适合ad hoc网络无需安全信道的密钥管理方案

密钥管理问题是构建ad hoc安全网络系统首要解决的关键问题之一.针对ad hoc网络特点,提出了一个无需安全信道的门限密钥管理方案.该方案中,可信中心的功能由局部注册中心和分布式密钥生成中心共同实现,避免了单点失效问题;通过门限技术,网络内部成员相互协作分布式地生成系统密钥;利用基于双线性对的公钥体制实现了用户和分布式密钥生成中心的双向认证;通过对用户私钥信息进行盲签名防止攻击者获取私钥信息,从而可以在公开信道上安全传输.分析表明该方案达到了第Ⅲ级信任,具有良好的容错性,并能抵御网络中的主动和被动攻击,在满足ad hoc网络安全需求的情况下,极大地降低了计算和存储开销.     

基于簇的ad hoc网络密钥管理方案

将自认证公钥的概念和组合公钥的思想相结合,为ad hoc网络提出了一种新的门限密钥分发方案,在此基础上,和"簇"的组网方式结合,提出一种完整的密钥管理方案.该方案公钥自身具有认证功能,不需要证书管理,密钥分发过程简单,消除了IBE(identity-based encryption)方案中存在的密钥托管问题.方案能够灵活地适应ad hoc网络动态拓扑性,适用于各种规模的网络.理论和仿真分析表明,该方案计算量和通信量都比较小,与PKI、IBE方案相比,具有更高的安全性和实用性.     

一种集成ad hoc与蜂窝的4G新型网格（IACG）

在第四代移动通信系统( 4G)中,采用ad hoc网络为核心技术,以满足2 0 1 0年后市场对大容量、高带宽、无缝漫游的需求,是近一两年来全球业界提出的一种崭新的技术思路和发展方向。本文根据4G工程原则和ad hoc网络框架,构建了一种新型的集成ad hoc与蜂窝网格( Integrated Cellular and Ad hoc Grid,IACG)。在此基础上,研究提出了其容量提高方案、移动预测模型、网络动态变化中的容错设计、基于代理的可靠路由协议以及低功耗无线多层优化协议,解决了当前ad hoc网络如何在移动通信领域走向实用化的关键技术     

基于椭圆曲线密码组合公钥的ad hoc密钥管理方案

Ad Hoc网络是一种独具特色的网络,作为一种新型的无线,多跳、无中心分布式控制网络,它无需网络基础设施,具有很强的自组织性,鲁棒性.抗毁性和容易构建的特点,其安全问题一直是研究的热点和难点.文中提出了一种改进的基于椭圆曲线密码组合公嘲的ad hoc密钥管理方案.与原方案相比,除了保持快捷地计算出节点的公私钥对、扩展性好、无需证书等特性外,新方案进一步提高了ad hoc网络的安全性,避免了单点失败.     

蜂窝ad hoc网络概述

一、ad hoc网络与蜂窝网络的结合 在移动无线通信网络原有的网络构架技术中通常包括蜂窝移动通信网络和无线局域网,蜂窝移动通信网络移动终端接入固定网络是基于基站的中心接人方式,而无线局域网则要通过接入点（AP）完成终端接入固定网络,这两种网络都是单跳网络。ad hoc技术所标称的是一种有别于中心接人和单跳的特征,强调多跳和无中心接入,移动终端不仅具有主机的功能,还具有路由器的功能,使得无线移动ad hoc网络被认为是下一代移动通信系统解决方案中最有希望被采用的末端网络。     

Ad_hoc网络动态密钥管理

阐述了当前ad　hoc网络中有关认证和密钥管理的研究概况,特别论述了SecurePebblenets方法中密钥管理节点的生成,对节点加入和退出处理进行更详细分析,并补充了节点变化对簇的影响,对于ad　hoc网络密钥管理的研究具有一定参考价值。     

直接匿名的无线网络可信接入认证方案

基于直接匿名证明思想,提出一种无线移动网络中移动用户可信接入认证方案,认证移动用户身份的同时利用直接匿名证明方法验证平台身份的合法性和可信性.方案中,外地网络代理服务器直接验证移动用户平台可信性,并与本地网络代理服务器一同验证移动用户身份,采用临时身份和一次性密钥,保持用户身份匿名性.分析表明,方案具有域分离特性和密钥协商公正性,性能满足无线移动网络环境安全需求.     

基于朋友机制的移动ad hoc网络路由入侵检测模型研究

从如何有效检测移动ad hoc网络路由入侵行为、如何准确地响应并将恶意路由节点移除网络,提供可信路由环境的角度进行分析,提出了一种基于朋友机制的轻量级移动ad hoc网络入侵检测模型,并以典型的黑洞攻击为例,通过OPNET网络建模仿真及实验分析,验证了该模型的可行性和有效性。     

改进的移动计算平台直接匿名证明方案

分析了Ge等人提出的直接匿名证明方案的安全缺陷,指出该方案的认证协议在用于远程证明时不能抵抗重放攻击和平台伪装攻击。提出一种改进的直接匿名证明的认证协议,引入会话密钥协商机制,增强互认证功能。分析表明,改进方案在正确进行直接匿名证明的前提下,满足不可伪造性和匿名性,能够抵抗重放攻击和平台伪装攻击,协议性能满足移动计算平台的可信验证需求。     

自组织网与3G网络间的接入研究

Ad hoc网络是一种无中心的对等式无线通信网络,它为局域内的移动或无线主机间的互连提供了灵活的解决方案,并且在3G中引入Ad Hoc网可望解决移动网络中接入的瓶颈问题。本文给出了3G系统与Ad hoc网的接入方案,并对其移动性、路由寻址、安全性等问题进行了探讨。     

Research on batch anonymous authentication scheme for VANET based on bilinear pairing

To solve the problem of efficiency of anonymous authentication in vehicular ad hoc network,a batch anonymous authentication scheme was proposed by using bilinear pairing on elliptic curves .The signature was generated by the roadside unit node (RSU) and the vehicle together.Thus,the burden of VANET certification center was reduced and the authentication efficiency was proved.Meanwhile,the difficulty of the attacker to extract the key was increased.Furthermore,security proofs were given to the scheme in the random oracle model.Analysis shows that the proposed scheme can meet the needs of many kinds of security requirements,the computational overhead is significantly reduced,and the authentication efficiency is improved effectively too.Therefore,the scheme has important theoretical significance and application value under computational capability constrained Internet of things (IoT) environment.     

Research on pairing-free certificateless batch anonymous authentication scheme for VANET

To solve the problem of security and efficiency of anonymous authentication in vehicular ad hoc network,a pairing-free certificateless batch anonymous authentication scheme was proposed.The public and private keys and pseudonyms were jointly generated by the trusted third party and vehicle,so the system security didn't depend on the tamper device.The scheme can realize authentication,anonymity,traceability,unforgeability,forward or backward security,and so on.Furthermore,under the random oracle model,the scheme can resist Type I and Type II attacks.Because there is no need to use certificates during authentication,the system storage load is effectively reduced.At the same time,the scheme realizes the batch message authentication on the basis of pairing-free operation,so the authentication efficiency is improved.Therefore,the scheme has important theoretical significance and application value in the resource-limited internet of things or embedded environment.     

基于Netlink的DSDV路由协议实现

无线自组网（MANET）是一种无中心的自组织网络,其在各种场景下得到了越来越多的应用。DSDV路由协议作为一种先验式路由协议,具有协议流程设计简单、延迟很低等特性,能较好地适用于移动性较弱的小规模自组织网络。文中介绍了DSDV路由协议的工作原理,提出了基于Linux系统Netlink通信机制的DSDV路由协议的软件实现架构方案,并阐述了关键模块的实现。另外,还在多台实体计算机上运行DSDV路由协议软件,并测试了多跳路由、延迟时间和通信速率。测试结果表明,文中所提方案具有可行性和有效性。     

一种后向撤销隐私安全的车载自组织网络快速匿名消息认证协议

该文提出适用于车载自组织网络的快速匿名消息认证协议。通过使用基于身份的签密技术,车辆行驶至某区域后,与该区域中心相互认证,获取其所维护的周期性群签名系统密钥材料。之后,该车辆能够使用获取的密钥材料对向网络中广播的携带有群签名的消息,实现消息的匿名认证。网络中的车辆收到其它车辆广播消息之后,仅需验证群签名的合法性,避免验证消息的签发者是否是撤销用户。此外,所采用的群签名算法支持批验证运算,能够快速处理短期内收到的多个消息。除了避免撤销验证特性之外,与已有的文献相比,文中的方案能够完善地保护撤销用户的后向隐私安全性。     

Defense against misbehavior in anonymous vehicular ad hoc networks

Vehicular ad hoc network (VANET) can offer various services and benefits to VANET users and thus deserves deployment effort. Misusing such network could cause destructive consequences. It is therefore necessary to discourage misbehavior and defend VANET systems against it, in order to ensure correct and smooth operations of the network. In this paper, we review the techniques for handling misbehavior in VANETs, particularly where anonymous communications are desired to conserve user privacy since it adds more complexity to the defense against misbehavior. A new scheme is proposed to punish misbehaving users and can be employed in both inter-vehicle and vehicle-to-infrastructure anonymous communications. Our scheme leverages some threshold authentication technique that dynamically revokes a user’s credential, while providing the flexibility of whether to reveal the user’s identity and tolerating unintentional misbehavior such as hardware malfunctioning.     

Dynamic anonymous identity authentication (DAIA) scheme for VANET

With the development of the vehicular ad hoc network, the security and privacy are now becoming vital concerns, especially when the attacker owns more and more resources. In order to address these concerns, a dynamic anonymous identity authentication scheme is proposed using Elliptic Curve Discrete Logarithm Problem and blockchain method, which guarantees the security and fast off‐line authentication for vehicle‐to‐infrastructure. Specifically, a dynamic pseudonym key is generated using tamper proof device (TPD) for off‐line authentication and anonymity when a vehicle roams among different roadside units' (RSUs) communication ranges. Even if all RSUs are compromised, vehicle's identity is still privacy. Moreover, two additional design goals are more suitable for the practical environment: (1) the reduced assumption of TPD; (2) certification authority can trace vehicle under the authorization by law.     

Ad hoc空间网络密钥管理与认证方案

为了使一组卫星动态配置成一个具有灵活的分布式体系结构的集成网络信息系统，可以采用ad hoc组网方式，这种卫星网络的组网方式带来了新的安全挑战。提出了一个灵活的安全方案，设计了公钥基础设施和认证策略。基于完全分布式的认证中心，可以直接采用几乎所有的标准公钥认证协议。当空间节点的计算能力有限时，设计了一个轻型的基于对称密钥算法和单向散列函数的认证协议，在提供保密性和数据完整性的同时大大减小了计算量。     

Securing the Communication in Private Heterogeneous Mobile Ad hoc Networks

Mobile ad hoc networking has been a hot research topic for a decade or so, and many paradigms have been making use of it. One of these paradigms is the Personal Networks (PN). It is an emerging concept where the user’s personal devices form a virtual network which is secure and private, and reacts to changing environment and context intelligently. A fundamental property of the PN is that personal devices form private multi-hop clusters in an ad hoc manner whenever they come across each other. To this end, this paper presents a pair-wise key based scheme for forming secured private clusters in mobile ad hoc networks. The solution tackles the problem of node authentication combined with traffic encryption in relatively small ad hoc networks using proactive neighbour discovery and authentication. Additionally, the paper proves the feasibility of this solution by means of prototyping and experimental performance analysis.     

Non-repudiable authentication and billing architecture for wireless mesh networks

Wireless mesh networks (WMNs) are a kind of wireless ad hoc networks that are multi-hop where packets are forwarded from source to destination by intermediate notes as well as routers that form a kind of network infrastructure backbone. We investigate the security of the recently proposed first known secure authentication and billing architecture for WMNs which eliminates the need for bilateral roaming agreements and that for traditional home-foreign domains. We show that this architecture does not securely provide incontestable billing contrary to designer claims and furthermore it does not achieve entity authentication. We then present an enhanced scheme that achieves entity authentication and nonrepudiable billing.     

An efficient key predistribution scheme for ad hoc network security

We introduce hashed random preloaded subsets (HARPS), a highly scalable key predistribution (KPD) scheme employing only symmetric cryptographic primitives. HARPS is ideally suited for resource constrained nodes that need to operate for extended periods without active involvement of a trusted authority (TA), as is usually the case for nodes forming ad hoc networks (AHNs). HARPS, a probabilistic KPD scheme, is a generalization of two other probabilistic KPDs. The first, random preloaded subsets (RPSs), is based on random intersection of keys preloaded in nodes. The second, proposed by Leighton and Micali (LM) is a scheme employing repeated applications of a cryptographic hash function. We investigate many desired properties of HARPS like scalability, computational and storage efficiency, flexibility in deployment modes, renewability, ease of extension to multicast scenarios, ability to cater for broadcast authentication, broadcast encryption, etc., to support its candidacy as an enabler for ad hoc network security. We analyze and compare the performance of the three schemes and show that HARPS has significant advantages over other KPDs, and in particular, over RPS and LM.