Research On Techniques Of Provisioning Key Management And Authentication For Peer-to-Peer Computation Model

Recently, more and more people focus on Wireless Sensor Networks and P2P overlay networks which advance quickly, are full of vitality and show their bright prospects to people. They have some differences in terms of the level in the protocol stack, communicating network, transactions and the covered area. However, they belong to the Peer-to-Peer Computation Model (P2PCM), whose nodes have the same function in terms of network cooperation and are different from the traditional centralized computation model. P2PCM has different characteristics and rules of its own, which bring new problems for building security mechanism. It’s urgent to build solutions to protect the application systems based on P2PCM from hostile forces.The research work presented in this dissertation is following:(1) This dissertation focuses on GKM scheme applicable to homogenous network model and proposes a clear and complete key management model for dynamic groups for the first time. This dissertation also exposes a Dynamic Group Key Management (DGKM) scheme based on symmetric polynomials. The scheme provides a solution to related group key management issues, such as key establishment, key updating, node addition and node revocation, for a multicast group consisted of any number (bigger than2and less than the total number) of nodes. Group members can get group key by computing with little wireless communication, therefore, which greatly reduces the cost of key agreement.(2)An attack on the permutation-based multi-polynomial scheme exposed in the paper [46] is proposed in this dissertation. The attack shows that the permutation-based multi-polynomial scheme can’t frustrate the large-scale node capture attack. Also, A pair-wise key establishment scheme is proposed by introducing homomorphic encryption thought, which is used to protect polynomials and makes all keys be established in encrypted state. Therefore, the large-scale node capture attack is thwarted because adversaries can’t get any information about polynomials from the encrypted data used to establish keys. Besides, a method which uses much less storage and computation resource than the existing fully homomorphic encryption is presented to achieve fully homomorphic encryption indirectly.(3) After analyzing the existing WSN peer-to-peer (or node-to-node) authentication protocols with respect to cryptography, public key binding and attacks, a new peer-to-peer authentication protocol is proposed. The authentication protocol uses location information and ID to identify a node and utilizes the Conic Curve Cryptography (CCC), which is more efficient and easier in inverse operation, order computation and point multiplication computation than Elliptic Curve Cryptography (ECC). The location information introduced into the ID-based scheme makes the protocol robuster and more resilient in thwarting some new attacks, such as Sybil, Wormhole, Sinkhole and Identity replication attack.(4) An authentication scheme is proposed in this dissertation based on durable P2P storage techniques, trusted computing thought and virtual system thought. Through constructing a virtual database and a trusted entity, the two key problems, unable to store user information and without trusted authentication entity to take authenticating action, are conquered. Besides, two public-key-copy maintaining methods are proposed to resovle the public-key updating problem exposed in the paper [99].(5) Solutions proposed in this dissertation are proved secure and feasible through mathematic logic deduction and strand-space formal theory. With regard to the performance of the solutions, firstly, the solutions exposed by this dissertation are compared with others in terms of computation style, parameters and data packets. Secondly, the performance of some solutions is examined based on existed experimental conclusion. Lastly, the dynamic multicast group key management solution and the pair-wise key establishment scheme are evaluated on the CC2430. The result shows that the solutions in the dissertation have very good performance in terms of storage, computation as well as communication and are suitable to wireless sensor networks with limited capability.