一种无状态的传感器网络密钥预分配方案

 在无线传感器网络中,节点被敌方捕获以后将泄露节点内存储的群组密钥等秘密信息,所以需要建立一种安全高效的群组密钥管理系统来及时对被捕获节点进行撤销,以保证无线传感器网络中群组通信的安全.提出一种基于逻辑密钥树结构的密钥预分配方案,群组控制者和密钥服务器(GCKS)为逻辑密钥树中每一逻辑节点分配一个密钥集,每一sensor节点对应一个叶节点,以及一条从该叶节点到根节点的路径,GCKS将该路径上所有节点的密钥植入sensor节点.节点撤销时,GCKS将逻辑密钥树分成互不相连的子树,利用子树中sensor节点的共享密钥进行群组密钥的更新.分析表明本方案满足无状态性,以及正确性、群组密钥保密性、前向保密性和后向保密性等安全性质,具有较低的存储、通信和计算开销,适用于无线传感器网络环境.     

基于身份的空间网络组密钥管理方案

针对现有组密钥管理方案无法适应空间网络的问题,提出了一种基于身份的空间网络组密钥管理方案.方案设置了一个由卫星节点组成的多播服务节点集合,协助多播群组完成公共参数的生成和广播,解决了组成员开销不平衡的问题;为同一群组提供服务的节点动态可变,避免了单点失效问题.与现有方案相比,本方案在满足安全要求的基础上,具有更小的计算、存储和通信开销.     

适用于传感器网络的分级群组密钥管理

 由于无线传感器网络中经常出现节点加入或离开网络的情况,所以需要建立一种安全高效的群组密钥管理系统来保证无线传感器网络中群组通信的安全性.提出了一种基于密钥树和中国剩余定理的分级群组密钥管理方案.有sensor节点加入,先向新成员发送二级群组密钥,可参与一些不太敏感的数据的传送;待新成员获得GCKS的信任之后,则向其发送群组密钥,从而可参与有关机密信息的会话.节点离开时,通过利用完全子集方法将剩余成员进行分割,提出的方案可以利用中国剩余定理对群组密钥进行安全的更新.证明方案满足正确性、群组密钥保密性、前向保密性和后向保密性等安全性质.性能分析表明,此方案适合应用于无线传感器网络环境.     

一种基于服务器端的群组密钥协商方案

群组密钥协商是群组通信中非常重要的基本工具,现有群组密钥协商机制需要本地组成员全部参与协商,这严重制约群组通信系统的可扩展性与高效性。针对这个问题,文中提出了一种基于服务器端的群组密钥协商方案。该方案仅需要与每个组成员连接的服务器组间密钥协商,从而能够降低群组的存储开销和通信开销。同时在客户端函数库内通过设计一个单向映射机制实现从服务器组密钥到群组密钥变换。与基于客户端函数库的密钥协商机制相比,其可扩展性及密钥协商效率更高。     

多群组和设备侧密钥分发的安全认证和密钥协商

随着MTC（Machine Type Communication）移动终端数量不断增长,网络拥塞问题日益严重。本文提出了一种多群组和设备侧密钥分发的安全认证和密钥协商（Multi-based and Device Side Key Distribution Secure Authentication and Key Agreement, MGDK-AKA）协议。该协议首先将大量请求接入设备按照一定的规则分成多个群组。组首对组成员的请求信息进行聚合,组首与核心网完成整个认证和密钥协商过程,组成员仅与组首之间完成相互认证,避免了大量设备同时访问核心网络。同时将原核心网侧的密钥分发转移到设备侧完成,进一步克服网络拥塞,并保证数据的安全传输。安全性分析表明了提出的方案可以完成安全目标,并抵抗一些攻击。仿真结果验证了该协议在网络拥塞避免的可行性。      

基于服务器组的群组密钥协商机制

为了解决现有的组密钥协商机制需要组成员在本地全部参与协商,从而严重制约安全群组通信系统可扩展性与高效性的问题,提出一种基于服务器端的密钥协商策略.该机制中,仅需要与每个组成员连接的服务器组间密钥协商,降低了群组的存储开销和通信开销.同时在客户端函数库内通过设计一个单向映射机制实现从服务器组密钥到群组密钥变换.与基于客户端函数库的密钥协商机制相比,其可扩展性及密钥协商效率更高.     

无线传感器网络中一种基于公钥的密钥分配方案

针对基于对称密钥的密钥分配技术无法彻底解决无线传感器网络中密钥分配的安全问题,提出了一种基于公钥的密钥预分配方案,基站利用一系列原始公钥和单向散列函数产生公钥集合,并为每个节点随机分配公私钥对和公钥集合的子集。由于私钥的唯一性,采用该方案不仅能够提高网络的安全性能,而且可以改善网络的存储开销。利用随机图论的相关原理证明,该方案与传统的密钥预分配方案相比,既保证了网络的安全,又兼顾了网络和节点资源有限的实际,在连通性不变的前提下,其网络安全性和网络的扩展性大幅度提高。     

一种新的基于椭圆曲线密码体制的 Ad hoc组密钥管理方案

在安全的组通信中,组密钥管理是最关键的问题.论文首先分析了组密钥管理的现状和存在的问题,然后基于椭圆曲线密码体制,针对Ad hoc网络提出了一种安全有效的分布式组密钥管理方案,并对其正确性和安全性进行了证明,由椭圆曲线离散对数困难问题保证协议的安全.针对Ad hoc网络节点随时加入或退出组的特点,提出了有效的组密钥更新方案,实现了组密钥的前向保密与后向保密.与其他组密钥管理方案相比,本方案更加注重组成员的公平性,没有固定的成员结构,并且还具有轮数少、存储开销、通信开销小等特点,适合于在Ad hoc网络环境中使用.     

基于ECC的可公开验证的非交互式密钥共享方案

提出一种基于椭圆曲线加密的非交互式零知识证明协议,并基于该证明协议提出一个可公开验证的密钥共享方案.在该方案中,密钥和密钥份额被嵌入椭圆曲线的点上,任何人均可对密钥和密钥份额进行验证,只有合法参与者集合可恢复出密钥,但无法知道密钥的具体内容;这样有效阻止了攻击者窃取密钥,也防止了数据的误发和成员之间的欺诈,更有利于密钥的复制与更新.     

无线传感器网络中自治愈的群组密钥管理方案

 群组密钥管理的自治愈机制是保证无线传感器网络在不可靠信道上进行安全群组通信的重要 手段.基于采用双方向密钥链的群组密钥分发与撤销方法,提出了一个无线传感器网络中具有撤销能力的自治愈群组密钥管理方案.该方案实现了群组密钥的自治愈功能和节点撤销能力, 能够满足在较高丢包率的无线通信环境下传感器网络群组密钥管理的安全需求,确保了群组密钥保密性、前向保密性和后向保密性等安全属性.性能分析表明,该方案具有较小的计算和通信开销,能够适用于无线传感器网络.     

An authenticated group key distribution protocol based on the generalized Chinese remainder theorem

The group key distribution protocol is a mechanism for distributing a group key that is used to encrypt the communication data transmitted in an open group. Recently, a novel group key distribution protocol based on secret sharing was proposed. In their protocol, the group key information is broadcast in an open network environment, and only authorized group members can obtain the group key. However, their protocol requires each group member to broadcast a random challenge to the rest of the group members in the construction of the group key, and this may increase communication cost and cause network traffic congestion. In this paper, we propose an authenticated group key distribution protocol based on the generalized Chinese remainder theorem that drastically reduces communication costs while maintaining at least the same degree of security. Our protocol is built on the secret sharing scheme based on Chinese remainder theorem, which requires fewer computation operations than the previous work. Copyright © 2012 John Wiley & Sons, Ltd.     

An authenticated group key distribution mechanism using theory of numbers

A group key distribution protocol can enable members of a group to share a secret group key and use it for secret communications. In 2010, Harn and Lin proposed an authenticated group key distribution protocol using polynomial‐based secret sharing scheme. Recently, Guo and Chang proposed a similar protocol based on the generalized Chinese remainder theorem. In this paper, we point out that there are some security problems of Guo and Chang's protocol and propose a simpler authenticated group key distribution protocol based on the Chinese remainder theorem. The confidentiality of our proposed protocol is unconditionally secure. Copyright © 2013 John Wiley & Sons, Ltd.     

A secure and robust group key distribution and authentication protocol with efficient rekey mechanism for dynamic access control in secure group communications

In today's Internet era, group communications have become more and more essential for many emerging applications. Given the openness of today's networks, efficient and secure distribution of common key is an essential issue for secure communications in the group. To maintain confidentiality during communication in the group, all authorized members require a common key called the group key in advance. This paper proposes a group key distribution and authentication protocol for dynamic access control in secure group communication using Chinese remainder theorem (CRT), which is highly secure and computationally efficient. The proposed protocol (1) has drastically reduced the computation complexity of group controller ( GC ) and members, (2) has provided intense security by means of an additional secret parameter used by GC and members, (3) has minimized storage and communication overheads, (4) has been decentralized for higher scalability so that it can efficiently handle large‐scale changes in the group membership, and (5) is suitable for many practical applications due to intense security along with low computation and storage overheads. Detailed security analysis proves that our protocol can guarantee the privacy and security requirements of group communications. Moreover, performance analysis also verifies the efficiency and effectiveness of the proposed protocol. The proposed protocol has been experimented on star topology‐based key distribution system and observed that the protocol significantly reduces the computation cost and minimizes the communication and storage overheads.     

Provably Secure Constant Round Contributory Group Key Agreement in Dynamic Setting

In this paper, we present and analyze a variant of Burmester-Desmedt group key agreement protocol (BD) and enhance it to dynamic setting where a set of users can leave or join the group at any time during protocol execution with updated keys. In contrast to BD protocol, let us refer to our protocol as DB protocol. Although the DB protocol is similar to BD protocol, there are subtle differences between them: 1) Key computation in DB protocol is different and simpler than in BD protocol with same complexity of BD protocol; 2) Number of rounds required in our authenticated DB protocol is one less than that in authenticated BD protocol introduced by Katz-Yung; 3) DB protocol is more flexible than BD protocol in the sense that DB protocol is dynamic. The reusability of user's precomputed data in previous session enables the join and leave algorithms of our DB protocol to reduce most user's computation complexities which can be useful in real life applications; and 4) DB protocol has the ability to detect the presence of corrupted group members, although one can not detect who among the group members are behaving improperly.     

A novel self‐healing key distribution scheme based on vector space access structure and MDS codes

Self‐healing group key distribution protocols are useful in applications that have a dynamic group structure. These include broadcast transmission systems and multicast networks such as pay‐per‐view television, embedded and sensor networks, and cellular and wireless networks. To cater to the requirements of these applications, several self‐healing group key distribution protocols are proposed in the literature. Many of these schemes are vulnerable to polynomial factorization or insider replay attacks. Some other schemes impose constraints on the users joining the group or revoked from the group. Motivated by these and other shortcomings of the existing schemes, we hereby propose a novel self‐healing group key distribution protocol. Some of the features of this scheme include that (a) the number and the set of revoked users is not constrained, (b) the communication group can consist of any set of users, and (c) a revoked user is allowed to rejoin the group in any of the later sessions. The scheme is analyzed for its security, and it is found to provide anywise forward and backward secrecy. It is also found to resist anywise collusion attack. Communication and computation complexity of the scheme is analyzed; while doing so, various possible realizations of the scheme is discussed. In addition to the theoretical analysis, the proposed scheme is experimentally verified for its correctness using OMNET++ network simulator.     

基于单粒子态的双向认证多方量子密钥分发

量子密钥分发是一种重要的量子通信方式.为了提高量子密钥分发的可行性、安全性和效率,提出了一种基于单粒子态的具有双向认证功能的多方量子密钥分发协议.在协议中,量子网络中的任意两个用户均可在半可信第三方的帮助下进行双向认证并共享一个安全的会话密钥;协议中作为量子信息载体的粒子不需要存储,这在当前技术下更容易实现.安全性分析表明所提出协议在理论上是安全的.     

Energy efficient secured routing protocol for MANETs

The design of routing protocol with energy efficiency and security is a challenging task. To overcome this challenge, we propose energy-efficient secured routing protocol. The objective of our work is to provide a secured routing protocol, which is energy efficient. To provide security for both link and message without relying on the third party, we provide security to the protocol by choosing a secure link for routing using Secure Optimized Link State Routing Protocol. Each node chooses multipoint relay nodes amongst the set of one-hop neighbors, so as to reach all two-hop neighbors. The access control entity authorizes nodes announcing the node identification to the network. In addition, the access control entity signs a public key Ki, a private key ki, and the certificate Ci required by an authorized node to obtain the group key. Each node maintains a route table with power status as one of its entry. After selecting the link, on requirement of a new route, we check nodes’ power status in its routing table and then accordingly arise a route. Then, we perform group key distribution using the generated keys using a small number of messages which helps reducing energy consumption. The group key can be altered periodically to avoid nonauthorized nodes and to avoid the use of the same group key in more than some amount of data. Then, we provide communication privacy for both message sender and message recipient using Secure Source Anonymous Message Authentication Scheme. Thereby, the message sender or the sending node generates a source anonymous message authentication for message for releasing each message based on the MES scheme. Hence, our approach will provide message content authenticity without relying on any trusted third parties.     

Group-Based Authentication and Key Agreement

This paper presents an authentication and key agreement protocol to streamline communication activities for a group of mobile stations (MSs) roaming from the same home network (HN) to a serving network (SN). In such a roaming scenario, conventional schemes require the SN to interact with the HN for authenticating respective MSs, at the cost of repeated message exchanges and communication delay. Instead, in our design, when the first MS of a group visits, the SN performs full authentication with the concerned HN and thereby obtains authentication information for the MS and other members. Thus when any other MS of the same group visits, the SN can authenticate locally without subsequent involvement of the HN, so as to simplify protocol operations. We will show that our scheme does not trade performance for security and robustness to the extent that security requirements are unduly weakened. Both qualitative and quantitative discussions indicate that our proposed scheme lends itself to pragmatic settings.     

移动Ad Hoc网络路由协议比较与分析

移动Ad Hoc网络是一个自组织系统,是由许多无线移动主机组成的一个临时动态网络,且不依赖于任何中心化的接入点和网络基础设施。对于这样一个网络,一个有效的路由协议对于适应主体的移动性以及为可能的链路提供可行的数据传输是非常必要的。限定路由协议的因素可归为两类,即无线传输过程中的衰退作用和网络拓扑的边缘效应。现存的各种路由协议着重从不同的角度来实现各自的功能。路由协议可分为两部分,路由发现和路由维护,而路由发现是其中的关键部分。