隨意無線網路(Ad Hoc Networks)是由一群無固定基礎建設的行動通訊裝置集合而成,在這樣的網路環境中面臨許多挑戰,如遭受到主動及被動的攻擊、須提供即時與隨地之服務。因此本研究提出以門檻值憑證中心之架構為基礎,應用橢圓曲線密碼系統,建立適合隨意無線網路之公開金鑰基礎建設,使網路中被授命之節點(Mobile Agent Partial CA,稱之MAPC)能聯合簽署憑證,達到隨意無線網路之安全目標。本研究以橢圓曲線進行加解密,並以ECDSA進行數位簽署,如此與RSA比較大幅度降低運算時間及金鑰長度;同時亦採用秘密分享更新及定期對MAPC進行稽核之方式,來抵抗各種攻擊;另外針對隨意無線網路節點之移動特性,設計一MAPC個數、門檻值為可變動的網路環境,使隨意無線網路之公開金鑰基礎建設更具可行性。隨意無線網路的無線、移動性等特性,導致安全控管成為隨意無線網路中較弱的一環,公開金鑰基礎建設即提供了金匙分配及身分認證的安全機制,使得網路內之訊息傳遞能達成機密性、認證性、完整性及不可否認性之安全目標。 Mobile Ad Hoc network is a set of mobile devices without infrastructure. There are a lot of challenges in this environment, such as active interfering and passive eavesdropping, and offer the service on every time everywhere. Our research proposes to build PKI (Public Key Infrastructure) in Ad Hoc network which is base on threshold CA (Certificate Authority) and ECC (Elliptic Curve Cryptography) making partial authorized nodes (says Mobile Agent Partial CA, MAPC) in the network a coalition and to sign the certificate together to reach the secure goal of Ad Hoc network. In this research, we use ECC in encryption and decryption and sign the digital signature with ECDSA. After comparing with RSA, our research reduces the calculation time and cut down the length of key in evidence. Furthermore, we adopt to update the secret sharing periodical and audit MAPCs on a regular time schedule to prevent various kinds of attacks. According to the mobility of Ad Hoc network, we design a network environment which can modulate the number of MAPCs and the threshold value, making PKI in Ad Hoc network feasible and robust. Because of wireless, mobility and some properties of Ad Hoc network, security control is the vulnerability in the Ad Hoc network. By the key distribution and the identity authentication in PKI, the communication in the network achieves the secure gold that ensures privacy, authenticity, integrity and non-repudiation.
