基于同态加密机制的无线群组密钥分配协议

根据无线群组通信的特点,基于同态加密机制采用集中式与分布式管理相结合的方法,提出一种新的安全无线群组密钥分配协议。该协议提供群组成员的认证和匿名性,具有前向保密性和后向保密性。协议初始化阶段完成了大部分计算,减少用户终端在协议执行过程中的计算量,满足无线群组通信的实时要求。分析表明,新协议安全性高,计算复杂度低,实时性好,简单且易于实现,适用于无线网络环境。     

基于访问结构上秘密共享的自治愈群组密钥分发方案

自治愈的群组密钥分发能够在不可靠的网络中建立安全的群组会话密钥.基于用户可自行选取子秘密访问结构上的秘密共享方法,提出了一个自治愈的群组密钥分发方案,该方案能够让群组成员自行选取个人秘密信息,而不需要在群组管理员和每个群组成员之间建立安全信道.安全性分析表明,该方案是一个具有撤销能力的、保证前向保密性和后向保密性的、计算上安全的自治愈群组密钥分发方案.性能分析表明,该方案具有较小的存储开销和通信开铕.     

基于椭圆曲线和三叉树的群组密钥协商方案

将椭圆曲线密码体制和三叉树引入到群组密钥协商中,提出了一种基于椭圆曲线和三叉树的群组密钥协商协议,由于无需向群组所有其它成员广播消息,其计算开销和通信开销均只有O（nlog3 n）。采用了用初始协商的密钥值加密随机数并产生杂凑值的方法使三叉树内部结点间也能进行安全的协商;当有群组成员变动时,通过发起者更新其随机数来提供协议的前向保密性和后向保密性,因此该方案适合于较大规模的动态群组。     

有效的群组密钥自治愈管理方案

对无线传感器网络的自治愈群组密钥管理方案进行了研究.针对无线传感器网络群组通信信道不可靠、丢包率较高的无线通信环境现状,提出了一种具有撤销能力的群组密钥自治愈管理方案.该方案利用散列链的单向性和后续会话标志的不可知性实现了群组密钥的安全.通过会话密钥的历史冗余关联,使授权节点能够自动恢复丢失的群组会话密钥.安全及能量消耗分析表明,该方案不仅能保证无线传感器网络的通信安全,而且具有较低的通信开销和存储开销,适应于大规模的无线传感器网络.     

基于双向令牌的可扩展及可靠的群组成员管理

面向有线因特网的群组通信已研究多年,目前仍是研究热点之一,尤其是将现有研究成果扩展到移动与无线网络环境方面.研究了移动群组通信,该问题涉及群组成员关系动态性(成员加入及退出)、成员位置动态性(移动主机的移动性)和网络动态性(结点或链路出错).提出了适合于移动群组通信的基于双向令牌的层次环模型(也称为层次环结构)以解决该问题.该模型是逻辑环与逻辑树的结合模型,它利用了逻辑环的简单性和逻辑树的可扩展性.更为重要的是,这样的结合使得基于层次环结构的群组通信协议比现有的基于树结构的协议更可靠.理论分析和模拟研究表明:(1)当群组规模增大时,该协议的可扩展性很好;(2)该协议具有很高的可靠性.该协议特别适合于服务提供者和网络运营商将其计算设备分层次部署的情况,这时就要求每台计算设备都能局部化地维护其兄弟和父亲设备的信息.     

无线传感网动态可认证群组密钥交换协议

无线传感器网络中节点电池电量有限、节点计算能力及存储能力受限,使得现有的大部分群组密钥交换技术不适用于无线传感器网络。针对该问题,提出一种动态的可认证群组密钥交换协议。采用双线性映射技术实现无线传感器网络中节点之间的群组密钥交换。该协议具有可认证性,避免群组密钥交换过程中遭到欺骗攻击及中间人攻击;具有动态性,适用于无线传感器网络节点动态部署;在双线性计算Diffie-Hellman(bilinear computation Diffie-Hellman,BCDH)困难性假设下是可证安全的。分析结果表明,该协议具有较高的安全性和较好的性能。     

基于群移动模型的战术互联网路由协议性能仿真与评估

在深入分析战术互联网特点的基础上,选取适合战术互联网节点移动特点的参考点群组移动模型,选择了几种具有代表性的无线路由协议,基于ns2网络模拟平台,以参考点群组移动模型生成移动场景文件,应用层使用CBR数据流量,对这几种协议在不同参数条件下的性能进行了模拟测试.通过对测试结果数据的分析,总结出了几种路由协议在战术互联网条件下端到端延迟、报文交付率和路由负载三个方面的特点.为进一步在战术互联网下作相关研究提供参考.     

群组通信模型及运输协议映射*

新型网络应用要求通信协议提供多点投递和相应群组管理功能,同时,高速传输服务和新型网络层协议也开始具有数据多点传输和简单群组控制能力,跨越两者的运输层协议,从而又重新成为学术研究和标准化的热点和趋势.文章主要描述建立群组通信抽象模型的过程和结论以及参照新型运输协议XTP(express transport protocol)和计算机会议应用的模型映射和评价.     

基于群组移动模型的OLSR协议性能仿真与评估

在研究移动自组网移动模型和无线路由协议的基础上,选取移动自组网中具有代表性的参考点群移动模型,基于ns2网络模拟平台,以参考点群组移动模型生成移动场景文件,应用层使用cbr数据流量,对OLSR无线路由协议在不同参数条件下的性能进行了模拟测试。通过对测试结果数据的详细分析,总结得出了OLSR无线路由协议在参考点群移动模型下端到端时延、报文交付率和路由负载三个方面的特点。为进一步研究移动自组网下基于OLSR协议的各种应用提供参考。     

一种可认证的群组密钥协商协议

群组密钥协商协议可以使得所有组员协商出一个相同的密钥,该密钥可以被用到后续的组员之间的安全通信中,保证群组通信的机密性、完整性和真实性。本文在可认证双方密钥认证协议和BD群组密钥协商协议的基础上,提出了一种可认证的群组密钥协商协议(ABD)。和BD相比,ABD不仅能抵抗被动攻击还能抵抗主动攻击。     

动态对等环境中组密钥协商协议的健壮性研究

总结提出了一种健壮的安全组通信系统一般模型,比较分析了多种组密钥协商协议,基于安全性和效率的考虑,从中选择了三种作为研究对象,描述了它们对各种异步网络事件和组成员关系变化的处理过程。在此基础上,探讨了它们不同的健壮性,并阐明了利用它们来构建健壮、可靠和安全的组通信系统的基本思路。     

安全组播中密钥分配问题的研究

组播是面向组接收者的首选网络通信技术,其重要性随着Internet的发展日益突出.组管理协议IGMP不提供成员接入控制.为了保护通信机密性,安全组播使用仅为认证组成员所知的会话加密密钥(SEK)来加密业务数据.每当组成员关系发生变化时,都应动态更新SEK,密钥分配也就成为安全组播研究的关键问题.在设计密钥分配算法时,通信开销、存储开销、抗冲击性和计算开销被认为是4个重要因素.提出了一种利用多项式展开的组密钥分配方案,其特点是不使用传统加密和解密.分析表明,其在小型组播中可获得较好的性能.将基于多项式展开的该算法与逻辑密钥层次结合,又提出了一种PE-LKH方案,在保留通信开销随组规模呈对数增长的同时,其计算复杂度有效降低,可适用于大规模动态群组.     

An ID-based authenticated dynamic group key agreement with optimal round

Group key agreement protocols are crucial for achieving secure group communications.They are designed to provide a set of users with a shared secret key to achieve cryptographic goal over a public network.When group membership changes,the session key should be refreshed efficiently and securely.Most previous group key agreement protocols need at least two rounds to establish or refresh session keys.In this paper,a dynamic authenticated group key agreement(DAGKA) protocol based on identity-based cryptography is presented.By making use of the members’ values stored in previous sessions,our Join and Leave algorithms reduce the computation and communication costs of members.In the proposed protocol,Setup and Join algorithms need one round.The session key can be refreshed without message exchange among remaining users in Leave algorithm,which makes the protocol more practical.Its security is proved under decisional bilinear Diffie-Hellman(DBDH) assumption in random oracle model.     

A secure group membership protocol

A group membership protocol enables processes in a distributed system to agree on a group of processes that are currently operational. Membership protocols are a core component of many distributed systems and have proved to be fundamental for maintaining availability and consistency in distributed applications. We present a membership protocol for asynchronous distributed systems that tolerates the malicious corruption of group members. Our protocol ensures that correct members control and consistently observe changes to the group membership, provided that in each instance of the group membership, fewer than one-third of the members are corrupted or fail benignly. The protocol has many potential applications in secure systems and, in particular, is a central component of a toolkit for constructing secure and fault-tolerant distributed services that we have implemented     

面向无人装置协同操作的安全认证协议

无人装置协同操作动态组网需要安全的群组通信。依据无线环境中的不同安全域,提出了一种具有身份保护的安全组网协议。该协议采用基于身份的匿名签名算法设计了安全组网机制,实现了传感器节点、作动器节点、密钥分发中心和控制台的四方安全认证和密钥交换,并为安全域内的无人操作装置建立了安全传输通道;采用匿名身份认证与可追溯机制相结合的方式,构建了无人操作装置间动态组网和数据安全传输,以为协同操作提供实时、安全的数据通道,实现无人操作装置在传感器和作动器级的协同。     

Secure and efficient group key management with shared key derivation

In many network applications, including distant learning, audio webcasting, video streaming, and online gaming, often a source has to send data to many receivers. IP multicasts and application-layer multicasts provide efficient and scalable one-to-many or many-to-many communications. A common secret key, the group key, shared by multiple users can be used to secure the information transmitted in the multicast communication channel. In this paper, a new group key management protocol is proposed to reduce the communication and computation overhead of group key rekeying caused by membership changes. With shared key derivation, new keys derivable by members themselves do not have to be encrypted or delivered by the server, and the performance of synchronous and asynchronous rekeying operations, including single join, single leave, and batch update, is thus improved. The proposed protocol is shown to be secure and immune to collusion attacks, and it outperforms the other comparable protocols from our analysis and simulation. The protocol is particularly efficient with binary key trees and asynchronous rekeying, and it can be tuned to meet different rekeying delay or key size requirements.     

安全组播中的密钥树最优结构

组播常用来对一组用户发送数据．为了保障安全性，安全组播使用组内共享的加密密钥对组内通信进行加密．因为组成员关系的动态性，有效进行组密钥管理成为安全组播通信性能的关键．本文研究了组密钥管理的密钥树结构，并提出了一种新的基于组成员更新概率的最优密钥树结构．这种结构能够进一步减少系统开销．实验结果表明这种密钥树结构要优于其它基于组成员更新概率的密钥树结构，同时理论分析给出了这种结构的平均更新代价的取值范围．     

Efficient Node Admission and Certificateless Secure Communication in Short-Lived MANETs

Decentralized node admission is an essential and fundamental security service in mobile ad hoc networks (MANETs). It is needed to securely cope with dynamic membership and topology as well as to bootstrap other important security primitives (such as key management) and services (such as secure routing) without the assistance of any centralized trusted authority. An ideal admission technique must involve minimal interaction among MANET nodes, since connectivity can be unstable. Also, since MANETs are often composed of weak or resource-limited devices, admission must be efficient in terms of computation and communication. Most previously proposed admission protocols are prohibitively expensive and require heavy interaction among MANET nodes. In this paper, we focus on a common type of MANET that is formed on a temporary basis, and present a secure, efficient, and a fully noninteractive admission technique geared for this type of a network. Our admission protocol is based on secret sharing techniques using bivariate polynomials. We also present a new scheme that allows any pair of MANET nodes to efficiently establish an on-the-fly secure communication channel.     

Decision Tree Based Key Management for Secure Group Communication

Group communication is widely used by most of the emerging network applications like telecommunication, video conferencing, simulation applications, distributed and other interactive systems. Secured group communication plays a vital role in case of providing the integrity, authenticity, confidentiality, and availability of the message delivered among the group members with respect to communicate securely between the inter group or else within the group. In secure group communications, the time cost associated with the key updating in the proceedings of the member join and departure is an important aspect of the quality of service, particularly in the large groups with highly active membership. Hence, the paper is aimed to achieve better cost and time efficiency through an improved DC multicast routing protocol which is used to expose the path between the nodes participating in the group communication. During this process, each node constructs an adaptive Ptolemy decision tree for the purpose of generating the contributory key. Each of the node is comprised of three keys which will be exchanged between the nodes for considering the group key for the purpose of secure and cost-efficient group communication. The rekeying process is performed when a member leaves or adds into the group. The performance metrics of novel approach is measured depending on the important factors such as computational and communicational cost, rekeying process and formation of the group. It is concluded from the study that the technique has reduced the computational and communicational cost of the secure group communication when compared to the other existing methods.     

针对大数据安全的动态群密钥传输协议

为了确保基于大数据的群通信的安全性,并提高通信效率和实用性,本文提出了一种新的动态密钥传输协议。该协议允许任何一位群成员作为发起者分发群密钥,整个密钥传输过程无需在线的可信中心,且无需安全的通信信道。该协议的安全性基于Diffie-Hellman密钥协商协议以及线性秘密共享方案。当群成员发生变更时,群通信发起者与其它群成员间共享的两方秘密无需更新,能够很好地适应群成员的动态变化。该协议适用于许多基于大数据的面向群的应用。