a new secure handoff authentication with pre-authentication scheme is designed and proposed, in which, the access require messages from Mobile Node (MN) are broadcasted, the process of access authentication and handoff are carried out at the same time, proposed mechanism reduces the working flow between the mobile node and its home domain, and also can improve authentication efficiency during access period. Then, the scheme of threshold authentication with multi-servers is proposed based on the Asmuth-Bloom threshold technology, and then wireless access and authentication flow are designed and described. Only the members within Authentication Server Group (ASG) can carry out the valid authentication process, our method can avoid the fraudulent attack and can prevent single authentication server from being captured, so, the validity and security of authentication process can be guaranteed.5. It is not easy to supervise and manage the nonstandard and illegal network behaviors in open wireless environment with multi-hop relay transmission in Mesh network. To solve the problem of non-repudiation from user's topic behavior in wireless Mesh network, a novel non-repudiation scheme for network-operation is proposed based on the user Behavior Authentication Code (BAC), we design the user BAC, and in MAC layer of Mesh network, reconstruct and improve the protocol stack and authentication frame from application layer in multi-gateway mode, which ensure the secure object of topic behavior's controllability and detectability.6. There are many difficulties to establish the direct trust relation between any random nodes because of dynamical network topology structure and unstable node connectivity in wireless multi-hop network. The concept of Group Recommendation (GR) is presented. Based on GR, a novel dynamic trust model for multi-hop wireless network is proposed, which overcomes the disadvantages of trust models existed in current movable self organized network. More precise trust judgment for the cooperation and communication between nodes can be provided through integrated evaluation on the node's behavior in model, furthermore, the status change of trust relationship can be revealed, and the integrative trust criterion between the nodes can be established effectively. This new method can stand against the cheating behavior from hostile nodes preferably, which solves the problem of blind trust effectively during the authentication process in multi-hop wireless network.
|
PDF Full Text Request