安全群组通信(下)

密钥管理 通常情况下,在所有的群组成员之间维护着一个不为非群组成员所知的公共密钥——群组密钥,群组内所有通信均使用该群组密钥加密,这就产生了一个密钥管理问题——在一个具有动态成员关系的群组中如何保证只有群组成员能够访问该群组密钥,即当群组中存在着成员的动态加入或离开情况时,群组密钥如何改变并更新到每个群组成员。密钥管理是为群组通信提供安全服务的关键组成部分。     

基于LT编码的可靠组播密钥更新协议

0引言 随着网络技术的发展,越来越多的应用是基于安全的组播通信进行的。在群组通信中,所有的合法成员使用一个共享的对称加密密钥进行数据加密和解密,这个密钥被称为群组密钥。为了保持通信组的安全,当通信组成员状态发生变化时,必须对共享的群组密钥进行更新并分发至群组在线成员,这个过程就被称为群组密钥的更新。     

基于访问结构上秘密共享的自治愈群组密钥分发方案

自治愈的群组密钥分发能够在不可靠的网络中建立安全的群组会话密钥.基于用户可自行选取子秘密访问结构上的秘密共享方法,提出了一个自治愈的群组密钥分发方案,该方案能够让群组成员自行选取个人秘密信息,而不需要在群组管理员和每个群组成员之间建立安全信道.安全性分析表明,该方案是一个具有撤销能力的、保证前向保密性和后向保密性的、计算上安全的自治愈群组密钥分发方案.性能分析表明,该方案具有较小的存储开销和通信开铕.     

抗内部人攻击的安全组密钥分发协议

为了保障群组通信过程中的内容安全与成员的身份认证,需要一次性会话密钥对通信内容进行加密,密钥建立协议的主要任务是在群组通信开始前完成会话密钥的产生与分发,分为密钥协商协议与密钥传输协议。详细分析了Harn组密钥分发协议与Nam组密钥分发协议的安全漏洞,在Harn协议与Nam协议中,群组通信的成员可以获取其他成员的长期秘密数据,即协议无法抵抗内部人攻击。基于秘密共享理论,设计了安全的组密钥分发协议,能够有效抵抗内部人攻击与外部人攻击。     

基于几何方法与二叉密钥树的群组密钥管理

目前越来越多的应用需要群组通信的模式.利用多维空间圆的几何性质设计了安全群组通信密钥管理方案,该方案分为用户注册、分配组密钥影子、成员计算组密钥等3个阶段.用户注册阶段使成员与群组管理器共享一个长期秘密;在分配组密钥影子阶段,群组管理器利用几何方法为成员分配组密钥影子;在成员计算组密钥阶段,成员通过公告牌上的公开信息与自己拥有的私有信息重构圆而获得组密钥.在简单群组密钥分配的基础上,建立二叉树结构的密钥树进行组密钥分配,其组密钥更新的计算代价从O(m)降低到O(log(m)),公开信息无需变化,无需安全信道,使方案具可有扩展性.     

基于身份的可认证非对称群组密钥协商协议

非对称群组密钥协商协议(asymmetric group key agreement,AGKA)能使群组内部成员安全地传递信息.随着大规模分布式网络协同计算的发展,参加安全协同计算的成员可能来自于不同领域、不同时区、不同云端及不同类型的网络.现有的AGKA不能满足来自于跨域及异构网络之间群组成员的安全信息交换,且安全性仅局限于抗被动攻击.提出一种基于身份的可认证非对称群组密钥协商协议(identity-based authenticated asymmetric group key agreement,IB-AAGKA),该协议实现一轮非对称群组密钥协商,解决群组成员因时区差异而不能保持多轮在线密钥协商的问题;可实现匿名性与可认证性;支持节点的动态群组密钥更新,实现了群组密钥向前保密与向后保密安全性.在decisional bilinear Diffie-Hellman(DBDH)困难假设下,证明了协议的安全性,并分析了协议的性能.     

基于身份的移动网动态群组密钥协商方案

群组密钥协商是群组通信中非常重要的基本工具，如何得到一个安全有效的密钥协商协议是当前密码学研究中的一个重要问题。基于双线性对和随机预言模型，针对移动网络提出了一个动态群组密钥协商方案。此方案就计算复杂度和通信复杂度而言都是高效的，而且满足密钥协商所需要的安全要求。     

群密钥分配的动态安全性及其方案

相对于端到端的通信、安全群组通信更为复杂,从基本算法,系统及安全协议到安全实现都存在需解决的问题,安全群通信的一个基本方法是所有群成员共享一个群密钥、如何将群密钥安全有效地分配给群组的成员是安全群通信应用的一个基本问题,它的难点在于群线的动态性,针对该问题,目前已提出了各种解决方案,这些方案大致可分为两类：集中式管理和分布式管理,现有的群密钥分配方案分析,该文提出了可扩展的安全群密钥分配方案的教学模型,基于该模型形式地定义了群密钱分配的动态安全性,现有群密钥分本的数学描述只能刻画群密钥分配静态的安全性,与之相比该文提出的模型是更为实用的。随后,定义了群密钥分配方案的方法,作为这种构造方法的应用实例,提出了一个新的适用于大数量的,动态组播群组的群密钥分配方案,该方案采用分层管理结构,可高效地处理群成员的动态加入和退出,在单向函数假设条件下,它的安全性是可证明的,不依赖计算复杂性密码学假设,该方案中可以通过设立了群管理员分散对成员的管理,降低群中心管理员的负担,因而,可灵活应用于集中式和分布式的应用环境。     

基于椭圆曲线和三叉树的群组密钥协商方案

将椭圆曲线密码体制和三叉树引入到群组密钥协商中,提出了一种基于椭圆曲线和三叉树的群组密钥协商协议,由于无需向群组所有其它成员广播消息,其计算开销和通信开销均只有O（nlog3 n）。采用了用初始协商的密钥值加密随机数并产生杂凑值的方法使三叉树内部结点间也能进行安全的协商;当有群组成员变动时,通过发起者更新其随机数来提供协议的前向保密性和后向保密性,因此该方案适合于较大规模的动态群组。     

一种可认证的群组密钥协商协议

群组密钥协商协议可以使得所有组员协商出一个相同的密钥,该密钥可以被用到后续的组员之间的安全通信中,保证群组通信的机密性、完整性和真实性。本文在可认证双方密钥认证协议和BD群组密钥协商协议的基础上,提出了一种可认证的群组密钥协商协议(ABD)。和BD相比,ABD不仅能抵抗被动攻击还能抵抗主动攻击。     

一种新型无组控制器安全组播密钥管理协议的实现

针对独立无关组设计了一种新型的安全组播密钥管理协议。该协议不需要一个专门的组控制器集中管理，采用二 叉密钥分配树完成组密钥更新机制，实现了组成员加入敏感性和离开敏感性组密钥更新策略，组成员之间使用基于身份标识的密钥共识协议完成相互认证，有效地抵抗中间人攻击，并且解决了传统方式用公钥证书认证所引起的带宽消耗和计算耗费问题，保证组播通信的安全性和高效性。     

Using AVL trees for fault-tolerant group key management

In this paper we describe an efficient algorithm for the management of group keys for group communication systems. Our algorithm is based on the notion of key graphs, previously used for managing keys in large Internet-protocol multicast groups. The standard protocol requires a centralized key server that has knowledge of the full key graph. Our protocol does not delegate this role to any one process. Rather, members enlist in a collaborative effort to create the group key graph. The key graph contains n keys, of which each member learns log₂n of them. We show how to balance the key graph, a result that is applicable to the centralized protocol. We also show how to optimize our distributed protocol, and provide a performance study of its capabilities. Published online: 26 October 2001     

一种基于LKH的分层式安全组播密钥管理方案

安全组播是组播技术走向实用化必须解决的问题。在组成员动态变化时,设计一个高效的密钥管理方案是安全组播研究的主要问题。该文提出了一种基于LKH模型的分层式组播密钥管理方案。该方案基于分层机制将一个组播分为几个小组,并且采用了指数函数和随机密钥,使得在组成员离开组播时,具体的密钥更新由组成员自己完成。该方案比传统方案减少了密钥更新开销量,提高密钥更新效率,并缩减了密钥存储量。     

Ad hoc网络中一种高效分层的组密钥管理方案

提出了一种高效安全的分层的组密钥管理结构,利用构建多重密钥链来实现组内各密钥的产生以及安全通信信道的建立;具有生成组密钥以及通信密钥安全快捷,整体结构可根据初始要求进行定量布局等特点,适用于动态拓扑结构以及节点储能和计算能力相对较低的Ad hoc网络。     

Efficient group Diffie–Hellman key agreement protocols

In a group Diffie–Hellman (GDH) key agreement protocol, all group members collaboratively establish a group key. Most GDH key agreement protocols took natural generalization of the original Diffie–Hellman (DH) key agreement protocol to arrange all group members in a logic ring or a binary tree and to exchange DH public keys. The computational cost and the communication rounds are the two most important factors that affect the efficiency of a GDH protocol when there are a large number of group members. In this paper, we propose GDH key agreement protocols based on the secret sharing scheme. In addition, we use a one-way key confirmation and digital certificates of DH public keys to provide authentication of group keys. In the proposed authenticated GDH key agreement protocol, each group member requires to broadcast three-round messages, n modular exponentiations, n polynomial interpolations and n one-way functions. Our proposed solution is efficient, robust and secure.     

Group key agreement for secure group communication in dynamic peer systems

Self-organizing group key agreement protocols without a centralized administrator are essential to secure group communication in dynamic peer systems. In this paper, we propose a generic construction of a one-round self-organizing group key agreement protocol based on the Chinese Remainder Theorem. In the proposed construction, all group members contribute their own public keys to negotiate a shared encryption public key, which corresponds to all different decryption keys. Using his/her own secret key, each group member is able to decrypt any ciphertext encrypted by the shared encryption key. Following the generic construction, we instantiate a one-round self-organizing group key agreement protocol using the efficient and computationally inexpensive public key cryptosystem NTRU. Both the public key and the message in this protocol are secure against the known lattice attacks. Furthermore, we also briefly describe another concrete scheme with our generic idea, based on the ElGamal public key cryptosystem.     

有效的强安全组群密钥交换协议

组合公钥密码(CPK)体制无需证书来保证公钥的真实性,克服了用户私钥完全由密钥管理中心生成的问题。基于CPK设计了一个常数轮的组群密钥交换协议,该协议在CDH假设下可证安全并具有完美的前向安全性,只需两轮通信即可协商一个组群会话密钥,在通信和计算方面都很高效;并且高效地支持组群成员动态加入/离开,尤其对于多成员加入/离开的情况,只需额外的少量通信和计算即可更新组群密钥,确保了前向保密性和后向保密性。此外,本协议提供了强安全性保证,它能保持密钥的秘密性,除非某一方的临时私钥和长期私钥同时被泄露。最后,该协议提供了一个设计常数轮强安全组群密钥交换协议的方法,大部分的秘密共享体制均可直接应用于该协议。     

Decision Tree Based Key Management for Secure Group Communication

Group communication is widely used by most of the emerging network applications like telecommunication, video conferencing, simulation applications, distributed and other interactive systems. Secured group communication plays a vital role in case of providing the integrity, authenticity, confidentiality, and availability of the message delivered among the group members with respect to communicate securely between the inter group or else within the group. In secure group communications, the time cost associated with the key updating in the proceedings of the member join and departure is an important aspect of the quality of service, particularly in the large groups with highly active membership. Hence, the paper is aimed to achieve better cost and time efficiency through an improved DC multicast routing protocol which is used to expose the path between the nodes participating in the group communication. During this process, each node constructs an adaptive Ptolemy decision tree for the purpose of generating the contributory key. Each of the node is comprised of three keys which will be exchanged between the nodes for considering the group key for the purpose of secure and cost-efficient group communication. The rekeying process is performed when a member leaves or adds into the group. The performance metrics of novel approach is measured depending on the important factors such as computational and communicational cost, rekeying process and formation of the group. It is concluded from the study that the technique has reduced the computational and communicational cost of the secure group communication when compared to the other existing methods.     

Improved Key Management Technique for Secure Multicasting over IP

Multicast communication is going to be the communication paradigm of all future networks. Secure multicasting is a very vital problem in today’s networks. In secure multicasting, the group members share a common key called the group key. Whenever the group members change, the group key must be changed. Therefore, many multicast security problems are abstracted into key management and distribution problems. The problem of distributing cryptographic keys to the group members in an optimum way that minimizes the communication and storage overheads are the important objectives of a secure multicast problem. In this paper, an efficient key management technique is proposed that minimizes the number of message exchanges and the number of keys stored. Existing key management methods have O(N) and O(log N) overheads. The proposed method shows further improvement. The model has been simulated and the results show improvements to existing approaches.G. Padmavathi has been a member of Computer Science Department, Avinashilingam Deemed University, and Coimbatore, India, for 18 years. She has contributed 20 papers at national level and 5 papers at international level. She has four publications in the areas of Fault Tolerant Real Time Systems, Cryptography and Network Security.S. Annadurai, Principal of Government Engineering College, Tirunelveli, Tamil Nadu, India, is a reputed educationalist. He has more than 150 publications at national and international level, and is an expert committee member for government and membership in many professional organizations. His research interests include Image Processing, Soft Computing and Network Security.