计算机科学

计算机科学 ›› 2017, Vol. 44 ›› Issue (3): 145-149.doi: 10.11896/j.issn.1002-137X.2017.03.032

• 信息安全 • 上一篇    下一篇

轻量级可移交CA的MANET网络认证体系

郭萍,傅德胜,朱节中,成亚萍   

  1. 南京信息工程大学计算机与软件学院江苏省网络监控中心 南京210044,南京信息工程大学计算机与软件学院江苏省网络监控中心 南京210044,南京信息工程大学滨江学院 南京210044,南京信息工程大学计算机与软件学院江苏省网络监控中心 南京210044
  • 出版日期:2018-11-13 发布日期:2018-11-13
  • 基金资助:
    本文受国家自然科学青年基金项目(61070133),江苏省大学生实践创新训练计划省级重点项目(201410300049Z),江苏省产学研联合基金创新项目(201400703)资助

Lightweight and Shifted CA Architecture for MANET

GUO Ping, FU De-sheng, ZHU Jie-zhong and CHENG Ya-ping   

  • Online:2018-11-13 Published:2018-11-13

PDF (PC)

528

摘要: 为解决移动自组网(Mobile Ad Hoc Network,MANET)网络信道开放、节点灵活多变且资源受限以及难以部署复杂认证机制的问题,结合轻量级CA思想,构造出一种适用于生存周期短、拓扑结构高度动态变化的MANET的认证体系结构即轻量级可移交认证中心(Lightweight and Shifted Certification Authority,LSCA)。LSCA结构简化了传统基于证书CA机制的公钥产生及验证的复杂性,无需证书管理;同时以移交CA角色的方式工作,不需预先配置节点及预知网络拓扑结构,使系统在不采用门限机制的情况下具备一定的容侵能力。性能分析及仿真实验表明:LSCA对DoS攻击表现出较强的健壮性,在通信、计算及存储代价方面均优于分布式CA及门限机制CA,适用于动态多变、生存周期较短的MANET网络应用。

关键词: 无线网络安全,移动自组网(MANET),轻量级移交CA(LSCA),认证体系

Abstract: In order to solve the problem that it is difficult to adopt more security and complex authentication mechanisms in mobile Ad hoc network (MANET) because of the opening communication channels,highly dynamic moving and sources-constrained nodes,a lightweight and shifted certificate authority (LSCA) authentication architecture for MANET was put forward,which is combined with an idea of lightweight CA,and it’s designed for MANET with short lifetime and highly dynamic topology.LSCA is equipped with the advantage of lightweight CA through simplifying the traditional certificate-based CA,which needs no certificates.Moreover,LSCA,through the transfer of the overall CA among a number of alternative CA nodes in a regular rotation,is not needed to preset nodes and know the topology of MANET,and the system is attained a certain degree of tolerance.Analysis and simulation results show that LSCA has robust resistance for DoS attacks,balances the tradeoff between communication,computation and storage,which is better than distributed CA and CA with threshold mechanism,and is especially suitable for the topology of very dynamic MANET networks.

Key words: Wireless network security,Mobile Ad hoc network(MANET),Lightweight and shifted certificate authority(LSCA),Authentication architecture

[1] PKIX Working Group.Public key infrastructure (X.509)[EB/OL].The Internet Engineering Task Force (IETF).[2011-8-16].http://www.ietf.org/html.charters/pkix-charter.html.
[2] ANITA E A M,VASUDEVAN V,ASHWINI A.A certificate-based scheme to defend against worm hole attacks in multicast routing protocols for MANETs[C]∥Proc of 2011 IEEE International Conference on Communication Control and Computing Technologies.Ramanathapuram:IEEE,2011:407-412.
[3] LUO H,KONG J,ZERFOS P,et al.URSA:ubiquitous and robust access control for mobile Ad hoc networks[J].ACM Transactions on Networking,2004,12(6):1049-1063.
[4] CHAN A C.Distributed private key generation for identitybased cryptosystems in Ad hoc networks [J].Wireless Communication Letters,2012,1(1):46-48.
[5] CCAPKUN S,BUTTYAN L,HUBAUX J P.Self-organizedpublic key management for mobile Ad hoc networks [J].IEEE Transaction on Mobile Computing,2003,2(1):52-64.
[6] HAMOUID K.Self-certified based trust establishment scheme in Ad hoc networks [C]∥Proc of the 5th International Con-ference on New Technologies,Mobility and Security.Istanbul:IEEE,2012:1-7.
[7] ZIMMERMANN P.The Official PGP User’s Guide [M].MA:MIT Press Cambridge,1995:191-198.
[8] EISSA T,RAZAK S A,NGADI M D A.Towards providing a new lightweight authentication and encryption scheme for MANET[J].Wireless Network,2011,17:833-842.
[9] YANG K,JIA X H,ZHANG B,et al.Threshold Key Redistribution for dynamic change of authentication group in wireless mesh networks[C]∥Proc of IEEE Global Telecommunications.Miami:IEEE,2010:1151-1156.
[10] SHIN Y C,DONG M K,HUN J L,et al.Mechanism for rege-nerating CGA using threshold secret sharing in MANET[C]∥Proc of the 13th International Conference on Advanced Communication Technology.Seoul:IEEE,2012:891-895.
[11] LI X,JING Z.A Trust cluster based key management protocol for Ad hoc networks[C]∥Proc of IEEE International Workshop on Anti-counterfeiting,Security,Identification.Xiamen:IEEE,2007:371-376.
[12] YANG Y,XUE S Q,LUO M M,et al.A self-adaptive method of task allocation in clustering-based MANETs[C]∥Proc of 2010 IEEE International Conference on Network Operations and Management Symposium.Osaka:IEEE,2010:440-447.
[13] QIN N Y,FU A M,CHEN S G.Blind Signature-based Handover Authentication Protocol with Conditional Privacy Preserving in LTE/LTE-A Networks[J].Computer Science,2015,2(8):145-151.(in Chinese) 秦宁元,付安民,陈守国.LTE/LTE-A网络中基于盲签名的具有条件隐私保护的切换认证协议[J].计算机科学,2015,2(8):145-151.
[14] GUO P,ZHANG H,FU D S,et al.Hybrid and Lightweight Cryptography for Wireless Sensor Network[J].Computer Science,2012,39(1):14-19.(in Chinese) 郭萍,张宏,傅德胜,等.一种混合轻量型无线传感器网络公钥密码方案[J].计算机科学,2012,39(1):14-19.
[15] FENG D G,QIN Y,WANG D,et al.Research on Trust Computing Technology[J].Computer Research and Development,2011,48(8):1332-1349.(in Chinese) 冯登国,秦宇,汪丹,等.可信计算技术研究[J].计算机研究与发展,2011,48(8):1332-1349.
[16] LU Z.Research on OPNET Application in Wireless Network Simulation[D].Shanghai:Fudan University,2010 .(in Chinese) 陆智.OPNET在无线网络仿真中的应用研究[D].上海:复旦大学,2010.
No related articles found!
Viewed
Full text


Abstract

Cited
  Shared   
  Discussed   
No Suggested Reading articles found!
渝ICP备16013121号-4
地址:重庆市渝北区洪湖西路18号    邮编:401121  
电话:023-63500828(编辑部) 023-67039612(会议/专题) 023-67039623(财务/发票)
E-mail:jsjkx12@163.com
本系统由北京玛格泰克科技发展有限公司设计开发