摘要 在本論文中,我們針對行動隨意網路提出一個新的認證協定,我們不但使用憑證來確認使用者的身份,也利用Diffie-Hellman金匙交換的方法及憑證信任清單的概念來完成使用者的身份認證。 在我們的認證協定中,使用者須向自己的認證中心申請一張憑證,並利用自己本身的公開金匙及Diffie-Hellman公開金匙來產生一個認證訊息。再利用此認證訊息向自己的憑證存取伺服器來認證,若認證成功,則憑證存取伺服器會將使用者的Diffie-Hellman公開金匙及憑證儲存在憑證信任清單中。假若使用者要認證其他行動節點的身份,只需要向憑證存取伺服器下載憑證信任清單,就可利用此清單來確認其他行動節點的身份。 在本論文中,我們主要的貢獻有下列幾點: (1) 我們的認證協定,不但可以認證自己叢集內的行動節點,也可認證其他叢集的行動節點,達成跨領域認證的功能。 (2) 在我們的認證協定中,憑證的發行及認證的程序是在不同的行動節點中所進行,所以也可降低憑證中心的能量消耗。 (3) 在認證的過程中,我們同時也交換了一把通訊鑰匙。 (4) 我們利用Diffie-Hellman金匙交換的方法,增加了傳送端與接收端之間資料傳遞的安全性。 我們相信本論文研究的成果,會讓行動隨意網路更加的安全與便 利。
Abstract In this thesis, we propose a new authentication protocol for Mobile Ad Hoc Network (MANET). We not only use the certificate to authenticate the mobile nodes (MN) but also use the Diffie-Hellman key exchange method and Certificate Trust List (CTL) to ensure the identify of MN. The characteristic of this scheme is that the MN can get a local certificate from its home Certification Authority (CA) and use the public key of certificate and its Diffie-Hellman public key to generate the authentication message. Then use this message to authenticate itself to Certificate Store (CS) server. If the authentication message is correct, the CS server will save the node’s certificate and its Diffie-Hellman public key in the CTL. After that, the CS server will forward the message to the other CS servers. If any nodes want to authenticate the other nodes, it can download the CTL form any CS server to check the node’s identify. The contributions of our research are as follows : (1) The feature of our scheme is that the mechanism of authentication protocol not only works in its home cluster but also in visit cluster. (2) In our protocol, certificate issue and node authentication is in different nodes, so it can reduce the CA’s power. (3) In the authentication procedure, the key exchange is also performed simultaneously. (4) We used the Diffie-Hellman key exchange method to increase the security of transmission datas between source and destination. We trust that the results of our research in this thesis will be much helpful to future research in the category of the authentication protocols of MANET.