Schemes Of PKI/PMI-based Node Identity Privacy Protection In Opportunity Network

With the rapid development of information age, the massive influx of information through thenetwork in people’s lives, people through the network communication between each other more frequently,so people’s privacy information were also more likely to expose in the network environment, people aremore willing to hide their identity. Therefore, in the network identity privacy is becoming more and moreimportant, the attention of every field of the information society and values. Especially in the opportunityto network, due to the high mobility, the network node link often change and delay characteristics, dataconfidentiality, integrity and privacy of node by the destruction of the malicious nodes and easy to steal,other opportunities to network with mobile self-organizing networks, opportunity more important contentdistribution network, and focuses on mobile self-organizing network dialogue communication, the messageis sent to the destination node from the source node based on clear destination address but are interested inthe content of the messages sent by the receiver. In order to avoid malicious nodes identity fraud,unauthorized access, you must according to the characteristics of building effective opportunity networkauthentication, authorization and access control mechanism. Therefore, the identity of the nodes in theopportunity to network privacy protection and anonymous authorization access has become moreimportant.As a security mechanism of the international standard, the public key infrastructure PKI is thefoundation and the core of the construction of the network environment safety. In the opportunity tonetwork, quoting the PKI/PMI system, to bind the identity of the node and permissions and certificate,through the legitimacy of the certificate to identify the identity of the node, and verify the node, andintroduces the identification of a trusted third party will node and node separates the legitimacy of thevalidation, finally realizes the node status of privacy protection.This paper first introduces the opportunity to network security analysis, emphatically illustratesthe opportunity to network nodes of privacy protection, and then summarizes the knowledge of preparationof PKI/PMI architecture and related technologies, finally based on PKI/PMI system raises two aboutopportunities in the network node identity privacy protection scheme. In the node identity privacy protection scheme based on PMI attribute certificate, the use of twokinds of certificate, a PKI public key certificate, one is the PMI attribute certificate. At the same time, alsointroduced the trusted third party AA, AA is property authority, the purpose is to point in the identityauthentication and the node to authorize the time left to legality. In the legitimacy certification, one-timeattribute certificate holders of field values is a random number provided by the trusted third party, and therandom value is not associated with the identity of the node information, meet the requirements of thesecurity, anonymity, realized the node status of privacy protection.When nodes increases, in order to improve the efficiency of system, this article also proposed anode identity privacy protection scheme based on PMI role model. In the scenario, the property authorityAA nodes according to own needs give corresponding role, according to the permissions-roles and role-user mapping relationship, then gives the node corresponding permissions. Scheme contains the role ofnode information has nothing to do with the identity of the node itself, this plan by the trusted third partyproperty authority AA, separates the node identification and the validity verification, can meet the securityrequirement, the scheme of implementation of the node of privacy protection. Because of the role ofattribute certificate valid period is longer, the number of nodes to apply for the certificate and lowcompared to the first scheme, thus greatly improve the network performance, improve the certificationefficiency. The two schemes have to prove that the security and anonymity, this article also from the theoryand simulation experiment on the efficiency of the two plans are compared and validated.