MANET共识选举轻量级CA认证方案  被引量：2

作　　者：石乐义[1] 单宝颖 魏东平[1] SHI Leyi;SHAN Baoying;WEI Dongping(College of Computer Science and Technology,China University of Petroleum,Qingdao,Shandong 266580,China)

机构地区：[1]中国石油大学(华东)计算机科学与技术学院

出　　处：《计算机科学与探索》2019年第11期1873-1880,共8页Journal of Frontiers of Computer Science and Technology

基　　金：国家自然科学基金No.61772551~~

摘　　要：移动自组织网是由一组自主的无线节点或终端相互合作而形成的独立于固定基础设施的分布式网络,具有无中心、自组织、多跳路由等特点。然而,移动自组织网先天具有的拓扑结构变化频繁和能量受限等缺点,使得移动自组织网络难以进行复杂的认证。针对该问题,结合轻量级证书颁发机构(CA)认证思想,借鉴区块链技术中的共识机制来选举CA,提出一种基于共识算法的轻量级轮转CA认证方案。通过共识算法周期性地选举出当前CA,全网快速达成共识后,即可确定CA,实现轻量级认证。该方案CA节点周期性轮换,无需证书管理,适合高度动态变化、生存周期短的移动自组网。详细分析了方案的安全性并基于BAN逻辑分析方法进行了形式化证明。理论分析表明,该方案可在一定程度上抵御拒绝服务(DoS)攻击、仿冒攻击等多种网络攻击,增强移动自组织网络的安全性能。Mobile Ad Hoc network,a distributed network independent of the fixed infrastructure,is formed by a group of autonomous wireless nodes or terminals cooperating with each other.It has the characteristics of centerless,self-organizing and multi-hop routing.However,the shortcomings such as frequent dynamic topology and limited energy in mobile Ad Hoc networks make it difficult to perform complex authentication.For this problem,a lightweight and rotational CA(certificate authority)scheme based on consensus mechanism is put forward,which combines the idea of lightweight CA and draws on the consensus mechanism in the blockchain to elect CA.The current CA is periodically elected through the consensus algorithm,and CA can be determined after the entire network quickly reaches a consensus, thus lightweight CA can be achieved. The scheme does not require certificatemanagement, and the CA node periodically rotates, which is especially suitable for mobile Ad Hoc networks withhighly dynamic changes and short life cycles. This paper analyzes the security of the scheme in detail and formalizesit based on the BAN logic analysis method. Theoretical analysis shows that this scheme can resist DoS (denialof service) attacks, counterfeit attacks and other network attacks to a certain extent, enhancing mobile Ad Hocnetwork security.

关 键 词：移动自组织网 证书颁发(CA) 轮转CA 认证 共识机制 

分 类 号：TP393[自动化与计算机技术—计算机应用技术]