Research On Distributed Key Management For Mobile Ad Hoc Networks

Key Management is the most difficult and weakest link in security services of mobile Adhoc networks. Attention to key management and introduction of the key management mechanismare vital to increase the security and anti-attack capacity of mobile ad hoc networks. Surroundingthe security objectives, thoroughly analyzing the security threats and taking full account of itsinherent characteristics, the thesis thoroughly studies the key problems of key management in theenvironment of ad hoc networks. The main research results are as follows:1. Around the key problems of traditional network key management, the basic meaning andmutual relations of key establishment, key distribution and trust model are analyzed, and thebasic framework for key management is obtained. By fully considering the characteristics ofmobile ad hoc networks, and thoroughly analyzing and comparing the current typical solutionsof mobile ad hoc network key management, a mobile ad hoc networks distributedtwo-dimensional key management model is proposed, which starts from the inner relation oftrust model construction, the distribution of key material, the establishment of session key anduser key revocation, etc..2. Aiming at the limitations of existing trusted third-party distribution system key quotientconstructing distributed key management center under the circumstance of mobile ad hocnetworking, the thesis analyzed the basic theory of secret sharing and the distributed keymanagement protocols, such as Pedersen,-DKG, Rosario-DKG and Chen-DKG, etc.. Based onpublicly verifiable secret sharing PVSS model, a systematic key distributed generation protocolSDKG that is secure, without a trusted third party, and not needing a secure channel under aself-networking environment is proposed. Thus, the dependence to trusted third party is gottenrid of. The private key was distributed and synthesized between the nodes collaboratively3. The session key between nodes should be established through negotiating in the mobile adhoc networking environment. The security and performance requirements of key negotiation areproposed in the ad hoc networking environment. The ML protocol, CK protocol and AP protocolare analyzed. Based on BR model, ECL-AKA model, an enhanced CL-AKA security model, isproposed. Considering this point, a key negotiation protocol ACL-AKA, which can beauthenticated with no certificate, is proposed. The security proof and the performance analysisindicate that the protocol is more suitable for ad hoc network environment.4. The present status of key revocation is analyzed under the circumstances of mobile ad hocnetwork. The basic key revocation requirements are proposed. Combined with the uniqueadvantages of certificate-based and identity-based key revocation mechanism, the arbitration-based real-time revocation idea and the method to determine malicious nodes basedon node collaboration are introduced. Pointing to the passive key revocation for ad hoc networkenvironment, an arbitration-based collaborative certificate key revocation solution is proposed.The relevant result demonstrates that the solution satisfies the security and real-timerequirements.5. The advantages of the no-certificate cryptosystem based on key management are analyzed.According to the proposed distributed two-dimensional key management model, session keynegotiation and key revocation, a CL-PKC based distributed key management solution isproposed on the basis of combining with the research results of distributed key generation. Theaspects of the distributed KGC construction, the distributed generation and updating of thesystem private key, the converting from GN to SN nodes, the adjustment of the threshold, thenode key generation, the node secure communications as well as the node key revocation aredescribed in detail. Solution simulation shows that the solution possesses the characteristics ofhigh security, flexibility and high implementation efficiency.