基于XTR的无线传感器网络认证机制

在无线传感器网络中,新节点或新用户接入网络时必须要进行认证,防止恶意节点和非法用户侵入网络,以确保网络安全;本文提出了一种基于XTR(Efficient and Compact Subgroup Trace Representation,有效的、紧致的子群迹表示)公钥密码体制的分布式认证机制;利用XTR公钥密码体制,通过协商生成会话密钥,分别对传感器网络中的本地节点和远端节点进行认证,该认证无需节点与基站直接通信,避免了单点攻击和复杂的通信转发过程,方案简单有效,认证过程具有较低的计算与通信代价,便于在实际应用系统中得到实现.     

无线自组网中有效的证密钥协商方案

在Diffie-Hellman密钥交换算法和基于身份的密码体制基础上,提出一种适用于无线自组网的认证密钥协商方案。该方案利用分布的多项式秘密共享的思想,实现PKG分布化和网络中节点公私钥的生成。通过随机数认证和基于身份的签名以及DH密钥协商算法实现认证密钥协商。该方案II3E与DH算法相结合,具有基于身份的密码体制低存储量和通信量的优点,同时认证密钥协商后的通信均可采用对称密码算法来有效降低计算量,节省网络资源。理论分析证明本方案是安全的。     

基于身份的Ad Hoc网络密钥管理方案

在分析现有的Ad Hoc网络分布式信任方案基础上,使用双线性对技术提出一个基于身份的Ad Hoc网络密钥管理方案。该方案结合基于身份的密码学算法与分布式秘密共享算法将系统主密钥分发给一组预选节点,由其合作实现私钥生成中心PKG功能。一次单播即可安全高效地实现节点私钥更新,基于双线性对性质,一次交互即可安全地建立节点间的会话密钥。分析结果表明该方案安全高效。     

无线自组网络上基于身份的密钥生成协议

着重研究了无线自组网络上基于身份的密码体制的密钥生成问题,设计了一个分布式的密钥生成协议。该协议不需要预先分发任何秘密信息,不需要假设用户间存在安全信道和可信第三方,在设定系统参数后,自组网络的各站点运行该协议,就可以安全有效地生成与自己身份相对应的用户私钥,从而有效地使用基于身份的密码体制实现自组网络内部的端到端认证和保密通信。     

基于身份的Ad Hoc网络群签名算法设计

现有Ad Hoc网络存在公钥基础设施缺乏、网络拓扑结构变化以及节点资源受限等缺陷,故传统的基于可信机构的密码机制不再适用.为了解决Ad Hoc网络中的密钥管理及认证签名问题,利用基于身份密码体制的优点,结合基于联合秘密共享的门限群签名体制,设计了应用于Ad Hoc网络的基于身份的群签名算法.算法分析及网络仿真实验表明,提出的算法有效地节省了网络数据的传输量和节点签名的计算量,解决了现有Ad Hoc网络认证方案不能处理节点私钥更新和抵抗合谋攻击等问题.在保证安全性和有效性的同时控制了计算量,因此适用于Ad Hoc网络.     

基于组合设计和身份加密的分簇无线传感器网络密钥管理方案

针对现有分簇式无线传感器网络密钥管理方案中存在的健壮性差、簇头节点抗俘获性差和可扩展性差等问题,结合组合设计和基于身份密码体制的思想,提出一种新的密钥管理方案。采用组合设计的方法构造每个簇的密钥池,使簇内节点均共享一个密钥。簇内节点使用椭圆曲线密码体制建立簇内对密钥,簇头节点使用基于身份密码体制建立簇头之间对密钥。该方案支持节点动态变化。性能分析表明,与现有的分簇式密钥管理方案相比,该方案具有良好的健壮性、簇头节点抗俘获性、可扩展性和较低的系统开销。     

基于身份的无可信中心Ad-hoc密钥管理方案

针对移动Ad-hoc网络中迫切需要解决的安全问题是建立一个安全、高效、可行的密钥管理系统,提出了一种基于身份无可信中心的适合于Ad-hoc网络密钥管理方案,有效地解决了节点间的信任问题及基于身份密码体制的密钥托管问题,并给出了一种可以为用户在线周期性更新密钥机制。最后证明了所得用户公钥与用户身份的绑定及用户私钥的安全性。     

SDSR——Ad hoc网络中安全的动态源路由协议*

首先回顾了Ad hoc安全路由协议的研究现状,然后对于DSR协议给出一种安全路由协议SDSR。利用基于身份的密码体制节点可以非交互地共享一对称密钥,邻居节点使用该密钥进行预认证生成会话密钥。路由发现过程中采用对称密钥算法进行逐跳加密和认证,可以阻止非法节点参与路由过程,而且具有较高的效率。     

一个高效的无线匿名认证和密钥协商协议

无线通信中,身份认证和密钥协商是一个重要的安全问题。文章首先指出文献[4]中构造的相关协议的安全漏洞和攻击方法;然后提出来一个半匿名基于XTR公钥体制的签密算法,基于该算法构造了一个高效的无线匿名认证和密钥协商协议;最后对该协议的安全性、计算量和通信量进行了评估。     

Ad Hoc网络基于身份的密钥管理方案

在基于身份的Ad Hoc网络密钥管理的方案中,根据用户身份生成用户密钥时无法对用户的身份真实性进行有效确认,针对这一问题,该文结合基于身份的密码系统和基于口令的认证技术,给出一个密钥管理方案,该方案通过口令技术实现节点身份的认证,使用基于身份的密钥管理系统完成密钥的安全分发。同时基于ROM 模型证明了该方案的安全性。     

Identity-based key distribution for mobile Ad Hoc networks

An identity-based cryptosystem can make a special contribution to building key distribution and management architectures in resource-constrained mobile ad hoc networks since it does not suffer from certificate management problems. In this paper, based on a lightweight cryptosystem, elliptic curve cryptography (ECC), we propose an identity-based distributed key-distribution protocol for mobile ad hoc networks. In this protocol, using secret sharing, we build a virtual private key generator which calculates one part of a user’s secret key and sends it to the user via public channels, while, the other part of the secret key is generated by the user. So, the secret key of the user is generated collaboratively by the virtual authority and the user. Each has half of the secret information about the secret key of the user. Thus there is no secret key distribution problem. In addition, the user’s secret key is known only to the user itself, therefore there is no key escrow.     

A token based distributed algorithm for supporting mutual exclusion in opportunistic networks

Opportunistic networks are essentially distributed networks with transient connectivity among nodes. Nodes in opportunistic networks are resource constrained, mobile and opportunistically come in contact with each other. In such a distributed network, nodes may require exclusive access to a shared object or resource. Ensuring freedom from starvation is a challenging problem in opportunistic networks due to limited pairwise connectivity and node failures. In this paper, we review mutual exclusion algorithms proposed for generic mobile ad hoc networks (MANETs) and discuss their applicability to opportunistic networks. Further, we propose a novel token based algorithm¹ and prove its correctness. Simulation results show that our algorithm is communication efficient as compared to other algorithms proposed for generic mobile ad hoc networks. We also propose a timeout based fault detection algorithm that exploits the intercontact time distributions.     

An ID-based cryptographic mechanisms based on GDLP and IFP

In 1984, Shamir introduced the concept of an identity-based cryptosystem. In this system, each user needs to visit a key authentication center (KAC) and identify himself before joining a communication network. Once a user is accepted, the KAC will provide him with a secret key. In this way, if a user wants to communicate with others, he only needs to know the identity of his communication partner and the public key of the KAC. There is no public file required in this system. However, Shamir did not succeed in constructing an identity-based cryptosystem, but only in constructing an identity-based signature scheme. In this paper, we propose an ID-based cryptosystem under the security assumptions of the generalized discrete logarithm problem and integer factorization problem. We consider the security against a conspiracy of some entities in the proposed system and show the possibility of establishing a more secure system.     

一种前向安全的无证书代理签名方案*

为了解决密钥泄露问题,提出一个具有前向安全性的无证书代理签名方案。本方案采用密钥不断更新的方法,保证了代理签名方案的前向安全性,即当代理签名者的代理密钥泄露后,攻击者不能伪造当前时段以前的代理签名,从而减小了密钥泄露所带来的损失。同时本方案采用了无证书公钥密码体制,避免了基于证书密码系统的证书管理问题,解决了基于身份的密钥托管问题。     

大规模Ad hoc网络中一种高效的组密钥协商协议*

移动Ad hoc网络自身的特点决定了该网络中节点资源的有限性,所以在移动Ad hoc网络中构建组密钥协商协议时,应尽量减少节点的资源开销。为了解决这个问题,提出了一种基于分簇-K叉树组模型结构的组密钥协商协议——CKT-ECC协议。该协议在分簇-K叉树组模型结构上,采用椭圆曲线密码体制实施密钥协商和分配,使得节点在密钥协商过程中具有低计算开销和低通信开销的优势。与GDH、TGDH组密钥协商协议相比,本协议有效地降低了节点在密钥协商过程中的计算开销和通信开销,适用于大规模移动Ad hoc网络。     

A clique-based secure admission control scheme for mobile ad hoc networks (MANETs)

Wireless mobile ad hoc networks (MANETs) do not have centralized infrastructure and it is difficult to provide authentication services. In this paper, we apply Certificate Graph (CG) and identity-based security in designing an admission control scheme for MANETs. We first use one-hop message exchange to build CG at each mobile node. Then we select maximum clique nodes in CG as distributed Certificate Authorities (CAs). We use identity-based key agreement from pairings to protect each session. Then we prove the security by Canetti–Krawczyk (CK) model-based analysis. We demonstrate the effectiveness and feasibility of our protocol through computer simulations.     

一个新的分布式最小连通支配集近似算法

在计算机网络中广泛使用广播来解决一些网络问题,设计有效的广播算法是一项重要的课题。文中提出一种分布地计算网络最小连通支配集的近似算法并给出了它的正确性证明。它只需要网络节点具有局部的网络状态信息,可伸缩性强。通过此算法可以在网络中自动形成一个虚拟骨干网,从而可为网络中的广播和路由操作提供一个有效的通信基础。模拟结果表明,文中提出的算法求得的连通支配集小,能较好地应用于一般网络以及移动自组网络中。     

Self-organized area coverage in wireless sensor networks by limited node mobility

For wireless sensor networks, monitoring large inaccessible areas where deterministic node deployment is not possible, self-organized techniques are in demand to cover an area using optimal number of nodes. In this paper, given an initial random deployment of mobile sensor nodes, we propose a simple and novel technique for self-organized node movement to satisfy the coverage of the given region of interest using a least number of nodes, such that the maximum node displacement is minimized. We present a simple centralized algorithm and also a distributed version of it for node placement. Moreover, in case of a node failure, a distributed fault recovery algorithm is proposed to replace it locally utilizing the available free nodes. Analysis, simulation, and comparison studies show that the proposed algorithms with less neighborhood information result in significant improvement in terms of average and maximum displacement of a node, rounds of communication, and number of active nodes.     

分布式PKI在移动Ad Hoc网中的应用

介绍了一种基于椭圆曲线和门限算法的数字签名算法,并提出了一个基于分布式PKI的移动Ad Hoc网络安全体系结构。该体系结构中主要采用了分布式PKI安全机制、门限密钥管理、椭圆曲线算法和动态网络分簇思想。分布式PKI和门限密钥管理的应用增加了系统的安全性、容错性,椭圆曲线算法的应用减少了对移动节点的性能的要求,分簇算法的应用减少了对节点容量的要求。