扁平化WMN认证方案研究与实现

发布时间：2018-06-25 16:54

本文选题：无线Mesh网络 + 扁平化　；参考：《西安电子科技大学》2014年硕士论文

【摘要】：WMN (Wireless Mesh Network)即无线Mesh网络,是近年来新兴的多跳网络通信技术。该网络可以组成扁平化的结构,网络中不需要固定的基础设施,节点对等连接组成网格状网络。网络中的每一个节点既具备路由功能,又可以同时作为传统的AP提供接入功能。WMN组网灵活,易扩展,稳定性强,且易于维护,具有广阔的应用前景。其既可以在家庭、企业、学校、小区等地方部署固定网络,也可以在聚会、旅游或抢险救灾时部署临时、可移动网络。WMN扁平化的结构给网络带来性能提升的同时,也带来了更多的安全隐患。网络中节点对等、多跳连接、网络拓扑随时可能发生变化,传统的认证方式并不能直接应用于扁平化WMN。如何建立扁平化WMN中节点的认证机制,保证网络中节点的可信,成为其发展和普及中亟待解决的问题。本文首先针对扁平化WMN的特点,分析了其在不同应用场景中的安全问题,总结出了扁平化WMN对认证的需求。主要为以下几点：认证方式扁平化；认证过程不复杂；认证过程安全；节点设置简单；双向认证；能适应网络拓扑的变化。针对文中对扁平化WMN认证需求的分析,本文首先研究了局域网中广泛使用的802.1X协议体系,并将其改进以应用于扁平化WMN。由于传统的树状网络和扁平化WMN网络结构的不同,802.1X在WMN的应用中存在较多的问题。组合公钥CPK (Combined Public Key)技术是近年来新兴的基于标识的认证方式,可以实现节点之间的双向认证。认证过程中不需要可信的第三方参与,非常适用于扁平化WMN的安全认证。但是,CPK认证方案的设置较复杂,尤其是在节点位置变动或者增加删除一个节点时,损失了WMN的灵活性。目前,还没有一套合适的针对扁平化WMN的认证方案,而这对扁平化WMN的发展和普及具有非常重要的意义。本文参考CPK认证的思想,设计了一套通过共同的标志来实现无中心认证的方案,并且验证了方案的有效性。本方案细分为邻节点认证和无数据包交互认证两种,它们共同构成扁平化WMN的完善的认证方案。其中,邻节点认证的方式通过数据包交互实现认证,所有传输的数据包都进行了加密处理,具有很高的安全性。并且认证的同时实现了秘钥的协商,为后期可能的加密做了准备。无数据包交互认证的方式则不需要任何的数据包交互,认证开销非常小,认证信息的更新速度快,能够充分适应网络拓扑快速、频繁变化的场合。本方案具有以下特点：认证过程简单高效；实现了节点之间的双向认证；认证过程中所有数据都进行了加密,不存在明文传输带来的安全隐患；节点信息设置简单,可以快速配置、灵活组网；能适应网络拓扑变化。
[Abstract]:WMN (Wireless mesh Network) is a new multi-hop network communication technology in recent years. The network can form a flat structure. There is no need for fixed infrastructure in the network, and the nodes are connected to each other to form a grid network. Each node in the network not only has routing function, but also can provide access function as a traditional AP. WMN is flexible, easy to expand, stable and easy to maintain, so it has a broad application prospect. It can deploy fixed networks in homes, enterprises, schools, residential areas, etc. It can also be deployed temporarily when gathering, traveling or disaster relief. The flat structure of mobile network. WMN can bring performance improvement to the network at the same time. It also brings more security risks. Peer to peer, multi-hop connection and network topology may change at any time in the network. The traditional authentication method can not be directly applied to flat WMNs. How to establish the authentication mechanism of flattened WMN nodes to ensure the credibility of the nodes in the network has become an urgent problem to be solved in its development and popularization. In this paper, firstly, according to the characteristics of flat WMN, the security problems of flat WMN in different application scenarios are analyzed, and the requirements of flat WMN for authentication are summarized. The main points are as follows: flat authentication mode; authentication process is not complex; authentication process security; node setting is simple; two-way authentication; can adapt to network topology changes. In order to analyze the requirement of flat WMN authentication, this paper first studies the 802.1X protocol architecture which is widely used in LAN, and applies it to flat WMN. Because the traditional tree network and flat WMN network structure are different, there are many problems in the application of WMN. Combined Public key (CPK) technology is a newly emerging authentication method based on identity in recent years, which can realize bidirectional authentication between nodes. The authentication process does not require trusted third party participation, and is very suitable for flat WMN security certification. However, the setting of CPK authentication scheme is more complex, especially when the node position is changed or a node is deleted, the flexibility of WMN is lost. At present, there is no suitable authentication scheme for flat WMN, which is of great significance to the development and popularization of flat WMN. Referring to the idea of CPK authentication, this paper designs a set of scheme to realize the centerless authentication by common symbol, and verifies the validity of the scheme. This scheme is divided into two types: neighbor node authentication and packet-free interactive authentication, which form a flat WMN authentication scheme. Among them, the authentication of adjacent nodes is implemented by data packet interaction, and all the transmitted packets are encrypted, which has high security. And the authentication simultaneously realizes the secret key negotiation, for the later possible encryption has made the preparation. The authentication mode without data packet interaction does not need any data packet interaction, the authentication overhead is very small, the authentication information update speed is fast, can fully adapt to the network topology fast, the frequent change situation. The scheme has the following characteristics: the authentication process is simple and efficient; the two-way authentication between nodes is realized; all the data in the authentication process are encrypted, and there is no hidden danger caused by the transmission of plaintext; the node information is simple to set up. Can be quickly configured, flexible networking; can adapt to network topology changes.
【学位授予单位】：西安电子科技大学
【学位级别】：硕士
【学位授予年份】：2014
【分类号】：TN929.5

【相似文献】