一种安全组播传输策略

IP组播建立在一个非封闭的传输系统上,为了实现安全组播,除了密钥加密信息,还需要下层的通讯子网提供支持,这样才能彻底实现安全封闭的组播通讯。其中讨论了一些流行的密钥管理框架,密钥更新方案以及用户管理机制。通过这些方案可以防止信息泄漏、Dos攻击、组攻击、伪造信息,从而实现了组播的安全通讯。     

SECURE GROUP COMMUNICATIONS FOR LARGE DYNAMIC MULTICAST GROUP

As the major problem in multicast security, the group key management has been the focus of research. But few results are satisfactory. In this paper, the problems of group key management and access control for large dynamic multicast group have been researched and a solution based on SubGroup Secure Controllers (SGSCs) is presented, which selves many problems in IOLUS system and WGL scheme.     

WSN中同构模型下动态组密钥管理方案

研究了同构网络模型的组密钥管理问题,首次给出了一个明确的、更完整的动态组密钥管理模型,并提出了一种基于多个对称多项式的动态组密钥管理方案。该方案能够为任意多于2个且不大于节点总数的节点组成的动态多播组提供密钥管理功能,解决了多播组建立、节点加入、退出等所引发的与组密钥相关的问题。该方案支持节点移动,具有可扩展性,并很好地解决了密钥更新过程中多播通信的不可靠性。组成员节点通过计算获得组密钥,只需要少量的无线通信开销,大大降低了协商组密钥的代价。分析比较认为,方案在存储、计算和通信开销方面具有很好的性能,更适用于资源受限的无线传感器网络。     

无线传感器网络中具有撤销功能的自愈组密钥管理方案

在有限域F_q上构造基于秘密共享的广播多项式,提出一种具有节点撤销功能的组密钥更新方案.同时,基于单向散列密钥链建立组密钥序列,采用组密钥预先更新机制,容忍密钥更新消息的丢失,实现自愈.分析表明,在节点俘获攻击高发的环境中,方案在计算开销和通信开销方面具有更好的性能.     

Efficient network coding techniques for time constrained multicast narrowband power line communications

Nowadays, power line communication (PLC) technology is receiving a renewed attention in many application fields. In particular, PLC is quite attractive for what concerns novel paradigms as smart microgrid systems and smart buildings. This paper deals with a proposal of a PLC scheme that efficiently allows multicast services based on the use of an efficient network coding (NC) scheme. Furthermore, an analytical approach is outlined to pursue the performance optimization of the proposed solution. Finally, the good behavior of the proposed NC approach is highlighted by presenting performance comparisons with the classical NC alternative.     

HIKES: Hierarchical key establishment scheme for wireless sensor networks

This paper presents a hierarchical key establishment scheme called HIKES. The base station in this scheme, acting as the central trust authority, empowers randomly selected sensors to act as local trust authorities authenticating, on its behalf, the cluster members and issuing private keys. HIKES uses a partial key escrow scheme that enables any sensor node selected as a cluster head to generate all the cryptographic keys needed to authenticate other sensors within its cluster. This scheme localizes secret key issuance and reduces the communication cost with the base station. HIKES provides an efficient broadcast authentication in which source authentication is achieved in a single transmission and a good defense for the routing mechanism. HIKES defends the routing mechanism against most known attacks and is robust against node compromise. HIKES also provides high addressing flexibility and network connectivity to all sensors in the network, allowing sensor addition and deletion. Simulation results have shown that HIKES provides an energy‐efficient and scalable solution to the key management problem. Copyright © 2012 John Wiley & Sons, Ltd.     

一种新型的ASON安全组播信令协议

针对自动变换光网络组播信令过程中存在的安全威胁,提出了一种高效的基于GMPLS RSVP-TE的安全组播信令协议。该协议采用P2MP(point-to-multipoint)信令模型,通过数字签名和消息反馈等安全机制,对信令消息中的不变对象和重要可变对象实施保护。考虑到组播成员的动态变化特性,采用高效的组密钥管理策略保证组通信的前向安全性和后向安全性。经仿真实验及分析表明,该协议在保证安全建立组播树的同时,取得了较好的连接阻塞性能和较低的密钥更新时延。     

A source authentication scheme based on message recovery digital signature for multicast

The source authentication is an important issue for the multicast applications because it can let the receiver know whether the multicast message is sent from a legal source or not. However, the previously related schemes did not provide the confidentiality for data packets. In addition, the communication costs of these schemes are still high for real‐time applications in the multicast environments. To solve the aforementioned problems, we propose a new source authentication scheme based on message recovery signature for multicast in this paper. In the proposed scheme, the encrypted data can be embedded in the digital signature, so the communication loads can be greatly reduced. In addition, the digital signature contains the encrypted data, and thus the confidentiality of data packets can be well protected. According to the aforementioned advantages, the proposed scheme is securer and more efficient than the related works for the real‐time applications. Copyright © 2013 John Wiley & Sons, Ltd.     

Group and hierarchical key management for secure communications in internet of things

Different devices with different characteristics form a network to communicate among themselves in Internet of Things (IoT). Thus, IoT is of heterogeneous in nature. Also, Internet plays a major role in IoT. So, issues related to security in Internet become issues of IoT also. Hence, the group and hierarchical management scheme for solving security issues in Internet of Things is proposed in this paper. The devices in the network are formed into groups. One of the devices is selected as a leader of each group. The communication of the devices from each group takes place with the help of the leader of the corresponding group using encrypted key to enhance the security in the network. Blom's key predistribution technique is used to establish secure communication among any nodes of group. The hierarchy is maintained such that the security can be increased further, but the delay is increased as it takes time to encrypt at every level of hierarchy. Hence, the numbers of levels of hierarchy need to be optimized such that delay is balanced. Hence, this algorithm is more suitable for delay‐tolerant applications. The performance of the proposed Algorithm is evaluated and is proved to perform better when compared with the legacy systems like Decentralized Batch‐based Group Key Management Protocol for Mobile Internet of Things (DBGK).     

SKWN: Smart and dynamic key management scheme for wireless sensor networks

In the era of the Internet of Things (IoT), we are witnessing to an unprecedented data production because of the massive deployment of wireless sensor networks (WSNs). Typically, a network of several hundred sensors is created to ensure the interactions between the cyber world and the physical world. Unfortunately, the intensive use of this kind of networks has raised several security issues. Indeed, many WSN‐based applications require secure communication in order to protect collected data. This security is generally ensured by encryption of communication between sensors, which requires the establishment of many cryptographic keys. Managing these keys, within a protocol, is an important task that guarantees the effectiveness of the security mechanism. The protocol should be intelligently adaptable not only to intrusion events but also to the security level needed by some applications. An efficient protocol optimizes also sensors energy and consequently increases the network life cycle. In this paper, we propose, a smart and dynamic key management scheme for hierarchical wireless sensor networks (SKWN). Our protocol offers three subschemes to deal with key establishment, key renewal, and new node integration. Regarding existing schemes, SKWN does not only provide reliable security mechanisms, but it also optimizes energy consumption and overheads related to the communication and memory usage. Furthermore, our approach relies on a machine learning approach to monitor the state of the network and decide the appropriate security level. We provide a formal approach and its implementation, together with simulations allowing to compare resources usage with respect to existing approaches.     

OMAC: A new access control architecture for overlay multicast communications

Multicast communications concern the transfer of data among multiple users. Multicast communications can be provided at the network layer—an example is IP multicast—or at the application layer, also called overlay multicast. An important issue in multicast communications is to control how different users—senders, receivers, and delivery nodes—access the transmitted data as well as the network resources. Many researchers have proposed solutions addressing access control in IP multicast. However, little attention has been paid to overlay multicast. In this paper, we investigate the access control issues in overlay multicast and present OMAC: a new solution to address these issues. OMAC provides access control for senders, receivers, and delivery nodes in overlay multicast. The proposed architecture, which is based on symmetric key cryptosystem, centralizes the authentication process in one server whereas it distributes the authorization process among the delivery nodes. Moreover, delivery nodes are utilized as a buffer zone between end systems and the authentication server, making it less exposed to malicious end systems. To evaluate our work, we have used simulation to compare the performance of OMAC against previous solutions. Results of the simulation show that OMAC outperforms previous multicast access control schemes. Copyright © 2010 John Wiley & Sons, Ltd.     

基于有根树的多点传送密钥分配技术分析

本文研究了一种多点传送中发生成员撤消时的基于有根树的密钥分配方案，分析了成员撤消事件的熵和分配给成员的最优平均密钥数量之间的关系，表明该方案的可扩展性、存储需求和通信负载之间达到了平衡。     

Novel chaotic block encryption scheme for WSN based on dynamic sub key

In view of high efficiency and security requirements in WSN encryption algorithm,a lightweight chaotic block encryption algorithm was designed and a novel scheme of dynamic sub keys extension was proposed.To greatly reduce the computing burden of WSN nodes,this scheme made full use of WSN cloud servers monitoring platform,which was powerful in data computing and processing,and transfered the sub keys synchronization task from nodes to cloud servers.Experimental results and performance analysis show that the scheme has good characteristics of diffusion,confusion and statistical balance,strong key security and high algorithm efficiency.It has a good application prospect in the field of WSN communication encryption.     

公开可验证的部分密钥托管方案

我们在已经存在的部分密钥托管方案的基础上提出一种新的称为公开可验证的部分密钥托管方案。该方案可以使得任何人对分配给托管人的秘密进行验证，并且验证是非交互的、脱线的。在恢复阶段监听机构不依赖托管人的可信性，仍然能够恢复出用户正确的私钥。     

一种基于信息流策略的组密钥管理机制

文中将多级安全的信息流策略引入到安全组通信系统中,设计了一种基于信息流策略的组密钥管理机制。该机制应用密钥多树图的管理方法保证了密钥管理效率。并引入虚用户组概念,一定程度上提高了可扩展性。密钥安全更新过程有效解决了组成员关系变动引起的安全隐患。安全性分析表明该密钥管理机制满足安全设计要求,是一种安全高效的组密钥管理机制。     

A scalable multicast key management scheme for heterogeneous wireless networks

Secure multicast applications require key management that provides access control. In wireless networks, where the error rate is high and the bandwidth is limited, the design of key management schemes should place emphasis on reducing the communication burden associated with key updating. A communication-efficient class of key management schemes is those that employ a tree hierarchy. However, these tree-based key management schemes do not exploit issues related to the delivery of keying information that provide opportunities to further reduce the communication burden of rekeying. In this paper, we propose a method for designing multicast key management trees that match the network topology. The proposed key management scheme localizes the transmission of keying information and significantly reduces the communication burden of rekeying. Further, in mobile wireless applications, the issue of user handoff between base stations may cause user relocation on the key management tree. We address the problem of user handoff by proposing an efficient handoff scheme for our topology-matching key management trees. The proposed scheme also addresses the heterogeneity of the network. For multicast applications containing several thousands of users, simulations indicate a 55%-80% reduction in the communication cost compared to key trees that are independent of the network topology. Analysis and simulations also show that the communication cost of the proposed topology-matching key management tree scales better than topology-independent trees as the size of multicast group grows.     

一种基于时间结构树的多播密钥管理方案

随着Internet的发展,多播通信技术得到了广泛的应用.其中组密钥管理是多播安全的核心问题.文中在分析已有研究的基础上,提出了一种基于时间结构树的密钥管理方案,采用周期性的密钥更新机制,通过安全滤波器分配新的组密钥,大大减少了密钥更新时的传输消息,提高了密钥更新的效率,实现密钥更新的可靠性.     

基于QoS的动态组播路由算法

在分析了网络中基于QoS的组播路由问题的基础上,本文提出了一种新的动态算法,并进行了实验和分析,文中构造的路由方案成功地解决了当网络中存在多个组播及组播节点动态变化情况下的QoS路由选择问题,此方案不仅保证了带宽,端到端延时和延时抖动,优化了路由树的代价,而且有效地控制了算法的复杂性并可适用于大规模的网络中。     

一种基于可验证秘密分享的密钥管理方案

介绍了一种应用于PKI系统中安全的密钥管理方案。利用秘密分享的方法来备份和恢复私钥,有效维护私钥的安全性,防止由一方单方面独享私钥。该方案采用可验证的秘密分享协议有效地解决了分享者欺骗的问题。     

Min-max load balancing scheme for mixed multicast and unicast services in LTE networks

To avoid the traffic congestion in long term evolution (LTE) networks,a min-max load balancing (LB) scheme is proposed to minimize the demanded radio resources of the maximum loaded cell.For the mixed ...