안전한 유비쿼터스 서비스를 위한 MANET의 인증서 관리 및 보안 시스템에 관한 연구

Abstract

MANET(Mobile Ad-Hoc Network) consists of mobile nodes that transfer packet data using wireless interface. MANET is a network that can transmit and receive data through routing mechanism between nodes without infrastructure, rather than communicating under the environment equipped with infrastructures. Therefore, each node participating in network should perform as router and servers without help from base stations or AP and can transmit packets instead of other nodes and perform user applications. The most attractive thing of MANET is that users can have more freedom and flexibility in use of networks, completely out of central control. In the beginning, MANET was a military communication system and recently, it has been expanded to various areas such as WPAN(Wireless- Personal Area Network), Ubiquitous, Bluetooth, RFID(Radio Frequency IDentification), and sensor networks. Mark Weiser working for Palo Alto Research Center in Xerox of U.S.A. considers Ubiquitous part of our life, rather than serious technology. Through ubiquitous computing for which computers are invisibly planted in daily life and things, information can be exchanged and we can use ubiquitous computers anytime and anywhere. That is, ubiquitous computing is our daily environment in which we can not recognize the existence of computers they are incorporated into our daily life though computers are installed in our physical space consisting of things and environments. For existing security, information digitalized in cyber space or physical space and stored in computers was a problem. In consideration of properties of ubiquitous networks, a problem that personal information may be exposed exists in ubiquitous network. For existing networks, the place attacked was confined to personal computers, but in ubiquitous networks, all the personal space may be revealed. Therefore, cyber terror in ubiquitous network includes terror given to physical space, things and physical bodies and extensive space protection is required beyond protection of personal, business and national information In respect to security at MANET, a central technology in ubiquitous network, nodes move frequently or through mobile transfer between nodes, MANET is independently managed. So it is thought that management of its security is more difficult than that of existing networks. Many routing protocols and security mechanisms of MANET were suggested, but it is judged that existing design methods can not meet the needs of MANET security completely, and a new concept about it should be prepared. At present, many institutions and organizations are studying on it. As MANET has dynamic composition in which nodes are frequently changing, when a node is damaged, reliability between nodes may be changed and they may join in other administrative domains quickly they can rely on or secede. However, MANET has been studied for military or natural disaster communication system because of its property that it can perform communication without infrastructures. Such communication networks are appropriate because it is quickly-developed base structure and allows only optional and confined access. Mobile networks can use various user certificate mechanisms such as EAP-TLS, LEAP and PEAP. As such user authorization mechanisms use public key infrastructure, PKI in mobile network should be prepared. The PKI mechanism is due to safety of PKI and through this mechanism, safety of electronic signature ca be secured. The most serious problem in using PKI in mobile personal network is that it can not have reliable certificate because of no trusted Certificate Authority. In general, key management on networks is performed through CA ( Certification Authority) or Key Distribution Server. However, due to absence of trusted certificate authority on mobile networks, direct application of PKI has some problems and actually, certificate on mobile networks is device certificate, not user certificate. Also, for safe use of devices, symmetric key system in MAC is used according to security needs, but safe exchanges of keys are not mentioned. This study suggests security requirements for MANET which can be a base of ubiquitous system and models that can prevent security threat through application of PKI without trusted certificate authority in MANET. It is also solve excessive loading found in centralized control model by dispersing CA for adjustment to dynamic changes of nodes of MANET quickly and suggests a system model which supports expansion so that existing nodes performing communication within clusters can provide active certificate service without being affected by input of new nodes. In addition, it is to evaluate its stability, effectiveness and strength through simulation of the suggested model.