Abstract: Mobile Ad Hoc network, a distributed network independent of the fixed infrastructure, is formed by a group of autonomous wireless nodes or terminals cooperating with each other. It has the characteristics of centerless, self-organizing and multi-hop routing. However, the shortcomings such as frequent dynamic topology and limited energy in mobile Ad Hoc networks make it difficult to perform complex authentication. For this problem, a light-weight and rotational CA (certificate authority) scheme based on consensus mechanism is put forward, which combines the idea of lightweight CA and draws on the consensus mechanism in the blockchain to elect CA. The current CA is periodically elected through the consensus algorithm, and CA can be determined after the entire net-work quickly reaches a consensus, thus lightweight CA can be achieved. The scheme does not require certificate management, and the CA node periodically rotates, which is especially suitable for mobile Ad Hoc networks with highly dynamic changes and short life cycles. This paper analyzes the security of the scheme in detail and forma-lizes it based on the BAN  logic analysis method. Theoretical analysis shows that this scheme can resist DoS (denial of service) attacks, counterfeit attacks and other network attacks to a certain extent, enhancing mobile Ad Hoc network security.

Key words: mobile Ad Hoc network, certificate authority (CA), rotational CA, certification, consensus mechanism

摘要： 移动自组织网是由一组自主的无线节点或终端相互合作而形成的独立于固定基础设施的分布式网络，具有无中心、自组织、多跳路由等特点。然而，移动自组织网先天具有的拓扑结构变化频繁和能量受限等缺点，使得移动自组织网络难以进行复杂的认证。针对该问题，结合轻量级证书颁发机构（CA）认证思想，借鉴区块链技术中的共识机制来选举CA，提出一种基于共识算法的轻量级轮转CA认证方案。通过共识算法周期性地选举出当前CA，全网快速达成共识后，即可确定CA，实现轻量级认证。该方案CA节点周期性轮换，无需证书管理，适合高度动态变化、生存周期短的移动自组网。详细分析了方案的安全性并基于BAN逻辑分析方法进行了形式化证明。理论分析表明，该方案可在一定程度上抵御拒绝服务（DoS）攻击、仿冒攻击等多种网络攻击，增强移动自组织网络的安全性能。

关键词: 移动自组织网, 证书颁发（CA）, 轮转CA, 认证, 共识机制