Research And Design Of Cluster-based Key Management Schemes For Mobile Ad Hoc Network

With the rapid development of network and communication technology, Mobile Ad Hoc Network(MANET) comes up as a new type of wireless network. The characteristics of non-center, self-organization and multi-hop bring MANET good applicative features, such as high survivability ,quick and low cost deployment, on the other hand, they bring more severe challenges than the traditional network. With the growing applicative foreground of MANET in the military and commercial fields, the research on security technology draws more attention. As the basic problem of network security in MANET, key management has become one of the hot areas in the MANET research nowadays.According to the characteristics of MANET and the security challenges it faces, this dissertation researches and designs the key management schemes of MANET. The main contributions of the dissertation are summarized as follows:1. Based on the characteristics, security threats and security demands of MANET, the existing key management schemes are analyzed and evaluated, then the advantage and shortage of them are pointed out.2. With the nodes' certificates, The Cluster-Based Pairwise Key Establishment scheme (CBPKE) is proposed using the ellipse curve cryptography. In the scheme, authenticated intra-cluster and inter-cluster pairwise key agreement are discussed, the security and efficiency of the scheme are analyzed, and the authenticity of the protocols is validated by the SVO logic. The results show that the proposed scheme is provided with high security and the cost of storage, communication and computation is low.3. Aiming at the characteristics of the MANET and the shortage of the existing group key management schemes, a Cluster-Based Group Key Management scheme (CBGKM) is proposed. In the scheme, a cluster-based composite design of group key management is put forward, the existing centralized and distributed schemes are improved. Based on these, the cluster key is established by means of the composite method of part agreement and part distribution, the group key is established by the method of full agreement, as a result, the usability, scalability and efficiency are improved. The authentication problem, consistency problem and update problem of group key are discussed, which makes the scheme more suitable for applications with high security requirements.4. By extending related component and the data structure of network simulation tool NS-2, the CBGKM, CBPKE and the related schemes are simulated, the results of simulation are analyzed and compared. These results demonstrate that the proposed schemes are effective.