基于中国剩余定理的移动Ad Hoc组密钥管理

针对Ad Hoc网络自组织和分簇的特点,基于Iolus密钥管理方案的分组思想,提出一种基于中国剩余定理的适合于Ad Hoc网络的组密钥管理方式,可减少密钥更新的通信量和控制节点的存储量,降低单点失效。     

一种基于IBE的前向安全密钥管理协议

无线自组织网络是一种分布式无中心的多跳网络,具有网络拓扑结构不断变化、网络自治、易受攻击等特点,因而传统的密钥管理体制变得不再适合,而秘密共享体制则为自组织网络的密钥管理提供了一种有效途径。前向安全的密钥管理协议是在秘密共享基础上,结合前向安全的思想和基于标识加密公钥算法,支持共享密钥和密钥份额随时间周期更新的密钥管理方案。前向安全的密钥管理协议支持成员动态变化,适合无线自组织网络的密钥管理,相对于传统的密钥管理方式,其安全性有很大提高。     

无线传感器网络层簇式密钥管理方案的研究

密钥管理是无线传感器网络安全机制最关键的技术之一。该文分析比较了各种密钥管理方案,认为组密钥管理更适合于无线传感器网络。并在集中式和分布式两种组密钥管理方案的基础上,提出了新的层簇式密钥管理架构,并解决了这两种方案存在的安全缺陷。而组间通信则采用基于(t, n)门限方案的密钥分割机制来实现。该新方案能保证无线传感器网络安全需求的同时改善执行效能。     

基于身份密码的机载自组织网络动态密钥管理

针对现有机载自组织网络密钥管理存在的预分配密钥更新困难、公钥证书传递开销大、分布式身份密钥传递需要安全信道的问题,该文提出一种无需安全信道的基于身份密码体制的动态密钥管理方案。该方案包括系统密钥自组织生成和用户私钥分布式管理两个算法;采取遮蔽密钥的办法,确保私钥在公共信道中全程安全传递,使得密钥管理易于部署、方便扩展;最后分析了方案的正确性与安全性。结果证明方案理论正确,能够抵抗假冒、重放、中间人攻击。     

基于椭圆曲线密码组合公钥的ad hoc密钥管理方案

Ad Hoc网络是一种独具特色的网络,作为一种新型的无线,多跳、无中心分布式控制网络,它无需网络基础设施,具有很强的自组织性,鲁棒性.抗毁性和容易构建的特点,其安全问题一直是研究的热点和难点.文中提出了一种改进的基于椭圆曲线密码组合公嘲的ad hoc密钥管理方案.与原方案相比,除了保持快捷地计算出节点的公私钥对、扩展性好、无需证书等特性外,新方案进一步提高了ad hoc网络的安全性,避免了单点失败.     

一种基于分簇结构的Ad Hoc密钥管理方案

Ad Hoc网络是一种新型的无线、多跳、无中心分布式控制网络,它无需网络基础设施,具有很强的自组织性、鲁棒性、抗毁性和易构建等特点,其安全性研究正成为一个热点。文中对基于分簇结构的自组网进行了安全分析,并提出了一种新的密钥管理方案,与以前的方案相比,它不依赖于任何网络中心,有效地解决了单点失败问题,并引入了Diffie-Hellman算法,有效地提高了Ad Hoc网络的安全性。     

无线传感器网络门限密钥共享模型

针对现有传感器网络密钥管理方案存在的网络连通度低、抗俘获性差、节点能耗高等问题,该文提出一种基于(q,l)门限秘密共享的密钥共享模型,采用虚拟簇头共享密钥,物理簇头重构密钥的方式完成簇头与簇成员的密钥协商。该模型实现了簇成员能耗最低、抗俘获性最优的目标,同时门限参数l和q能够调节簇头的抗俘获性、容错性和高效性。理论分析与实验证明,与传统的概率型方案相比,该模型有效地提高了节点抗俘获性和网络连通度,并降低了节点能耗。     

移动Ad hoc网络中的密钥管理

首先阐述了移动adhoc网络中密钥管理的重要性,接着探讨了几种密钥管理的方法,包括局部分布式认证授权中心、完全分布式认证授权中心、自发证书、安全Pebblenets、指示性标志、基于口令验证的密钥交换等,并对这些方法进行了较完整的概括总结和深入的比较分析,最后提出了一些研究移动adhoc网络中密钥管理方法所必须注意的问题。     

空间网络中基于身份的分布式密钥管理研究

为解决在空间网络中实施集中式密钥管理困难以及维护公钥证书开销过大等问题,论文设计了一种基于身份的分布式密钥管理方案。结合空间网络特点,给出了分布式私钥生成中心的构建方法。并利用Boneh和Franklin提出的基于身份的公钥加密体制,设计了私钥更新、主密钥分量更新和会话密钥协商等策略。分析和仿真验证,该方案能满足安全要求,具有较好的扩展性。     

分簇无线传感器网络中基于横截设计的对密钥建立方案

由于节点能量有限、存贮空间小等特点,使传统的网络密钥管理方案受到挑战。该文基于横截设计、双变量多项式和门限机制,提出了适用于分簇结构传感器网络的对密钥建立方案和多路径密钥建立策略。该方案采用横截设计保证同簇内节点可以直接建立对密钥,而不同簇的节点可以基于门限机制构建多路径密钥。理论和实验分析表明,新方案在增强安全性、连通性和抗毁性的同时,有效地降低了通信量及密钥存储量等代价,并且具有良好的可扩展性。     

一种安全的自组织证书管理方案

公钥证书是公开密钥的重要载体。随着以Ad Hoc为代表的自组织网络、分布式网络的发展,需要安全的可对公钥证书的生成、发布、更新、验证、撤销等实现自治管理的自组织证书管理方案。论文提出了一种安全的证书自组织管理方案,该方案利用单向哈希链,实现了无在线可信第三方的证书自组织管理。该方案的安全性同时依赖于节点私钥与单项哈希链的安全,具有更好的安全特性。     

无线传感网络中的动态集群密钥管理方案

Wireless sensor networks are open architectures, so any potential threat can easily intercept, wiretap and counterfeit the information. Therefore, the safety of WSN is very important. Since any single key system cannot guarantee the security of the wireless sensor network for communications, this paper introduces a hierarchical key management scheme based on the different abilities of different sensor nodes in the clustered wireless sensor network. In this scheme, the nodes are distributed into several clusters, and a cluster head must be elected for each cluster. Private communication between cluster heads is realized through the encryption system based on the identity of each head while private communication between cluster nodes in a same cluster head is achieved through the random key preliminary distribution system. Considering the characteristics of WSN, we adopt dynamic means called dynamic cluster key management scheme to deal with master key, so master key will be updated according to the changed dynamic network topology. For cluster head node plays a pivotal role in this scheme, a trust manage-ment system should be introduced into the election of the cluster head which will exclude the malicious node from outside the cluster, thus improve the whole network security.     

Integrating Distributed Channel Allocation and Adaptive Handoff Management for QoS-Sensitive Cellular Networks

Next generation high-speed cellular networks are expected to support multimedia applications, which require QoS provisions. Since frequency spectrum is the most expensive resource in wireless networks, it is a challenge to support QoS using limited frequency spectrum. In the literature, two orthogonal approaches are used to address the bandwidth utilization issue and the QoS provision issue; that is, channel allocation schemes have been proposed to improve bandwidth efficiency, whereas handoff management schemes, based on bandwidth reservation, have been proposed to guarantee a low connection dropping rate. However, little effort has been taken to address both issues together. In this paper, we integrate distributed channel allocation and adaptive handoff management to provide QoS guarantees and efficiently utilize the bandwidth. First, we present a complete distributed distributed channel allocation algorithm and propose techniques to reduce its message complexity and intra-handoff overhead. Second, we integrate the proposed distributed channel allocation algorithm with an adaptive handoff management scheme to provide QoS guarantees and efficiently utilize the bandwidth. Detailed simulation experiments are carried out to evaluate the proposed methodology. Compared to previous schemes, our scheme can significantly reduce the message complexity and intra-handoff overhead. Moreover, the proposed scheme can improve the bandwidth utilization while providing QoS guarantees.     

Security in service-oriented vehicular networks - [Service-oriented broadband wireless network architecture]

Service-oriented vehicular networks support diverse infrastructure-based commercial services including Internet access, real-time traffic concerns, video streaming, and content distribution. The success of service delivery in vehicular networks depends on the underlying communication system to enable the user devices to connect to a large number of communicating peers and even to the Internet. This poses many new research challenges, especially in the aspects of security, user privacy, and billing. In this article we first identify the key requirements of authentication, privacy preservation, and billing for service delivery in vehicular networks. We then review the existing industrial and academic efforts on service- oriented vehicular networks. We also point out two security challenges, minimizing vehicleto- infrastructure authentication latency and distributed public key revocation, which are considered among the most challenging design objectives in service-oriented vehicular networks. A novel fast vehicle-to-infrastructure authentication based on a vehicle mobility prediction scheme and an infrastructure-based short-time certificate management scheme are then proposed to address these two challenges.     

安全高效的空间信息网中密钥管理方案

空间信息网是卫星通信系统的进一步发展,安全高效的密钥管理是保障空间信息网内安全通信的关键。分析了空间信息网中密钥管理方案的安全需求,提出了按需建立密钥的思想,并依据该思想提出一个适用于空间信息网的安全高效的密钥管理方案。方案采用完全分布式的管理模式,每个结点管理并维护自己的密钥列表,方案具有认证安全性、前向保密性等安全性特征。仿真结果表明,与现有的空间信息网密钥管理方案相比,该方案在网络规模较大时能极大地降低通信开销,具有良好的通信效率。     

无线数据网络中基于斯塔克尔博格博弈的功率控制

功率控制是无线数据网络中资源管理的关键技术。为使无线数据网络中非合作博弈功率控制算法得到帕累托改进,将斯塔克尔博格博弈引入到无线数据网络功率控制算法中,使所有系统终端都工作在最佳的等信干比下,提出一个基于斯塔克尔博格博弈的分布式功率控制算法,并进行了数值仿真。仿真结果表明,该算法明显提高了系统的性能,使系统终端具有相对较高的效用和较低的发射功率,并使得无线网络资源的使用更加合理和公平,同时算法拥有较好的收敛性。     

Key challenges in distributed management of broadband transportnetworks

Significant attention has been focused on establishing a framework of standards and generic guidelines for a layered, distributed approach to network management for broadband transport networks. Initial field deployment trials based on these efforts, using SNCs (subnetwork controllers) or EMs (element managers), have just begun. The paper outlines early distributed management applications that are being considered for deployment in the 1995 time frame. The focus is on the key challenges that must be addressed in realizing initial field deployment of distributed broadband management applications     

The Research on Handoff Strategy in Beyond 3G Wireless Networks

1Introduction TheBeyondThirdGenerationMobileSystems(B3G)isabrandnewmobilitycommunicationsystembasedon IPv6corenetwork.B3Gcanprovidevariousservices withtheendtoendQoSguaranteeflexible,andthe transferdatarate150Mb/s.Itspeakratecanreach30～50Mb/sinlargecover…     

适合ad hoc网络无需安全信道的密钥管理方案

密钥管理问题是构建ad hoc安全网络系统首要解决的关键问题之一.针对ad hoc网络特点,提出了一个无需安全信道的门限密钥管理方案.该方案中,可信中心的功能由局部注册中心和分布式密钥生成中心共同实现,避免了单点失效问题;通过门限技术,网络内部成员相互协作分布式地生成系统密钥;利用基于双线性对的公钥体制实现了用户和分布式密钥生成中心的双向认证;通过对用户私钥信息进行盲签名防止攻击者获取私钥信息,从而可以在公开信道上安全传输.分析表明该方案达到了第Ⅲ级信任,具有良好的容错性,并能抵御网络中的主动和被动攻击,在满足ad hoc网络安全需求的情况下,极大地降低了计算和存储开销.     

The network paradigm of the 21st century and its key technologies

This article proposes a network paradigm called the single-server-view network as the basis for networks in the 21st century, when the value of a network to users will be based on the services provided rather than data communication capability. Based on our paradigm, we propose a double-plane network architecture, consisting of a simplified data forwarding plane and a service control plane, that performs all the complex processing tasks. The data forwarding plane uses an advanced photonic network as its basis. The service control plane consists of agent, service, and policy control layers with open interfaces between layers. Leading-edge information processing technologies, such as active node, agent, distributed processing, and policy-based management, are used in this plane. Since mobile communication is becoming a major access technology, an approach to integrating mobile and fixed networks into this framework is also proposed. The current status of key technologies, such as photonic networks, agent technology, and policy-based management, are reported.