Research And Simulation Of Identity-Based Key Management For Ad Hoc Networks

With the growing military communication, outdoor meeting and emergency communication deployments of MANET, the security techonology receives increasing attention. Key management is the most essential issue and also one of the hotspots in MANET security research. However some limitations do exist: the most of the schemes are public key certificate-based that are bound with identity, which bring communication and computation overhead and complex certificate magagement; it is not suitable for Ad Hoc Network which is real time and low bandwidth network environment.We mainly focus on key management for MANET. This dissertation introduces some foundational conception, features, related cryptology theory and existing key management schemes. Using bilinear pairs and threshold cryptography, an identity-based key management scheme IDKM and a certificate-less key management shceme CLKM is proposed. Following the analysis the simulation tool NS-2, we simulated and implemented the proposed schemes.The major contributions of this dissertation include:(1) An identity-based cryptography key management scheme IDKM using bilinear pairs is proposed. Combining id-based cryptography with threshold sharing, the proposed scheme avoids the complicated certificate management, comparing with existing id-based schemes, the most significant advantage of the proposed scheme lies in the enhancement of security and reducing communication overhead, storage overhead and computation efficiency.(2) There exists a flaw about identity-based Cryptography, that is key escrow. Aiming at this problem, we presented a certificate-less key management scheme CLKM. In CLKM, a node's complete private key is combined with D-PKG partial private keys and a random key value which is selected itself. The scheme avoids the key escrow and can prevent the dishonest nodes coalition so as to acquire the node private key. Comparing with existing shcemes, the proposed scheme CLKM provides to protect the node complete private key.(3) Following the analysis the simulation tool NS-2 , we simulate the proposed schemes by extending relative components and data structures including the application layer, transport layer, timer, packet etc. The emulation and analysis results demonstrate that our schemes are effective.