| Rapid development of network technology effectively promotes the revolution of military field, in the future, the communication of line troops will depend on information connection rather than geographical connection. In order to win the information warfare, the forces must be able to effectively utilize information to accelerate battle rhythm, improve the execution of weapons and enhance the viability of troops. To satisfy this requirement, Tactical Internet is set up. However, due to dynamic topology, adopting wireless communication, deployed on the frontier of battlefield and so on, Tactical Internet is confronted with serious threats in security. In order to ensure its secure application, Tactical Internet is supposed to be able to provide authentication, confidentiality, availability, integrity, non-repudiation and other secure services. Among these services, authentication is the foundation, and it is the precondition and guarantee of other services.According to the characteristics of Tactical Internet and challenges it faces, this dissertation designs and realizes a two-layer distributed certificate authority system applied in Tactical Internet. The main contributions of the dissertation are summarized as follows:1. Based on the characteristics and security requirements of Tactical Internet, a two-layer distributed certificate authority authentication model is designed; then it is described and analyzed formally.2. Based on the characteristics of Tactical Internet, some related theories and the conclusion of simulative experiments, the centralized distribution scheme is adopted to finish the initialization of second-layer distributed certificate authority, while a mixed scheme is proposed to realize the initialization of first-layer distributed certificate authority.3. According to the traits of the distributed certificate authority model, a distributed certificate revocation scheme based on weight and identity is proposed and a certificate state obtainment scheme based on subscription is designed to track the state of the certificate and ensure the confidentiality and reliability of the certificate state.4. An adaptive secret share update scheme based on cluster head decision-making is proposed in order to resist the attacks from mobile adversary. This scheme is efficient and expandable.5. To make sure the server node credible and able to provide distributed service, a secret share distribution scheme based on threshold warrant certificates is proposed. This scheme can effectively prevent malicious nodes from recovering the private key.6. The validity and efficiency of the schemes proposed in dissertation are confirmed by extensive simulations both in rand walk model(RW) and reference point group model(RPGM), and the results of simulations are analyzed detailedly and throughly.7. A two-layer distributed certificate authority prototype system is designed, and its principal modules are implemented. In the end, the efficiency of the system is tested and analyzed. |
PDF Full Text Request