轻量级可移交CA的MANET网络认证体系

Lightweight and Shifted CA Architecture for MANET

为解决移动自组网(Mobile Ad Hoc Network,MANET)网络信道开放、节点灵活多变且资源受限以及难以部署复杂认证机制的问题,结合轻量级CA思想,构造出一种适用于生存周期短、拓扑结构高度动态变化的MANET的认证体系结构即轻量级可移交认证中心(Lightweight and Shifted Certification Authority,LSCA)。LSCA结构简化了传统基于证书CA机制的公钥产生及验证的复杂性,无需证书管理;同时以移交CA角色的方式工作,不需预先配置节点及预知网络拓扑结构,使系统在不采用门限机制的情况下具备一定的容侵能力。性能分析及仿真实验表明:LSCA对DoS攻击表现出较强的健壮性,在通信、计算及存储代价方面均优于分布式CA及门限机制CA,适用于动态多变、生存周期较短的MANET网络应用。

In order to solve the problem that it is difficult to adopt more security and complex authentication mecha- nisms in mobile Ad hoc network （MANET） because of the opening communication channels, highly dynamic moving and sources-constrained nodes, a lightweight and shifted certificate authority （LSCA） authentication architecture for MANET was put forward, which is combined with an idea of lightweight CA, and it＇s designed for MANET with short lifetime and highly dynamic topology. LSCA is equipped with the advantage of lightweight CA through simplifying the traditional certificate-based CA, which needs no certificates. Moreover, LSCA, through the transfer of the overall CA among a number of alternative CA nodes in a regular rotation, is not needed to preset nodes and know the topology of MANET, and the system is attained a certain degree of tolerance. Analysis and simulation results show that LSCA has robust resistance for DoS attacks, balances the tradeoff between communication, computation and storage, which is bet- ter than distributed CA and CA with threshold mechanism, and is especially suitable for the topology of very dynamic MANET networks.