共查询到20条相似文献,搜索用时 247 毫秒
1.
2.
在对组播密钥更新的典型方案分析的基础上,提出一种M维几何球形组播密钥更新方案,组密钥更新时利用了兄弟节点之间协作产生父节点密钥,从而有效降低组密钥更新的通信开销,同时不增加计算开销和存储开销,并能保证更新时的前向安全性和后向安全性.同时,采用批量更新方案,对大量用户的加入和移出进行优化,有效地降低密钥更新的通信开销,仿真结果证明,本文的方案具有较低的通信量,适用于大型动态组播应用场景. 相似文献
3.
传感器网络中一种基于分布式更新权限的组密钥管理方案 总被引:6,自引:1,他引:5
传统网络中的组密钥管理方案一般依赖于一个长期可信的节点,由该节点存储其他所有用户的信息进行组密钥管理.与传统网络不同的是传感器网络不存在这种可信节点,而且其资源十分有限,因此传统网络中的组密钥管理方案不适合传感器网络.结合传感器网络的特性,提出一种基于分布式更新权限的组密钥管理方案DRA,DRA在组密钥更新过程中引入广播机制,并构造权限分布函数、组密钥隐藏函数及广播认证函数以实现对妥协节点的剔除(revocation)及更新信息的完整性鉴别.理论分析及仿真结果表明,方案DRA在保证安全性的同时具有较小的存储开销和通信开销,并能有效地避免孤立节点的问题. 相似文献
4.
安全机制中密钥管理方案的研究一直是组播通信的研究热点。从组播通信的安全分析入手,在基于组播密钥管理方案的基础上,提出了一种新的组播密钥管理方案,并实现了网络的动态更新。分析结果表明,该方案在保证网络安全的同时,能够减少节点的通信量,降低网络开销,延长网络的生存周期。 相似文献
5.
6.
提出了一种新的逻辑密钥树(LKH)改进方案,每个用户可以根据自己的私钥通过计算得到加密密钥,任何成员的变化都不需要更新其它用户的密钥,从而减少了更新密钥时的额外开销,组管理器存储的密钥数,叶子节点存储的密钥数和用户离开/加入时的加解密数.研究了密钥的周期更新,有效地防止多个非法用户共谋,提高了组播的安全性能. 相似文献
7.
8.
组播密钥更新中的R-LKH方案密钥更新效率低、组控制器和组成员的计算开销高。该文提出一种改进算法,采用结合单向函数和随机数的高效更新算法提高密钥更新效率,降低组播组的通信量。分析并比较成员加入/离开组过程的组播和单播通信量,结果表明改进后算法的通信开销和计算开销都低于R-LKH。 相似文献
9.
组播常用来对一组用户发送数据.为了保障安全性,安全组播使用组内共享的加密密钥对组内通信进行加密.因为组成员关系的动态性,有效进行组密钥管理成为安全组播通信性能的关键.本文研究了组密钥管理的密钥树结构,并提出了一种新的基于组成员更新概率的最优密钥树结构.这种结构能够进一步减少系统开销.实验结果表明这种密钥树结构要优于其它基于组成员更新概率的密钥树结构,同时理论分析给出了这种结构的平均更新代价的取值范围. 相似文献
10.
11.
《Computer Communications》2007,30(11-12):2497-2509
Multi-privileged group communications containing multiple data streams have been studied in the traditional wired network environment and the Internet. With the rapid development of mobile and wireless networks and in particular mobile ad-hoc networks (MANETs), the traditional Internet has been integrated with mobile and wireless networks to form the mobile Internet. The multi-privileged group communications can be applied to the mobile Internet. Group users can subscribe to different data streams according to their interest and have multiple access privileges with the support of multi-privileged group communications. Security is relatively easy to be guaranteed in traditional groups where all group members have the same privilege. On the other hand, security has been a challenging issue and is very difficult to handle in multi-privileged groups. In this paper, we first introduce some existing rekeying schemes for secure multi-privileged group communications and analyze their advantages and disadvantages. Then, we propose an efficient group key management scheme called ID-based Hierarchical Key Graph Scheme (IDHKGS) for secure multi-privileged group communications. The proposed scheme employs a key graph, on which each node is assigned a unique ID according to access relations between nodes. When a user joins/leaves the group or changes its access privileges, other users in the group can deduce the new keys using one-way function by themselves according to the ID of joining/leaving/changing node on the graph, and thus the proposed scheme can greatly reduce the rekeying overhead. 相似文献
12.
In multi-privileged group communications, since users, who can subscribe to different data streams according to their interests, have multiple access privileges, security issues are more difficult to be solved than those in traditional group communications. The common drawback of traditional key management schemes is that they will result in the “one-affect-many” problem, because they use a key graph to manage all the keys in a group, which makes one key being shared by many users. Recently, a key-policy attribute-based encryption (KP-ABE) scheme is proposed to encrypt messages to multiple users efficiently, which has been applied in secure multi-privileged group communications. However, user revocation in KP-ABE is still not resolved when applied to multi-privileged group communications. So, in this paper, by uniquely combining a collusion-resistant broadcast encryption system and a KP-ABE system with a non-monotone access structure, we propose a scalable encryption scheme for multi-privileged group communications (EMGC). Based on the features of different multi-privileged group communication systems, we also propose two constructions for our EMGC scheme. With the two constructions, a system can support a user not only to join/leave a group at will, but also to change his access privilege on demand, and the expenses during rekeying operations are small. Therefore, our scheme, which can accommodate a dynamic group of users, is more applicable to multi-privileged group communications. 相似文献
13.
Authenticated group key exchange (AGKE) protocol provides secure group communications for participants in cooperative and distributed applications over open network environments such as the Internet and wireless networks. In the past, a number of AGKE protocols based on the identity (ID)-based public key system (IDPKS) have been proposed, called ID-AGKE protocols. In the IDPKS system, users’ identities are viewed as the public keys to eliminate certificate management of the traditional certificate-based public key system. Nevertheless, any certificate-based public key systems or IDPKS systems must provide a revocation mechanism to revoke misbehaving/compromised users from the public key systems. However, there was little work on studying the revocation problem of the IDPKS system. Quite recently, Tseng and Tsai presented a new ID-based encryption scheme and its associated revocation mechanism to solve the revocation problem efficiently, called revocable ID-based public key system (R-IDPKS). In this paper, we follow Tseng and Tsai’s R-IDPKS system to propose the first revocable ID-AGKE (RID-AGKE) protocol. Security analysis is made to demonstrate that the proposed RID-AGKE protocol is a provably secure AGKE protocol and can resist malicious participants. As compared to the recently proposed ID-AGKE protocols, the proposed RID-AGKE protocol is provably secure and has better performance while providing an efficient revocation mechanism. 相似文献
14.
基于身份的公钥加密(Identity-based Encryption,简称IBE)体制采用用户ID作为公钥,无需公钥证书操作,较传统的PKI体系具有开发部署简单、应用成本低等优势,尤其适用于密钥集中式管理的企业级应用。设计了一个基于Web Service的IBE密钥管理服务系统IBE Service,实现各个网络安全域内的用户密钥管理,提供以用户安全策略为中心的密钥服务;基于IBE Service开发了一个面向通用文件加密的客户端应用,主要通过SOAP服务接口实现基于XML的IBE密钥数据交互。新型的文件加密系统可将接收方ID直接映射为公钥,接收方自动向IBE Service获取私钥完成文件解密,具有安全、便捷等优点,且支持灵活的ID安全策略管理。 相似文献
15.
Group key agreement protocols are crucial for achieving secure group communications.They are designed to provide a set of users with a shared secret key to achieve cryptographic goal over a public network.When group membership changes,the session key should be refreshed efficiently and securely.Most previous group key agreement protocols need at least two rounds to establish or refresh session keys.In this paper,a dynamic authenticated group key agreement(DAGKA) protocol based on identity-based cryptography is presented.By making use of the members’ values stored in previous sessions,our Join and Leave algorithms reduce the computation and communication costs of members.In the proposed protocol,Setup and Join algorithms need one round.The session key can be refreshed without message exchange among remaining users in Leave algorithm,which makes the protocol more practical.Its security is proved under decisional bilinear Diffie-Hellman(DBDH) assumption in random oracle model. 相似文献
16.
为了有效地解决椭圆曲线数字签名算法不能直接运用在密钥分配协议的局限性,同时又能提供数字签名不具备的保密性,提出了一种新的密钥分配协议。考虑到无线传感网络中节点的身份标识是节点之间识别的唯一标记,完全能够将其嵌入到椭圆曲线数字签名算法中,并以握手的方式实现通信节点之间的双向身份认证和共享通信密钥的建立,通信密钥对信息的双重保护实现了公开信道上的安全通信。通过正确性验证、安全性分析及时间复杂度分析,表明了协议性能的提升和算法的有效性。 相似文献
17.
无线传感器网络中基于临时初始密钥的密钥管理协议 总被引:3,自引:0,他引:3
针对网络中相邻节点对通信、局部广播通信及新节点认证中的安全问题,提出无线传感器网络中基于临时初始密钥的密钥管理协议-PLA协议.该协议要求在网络部署的时候为每个节点分配唯一的标识符和一个临时初始密钥.节点基于临时初始密钥和相关信息建立用于节点对之间通信的密钥(Pairwise Key,简称点对密钥)、用于与其所有邻居节点同时通信的局部广播密钥(Local Broadcast Key,简称局部广播密钥)以及用于认证新加入节点的认证密钥(Authentication Key,简称认证密钥).与现有协议如LEAP协议和OTMK协议相比较,该协议降低了能耗,提高了安全性. 相似文献
18.
《Journal of Parallel and Distributed Computing》2001,61(10):1456-1471
We propose a novel highly distributed system called IDOS (Internet Distributed Objects System) for Buy/Sell interactions on the Internet. In IDOS there is no main or single site that handles user interactions. Instead, each new user “joins” a dynamic graph of users that are currently interested in a specific type of Buy/Sell interaction. The objects for the Buy/Sell interactions are moved between the nodes (users) of the dynamic graph. The Buy/Sell interactions are therefore realized by updating the objects whenever they pass through the current node. This should solve the communication bottleneck caused by the common use of central servers for interactions on the Internet. It does, however, pose a distributed routing problem where messages sent by the users must be distributed between all the “interested” users that are currently connected to the graph. The proposed routing algorithm should overcome the dynamic changes that occur in the graph's topology because some of the users leave the graph while others join it. The proposed solution is to use random walks to distribute the messages, so that the ever-changing topology of the dynamic graph can be overlooked. Consequently, there is no notion of addresses in the system; each user knows only how to communicate with her neighbors. The user must wait until the desired object reaches its node. This simplifies the communication layer, since the centralized client/server TCP/IP infrastructure can be replaced by a point-to-point communication system. We use a system of multiple random “postmen” to overcome the potential communications delay caused by the theoretical large cover-time required by random-walks in graphs. Experimental results of the system as well as how it can be employed to realize public auctions are discussed. 相似文献
19.
社交网络新增恶意用户检测作为一项分类任务,一直面临着数据样本不足、恶意用户标注稀少的问题。在数据有限的情况下,为了能够精确地检测出恶意用户,提出一种基于自适应差异化图卷积网络的检测方法。该方法通过提取社交网络中的用户特征和社交关系构建社交网络图。构建社交网络图后,计算节点与邻居的相似度,并对邻居进行优先级排序,利用优先级顺序采样关键邻居。关键邻居的特征通过自适应权重的加权平均方式聚合到节点自身,以此更新节点特征。特征更新后的节点通过特征降维和归一化计算得到恶意值,利用恶意值判断用户的恶意性。实验表明该方法和其他方法相比,具有更高的恶意用户查全率和整体查准率,并且能够快速地完成对新增用户的检测,证明了自适应差异化图卷积网络能够有效捕捉到少量样本的关键特征。 相似文献