Distributed Secret Key Generation-based Security In Delay Tolerant Networks

Delay tolerant networks (DTNs) are a kind of opportunistically-connected wireless networks characterized as large transmission delay, frequent-disruption links and low delivery rate, which are different from the Internet built on TCP/IP protocols. In the recent years, DTNs have attracted a lot of attention of researchers, and are applied to implement communications in extremely challenging environments where traditional networks cannot work, such as sparse Ad hoc networks, vehicular disruption-tolerant networks, interplanetary internet, US navy seaweb and so on. At present, most researchers focus on routing protocols and architecture designing of DTNs, and try to improve the message (Bundle) delivery ratio and reduce the latency of message transmission, but studies on the security of DTNs are fewer than the routing protocols and architecture designing. Unfortunately, DTNs are more vulnerable than the Internet. The existing various attacks and threats can impact the implementation of routing protocols of DTNs, and degrade the networking performance of DTNs. Therefore, this thesis aims to guarantee the security of DTNs.The security research of DTNs covers many aspects involving some particular security issues and technical solutions. This thesis mainly studies the confidentiality, message integrity, misbehaviors incentive and detection, privacy preservation during bundles transmission in DTNs. This thesis first proposes a distributed secret key generation system which is fully suitable for the characteristics of DTNs. Then, built on the distributed key generation system, this thesis proposes a fast bundle fragments authentication scheme, selfish behaviors incentive and greedy behaviors detection, two-party security comparison-based privacy preservation for DTNs, repectively. The contributions of this thesis are listed as follows in detail:1. This thesis introduces the concept of a blind digital ID card (BDID) to simplify a user’s identity authentication. The blind digital ID card has the same function with a physical ID card, but it can efficiently prevent the coping-attack. The BDID-based identity authentication called self-certified identity doesn’t rely on any the third trusted entities, which is different from the certification authority (CA) in the public key infrastructure (PKI) and is also distinguished from the private key generator (PKG) in the identity-based cryptography (IBC). Using the BDID and the self-certified identity, this thesis first proposes a distributed secret key generation system. The system doesn’t require the threshold cryptosystem and multiple trip-round interactions among nodes, and it can implement fast key distribution and key generation merely by a secure broadcast. Thus, the proposed secret key generation system can satisfy the requirements of DTNs, and provides security guarantee for bundles integrity, misbehaviors incentive and detection, privacy preservation in DTNs.2. This thesis combines the advantage of Lagrange polynomial with the the batch verification, and proposes a fast bundle fragments authentication scheme, which can prevent bundles from being maliciously falsified and tampered. Meanwhile, the scheme achieves a fast bundle fragments authentication, so the bundle delivery delay and authentication traffic overhead are decreased. The performance analysis and simulation evaluation indicate that the proposed scheme has the advantage over the existing solutions in terms of computation time and authentication traffic overhead.3. This thesis investigates two kinds of misbehaviors in DTNs:selfish behavior and greedy behavior, and then analyzes the undesirable effect of these misbehaviors on honest nodes. As to the selfish behavior, a quality of service-based incentive scheme (QIS) is proposed, where a service priority is used as an incentive metric to stimulate nodes to fairly cooperate. In addition, three security solutions including the signature chain, cooperation frequency statistics and combination clearance are presented to deal with the potential attacks to the QIS. As for the greedy behavior, this thesis proposes a message matching-based detection method (MMBD) where a smart mobile trusted module (MTM) is introduced to prevent the greedy behavior. This method only requires less computation time and fewer resources than the attestation of the trusted computing group. These solutions to encourage selfish nodes and detect greedy nodes can offer a fair routing environment for nodes in DTNs, and increases the bundle delivery ratio of the network.4. This thesis introduces the two-party secure comparison protocols into DTNs for the first time, and then proposes a new homomorphic encryption-based two-party secure comparison protocol to achieve the privacy preservation arised from the exchanging routing information. Compared with the existing protocols under the semi-honest model and the covert adversary model, the proposed scheme can resist the malicious adversary model, so attackers in DTNs are difficult to get specific routing information from secret inputs. Additionally, this thesis adopts the EC-ElGamal built on the proposed distributed secret key generation system to implement the homomorphic encryption, and thus the privacy preservation only consumes fewer nodes resources.