针对大数据安全的动态群密钥传输协议

为了确保基于大数据的群通信的安全性,并提高通信效率和实用性,本文提出了一种新的动态密钥传输协议。该协议允许任何一位群成员作为发起者分发群密钥,整个密钥传输过程无需在线的可信中心,且无需安全的通信信道。该协议的安全性基于Diffie-Hellman密钥协商协议以及线性秘密共享方案。当群成员发生变更时,群通信发起者与其它群成员间共享的两方秘密无需更新,能够很好地适应群成员的动态变化。该协议适用于许多基于大数据的面向群的应用。     

移动自组网络分布式组密钥更新算法

安全性是移动自组网络组通信的基本需求,安全、高效的组密钥更新算法是保证组通信安全的关键.在移动自组网络分布式组密钥管理框架(distrbuted group key management framework,简称DGKMF)的基础上,提出了一种组密钥更新算法--DGR(distributed group rekeying)算法.该算法能够利用局部密钥信息更新组密钥,适合拓扑结构变化频繁、连接短暂、带宽有限的移动自组网络.为了进一步降低算法的通信代价,通过在组密钥更新时动态生成组密钥更新簇，对DGR算法进行了改进，提出了CDGR(cluster distributed group rekeying)算法，并讨论了上述算法的安全性、正确性和完备性，分析了算法的通信代价.最后，利用ns2模拟器对算法的性能进行了分析.模拟结果显示，DGR和CDGR算法在组密钥更新成功率和延迟等方面均优于其他算法，并且由于采用簇结构，CDGR算法的更新延迟低于DGR算法.     

Group key agreement for secure group communication in dynamic peer systems

Self-organizing group key agreement protocols without a centralized administrator are essential to secure group communication in dynamic peer systems. In this paper, we propose a generic construction of a one-round self-organizing group key agreement protocol based on the Chinese Remainder Theorem. In the proposed construction, all group members contribute their own public keys to negotiate a shared encryption public key, which corresponds to all different decryption keys. Using his/her own secret key, each group member is able to decrypt any ciphertext encrypted by the shared encryption key. Following the generic construction, we instantiate a one-round self-organizing group key agreement protocol using the efficient and computationally inexpensive public key cryptosystem NTRU. Both the public key and the message in this protocol are secure against the known lattice attacks. Furthermore, we also briefly describe another concrete scheme with our generic idea, based on the ElGamal public key cryptosystem.     

安全高效的群组密钥协商协议

群组密钥协商(GKA)是保证随后安全通信的重要手段之一。提出了一种新的群组密钥协商协议,在协议中,参与者可以通过一系列算法对其他参与者的真伪进行验证。该协议以较低的计算成本实现参与者安全的会话密钥协商,具备可容错性和长期私钥可重用性的特点。分析表明可抵抗多数常见攻击。     

移动通信系统中的认证与密钥协商协议

提出了一种新的身份认证与密钥协商协议,该协议可以实现通信双方的相互认证,并通过协商产生安全的会话密钥。协议将对称密码体制和非对称密码体制有机地结合起来,非对称密码体制采用密钥比特少且安全性高的椭圆曲线密码体制。经过性能分析,该协议安全、有效,比较适合在移动通信系统中使用。     

自主群密钥更新模型研究

针对分布式网络群组密钥更新中非更新成员参与共享密钥计算增加交互延时问题,提出一种自主密钥更新模型,通过DH协议和多项式设计一种自主群组密钥管理方案,具有单加密密钥多解密密钥加密解密性质。更新过程中,更新成员本地自主更新公开加密密钥,无需在线KMC支持,保护非更新成员解密密钥的有效性,减少密钥更新延时和非更新成员的计算开销,具有自主密钥更新模型的性质,适用延时受限的无线网络场景。     

An authenticated group key transfer protocol using elliptic curve cryptography

Several groupware applications like e-conferences, pay-per view, online games, etc. require a common session key to establish a secure communication among the group participants. For secure communication, such applications often need an efficient group key establishment protocol to construct a common session key for group communications. Conventional group key transfer protocols depends on mutually trusted key generation center (KGC) to generate and distribute the group key to each participant in each session. However, those approaches require extra communication overheads in the server setup. This paper presents an efficient and secure group key transfer protocol using elliptic curve cryptography (ECC). The proposed protocol demonstrates a novel group key transfer protocol, in which one of the group member plays the role of KGC (the protocol without an online KGC, which is based on elliptic curve discrete logarithm problem (ECDLP) and Shamir’s secret sharing scheme. The confidentiality of the proposed protocol is ensured by Shamir’s secret sharing, i.e., information theoretically secure and provides authentication using ECDLP. Furthermore, the proposed protocol resists against potential attacks (insider and outsider) and also significantly reduces the overheads of the system. The security analysis section of the present work also justifies the security attributes of the proposed protocol under various security assumptions.     

An extension of secure group communication using key graph

With the continuously emerging of Internet applications based on secure group communication, the design of secure group communication becomes an important Internet design topic. Group key management is important for secure group communication. Previous work focuses on key tree, which is an important type of key graphs. In this paper, we first propose another type of key graph—key link-tree, which shows better performance than key tree in single rekeying. Considering that the adoption of key link-tree results in worse than key tree in batch rekey, we propose two transform algorithms between key tree and key link-tree, which can get better rekey performance.     

An novel three-party authenticated key exchange protocol using one-time key

Three-party authenticated key exchange protocol (3PAKE) is an important cryptographic technique for secure communication which allows two parties to agree a new secure session key with the help of a trusted server. In this paper, we propose a new three-party authenticated key exchange protocol which aims to achieve more efficiency with the same security level of other existing 3PAKE protocols. Security analysis and formal verification using AVISPA tools show that the proposed protocol is secure against various known attacks. Comparing with other typical 3PAKE protocols, the proposed protocol is more efficient with less computation complexity.     

Efficient group key management for multi-privileged groups

Multi-privileged group communications containing multiple data streams have been studied in the traditional wired network environment and the Internet. With the rapid development of mobile and wireless networks and in particular mobile ad-hoc networks (MANETs), the traditional Internet has been integrated with mobile and wireless networks to form the mobile Internet. The multi-privileged group communications can be applied to the mobile Internet. Group users can subscribe to different data streams according to their interest and have multiple access privileges with the support of multi-privileged group communications. Security is relatively easy to be guaranteed in traditional groups where all group members have the same privilege. On the other hand, security has been a challenging issue and is very difficult to handle in multi-privileged groups. In this paper, we first introduce some existing rekeying schemes for secure multi-privileged group communications and analyze their advantages and disadvantages. Then, we propose an efficient group key management scheme called ID-based Hierarchical Key Graph Scheme (IDHKGS) for secure multi-privileged group communications. The proposed scheme employs a key graph, on which each node is assigned a unique ID according to access relations between nodes. When a user joins/leaves the group or changes its access privileges, other users in the group can deduce the new keys using one-way function by themselves according to the ID of joining/leaving/changing node on the graph, and thus the proposed scheme can greatly reduce the rekeying overhead.     

独立网络中新的双方密钥协商协议

现有的密钥协商协议大多研究同一密钥生成中心(KGC)下的安全会话,即参与者的参数都由同一KGC提供。为了实现处于不同KGC中的参与者的安全会话,采用椭圆曲线设计方案提出了一种新的基于身份的双方认证密钥协商协议,新协议实现了两个具有独立参数的KGC中参与者的安全密钥协商。还利用改进的Blake-Wilson模型对新协议的安全性进行了严格的形式化证明。通过分析表明该新协议不但具有足够的安全性,而且还具备计算量小、效率高的特点,因而,可用于对能耗要求高的轻量级设备中。     

Novel multiparty quantum key agreement protocol with GHZ states

In many circumstances, a shared key is needed to realize secure communication. Based on quantum mechanics principles, quantum key agreement (QKA) is a good method to establish a shared key by every party’s fair participation. In this paper, we propose a novel three-party QKA protocol, which is designed by using Greenberger–Horne–Zeilinger (GHZ) states. To realize the protocol, the distributor of the GHZ states needs only one quantum communication with the other two parties, respectively, and everyone performs single-particle measurements simply. Then, we extend the three-party QKA protocol to arbitrary multiparty situation. At last, we discuss the security and fairness of the multiparty protocol. It shows that the new scheme is secure and fair to every participant.     

用密钥封装机制实现IPSec密钥建立

出在网络层的安全协议IPSec中引入密钥封装机制(KEM),通过密钥传输实现IPSec密钥建立.在目前基于密钥交换的IKEv2协议之外,提供了另一种密钥建立的方法.对所给协议的分析表明,在同样需要交换证书进行消息认证的情况下,KEM密钥传输协议与IKEv2协议同样安全,并且更加有效.     

Efficient and provably secure password-based group key agreement protocol

This paper considers the issue on authenticated group key agreement protocol among n users broadcasting communication over an insecure public network. Many authenticated group Diffie-Hellman key agreement protocols have been proposed to meet the challenges. However, existing protocols are either limited by the use of public key infrastructure or by their scalability, requiring O(n) rounds. To overcome these disadvantages, we propose an efficient password-based group key agreement protocol resistant to the dictionary attacks by adding password-authentication services to a non-authenticated multi-party key agreement protocol proposed by Horng. The proposed protocol is very efficient since it only requires constant rounds to agree upon a session key, and each user broadcasts a constant number of messages and only requires four exponentiations. Under the Decisional Diffie-Hellman assumption, we will show the proposed protocol is provably secure in both the ideal-cipher model and the random-oracle model.     

A group key agreement protocol for intelligent internet of things system

The application of intelligent computing in Internet of Things (IoTs) makes IoTs systems such as telemedicine, in-vehicle IoT, and smart home more intelligent and efficient. Secure communication and secure resource sharing among intelligent terminals are essential. A secure communication channel for intelligent terminals can be established through group key agreement (GKA), thereby ensuring the security communication and resource sharing for intelligent terminals. Taking into account the confidentiality level of the shared resources of each terminal, and the different permissions of the resource sharing of each terminal, a GKA protocol for intelligent IoTs is proposed. Compared with previous work, this protocol mainly has the following advantages: (1) The hidden attribute identity authentication technology can achieve the security of identity authentication and protect personal privacy from being leaked; (2) Only intelligent terminals satisfying the threshold required of the GKA can participate in the GKA, which increases the security of group communication; (3) Low-level group terminals can obtain new permissions to participate in high-level group communication if they meet certain conditions. High-level group terminals can participate in low-level group communication through permission authentication, which increases the flexibility and security of group communication; (4) The intelligent terminals in the group can use their own attribute permission parameters to calculate the group key. They can verify the correctness of the calculated group key through a functional relationship, and does not need to exchange information with other members in the same group. Under the hardness assumption of inverse computational Diffie-Hellman problem and discrete logarithm problem, it is proven that the protocol has high security, and compared with the cited literatures, it has good advantages in terms of computational complexity, time cost and communication energy cost.     

Enable Secure Group Communication in the Mobile Environment

This paper considers the key management issue of secure group communication in a highly mobile networking environment. In such environment, there are frequent joining and leaving of members due to roaming or suspending for a period. In order to preserve forward and backward confidentiality, it is necessary to rekey every time a member joins or leaves. This paper introduces a new state-based group key management framework suitable for highly mobile environment. In this scheme, a member enters "Park" state when it is going to roam or suspend for a period, when it becomes active again, it send a request to the key server to get the current group key and changes its state to "Active" again. No rekeying is needed for a roaming, and reliable delivery of rekeying messages is not required for "Park" members. The scheme can notably reduce the communication overhead and provide an efficient method for error recovery.     

一种安全高效的在线移动支付协议

针对现有移动支付中客户端有限的功耗、处理能力及安全性等问题,提出了一种安全高效的在线移动支付协议。该协议采用客户与银行共享的离线伪随机数作为密钥进行高效认证,能实现高效身份认证及会话密钥协商。客户与商家交易过程中采用共享密钥加密敏感信息,能有效减轻客户端计算开销及实现非否认性。经过效率分析比较及BAN逻辑证明,该协议能以较低的计算及通信量获得较高的安全性,非常适合在移动终端上实现。     

MANET中基于邻居节点权值的可验证组密钥更新算法

相对于传统有线网络集中化组密钥管理协议和算法,门限秘密共享技术能很好地适应移动自组网（MANET）的特点,提供高效可靠的安全保证。为了防止退出节点合谋重构组私钥威胁组通信安全,安全高效的组密钥更新算法是关键。在对合谋问题进行深入分析的基础上,本文提出了基于邻居节点权值的可验证的组密钥更新算法。该算法在保持组
私钥不变的情况下主动更新组成员的私钥份额,有效地解决了节点合谋、更新通信量大、恶意节点参与更新等问题。     

一种动态组播的密钥更新算法

为了保证组播通信的机密性,安全组播使用不为组外成员所知的密钥来加密数据,并随组成员关系的变化而动态更新。基于树型分层式密钥管理方式使用户变更时的密钥更新代价减小,但前提是密钥树必须保持平衡。本文提出了一种应用m序B树作为组密钥树的密钥管理方法,在组播组中加入一个新成员,本方案比传统方案减少了密钥更新开销量,提高密钥更新效率。     

自组网中一种新的组密钥更新策略

组播是自组网应用中的一个重要组成部分,如何对组播通信中的密钥进行管理,使得密钥能够安全地分发和高效地更新是目前的一个研究热点。该文提出了一种新的组密钥更新策略。利用多个密钥池进行密钥预分发,建立对称密钥进行组密钥的更新,基于ID的密码系统,降低节点的计算量和通信量。该策略的安全模型符合主动外部攻击模型,满足强安全性。对新策略的安全和性能进行了详细的分析。