在隨意網路下以區域性為基礎建構之群組認證服務

Abstract

在最近幾年間，由於行動裝置數量上的快速增長，關於隨意網路的研究議題變得受人注目。較早的研究主要的目的在於提出協定來解決一些像路由的基本問題。然而隨意網路的特色使得它較一般傳統網路更容易遭受攻擊。追根究底，導致這些安全問題的根本原因就在於每一個行動主機的移動性。 在本篇論文中，我們著重於如何在隨意網路中提供認證的服務。一個稱為「區域性」的新觀念將在我們的認證架構中被採用來描述所有位於隨意網路中行動主機的移動特性。在我們的方法中，我們稱這種加入「區域性」觀念的移動模型為「區域性移動模型」。「區域性移動模型」的基本想法在於每一個行動主機有很高的機率會在隨意網路的一個固定小區域中活動，而且位於同一區域中的行動主機能夠更容易的監控彼此的行動。以「區域性移動模型」為基礎，我們提出了一個實際而且有效率的分散式公開金鑰管理系統，以此來提供行動主機間的安全通訊。我們的方法包含了以群組為基礎的網路模型和信任模型，藉此來讓行動主機更有效率的交換憑證以及用信任估算的方式來對彼此進行評估的動作。最後我們使用模擬的方式對我們提出的方法做全面性的評估並用實驗的結果來說明我們提出方法的有效性。

In recent years, with the rapid increasing of mobile equipments, the research topics about mobile ad hoc networks (MANETs) become attractive. Earlier studies aimed at proposing protocols for solving some fundamental problems such as routing. However, the features of MANETs make it more vulnerable than traditional wireless networks. To get to the bottom of these security problems, the mobility of each mobile host is the fundamental factor. In this thesis, we focus on how to provide authentication services in MANETs. A new concept which names “locality” is introduced into our authentication architecture to model the movement of all mobile hosts in the MANET. This mobility model with locality property is called “mobile locality model” in our approach. The basic idea of “mobile locality model” is that each mobile host has high probability for roaming at a fixed and small region of whole MANET and each mobile host in the same locality can monitor the behavior of each other more easily. Based on “mobile locality model”, we present a practical and efficient distributed public key management system for providing secure communication between mobile hosts. Our solution includes group-based network model and trust model which allow mobile hosts to exchange certificates efficiently and rate each other with a trust evaluation metric. Finally, we perform an overall evaluation of our solution through simulation to demonstrate the effectiveness of the proposed scheme.