在無線隨意網路中使用完美雜湊族的高效率秘密更新協定設計

Abstract

由於無線隨意行動網路 (Mobile Ad Hoc Network) 的一些先天特性，例如不可靠的無線環境、節點的移動性、不需要任何基地台或移動轉換中心的協助等等，使得提供安全通訊成為一個很大的挑戰。然而，一般用在有線網路上的PKI架構也無法直接移植到無線隨意行動網路的環境下，因為一個集中式CA是很難建構在無線隨意行動網路中。因此我們必須解決此集中式的現象。 本論文提出一個利用「完美雜湊族」(Perfect Hash Families)的模式來實現(n,k)閥值祕密共享，將私密的金鑰分散給在網路上的每個節點，由一定個數的節點共同做簽章的動作，並且採用預防式祕密共享來更新私密金鑰，以避免長時間擁有相同的金鑰，增加攻擊者攻擊的難度。此外，我們利用完美雜湊族的特性，使得更新金鑰的程序更加有效率。最後，我們會分析此方法與前人所提的各式方法的差異以及效能比較。

Due to the inherent characteristic, such as unreliable wireless media, host mobility and lack of infrastructure, providing a secure communication platform in a mobile ad hoc network is a big challenge. However, common authentication schemes like PKI, which is used extensively in wired network, are not applicable in the ad hoc network environment because public key infrastructure with a centralized certification authority is rather difficult to deploy here. Thus, the centralized circumstance needs to be solved. This thesis propose a scheme using the perfect hash families to implement the (n, k) threshold secret sharing. We separate the private keys into several shares and distribute them to every node in the mobile ad hoc network. Only a fixed number of nodes can sign the signature collaboratively. We also use the proactive secret sharing to update the private shares. It can avoid one node holding the same secret share for a long time and can increase the difficulty to being attacked. Moreover, we use the property of a PHF to do the proactive secret sharing, resulting in a more efficient update procedure. Finally, we analyze the performance of this scheme and compare our system with other previously mentioned methods.