Abstract: This paper analyzes the identity-based key management schemes for ad hoc networks. A key management scheme with key revocation is proposed for key-exposure, abnormality etc., and a signature scheme is constructed based on this key management scheme. The scheme can prevent message from being forged using the stolen key through revoking the leaked key. Even if the attacker forges the user signature successfully, the user can prove it is invalid by system signature of the revocation message. The system private key is constructed with the distributed generation based on the threshold cryptography in the scheme. It has fault tolerance and can resist the active and passive attacks. Compared with the previous scheme it is more secure.

Key words: ad hoc networks, identity-based, key-exposure, key revocation

摘要： 分析了现有ad hoc网络基于身份的密钥管理方案，针对用户密钥泄漏，异常等情况，提出了一种具有密钥撤销机制的密钥管理方案，并在此基础上给出了用户签名方案。在文本中，用户可以通过注销泄漏密钥，防止攻击者用窃取的密钥伪造用户签名，即使攻击者成功伪造了用户签名，用户还可以通过系统签名注销消息来证明伪造的签名无效。方案在门限密码学的基础上以完全分布化方式建立系统密钥，具有良好的容错性，能抵御网络的主动和被动攻击。和以往的方案相比具有更高的安全性。

关键词: ad hoc网络, 基于身份, 密钥泄漏, 密钥撤销