The Research On MANET's Key Management And Its Secure Policy

Mobile ad hoc network (MANET) is a collection of wireless mobile hosts forming a temporary network without the aid of any centralized administration or standard support services. And all nodes in MANET have not only normal mobile terminal's function but also router's function. Due to the insecure nature of wireless link and the fast change of topology, there are various security challenges that are faced in MANET. As a very important part of network security, key management has attracted a lot of attention from researchers and developers.There are two kinds of key management for MANET: distributed management and self-organized management. This paper analyzes the self-organized key management. Aiming at the problem of system's weakness on distinguishing malicious nodes, we present a trust and threshold key management. This scheme is the extension of the self-organized key management, and imports trust decision mechanism which promotes the system's ability of resisting mobile attack.In order to improve the efficiency of the certificate updating service, this paper presents a certificate update protocol based on probabilistic reliable multicast. In this scheme the node selects some reliable nodes from the local certificate repository which already have some route information in the local route table, and then multicasts the update information to them. After a few rounds of multicast, the node that does not receive the new update information can get the certificate update service from the node that has received the update information instead from the certificate issuer. It makes full use of the existing route information reducing the traffic cost of searching route information, and reduces the load of the certificate issuer achieving load balance by distributing the service task to multi-nodes in the network.Finally, we present a locally-driven self-organized key management frame. In this structure, we divide the network into many domains. It uses the self-organized manner to deal with the inner domain's key management. It sets up a virtual certificate authority to issue the domain certificate based on Pedersen's secret sharing theory. Two nodes from different domain can set up trust relationship by domain certificates. This framework is locally self-organized, and is more scalable. It avoids the cost of maintaining certificate repository and constructing certificate chain caused by the increase of network size.