Research On The Security Scheme Of Mobile Ad Hoc Networks Based On The Trust-value

With the rapid development of network technology, Mobile Ad Hoc Network has got a start. The difference between the MANET and traditional wireless networks is: there is no fixed fundamental structure applied in MANET, all the nodes within the network are equal either on the capacity or on the status. All kinds of work will be done after consultation among the network members. Meanwhile, all the nodes are in a mobile status, and can join or quit the network anytime, due to that, the topology of MANET is dynamic. Therefore, the security protocol which had been used in the traditional wireless network is no longer adapted to MANET any more.Nowadays, there are two kinds of schemes are very popular. One is based on identity and the other is based on the fully distributed structure. However, in the security scheme which is based on identity, there are several fixed nodes which work together as PKG. These nodes can easily be attacked and become the bottleneck of the network. Compare to the identity-based scheme, there is no authority organization in the fully distribute scheme, which will increase the consumption of the calculation and the traffic for the nodes. In order to solve these problems, we present a new secure protocol for the MANET, which can provide a good performance in the MANET. Our work can be described as follows:First, all nodes in the network are divided into several clusters, the node which has the most trustful connection is elected as cluster head. The nodes which have the trustful relationship with the cluster head are called nucleus codes. The nucleus nodes and the cluster head form the service group of the cluster. The service group work together in place of the private key generator. At the same time, the nodes of the service group is responsible for the generation of public/private key of the cluster and the formation of the secret shares of the nodes in the cluster, the certification of reporting message about the malicious behaviors, the ID authentication of the new joined nodes, and the periodicity renew of the key. However, the nodes of the service group are not fixed, they will change with the renew of cluster. So the service group can avoid being the bottleneck of the network.Second, the trust evaluation system of the node is proposed. The trust of the node is quantified by the mutual behaviors which can calculate the trust among the codes. With the comparison between the trust value of the neighbors nodes and threshold of the trust value, we can judge whether the malicious node is existed or not in the neighbor nodes. Once the malicious node is checked out, the node will report the warning message to the service group, after receiving the warning, the service group will do the deviation test to verify that whether the warning is true or not.Third, the thought of public key infrastructure is introduced into the authentication of the nodes. We make use of the authentication parameters to bind the identity information of the node , the key of the node, and the secret share of the node together. Meanwhile, in the update of the cluster, whether a node has the qualification to update can be determined by the verification of these parameters.Fourth, the contents of communication within the cluster are encrypted, only the communication parties can decrypt them rather than all the nodes in the network. In this way, the contents can be known only by the communication parties. As same as the node keys, cluster keys are defined in order to encrypt the broadcasting in the cluster which are released by the cluster members, and only the legitimate nodes within the cluster can decrypt them. The session keys are existed among the clusters. If one cluster member wants to communicate with another one which belongs to the different cluster can transmit the information to the cluster head, which will forward the information to the target cluster. The cluster head of the destination cluster will forward the information to the target node in the end.Fifth, in order to show the superiority of our protocol, we analyze the security and performance of our scheme in theory. The superiority of our protocol is also verified through the simulation results in the end of the paper.