基于网格的组密钥管理

目前,尚未有一个综合的信任机制解决方案来满足网格安全与信任需求.网格中,群组通信是实现大规模信息资源共享的一种重要方式,但是如何保障组播的安全性却是一个十分复杂的问题.而组密钥管理策略是保障组播安全性的重要方式之一,所以对基于网格的组密钥管理的研究非常迫切.     

A scalable multicast key management scheme for heterogeneous wireless networks

Secure multicast applications require key management that provides access control. In wireless networks, where the error rate is high and the bandwidth is limited, the design of key management schemes should place emphasis on reducing the communication burden associated with key updating. A communication-efficient class of key management schemes is those that employ a tree hierarchy. However, these tree-based key management schemes do not exploit issues related to the delivery of keying information that provide opportunities to further reduce the communication burden of rekeying. In this paper, we propose a method for designing multicast key management trees that match the network topology. The proposed key management scheme localizes the transmission of keying information and significantly reduces the communication burden of rekeying. Further, in mobile wireless applications, the issue of user handoff between base stations may cause user relocation on the key management tree. We address the problem of user handoff by proposing an efficient handoff scheme for our topology-matching key management trees. The proposed scheme also addresses the heterogeneity of the network. For multicast applications containing several thousands of users, simulations indicate a 55%-80% reduction in the communication cost compared to key trees that are independent of the network topology. Analysis and simulations also show that the communication cost of the proposed topology-matching key management tree scales better than topology-independent trees as the size of multicast group grows.     

一种基于可验证秘密分享的密钥管理方案

介绍了一种应用于PKI系统中安全的密钥管理方案.利用秘密分享的方法来备份和恢复私钥,有效维护私钥的安全性.防止由一方单方面独享私钥.该方案采用可验证的秘密分享协议有效地解决了分享者欺骗的问题.     

一种基于信息流策略的组密钥管理机制

文中将多级安全的信息流策略引入到安全组通信系统中,设计了一种基于信息流策略的组密钥管理机制。该机制应用密钥多树图的管理方法保证了密钥管理效率。并引入虚用户组概念,一定程度上提高了可扩展性。密钥安全更新过程有效解决了组成员关系变动引起的安全隐患。安全性分析表明该密钥管理机制满足安全设计要求,是一种安全高效的组密钥管理机制。     

一种基于可验证秘密分享的密钥管理方案

介绍了一种应用于PKI系统中安全的密钥管理方案。利用秘密分享的方法来备份和恢复私钥,有效维护私钥的安全性,防止由一方单方面独享私钥。该方案采用可验证的秘密分享协议有效地解决了分享者欺骗的问题。     

WDM-PON中一种基于波长选择开关的组播方案

方案使用幅度和相位正交调制的方式来承载单播和组播业务,利用波长选择开关对需要组播业务的ONU(光网络单元)和不需要组播业务的ONU进行分组,进而实现组播业务的传输.整个方案的控制策略完全集中在OLT(光线路终端)一端的WSS中,简化了组播控制的方法,使整个系统简单方便.     

一种基于BGP EVPN的IP组播优化方案

针对EVPN子网内组播场景中,IGMP消息的洪泛会导致骨干网PE之间路由压力较大的问题,文中在PE设备上引入了IGMP代理,并通过构造BGP EVPN NLRI组播路由,实现了IGMP通告代理和查询代理的的方法。在多活多归场景下,通过IGMP加入同步和IGMP离开同步,保证DF正确发送BGP路由,实现该场景下的EVPN组播优化过程。与原组播方式相比,IGMP代理明显减少了EVPN网络中的IGMP流量,有效地提高了转发效率,从而达到优化IP组播的目的。     

Power proximity based key management for secure multicast in ad hoc networks

As group-oriented services become the focal point of ad hoc network applications, securing the group communications becomes a default requirement. In this paper, we address the problem of group access in secure multicast communications for wireless ad hoc networks. We argue that energy expenditure is a scarce resource for the energy-limited ad hoc network devices and introduce a cross-layer approach for designing energy-efficient, balanced key distribution trees to perform key management. To conserve energy, we incorporate the network topology (node location), the “power proximity” between network nodes and the path loss characteristics of the medium in the key distribution tree design. We develop new algorithms for homogeneous as well as heterogeneous environments and derive their computational complexity. We present simulation studies showing the improvements achieved for three different but common environments of interest, thus illustrating the need for cross-layer design approaches for security in wireless networks. Loukas Lazos received the B.S. and M.S. degrees from the Electrical Engineering Department, National Technical University of Athens, Athens, Greece, in 2000 and 2002, respectively. He is currently working towards the Ph.D. degree in the Electrical Engineering Department, University of Washington, Seattle. His current research interests focus on cross-layer designs for energy-efficient key management protocols for wireless ad-hoc networks, as well as secure localization systems for sensor networks. Radha Poovendran received the Ph.D. degree in electrical engineering from the University of Maryland, College Park, in 1999. He has been an Assistant Professor in the Electrical Engineering Department, University of Washington, Seattle, since September 2000. His research interests are in the areas of applied cryptography for multiuser environment, wireless networking, and applications of information theory to security. Dr. Poovendran is a recipient of the Faculty Early Career Award from the National Science Foundation (2001), Young Investigator Award from the Army Research Office (2002), Young Investigator Award from the Office of Naval Research (2004), and the 2005 Presidential Early Career Award for Scientists and Engineers, for his research contributions in the areas of wired and wireless multiuser security.     

Dynamics of key management in secure satellite multicast

Security is an important concern in today's information age and particularly so in satellite systems, where eavesdropping can be easily performed. This paper addresses efficient key management for encrypted multicast traffic transmitted via satellite. We consider the topic of encrypting traffic in large multicast groups, where the group size and dynamics have a significant impact on the network load. We consider life cycle key management costs of a multicast connection, and show for a logical key hierarchy (LKH) how member preregistration and periodic admission reduces the initialization cost, and how the optimum outdegree of a hierarchical tree varies with the expected member volatility and rekey factor. This improves network utilization, but encryption at the network layer can pose problems on satellite links. We, therefore, propose and analyze an interworking solution between multilayer Internet protocol security (IPSEC) and LKH that also reduces key management traffic while enabling interworking with performance enhancing modules used on satellite links.     

IDBS系统中基于本地缓存的VOD组播方案

首先概述了交互式数据广播系统(IDBs)的结构特点及应用现状,然后主要介绍了一种在IDBs系统中使用的基于本地理存的VOD组播方案,主要阐述了它的工作过程和优点,并进行了简单的性能分析。     

A fast multicast IP-routing lookup scheme

This paper proposes a fast multicast IP-routing lookup scheme, which adopts a compression bit map conception for forwarding information. The proposed scheme can achieve fast address lookup speed and reasonable forwarding table size.     

基于有根树的多点传送密钥分配技术分析

本文研究了一种多点传送中发生成员撤消时的基于有根树的密钥分配方案，分析了成员撤消事件的熵和分配给成员的最优平均密钥数量之间的关系，表明该方案的可扩展性、存储需求和通信负载之间达到了平衡。     

A contention-free mobility management scheme based on probabilisticpaging

In forthcoming personal communication systems (PCSs), small cells are deployed to achieve high spectral efficiency. This has significant impacts on location tracking of mobile users. The increase in location update (LU) load leads to more contention on the reverse control channel. Thus, many algorithms are designed to distribute the LU load to a larger number of cells. This avoids the inefficiency of random accessing due to high offered load. In an alternative approach (Wong 1995), a contention-free LU algorithm is proposed. Two or more mobile units are permitted to register with a base station simultaneously without contention. A probabilistic paging mechanism called Bloom filtering is used to select cells to be paged. Since there is no contention in LU, inefficiencies due to random accessing are bypassed. In this paper, we present another contention-free LU algorithm. It is hybrid in the sense that LUs are temporally or geographically triggered. The use of hybrid LU alleviates inefficiencies inherent to temporal triggered LU in Wong. Three selective paging schemes are considered in this paper. Tradeoff between paging delay and paging bandwidth is addressed. The performance of this algorithm is compared to Wong and other conventional strategies. Numerical results show that the new algorithm compares favorably with previous proposed strategies     

Design of secure multicast key management schemes withcommunication budget constraint

We study the problem of distributing cryptographic keys to a secure multicast group with a single sender and multiple receivers. We show that the problem of designing key distribution model with specific communication overhead can be posed as a constraint optimization problem. Using the formulation, we show how to minimize the number of keys to be stored by the group controller. An explicit design algorithm with given key update communication budget is also presented     

基于GIS平台的CATV网络管理方案

论述了基于GIS平台的有线电视网络的管理方案，将GIS的空间管理与有线电视的网络管理有机地结合起来。并进一步阐述了有线电视网络管理的功能、组成及其系统设计方案。     

一种基于OpenFlow的实验室网络动态管理方案

网络功能的多样化要求网络路由具有可变性,这对于传统网络管理来说是一个不小的挑战。SDN(software defined networking)技术的兴起给网络管理带来了新的思路。应用程序通过调用SDN控制器的北向接口操作控制器,使控制器通过其南向接口实现对交换设备(主要是流表)进行管理,从而改变网络路由、网络拓扑等,实现对网络的动态管理,文中提出的一种基于OpenFlow的网络流动态规划方案能很好地工作于教室型网络系统,稍加改动即可应用于其它功能型网络。     

MobiCast: A multicast scheme for wireless networks

In this paper, we propose a multicast scheme known as MobiCast that is suitable for mobile hosts in an internetwork environment with small wireless cells. Our scheme adopts a hierarchical mobility management approach to isolate the mobility of the mobile hosts from the main multicast delivery tree. Each foreign domain has a domain foreign agent. We have simulated our scheme using the Network Simulator and the measurements show that our multicast scheme is effective in minimizing disruptions to a multicast session due to the handoffs of the mobile group member, as well as reducing packet loss when a mobile host crosses cell boundaries during a multicast session.     

基于邻居覆盖信息和节点移动速度的无线自组网多播方案

针对无线自组网节点的移动导致多播可靠性降低、开销和时延增加的问题,提出基于邻居覆盖信息的多播方案。该方案通过少量的Hello报文收集一跳内的邻居信息,并据此实时计算节点的密度系数、邻居节点未覆盖率等参数,利用所获参数动态调整节点的多播数据转发时延与转发概率。为进一步降低时延,提出一种基于节点移动速度的数据分发方案,它允许部分快速移动节点采用更高的概率转发多播数据。将其扩展至多播方案中,形成基于邻居覆盖信息和节点移动速度的多播方案。NS2的仿真结果表明,与现有方案相比,该方案将分组投递率提高27%,控制开销减少33.2%,并将端到端平均时延降低45%。     

基于移动设备的USB Key身份认证方案

提出一种基于移动设备的USB Key身份认证方案,主要用于解决在移动设备端传统身份认证技术中存在的安全问题。在移动设备端使用USB Key身份认证技术可以很好地提高移动设备对用户身份认证的安全性。主要从两方面进行论述:移动设备端是如何获取USB Key中的数字证书并进行身份认证,从而保证移动设备环境下的安全;移动设备端的用户是如何进行身份认证,从而保证应用服务的安全性。通过安全性分析和实验可得出,这种身份认证技术可有效地抵御移动设备端账户和服务攻击。     

Group key management scheme for large-scale sensor networks

Wireless sensor networks are inherently collaborative environments in which sensor nodes self-organize and operate in groups that typically are dynamic and mission-driven. Secure communications in wireless sensor networks under this collaborative model calls for efficient group key management. However, providing key management services in wireless sensor networks is complicated by their ad-hoc nature, intermittent connectivity, large scale, and resource limitations. To address these issues, this paper proposes a new energy-efficient key management scheme for networks consisting of a large number of commodity sensor nodes that are randomly deployed. All sensor nodes in the network are anonymous and are preloaded with identical state information. The proposed scheme leverages a location-based virtual network infrastructure and is built upon a combinatorial formulation of the group key management problem. Secure and efficient group key initialization is achieved in the proposed scheme by nodes autonomously computing, without any communications, their respective initial group keys. The key server, in turn, uses a simple location-based hash function to autonomously deduce the mapping of the nodes to their group keys. The scheme enables dynamic setup and management of arbitrary secure group structures with dynamic group membership.