SWARM─無線隨意網路的安全憑證系統

Abstract

有別於傳統的有線網路可使用特定的成員負責身份認證或金鑰管理等網路安全機制，缺少固有架構的無線隨意網路(ad hoc wireless networks)並無法有效地利用大部份傳統的有線網路安全方案。我們採用了一個網路分群演算法並且修改它以符合安全上的需求，藉此在無線隨意網路中建立一個有彈性的、群組化的安全認證架構。這個新的架構可以讓成員之間彼此驗證身份，建立許多網路安全功能，它不僅僅能適合大型網路，也不像其他分散式的網路安全方案必須依賴高密度、高機動性的網路環境。當設定好一個群組半徑參數並在網路中分別建立起眾多群組之後，這個架構就可以讓各個獨立的群組依不同的實際狀況或安全需求建立各自的憑證管理系統。接著網路中的任何成員都會得知所有群組彼此間的虛擬網路拓樸和每個群組憑證系統的公開金鑰。這個拓樸即為群組之間的虛擬信任網絡，它用來描述各群組之間的交互信任關係也藉以評估各個群組的可信賴度。各個獨立憑證系統的公開金鑰則用來驗證不同群組所發出的成員身份憑證。最後，我們也在不同的網路設定之下做出實驗模擬，以評估這個網路安全機制的表現及效能。

Unlike wired networks that use dedicated nodes to support security functions like authentication and key management. Most of traditional security mechanisms do not work well in ad hoc wireless networks due to the lack of infrastructure. We use a clustering heuristic and adapt it for security requirements to provide a scalable authentication framework in the clustered ad hoc network. This novel approach can be used to achieve a variety of security objectives through the peer-to-peer authentication scheme. It scales well to large network size and does not require high node density and mobility speed like other distributed schemes. After forming clusters with a radius parameter, it allows separate authentication services to be employed for different physical conditions or security requirements into independent clusters, and each node in the network can obtain the topology of the clusters as well as the keys of all authentication services. The topology, which is called the virtual trust backbone of clusters, describes the trust relationship among clusters and is used to evaluate the trustworthiness of clusters, and the keys are used to verify entity certificates from distinct clusters. Finally, we evaluate the security scheme and simulate its performance on various configurations of ad hoc networks.