Research On Authentication Architecture And Related Technologies Of Wireless Networks

With the rapid development of wireless technology, computer technology and communication technology in the past ten years, wireless networks have made enormous progress and is changing with each passing day. Wireless access has become a mainstream with an endless stream of wireless devices so that people are enjoying a mobile terminal that brings rich, convenient, timely, and intelligent Internet Services. However, the deepening of applications of computing technology and wireless technology in the field of communications gave birth to cloud computing and the Internet of Things. With cloud computing at the core, building convergence of a traditional wired network, wireless network and the Internet of Things, people can get the ubiquitous, all-powerful Internet services and experience that they crave. Therefore, the wireless networks have become one of the most active areas of research at home and abroad.Because of the openness of wireless networks and that resources are constrained, security issues have become increasingly prominent, and it is difficult to use mature and traditional wired network security technologies to solve. Security problems have gradually become a bottleneck of the further development and applications of wireless networks. Authentication is a widely used security mechanism to identify the mobile node, to prevent unauthorized access, and to negotiate session key as the first line of defense to protect the network. This dissertation mainly aims at a deep research on the multi-hop wireless networks lightweight authentication architecture and related technologies. The main research objects are the wireless sensor networks (WSN), mobile Ad Hoc networks (MANET), and wireless mesh networks (WMN). They are multi-hop, special form of the Ad Hoc network, but the network organized mode, characteristics and application scenes are completely different as the needs for security are not the same. Years of practice has proved that there cannot be a single unified and universal security technology for all kinds of networks as we must consider the different network characteristics, applications, performance, cost, and services. For wireless networks, we should also consider the many restriction factors:such as the living environment, life cycle, node resources, multi-hop transmission, no infrastructure support etc... While safety is such a critical thing in the more complex and comprehensive technology, the more safety we get, the better and safety should be a dynamic and controllable process that considers the performance and cost of the equilibrium process. It is in this context of WSN, MANET and WMN that lightweight authentication architecture and authentication technology have been researched.The main innovations of this dissertation are as follows:A lightweight Certificate Authority (LCA) authentication architecture for WSN has been put forward. According to the characteristics of the WSN, node resources are severely restricted, the sensor nodes are relatively static, and WSN topology structure is relatively stable. Changes to the method of the ECC (Ellipse Curve Cryptograph) cryptography producing the main key pairs, combination of lightweight cryptography idea, LCA and two authentication schemes has been put forward. Analysis and simulation results show that LCA has generated public key lightweight, public key verification lightweight, key management without the certificates, and allows the system master key within certain tolerance levels without the threshold mechanism. LCA overcomes the third party compulsory private key escrow in the identity-based public key mechanism, simplifies the complexity of generating and verifying public key and certificate management in the traditional certificate-based CA public key mechanism, and significantly reduces energy consumption, storage and bandwidth.A lightweight and shifted Certificate Authority (LSCA) authentication architecture for MANET has been put forward. According to the MANET highly dynamic topology structure, the node mobility is more powerful and the nodes resources are rich relative to the WSN nodes so LSCA has been put forward. Analysis and simulation results show that LSCA is especially suitable for the topology of very dynamic MANET network, and is self-adaptive. LSCA, through the transfer of the overall CA among a number of alternative CA nodes in a regular rotation has eliminated the possibility of Denial of Service attacks for a single CA node and has a certain degree of tolerance. LSCA is a kind of time-sharing distribution structure through the rapid transfer among various nodes, which overcomes the complexity of control multi-node cooperative work in a distributed system.A lightweight and tolerate Certificate Authority (LTCA) authentication architecture for WMN has been put forward. WMN is supported by some infrastructure, and plays an important role of "last mile" in a variety of wireless network access. For WMN, it is necessary to provide greater security than the WSN and MANET, but also minimize their topology changes, taking into account the rapid authentication of the mobile terminal and the demand for fast switching between different wireless networks. The combination of a threshold mechanism and a lightweight authentication architecture (LTCA) has been put forward. LTCA intrusion-tolerant ability, on the one hand, reflects when the node leaves an authentication server group, by designing a series of node activation mechanism to ensure the system’s signature private key threshold t and n remain unchanged. On the other hand, it reflects the threshold value t and n of the private key for signature could change moderately with the nodes leaving or joining the authentication server group. LTCA overcomes the disadvantage of not changing the threshold value t and n in the previous schemes, which is not adaptable to the scalability of WMN.An Ad Hoc network node revocation mechanism was studied. In the above three kinds of special Ad Hoc networks, authentication mechanisms was studied, but malicious or captured nodes revocation was not involved. For the node revocation problem in the above three kinds of wireless networks has great similarities, node revocation mechanism in Ad Hoc networks was studied. In order to solve the problem of how to evaluate the trusted degree of the nodes in the resource-constrained and topology-changed Ad Hoc network, a scheme for evaluation and revocation of Ad Hoc nodes has been put forward, improving the previous literature on the node trust evaluation mechanism. Three thresholds evaluation mechanism for a node has been introduced. The first threshold δA is based on the complaints mechanism for rapid node state in Hang. As long as the number of complaints reaches the first threshold, a warning message is broadcasted, but not withdrawal of the node. The second threshold value δT is calculated based on different types of complaints corresponding to different weights, so the calculated threshold is also different. Only when the second threshold has reached the preset threshold value ST according to safety requirements, the node will be truly revoked. The third threshold value δW is set based on the number of complaints made by one node, which continues to complaint the other node δw times, and will lead itself to be warned.δW is good to prevent some malicious nodes from triggering the false complaints towards a legitimate node. In this paper, the node revocation scheme overcomes arbitrary node revocation in the previous schemes in which node revocation is based only on the number of complaints, while simplifying the complexity in the traditional certificate-based node revocation mechanism without certificates and no need to maintain CRL (Certificate Revoke Lists). Node trust degree calculation is more accurate, because the three threshold values used ensure that a quick response is triggered for the malicious or captured nodes so that the node is revoked accurately and it’s revocation can be quantified which prevents illegal nodes complaint from legitimate nodes, in collusion, which could result in a wrong revocation.