一种基于LKH的分层式安全组播密钥管理方案

安全组播是组播技术走向实用化必须解决的问题。在组成员动态变化时,设计一个高效的密钥管理方案是安全组播研究的主要问题。该文提出了一种基于LKH模型的分层式组播密钥管理方案。该方案基于分层机制将一个组播分为几个小组,并且采用了指数函数和随机密钥,使得在组成员离开组播时,具体的密钥更新由组成员自己完成。该方案比传统方案减少了密钥更新开销量,提高密钥更新效率,并缩减了密钥存储量。     

一种新的基于LKH的组播密钥更新方案

安全组播是组播技术走向实用化必须解决的问题.在组成员动态变化时,设计一个高效的密钥管理方案是安全组播研究的主要问题.本文提出了一种基于LKH模型的组播密钥更新方案.该方案基于分层机制将一个组播分为几个小组,并且采用指数函数和随机密钥,使得在组成员离开组播时,具体的密钥更新由组成员自己完成.本方案比传统方案减少了密钥更新开销量,提高了密钥更新效率,并缩减了密钥存储量.     

一种基于成员发现协议的可扩展组播密钥管理方案

在分析现有组播密钥管理协议的基础上,提出了一种基于成员发现协议的组播密钥管理方案。针对实际的Internet拓扑结构,引入成员发现协议生成包含组成员的覆盖树,再通过组生成算法将整个参与组播的各终端用户形成的组播组划分成若干个虚拟的组播子组,组安全控制器将组密钥安全分发给各个子组安全控制器,子组内采用LKH方法实现密钥管理。该协议本质为一种二级层次结构的密钥管理协议,具有较好的可扩展性,在密钥更新代价方面取得了较好的性能,适合于大型组播群组。     

Using AVL trees for fault-tolerant group key management

In this paper we describe an efficient algorithm for the management of group keys for group communication systems. Our algorithm is based on the notion of key graphs, previously used for managing keys in large Internet-protocol multicast groups. The standard protocol requires a centralized key server that has knowledge of the full key graph. Our protocol does not delegate this role to any one process. Rather, members enlist in a collaborative effort to create the group key graph. The key graph contains n keys, of which each member learns log₂n of them. We show how to balance the key graph, a result that is applicable to the centralized protocol. We also show how to optimize our distributed protocol, and provide a performance study of its capabilities. Published online: 26 October 2001     

基于代理的分布式大型动态组播密钥管理协议

参照分布式方法代表性协议Iolus提供的组播密钥管理安全框架和因特网组管理协议IGMP，设计了一种新的分布式密钥管理体系结构，组播组由一些分布的组播子组构成，采用一种改进的LKH协议实现子组内密钥管理，提出了一种基于代理的分布式的大型动态组播密钥管理协议，并通过增加签名标记改进了现有密钥管理协议对成员身份认证的不足。与LKH、Iolus协议相比．该文协议降低了“1影响N”问题，具有较好的可扩展性，有效降低了协议通信延迟和带宽等负载。     

Secure and efficient group key management with shared key derivation

In many network applications, including distant learning, audio webcasting, video streaming, and online gaming, often a source has to send data to many receivers. IP multicasts and application-layer multicasts provide efficient and scalable one-to-many or many-to-many communications. A common secret key, the group key, shared by multiple users can be used to secure the information transmitted in the multicast communication channel. In this paper, a new group key management protocol is proposed to reduce the communication and computation overhead of group key rekeying caused by membership changes. With shared key derivation, new keys derivable by members themselves do not have to be encrypted or delivered by the server, and the performance of synchronous and asynchronous rekeying operations, including single join, single leave, and batch update, is thus improved. The proposed protocol is shown to be secure and immune to collusion attacks, and it outperforms the other comparable protocols from our analysis and simulation. The protocol is particularly efficient with binary key trees and asynchronous rekeying, and it can be tuned to meet different rekeying delay or key size requirements.     

一种新的无线网络组播密钥管理方案

在无线网络中,多播组成员的变化是劝态的,在某些特殊应用中,成员可能会在一段时间段内频繁地加入和离开,此时有线网络中的传统组播密钥管理方法就会体现出不足。针对此不足,提出一种适应于无线网络的组播密钥管理方案。该方案根据地理位置将组播成员划分为不同子组,每个子组根据本子组成员的变化情况来设置密钥更新间隔TTR和请求数的阀值RT。通过子组管理员来协调本子组与其他成员通信保持一致,提高通信效率、降低异步问题。理论分析和仿真结果表明：该方案在保证组播成员安全通信的基础上,显著地降低无线网络中的组播应用因密钥更新导致的通信开销,从而提高密钥更新效率,使无线网络在处理大流量等应用问题的同时,也具有较高的安全性。     

基于成员隶属关系的组播密钥管理方案

组播密钥管理是组播安全的核心问题。通过组成员的隶属关系建立成员的等级树结构,结构中利用单向函数链生成层间密钥来维护上下层访问权限,并将最下层子组内成员密钥构成逻辑密钥树;研究了成员动态变化时的层间密钥、子组密钥更新方法;对模型的安全性和负载进行分析。分析表明方案满足前向保密、后向保密等安全需求,避免了单点失效问题的发生,适用于大型动态变化的具有成员隶属关系的部门组播应用。     

高效的动态安全组播密钥协商方案

组播提供了一种发送者可以同时发送信息到多个接收者的高效通信机制。设计高效的密钥协商方案是实现安全组播的主要环节。以双线性对为工具,本文提出了一个新的基于身份的动态安全组播密钥协商方案,并具体地分析了当新提出的密钥协商方案用于组播时,子组之间的通信过程,以及组成员动态变化时密钥的更新过程,结果表明该方案在降低计算和通信代价方面取得了较好的效果,且满足组播密钥协商的各种安全要求。     

基于ECC的动态安全组播密钥协商方案

设计高效的密钥协商方案是动态安全组播的难点.提出一个应用椭圆曲线密码体制进行密钥协商而在基于身份的公钥系统内进行组通信的全新安全组播方案.具体地分析了子组成员的密钥协商和子组间的通信过程,以及组成员动态变化时密钥的更新过程,结果表明,该方案在降低计算和通信代价方面取得了较好的效果,且满足密钥协商的安全要求.     

一种改进LKH的组播密钥管理方案

逻辑密钥树方案有效地减轻了组播通信中组成员及组控制器的负担,但组通信过程中的开销较大。提出了一种新的组播密钥管理方案,该方案根据组成员失效概率大小,将失效概率大的组成员置于右子树中右孩子节点处,而根节点和左孩子为相同组成员,从而构建逻辑密钥二叉树,这与现存LKH方案中密钥树的创建过程不同。通过对逻辑密钥二叉树的构造以及仿真实验的分析,均说明该方案在节点失效后的密钥更新量、节点的存储量比LKH方案要小,网络的抵抗性能好。     

Secure multicast in dynamic environments

A secure multicast framework should only allow authorized members of a group to decrypt received messages; usually, one “group key” is shared by all approved members. However, this raises the problem of “one affects all”, whereby the actions of one member affect the whole group. Many researchers have solved the problem by dividing a group into several subgroups, but most current solutions require key distribution centers to coordinate secure data communications between subgroups. We believe this is a constraint on network scalability. In this paper, we propose a novel framework to solve key management problems in multicast networks. Our contribution is threefold: (1) We exploit the ElGamal cryptosystem and propose a technique of key composition. (2) Using key composition with proxy cryptography, the key distribution centers used in secure multicast frameworks are eliminated. (3) For key composition, the framework is designed to resist node failures and support topology reconstruction, which makes it suitable for dynamic network environments. Without reducing the security or performance of proxy cryptography, we successfully eliminate the need for key distribution centers. Our analysis shows that the proposed framework is secure, and comparison with other similar frameworks demonstrates that it is efficient in terms of time and space complexity. In addition, the costs of most protocol operations are bounded by constants, regardless of a group’s size and the number of branches of transit nodes.     

容忍入侵服务器中组通信认证与访问控制机制

针对提高容忍入侵应用服务器群组通信动态安全性,提出了容忍入侵应用服务器组通信的认证与访问控制.在认证机制中,通过可信的服务器组对客户端的身份认证,有效阻止攻击者的伪群组的运行.在访问控制机制中,通过由所有组成员共同决定是否允许新成员的加入.在允许新成员加入群组后,相比于所有组成员协商组策略,通过发送组策略给新成员有效地降低了通信开销.     

Multiparty Authentication Services and Key Agreement Protocols with Semi-Trusted Third Party

This paper introduces a new family of group key establishment protocols suitable for small or medium-sized groups.Five protocols are presented,using a semi-trusted server,with varying security service,The first one is a non-authenticated key agreement protocol suitable for applications with low security requirements.The second protocol adds an authenticated key agreement to provide collaborative authentication.The third and the fourth protocols provide key establishment with integrity and confirmation services,and the fifth protocol is the member adding protocol.A major advantage of the protocols is that they reduce the numbers of rouds from n to 5.     

基于向量时间的因果序通信协议的研究与设计

对于一个由多个成员组成的分布式应用如CSCW、副本数据库应用等来说,一个成员为了完成其所承担的任务,通常不仅要给其它成员发送组播消息,而且还要给某个或某些成员发送单播消息,并且这些消息形成了一种相互依赖的因果序关系。为了有效地支持成员之间的交互及分布式应用的开发,提出了一个新的基于向量时间的因果序单播、组播混合通信协议－CR＿UMcast协议。该协议允许组成员既可以发送组播消息,又可以发送单播消息,并且保证按它们之间的因果优先顺序进行传递。     

基于身份的椭圆曲线密码体制安全组播方案

提出一个应用椭圆曲线密码体制进行密钥协商而在基于身份的公钥密码系统内进行组通信的全新安全组播方案,分析子组成员的密钥协商和子组间的通信过程,以及组成员动态变化时密钥的更新过程。结果表明,该方案在降低计算和通信代价方面可取得较好的效果,且满足密钥协商的安全要求。     

An authenticated group key transfer protocol using elliptic curve cryptography

Several groupware applications like e-conferences, pay-per view, online games, etc. require a common session key to establish a secure communication among the group participants. For secure communication, such applications often need an efficient group key establishment protocol to construct a common session key for group communications. Conventional group key transfer protocols depends on mutually trusted key generation center (KGC) to generate and distribute the group key to each participant in each session. However, those approaches require extra communication overheads in the server setup. This paper presents an efficient and secure group key transfer protocol using elliptic curve cryptography (ECC). The proposed protocol demonstrates a novel group key transfer protocol, in which one of the group member plays the role of KGC (the protocol without an online KGC, which is based on elliptic curve discrete logarithm problem (ECDLP) and Shamir’s secret sharing scheme. The confidentiality of the proposed protocol is ensured by Shamir’s secret sharing, i.e., information theoretically secure and provides authentication using ECDLP. Furthermore, the proposed protocol resists against potential attacks (insider and outsider) and also significantly reduces the overheads of the system. The security analysis section of the present work also justifies the security attributes of the proposed protocol under various security assumptions.     

一种基于第三方认证的无线组密钥协商协议*

提出一种基于第三方认证的组密钥协商协议,用于在无线Mesh网络环境下的移动用户间的协同工作。经过安全性分析和性能分析得出,新协议不仅可以对组用户提供私密性保护,而且协议参与者的身份得到认证,此外,每个成员的计算成本和通信量显著降低,提高了协议的执行效率。因此,该协议是无线Mesh网络环境下的一种新型、可靠的组密钥协商协议。     

针对大数据安全的动态群密钥传输协议

为了确保基于大数据的群通信的安全性,并提高通信效率和实用性,本文提出了一种新的动态密钥传输协议。该协议允许任何一位群成员作为发起者分发群密钥,整个密钥传输过程无需在线的可信中心,且无需安全的通信信道。该协议的安全性基于Diffie-Hellman密钥协商协议以及线性秘密共享方案。当群成员发生变更时,群通信发起者与其它群成员间共享的两方秘密无需更新,能够很好地适应群成员的动态变化。该协议适用于许多基于大数据的面向群的应用。     

Centralized key distribution protocol using the greatest common divisor method

Designing a key distribution protocol with minimal computation and storage complexity is a challenging issue in secure multimedia multicast. In most of the multimedia multicast applications, the group membership requires secured dynamic key generation and updation operations that usually consume much of the computation time. In this paper, we propose a new GCD (Greatest Common Divisor) based Key Distribution Protocol which focuses on two dimensions. The first dimension deals with the reduction of computation complexity which is achieved in our protocol by performing fewer multiplication operations during the key updation process. To optimize the number of multiplication operations, the existing Karatsuba divide and conquer approach for multiplication is used in this proposed work. The second dimension aims at reducing the amount of information stored in the Group Center and group members while performing the update operation in the key content. The proposed algorithm which focuses on these two dimensions has been implemented and tested using a Cluster tree based key management scheme and has been found to produce promising results. Comparative analysis to illustrate the performance of various key distribution protocols is shown in this paper and it has been observed that this proposed algorithm reduces the computation and storage complexity significantly.