進階搜尋


 
系統識別號 U0026-0812200912010481
論文名稱(中文) 隨意網路上可規劃階層式金鑰管理機制之跨叢集路由認證協定
論文名稱(英文) Scalable Hierarchical Key Management for Routing Authentication of Inter-Clusters in Mobile Ad Hoc Networks
校院名稱 成功大學
系所名稱(中) 工程科學系碩博士班
系所名稱(英) Department of Engineering Science
學年度 94
學期 2
出版年 95
研究生(中文) 林華乙
研究生(英文) Hua-Yi Lin
學號 n9891108
學位類別 博士
語文別 英文
論文頁數 94頁
口試委員 指導教授-黃悅民
指導教授-王宗一
口試委員-陳澤生
口試委員-黃宗傳
口試委員-鄭憲宗
口試委員-陳宗禧
中文關鍵字 身分識別基礎認證機制  叢集組織內部  叢集組織安全路由協定  叢集組織為基礎  隨意行動網路  憑證認證中心  公有金鑰基礎架構  跨越叢集組織  臨界門檻值 
英文關鍵字 Cluster Based Secure Routing Protocol  Cluster-based  Public Key Infrastructure  Certificate Authority  Ad Hoc Networks  Inter-cluster  Intra-cluster  ID-based  Threshold 
學科別分類
中文摘要   有別於傳統有線網路,隨意行動網路上的無線行動通訊設備能任意行進並各自行成無線連接的動態網路。這意味著行動通訊設備容易造成網路的切割與連線的錯誤,也因此隨意行動網路上並不容易提供固定的線上信任伺服主機存取服務。
  截至目前為止,許多有線網路安全機制的研究是以信任伺服器為主機,也就是以憑證認證主機為基礎所設計的。此伺服器負責系統內絕大多數的安全運算和安全審核功能,所有的客戶節點從該伺服器獲取金鑰資訊,並藉由金鑰管理機制來達到各節點彼此之間的安全通訊。然而如果全部引用傳統有線網路上的固定式公有金鑰基礎架構(PKI)於隨意行動網路上,將會產生許多安全上的盲點與漏洞。
  本研究提出了以叢集組織為基礎的金鑰管理機制,導入可規劃性及彈性的金鑰管理方法,並結合所提出的叢集基礎安全路由協定(CBSRP),來強化路由認證機制的安全性與不可否認性。在各個叢集組織的內部中(intra-cluster),本研究提出以身份識別為基礎(ID-based)的認證機制來強化內部路由安全性並提升內部路由的效率。而在外部叢集路由協定則運用所提出的階層式金鑰管理機制結合認證機制來達到跨叢集組織的安全路由認證。此架構不僅實現了從叢集內部到叢集外部的安全路由方法,並達到跨越叢集組織(inter-cluster)的安全路由認證機制。
  此外,在論文中,我們將金鑰管理機制分散到各個叢集管理中心(cluster head),並運用臨界門檻值(threshold)方法來提升金鑰管理機制的強鍵性。此架構不僅支援憑證認證中心(CA)的容錯能力、避免單點錯誤發生、節省認證中心儲存大量成員的憑證資料之外,更可防止認證中心一旦被入侵後所有安全憑證資訊被竊取的風險。進而擁有抵擋惡意攻擊行為的能力,更適合被運用在大量行動網路通訊設備上。


英文摘要   Dissimilar traditional networks, the features of mobile wireless devices that can dynamically form a network without any infrastructure and wired line mean that mobile ad hoc networks frequently display partition owing to node mobility or link failures. These imply that an ad hoc network is difficult to provide on-line access to trusted authorities or centralized servers.
  So far, many wire-based security schemes are designed under the trusted server named Certificate Authority (CA), which is responsible for the system security operation and function. All client nodes get the key information from CA to achieve secure communications between each other. Consequently, applying the above traditional Public Key Infrastructure (PKI) security architecture to mobile ad hoc networks will create secure blind sides and loopholes.
  In this dissertation, we propose a scalable and elastic key management scheme integrated into our proposed Cluster Based Secure Routing Protocol (CBSRP) to enhance security and non-repudiation of routing authentication, and introduces an ID-based internal routing authentication scheme to enhance the routing performance in an internal cluster. Additionally, a method for performing routing authentication between internal and external clusters, as well as inter-cluster routing authentication, is developed.
  The proposed cluster-based key management scheme distributes trust to an aggregation of cluster heads using a threshold scheme faculty, provides CA with a fault tolerance mechanism to prevent a single point of compromise or failure, and saves CA large repositories from maintaining member certificates, making ad hoc networks robust to malicious behaviors and suitable for numerous mobile devices.

論文目次 Table of Contents

Abstract (in Chinese)..............................................I
Abstract (in English)............................................III
Acknowledgements (in Chinese)......................................V
Table of Contents................................................VII
List of Tables....................................................IX
List of Figures....................................................X

Chapter 1 Introduction.............................................1

1.1 Background and Motivation..................................2
1.2 Related Work...............................................3
1.2.1 Partially Distributed Certificate Authority (CA).....4
1.2.2 Fully Distributed Certificate Authority (CA).........5
1.2.3 Partially Distributed Private Key Generator (PKG)....7
1.2.4 Self-Organized Public Key Infrastructure (PKI).......8
1.2.5 Summary Remarks......................................9
1.3 Organization of this Dissertation.........................13

Chapter 2 Scalable Key Management Scheme..........................14

2.1 Cluster Architecture......................................14
2.2 Cluster-Based Routing Mechanism...........................15
2.3 CBKM: Cluster-Based Key Management Scheme.................16

Chapter 3 Cluster-Based Key Management (CBKM) Authority Framework.25

3.1 Cluster-Based Key Management (CBKM) Internal Authority
Framework.................................................25
3.1.1 Initial Phase.......................................26
3.1.2 Joining/Leaving Domain Phase........................26
3.1.3 Internal Cluster Members Communication..............27
3.2 Cluster-Based Key Management (CBKM) External Authority
Framework.................................................31

Chapter 4 Secure Cluster Head Election............................41

4.1 Secure Cluster Head Mechanism.............................41
4.2 Secure Cluster Head Election Scheme.......................42

Chapter 5 Analysis and Evaluation.................................49

5.1 Security Analysis.........................................49
5.2 Model Analysis............................................54
5.3 Performance Evaluation and Simulation.....................58
5.3.1 Communication Cost Evaluation.......................60
5.3.2 The Security Computing Evaluation of a Routing Path
Establishment.......................................66
5.3.3 Success Ratio in Reconstructing System-Secret-Key...70
5.3.4 Evaluation of Secure Cluster Head Election..........72
5.3.5 Network Performance.................................74

Chapter 6 Conclusion and Further Work.............................81

6.1 Brief Review of Contributions............................81
6.2 Further Research Directions..............................82

Bibliography......................................................85

Vita (in Chinese).................................................90

Publication List..................................................93
參考文獻 [1]N. Asokan and P. Ginzboorg, “Key Agreement in Ad Hoc Networks,” Computer Communications, Vol. 23, pp. 1627-1637, 2000.
[2]S. Capkun, L. Buttyan, and J.-P. Hubaux, “Self-Organized Public-Key Management for Mobile Ad Hoc Networks,” IEEE Trans. on Mobile Computing, Vol. 2, No. 1, pp. 52-64, Jan. 2003.
[3]E. M. Royer and C. K. Toh, “A Review of Current Routing Protocols for Ad-Hoc Mobile Wireless Networks,” IEEE Personal Communications Magazine, Vol. 6, No. 2, pp. 46-55, Apr. 1999.
[4]J. P. Hubaux, L. Buttyan, and S. Capkun, “The Quest for Security in Mobile Ad Hoc Networks,” Proc. of ACM Symposium on Mobile Ad Hoc Networking and Computing, Oct. 2001.
[5]S. Yi and R. Kravets, “MOCA: Mobile Certificate Authority for Wireless Ad Hoc,” Proc. of the 2nd Annual PKI Research Workshop Program, Apr. 2003.
[6]A. Shamir, “How to Share a Secret,” Communications of the ACM, Vol. 22, No. 1 11, pp. 612-613, 1979.
[7]S. Zhu, S. Xu, S. Setia and S. Jajodia, “LHAP: A Lightweight Hop-by-Hop Authentication Protocol for Ad Hoc Networks,” Proc. of International Workshop on Mobile and Wireless Network, May 2003.
[8]M. C. Morogan and S. Muftic, “Certificate Management in Ad hoc Networks,” IEEE Workshop on Security and Assurance in Ad Hoc Networks, Jan. 2003.
[9]P. Zimmermann, “The Official PGP User’s Guid,” MIT Press, 1995.
[10]J. Kong, P. Zerfos, H. Luo, S. Lu, and L. Zhang, “Providing Robust and Ubiquitous Security Support for Mobile Ad-Hoc Networks,” Proc. of the 9th International Conf. on Network Protocols, pp. 251-260, Nov. 2001.
[11]S. Ghazizadeh, O. Ilghami, E. Sirin, and F. Yaman, “Security-Aware Adaptive Dynamic Source Routing Protocol,” Proc. of the 27th Annual IEEE Conf. on Local Computer Networks, Nov. 2002.
[12]S. Yi, P. Naldurg, and R. Kravets, “Security-Aware Ad Hoc Routing for Wireless Networks,” Proc. of the second ACM Symposium on Mobile Ad Hoc Networking and Computing, Aug. 2001.
[13]H. Y. Lin and Y. M. Huang, “Information Service on Scalable Ad-Hoc Mobile Wireless Networks,” Proc. of the IEEE International Conf. on Computer Networks and Mobile Computing, pp. 190-196, Oct. 2003.
[14]H. Y. Lin, Y. M. Huang, and T. I. Wang, “Resilient Clustering-Organizing Key Management and Secure Routing Protocol for Mobile Ad Hoc Networks,” IEICE Trans. on Communications, Vol. E88-B, No. 9, pp. 3598-3613, 2005.
[15]Y. Desmedt and Y. Frankel, “Threshold Crypto-Systems,” Advances in Cryptology (Crypto’89), pp. 307-315, Aug. 1990.
[16]D. R. Stinson and R. Wei, “Unconditionally Secure Proactive Secret Sharing Scheme with Combinatorial Structure,” Proc. of the 6th Annual International Workshop Selected Areas in Cryptography, Aug. 1999.
[17]A. Shamir, “Identity-Based Cryptosystems and Signature Schemes,” Proc. of CRYPTO’84, pp. 47-53, 1984.
[18]W. Diffie and M. Hellman, “New Directions in Cryptography,” IEEE Trans. On Information, Vol. IT-22, No. 6, pp. 644-654, Nov. 1976.
[19]G. Ateniese, M. Steiner, and G. Tsudik, “New Multiparty Authentication Services and Key Agreement Protocols,” IEEE Journal on Selected Areas in Communications, Vol. 18, No. 4, pp. 628-639, Apr. 2000.
[20]NIST FIPS PUB 180, “Secure Hash Standard,” U.S. Department of Commerce, National Institute of Standards and Technology, Draft, 1993.
[21]H. Krawczyk, M. Bellare, and R. Canetti, “HMAC: Keyed-Hashing for Message Authentication,” Internet Request for Comments RFC 2104, Feb. 1997.
[22]C. E. Perkins, E. M. Royer, and S. R. Das, “Ad Hoc On Demand Distance Vector (AODV) Routing,” Proc. of the second IEEE Workshop on Mobile Computing Systems and Applications, Feb. 1999.
[23]C. E. Perkins, E. M. Royer, and S. R. Das, “Ad Hoc On-Demand Distance Vector (AODV) Routing,” Internet Draft, IETF MANET Working Group, draft-ietf-manet-aodv-10.txt, Jan. 2002.
[24]J. Broch, D. B. Johnson, and D. A. Maltz, “Dynamic Source Routing in Ad Hoc Wireless Networks,” Internet Draft, draft-ietf-manet-dsr-07.txt, Oct. 1999.
[25]M. Jiang, J. Li and Y. Tay, “Cluster Based Routing Protocol (CBRP) Functional Specification,” Internet Draft, 1998
[26]S. Basagni, I. Chlamtac and A. Farago, “A Generalized Clustering Algorithm for Peer-to-Peer Networks,” Proc. of Workshop on Algorithmic Aspects of Communication, Jul. 1997.
[27]T. Beth, M. Borcherding, and B. Klein, “Valuation of Trust in Open Networks,” Proc. of the 3rd European Symposium on Research in Computer Security, pp. 3-18, Nov. 1994.
[28]L. Zhou and Z. Haas, “Securing Ad Hoc Networks,” IEEE Network Magazine, Vol. 13, No. 6, pp. 24-30, Nov./Dec. 1999.
[29]K. Sanzgiri, D. L. Flamme, B. Dahill, B. N. Levine, C. Shields, and E. M. Belding-Royer, “Authenticated Routing for Ad Hoc Networks,” IEEE Journal on Selected Areas in Communication, Vol. 23, No. 3, pp. 598-610, Mar. 2005.
[30]T. W. Kwon, C. S. You, W. S. Heo, Y. K. Kang, and J. R. Choi, “Two Implementation Methods of a 1024-Bit RSA Cryptoprocessor Based on Modified Montgomery Algorithm,” Proc. of IEEE International Symposium on Circuits and Systems, pp. 650-653, May 2001.
[31]B. Schneier, “Applied Cryptography: Protocols, Algorithms, and Source Code in C,” John Wiley & Sons, Inc., 1996.
[32]NS-2, “The Network Simulator,” http://www.isi.edu/nsnam/ns/, 1989 (last accessed 12 Mar. 2004).
[33]Yih-Chun Hu, David B. Johnson, and Adrian Perrig, “SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Networks,” Proc. of the 4th IEEE Workshop on Mobile Computing Systems & Applications, pp. 3-13, Jun. 2002.
[34]M. Krishna and M. Sivalingam, “Architecture and Experimental Framework for Supporting QoS in Wireless Networks Using Differentiated Services,” ACM-Baltzer Journal Mobile Networks and Applications, Vol. 6, No. 4, pp. 385-395, Aug. 2001.
[35]Y. M. Huang, H. Y. Lin, and T. I. Wang, “Inter-Cluster Routing Authentication for Ad Hoc Networks by a Hierarchical Key Scheme,” To appear in Journal of Computer Science and Technology.
[36]L. Butty’an and L. Vajda, “Towards Provable Security for Ad Hoc Routing Protocols,” Proc. of the 2nd ACM Workshop on Security of Ad Hoc and Sensor Networks, Jul. 2004.
[37]Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J. D. Tygar, “SPINS: Security Protocols for Sensor Networks,” Proc. of the 7th ACM Annual International Conference on Mobile Computing and Networking, pp. 189-199, Jul. 2001.
[38]Laurent Eschenauer and Virgil D. Gligor, “A Key Management Scheme for Distributed Sensor Networks,” Proc. of the 9th ACM Conference on Computer and Communication Security, pp. 41-47, Nov. 2002.
[39]H. Chan, A. Perrig, and D. Song, “Random Key Predistribution Schemes for Sensor Networks,” IEEE Symposium on Research in Security and Privacy, 2003.
[40]D. Liu and P. Ning, “Establishing Pairwise Keys in Distributed Sensor Networks,” Proc. of the 10th ACM Conference on Computer and Communication Security, pp. 52-61, Oct. 2003.
論文全文使用權限
  • 同意授權校內瀏覽/列印電子全文服務,於2010-07-26起公開。
  • 同意授權校外瀏覽/列印電子全文服務,於2014-07-26起公開。


  • 如您有疑問,請聯絡圖書館
    聯絡電話:(06)2757575#65773
    聯絡E-mail:etds@email.ncku.edu.tw