一种新的基于LKH的组播密钥更新方案

安全组播是组播技术走向实用化必须解决的问题.在组成员动态变化时,设计一个高效的密钥管理方案是安全组播研究的主要问题.本文提出了一种基于LKH模型的组播密钥更新方案.该方案基于分层机制将一个组播分为几个小组,并且采用指数函数和随机密钥,使得在组成员离开组播时,具体的密钥更新由组成员自己完成.本方案比传统方案减少了密钥更新开销量,提高了密钥更新效率,并缩减了密钥存储量.     

A new probabilistic rekeying method for secure multicast groups

The Logical Key Hierarchy (LKH) is the most widely used protocol in multicast group rekeying. LKH maintains a balanced tree that provide uniform cost of O(log N) for compromise recovery, where N is group size. However, it does not distinguish the behavior of group members even though they may have different probabilities of join or leave. When members have diverse changing probabilities, the gap between LKH and the optimal rekeying algorithm will become bigger. The Probabilistic optimization of LKH (PLKH) scheme, optimized rekey cost by organizing LKH tree with user rekey characteristic. In this paper, we concentrate on further reducing the rekey cost by organizing LKH tree with respect to rekey probabilities of members using new join and leave operations. Simulation results show that our scheme performs 18 to 29% better than PLKH and 32 to 41% better than LKH.     

Optimizing Rekeying Cost for Contributory Group Key Agreement Schemes

Although a contributory group key agreement is a promising solution to achieve access control in collaborative and dynamic group applications, the existing schemes have not achieved the performance lower bound in terms of time, communication, and computation costs. In this paper, we propose a contributory group key agreement that achieves the performance lower bound by utilizing a novel logical key tree structure, called PFMH, and the concept of phantom user position. In particular, the proposed scheme only needs O(1) rounds of the two-party Diffie-Hellman (DH) upon any single-user join event and O(log n) rounds of the two-party DH upon any single-user leave event. Both the theoretical bound analysis and simulation show that the proposed scheme achieves a lower rekeying cost than the existing tree-based contributory group key agreement schemes.     

Analysis and Protection of Dynamic Membership Information for Group Key Distribution Schemes

In secure group-oriented applications, key management schemes are employed to distribute and update keys such that unauthorized parties cannot access group communications. Key management, however, can disclose information about the dynamics of group membership, such as the group size and the number of joining and departing users. This is a threat to applications with confidential group membership information. This paper investigates techniques that can stealthily acquire group dynamic information from key management. We show that insiders and outsiders can successfully obtain group membership information by exploiting key establishment and key updating procedures in many popular key management schemes. Particularly, we develop three attack methods targeting tree-based centralized key management schemes. Further, we propose a defense technique utilizing batch rekeying and phantom users, and derive performance criteria that describe security level of the proposed scheme using mutual information. The proposed defense scheme is evaluated based on the data from MBone multicast sessions. We also provide a brief analysis on the disclosure of group dynamic information in contributory key management schemes     

引入加入树的贡献型组密钥更新方案

在大规模动态群组中,一个高效的能实时更新的组密钥管理算法是提供组通信内容保护的前提。提出了一种基于加入树的分布式组播密钥管理方案JDH。首先给出了一个包含主树和加入树的新型树形结构。其次,为了降低成员加入时的时间复杂度,给出了一种新的加入算法。最后,根据最优化方法选取了最优的加入树的大小。理论分析和仿真表明,JDH将成员加入时密钥更新的时间复杂度降低为O(1)。     

基于RSA的混合组播密钥管理方案

针对大型动态群组组播通信密钥更新开销大的问题,提出一种高效的混合组播密钥管理方案.结合SKDC、LKH和Iolus的优点,构造分层分组式结构密钥树,采用RSA算法进行密钥加密传输,提高可扩展性和安全性.在多个成员变动情况下采取批量密钥更新,降低子组控制器的负担.实验结果表明,该方案在存储开销、通信开销和计算开销方面优于...     

数据储存式无线传感器网络下一个具有高效能的密钥管理方案

针对无线传感器网络能量、存储空间、通信开销等局限性问题,在pDCS (Security and Privacy Support for Data-Centric Sensor Networks)的研究基础之上,保证不失其安全性的前提下,以互斥基底系统 (Exclusion Basis System,EBS)建构一个具有更高效率的分布式密钥管理方案,命名为ERP-DCS。该方案将网络密钥的管理工作(包括密钥分配、重置及撤销)分散至各个簇集中,藉以降低密钥重置阶段所需的通信量,节省能源,进而延长网络寿命。论证分析表明,ERP-DCS与pDCS相比,仅增加了些微的储存成本,却能大幅地降低密钥重置时的更新通信量。     

Secure and efficient group key management with shared key derivation

In many network applications, including distant learning, audio webcasting, video streaming, and online gaming, often a source has to send data to many receivers. IP multicasts and application-layer multicasts provide efficient and scalable one-to-many or many-to-many communications. A common secret key, the group key, shared by multiple users can be used to secure the information transmitted in the multicast communication channel. In this paper, a new group key management protocol is proposed to reduce the communication and computation overhead of group key rekeying caused by membership changes. With shared key derivation, new keys derivable by members themselves do not have to be encrypted or delivered by the server, and the performance of synchronous and asynchronous rekeying operations, including single join, single leave, and batch update, is thus improved. The proposed protocol is shown to be secure and immune to collusion attacks, and it outperforms the other comparable protocols from our analysis and simulation. The protocol is particularly efficient with binary key trees and asynchronous rekeying, and it can be tuned to meet different rekeying delay or key size requirements.     

Native XML数据库的文档编码机制研究

Native XML数据库快速查询的实现,可以采用基于XML文档编码的结构连接算法。而结构连接算法的实现需要对XML文档进行编码,以便于快速判断XML文档树结点之间的祖先后裔关系。在对现有编码机制进行综述的前提下,提出一种新的XML文档编码机制——前缀整除编码（PDIV）机制。该机制编码形式简单,只需要一个正整数即可充分表示结点在XML文档树中的位置信息;可以实现祖先后裔关系的快速查询;支持XML文档的更新操作;编码长度较短,编码长度约为o（ln（n））。     

无线传感器网络的组密钥更新算法*

提出了一种适用于无线传感器网络的基于改进密钥链接树的组密钥更新算法。通过在基于密钥链接树的组密钥管理方案中引入问题密钥路径,并延迟这些问题密钥路径上的密钥更新操作,从而减少密钥链接树中辅助节点上的重复密钥更新。实验结果表明,与现有的组密钥管理方案相比,基于改进密钥链接树的组密钥更新算法在节点添加和删除操作时产生更少的密钥更新消息和消耗更少的能量。     

基于单向函数动态安全的组播密钥分配方案

提出了一种基于单向函数的满足动态安全性的组播密钥分配方案,比较了其与OFT方案的不同特点,使用该方案在组成员加入或退出时只需更改节点公开信息,减少了密钥更新所需的广播消息量,结果表明,该方案具有较高的可行性。     

支持撤销的外包加解密CP-ABE方案

属性基加密（attribute-based encryption,ABE）方案在云存储中得到了越来越广泛的应用,它能够实现细粒度的访问控制,但是现有的大多数ABE方案存在撤销方案效率低、开销大的问题。为了解决这一问题,提出一种更高效、细粒度的支持属性撤销的属性基加密方案。该方案将部分加解密运算外包给代理服务器,从而降低用户的加解密计算量。同时还提出了一种有效的属性撤销方法,该方法只需更新与撤销属性相关联的密文和用户密钥,所以属性撤销的代价很小。并结合了双因子身份认证机制,提高算法的安全性。该方案基于DBDH假设,在标准模型下被证明是安全的。     

基于哈夫曼树的无证书公钥广播加密方案

现有的无证书广播加密方案是向用户传输相同的信息量,没有权限的概念。基于哈夫曼树,引入权值,提出了一种新的无证书公钥广播加密方案,实现了对不同权限的用户传输不同的信息量。与已有的广播方案相比,该方案平均计算密钥量少,降低了通信开销,灵活性更高。     

自主群密钥更新模型研究

针对分布式网络群组密钥更新中非更新成员参与共享密钥计算增加交互延时问题,提出一种自主密钥更新模型,通过DH协议和多项式设计一种自主群组密钥管理方案,具有单加密密钥多解密密钥加密解密性质。更新过程中,更新成员本地自主更新公开加密密钥,无需在线KMC支持,保护非更新成员解密密钥的有效性,减少密钥更新延时和非更新成员的计算开销,具有自主密钥更新模型的性质,适用延时受限的无线网络场景。     

An efficient key management scheme for user access control in outsourced databases

Recently, researches on key management scheme for user access control in outsourced databases have been actively done. Because outsourced databases require dealing with a lot of users and data resources, an efficient key management scheme for reducing the number of authentication keys is required. However, the existing schemes have a critical problem that the cost of key management is rapidly increasing as the number of keys becomes larger. To solve the problem, we propose an efficient key management scheme for user access control in outsourced databases. For this, we propose an Resource Set Tree(RST)-based key generation algorithm to reduce key generation cost by merging duplicated data resources. In addition, we propose a hierarchical Chinese Remainder Theorem(CRT)-based key assignment algorithm which can verify a user permission to gain accesses to outsourced databases. Our algorithm can reduce key update cost because the redistribution of authentication keys is not required. We also provide the analytic cost models of our algorithms and verify the correctness of the theoretical analysis by comparing them with experiment results. Finally, we show from the performance analysis that the proposed scheme outperforms the existing schemes in terms of both key generation cost and update cost.     

移动医疗系统中的可撤销无证书代理重签名方案

代理重签名在保证委托双方私钥安全的前提下, 通过半可信代理实现了双方签名的转换, 在本文方案中, 通过代理重签名实现了在通信过程中终端用户对于身份的隐私要求。移动医疗服务系统因为其有限的计算和存储能力, 需要借助云服务器来对医疗数据进行计算和存储。然而, 在将医疗数据外包给云服务器后, 数据便脱离了用户的控制, 这给用户隐私带来了极大地安全隐患。现有的无证书代理重签名方案大多都不具有撤销功能, 存在着密钥泄露等安全性问题。为了解决这一问题, 本文提出了一种可撤销的无证书代理重签名方案, 在不相互信任的移动医疗服务系统中, 实现了医疗数据传输过程以及云存储过程中的用户匿名性, 同时, 本文方案具有单向性和非交互性, 更适合在大规模的移动医疗系统中使用。此外, 当用户私钥泄露时, 本文利用 KUNode 算法实现了对用户的高效撤销, 并利用移动边缘计算技术将更新密钥和撤销列表的管理外包给移动边缘计算设备,降低了第三方的计算成本, 使其具有较低的延迟。最后, 在随机谕言机模型下证明了所构造的方案在自适应选择消息攻击下的不可伪造性, 并利用 JPBC 库与其他方案进行计算与通信开销的对比。其结果表明, 本方案在具备更优越的功能的同时, 具有较小的计算成本、通信成本和撤销成本。     

批量密钥更新中密钥树的概率组织方法研究

可缩放组密钥更新是大型动态组通信需要面对的一个重要问题。当前,最有效的组管理技术是基于LKH机制的,且LKH树通常被组织成平衡二叉树。在对批量密钥更新和成员行为进行分析的基础上,结合星型结构和树型结构,给出了一种密钥树的概率组织方法。该方法基于成员的变动概率将其分类,每类关联一棵最优子树,从而进一步减小了密钥更新开销,较好地解决了多播组中异构成员变化带来的组密钥更新问题。实验结果表明,密钥树的概率组织方法显著优于平衡二叉树,且更具有一般意义。     

一种新的分布式无线传感网密钥管理方案UEGS

如何在安全要求高、节点资源极其有限的情况下提供有效的密钥管理,一直是分布式无线传感网研究的挑战之一。近年来很多研究方案陆续出台,其中著名的方案就是EG。本文在EG方案的基础上,提出了一种新的密钥建立和更新方案UEGS,并分析了该方案的可行性、效率以及安全性。     

基于LKH树批量密钥更新方案的一种优化

基于LKH树的批量密钥更新可以有效解决实时密钥更新所产生的低效和失序等问题。文献[1]中设计一种基于LKH树的优化批量密钥更新方案,提出建立动态变动子树、增大更新路径重叠的概率来降低加密次数。对文献[1]中的优化方法进行改进,将LKH树划分为三个子树：高频变动子树、过渡子树和相对稳定子树。通过分析并比较,该方法可以进一步增大更新路径重叠概率,降低加密次数。     

On the Huffman and Alphabetic Tree Problem with General Cost Functions

We address generalized versions of the Huffman and Alphabetic Tree Problem where the cost caused by each individual leaf i, instead of being linear, depends on its depth in the tree by an arbitrary function. The objective is to minimize either the total cost or the maximum cost among all leaves. We review and extend the known results in this direction and devise a number of new algorithms and hardness proofs. It turns out that the Dynamic Programming approach for the Alphabetic Tree Problem can be extended to arbitrary cost functions, resulting in a time O(n ⁴) optimal algorithm using space O(n ³). We identify classes of cost functions where the well-known trick to reduce the runtime by a factor of n via a “monotonicity” property can be applied. For the generalized Huffman Tree Problem we show that even the k-ary version can be solved by a generalized version of the Coin Collector Algorithm of Larmore and Hirschberg (in Proc. SODA’90, pp. 310–318, 1990) when the cost functions are nondecreasing and convex. Furthermore, we give an O(n ²logn) algorithm for the worst case minimization variants of both the Huffman and Alphabetic Tree Problem with nondecreasing cost functions. Investigating the limits of computational tractability, we show that the Huffman Tree Problem in its full generality is inapproximable unless P = NP, no matter if the objective function is the sum of leaf costs or their maximum. The alphabetic version becomes NP-hard when the leaf costs are interdependent.