Research Of Group Key Management In Mobile Ad Hoc Networks

Wireless networks provide users with the capability of ubiquitous computing and information access at anytime, as well as connection maintenance for mobile users. Users are connected to a network via base stations in traditional mobile communication systems and a wired backbone is often designed to carry the information transmitted among the base stations. A mobile ad hoc network (MANET) is a special wireless network that is self-organized by mobile nodes communicating with each other using distributed protocols. MANET can function in absence of fixed infrastructures, such as base stations. When wired networks are not available, as in battlefield communication and emergency search-and-rescue scenarios, MANETs provide a feasible way for communication and information access.Security is essential for MANET, and it is also one of the hot areas in MANET research nowadays. Currently, the major sub-areas of security research include secure routing, secure group communications, authentication and group key management etc, among which group key management has extensive applications. For example, the technologies of group key management can be applied to secure routing and secure group communication. Actually secure problem in routing can be treated as a secure group communication problem with all the nodes in the same group. So group key management has become a research hotpot. However, some limitations do exist: almost all existing group management frameworks depend on fixed nodes to generate or distribute group keys; the performance of group rekeying algorithms including the key agreement algorithm needs to be improved in mobile ad hoc networks; and little research has been done on the security problem in broadcasts.By analyzing the requirements of MANET group key management and some limitations of existing work, this dissertation first focuses on the problems of key deployment, group key generation, group rekeying and group key consistency in a hostile environment. Then the security problem of a special kind of group communication - broadcast is also studied.The major contributions of this thesis include:0 Research on group key management frameworkThe topology of MANET can change frequently since all communicating nodes can move unpredictably. Multi-hop communication over error-prone wireless channels exposes the transmission to high loss rate. Due to the limitation of the existing work in group key management of MANET, this dissertation first analyzes security requirements of MANET group communication in a hostile environment, and then proposes a novel group key management framework based on the threshold secret sharing mechanism. In this framework, a generation style of group key is defined and a generation algorithm is proposed. At the same time, the TEK consistency problem is also solved in the framework. Since localized trust model is used and multiple nearby members can collaborate to generate a group key, the framework has good adaptability to frequent topoloty changes, robustness and scalability, also it advoids single pointof failure. And the group key generation in the framework influenced a little by mobility of nodes and error-prone wireless channels.El Research on group rekeying algorithmIn order to meet the forward-secrecy and the backward-secrecy polices, any change in the group membership should induce group rekeying. So how to update group-key securely and efficiently is of crucial importance in secure group communication. Based on our group key management framework, group rekeying can be reduced as the k rank minimum partition problem in graph theory. Two approximate algorithms are proposed in this dissertation: Distributed Group Rekeying Algorithm (DGR) and Random Cluster Distributed group Rekeying Algorithm (RCDGR). Both of them generate group key from local secrete information and are very suitable for MANET, which possesses characteristics of frequently changing network topology, limited bandwidth and short-lived connection. The performances of the two algorithms are studied using network simulator (n...