Research On PKI/CA System In Mobile Ad Hoc Networks

Mobile Ad hoc NETworks(MANET) is a multi-hop and instant self-organized autonomous system of a collection of wireless mobile nodes that are capable of communicating with each other over wireless links,without needing any fixed physical infrastructure and centralized organizational/administrative infrastructure.In Mobile Ad Hoc Networks,each mobile node may function as both a host and a router.The main applications of MANET can be found in many areas:military tactical communication,emergency situation requiring rapidly-deployable communication or other security-sensitive scenarios.Because of its intrinsic features and special applications,MANET has received critical attention from academia in recent years.Consequently,MANET take on potentially widesspread commercial and military applications foreground.The most nature of MANET makes them very vulnerable to security threats.Similar to traditional wired network,the security issues such as authentication,confidentiality,integrity and non-repudiation must be thoroughly addressed to provide any sucessful applications in MANET.Key Infrastructure and Certification Authorities(PKI/CA) is a secure system based on public key theory which core is to identify the end entity and to conform the trust relationship.PKI/CA that has been a effective and integral solution for securing wired networks can not be directly applicable in MANET.Therefore providing PKI/CA in MANET is a challenging problem that must be solved for future applications.In this thesis,the security issues in MANET are investigated,aiming at PKI/CA system model,and some related key problems are also studied.First,the thesis produces background,concept and characteristics of MANET,and points out security issues and challenging through a high-level security risk analysis for MANET environment. Secondly,introduces related basic theory of information security and some knowledge of security technology,and then expatiates on the concept,function and composition of Public Key Infrastructure and Certification Authorities.The thesis present several key factors for struturing security system in MANET,with which those security solutions that have been proposed in the literature and some issues are discussed,and then localized distributed trust model and extended recommendation trust model which multi-domain full distributed Certification Authorities system model is proposed basedon.In the new system model,the mechanism of distributed system management and certificate service is developed.The test result in ns-2 simulutor show that the system model is feasible and effective.Furthermore,the thesis study the current PKI interoperability model,and propose a new model for the interoperability between virtual Certification Authorities based on extended recommendation trust model in MANET.It can easily realize the PKI interoperability with dynamic trust chain maintenance and Certification Authoritiy trust lists.