Scalable and lightweight key distribution for secure group communications

Securing group communications in dynamic and large‐scale groups is more complex than securing one‐to‐one communications due to the inherent scalability issue of group key management. In particular, cost for key establishment and key renewing is usually relevant to the group size and subsequently becomes a performance bottleneck in achieving scalability. To address this problem, this paper proposes a new approach that features decoupling of group size and computation cost for group key management. By using a hierarchical key distribution architecture and load sharing, the load of key management can be shared by a cluster of third parties without revealing group messages to them. The proposed scheme provides better scalability because the cost for key management of each component is independent of the group size. Specifically, our scheme incurs constant computation and communication overheads for key renewing. In this paper, we present the detailed design of the proposed scheme and performance comparisons with other schemes. Briefly, our scheme provides better scalability than existing group key distribution approaches. Copyright © 2004 John Wiley & Sons, Ltd.     

An authenticated group key distribution mechanism using theory of numbers

A group key distribution protocol can enable members of a group to share a secret group key and use it for secret communications. In 2010, Harn and Lin proposed an authenticated group key distribution protocol using polynomial‐based secret sharing scheme. Recently, Guo and Chang proposed a similar protocol based on the generalized Chinese remainder theorem. In this paper, we point out that there are some security problems of Guo and Chang's protocol and propose a simpler authenticated group key distribution protocol based on the Chinese remainder theorem. The confidentiality of our proposed protocol is unconditionally secure. Copyright © 2013 John Wiley & Sons, Ltd.     

CA系统中基于用户分组的EMM分发机制

提出了一种新颖的用户分组机制以降低条件接收系统的复杂度.与传统密钥分发机制相比,该方案在保证系统安全性并实现条件接收系统功能的前提下,大大减少了系统中授权管理信息的数据量,提高了系统的业务管理效率.     

An optimized QoS scheme for IMS‐NEMO in heterogeneous networks

The network mobility (NEMO) is proposed to support the mobility management when users move as a whole. In IP Multimedia Subsystem (IMS), the individual Quality of Service (QoS) control for NEMO results in excessive signaling cost. On the other hand, current QoS schemes have two drawbacks: unawareness of the heterogeneous wireless environment and inefficient utilization of the reserved bandwidth. To solve these problems, we present a novel heterogeneous bandwidth sharing (HBS) scheme for QoS provision under IMS‐based NEMO (IMS‐NEMO). The HBS scheme selects the most suitable access network for each session and enables the new coming non‐real‐time sessions to share bandwidth with the Variable Bit Rate (VBR) coded media flows. The modeling and simulation results demonstrate that the HBS can satisfy users' QoS requirement and obtain a more efficient use of the scarce wireless bandwidth. Copyright © 2011 John Wiley & Sons, Ltd.     

Group key management scheme for large-scale sensor networks

Wireless sensor networks are inherently collaborative environments in which sensor nodes self-organize and operate in groups that typically are dynamic and mission-driven. Secure communications in wireless sensor networks under this collaborative model calls for efficient group key management. However, providing key management services in wireless sensor networks is complicated by their ad-hoc nature, intermittent connectivity, large scale, and resource limitations. To address these issues, this paper proposes a new energy-efficient key management scheme for networks consisting of a large number of commodity sensor nodes that are randomly deployed. All sensor nodes in the network are anonymous and are preloaded with identical state information. The proposed scheme leverages a location-based virtual network infrastructure and is built upon a combinatorial formulation of the group key management problem. Secure and efficient group key initialization is achieved in the proposed scheme by nodes autonomously computing, without any communications, their respective initial group keys. The key server, in turn, uses a simple location-based hash function to autonomously deduce the mapping of the nodes to their group keys. The scheme enables dynamic setup and management of arbitrary secure group structures with dynamic group membership.     

An authenticated group key distribution protocol based on the generalized Chinese remainder theorem

The group key distribution protocol is a mechanism for distributing a group key that is used to encrypt the communication data transmitted in an open group. Recently, a novel group key distribution protocol based on secret sharing was proposed. In their protocol, the group key information is broadcast in an open network environment, and only authorized group members can obtain the group key. However, their protocol requires each group member to broadcast a random challenge to the rest of the group members in the construction of the group key, and this may increase communication cost and cause network traffic congestion. In this paper, we propose an authenticated group key distribution protocol based on the generalized Chinese remainder theorem that drastically reduces communication costs while maintaining at least the same degree of security. Our protocol is built on the secret sharing scheme based on Chinese remainder theorem, which requires fewer computation operations than the previous work. Copyright © 2012 John Wiley & Sons, Ltd.     

一种高效的群组通信数据安全机制

文章提出的数据安全机制依赖于计算离散对数的难度,采用一种平面结构的密钥管理方式.每个用户可以通过其持有的秘密信息推导出群组通信的会话密钥,减少了用户之间的依赖性,因此可以简化密钥的动态更新问题;并且在通信过程中无需传递用户信息,不会泄漏用户身份;另外这种方式建立维护容易、密钥存储量和通信量都是最小的,适用于希望提供有效的安全群组通信服务中小规模应用.     

基于GHZ态纠缠交换的量子确定性密钥分发方案

为了提高确定性密钥分发效率,提出了基于GHZ态纠缠交换的量子确定性密钥分发(Quantum deterministic key distribution,QDKD)方案,方案充分利用量子力学纠缠交换的原理,通信双方通过共享一对GHZ粒子态,在纠缠、测量操作后接收者Bob可根据发送者Alice发送的经典信息推断出确定密钥,该协议与其他基于GHZ纠缠态的QDKD方案不同之处在于,使用的两个GHZ粒子态制备操作且粒子分发操作由Bob完成,安全分析表明窃听者的窃听行为会被及时发现。所提出的方案是高效的,除去用于窃听检测的粒子,所剩的粒子全部用于信息传输,能够达到60%的密钥分发效率,且方案可操作性强.     

一种新的基于身份的安全组播密钥协商方案

密钥管理是安全组播的难点。该文提出了一个新的基于身份的密钥协商方案,并具体地分析了子组之间的通信过程,以及组成员动态变化时密钥的更新过程。结果表明该方案满足密钥协商安全性要求,且在降低计算和通信代价方面取得了较好的效果。     

Self-healing group key distribution with time-limited node revocation for wireless sensor networks

A novel key distribution scheme with time-limited node revocation is proposed for secure group communications in wireless sensor networks. The proposed scheme offers two important security properties: the seal-healing re-keying message distribution which features periodic one-way re-keying with implicitly authentication, efficient tolerance for the lost re-keying messages, and seamless Traffic Encryption Key (TEK) switch without disrupting ongoing data transmissions; and the time-limited dynamic node attachment and detachment, so that both forward and backward secrecy is assured by dual directional hash chains. It is shown that the communication and computation overhead of the proposed protocol is light, and the protocol is robust under poor communication channel quality and frequent group node topology change.     

没有SDC的(t，n)门限秘密共享方案

利用椭圆曲线离散问题对数问题的难解性,给出了基于椭圆曲线密码体制的(t,n)门限秘密共享方案。基于门限秘密共享方案一般分为需要SDC和不需要SDC两类,在分布式环境下,一个被所有成员信任的SDC并不存在,不需要SDC的门限秘密共享方案的安全性得到很大的提高,该方案中由组成员共同生成群公钥和私有密钥。并给出了当新成员加入时,无SDC下的周期密钥分片的更新方案。还给出了一个本方案数据实例,最后对本方案的安全性进行了分析。     

Self-healing group-wise key distribution schemes with time-limited node revocation for wireless sensor networks

In this article two novel group-wise key distribution schemes with time-limited node revocation are introduced for secure group communications in wireless sensor networks. The proposed key distribution schemes are based on two different hash chain structures, dual directional hash chain and hash binary tree. Their salient security properties include self-healing rekeying message distribution, which features a periodic one-way rekeying function with efficient tolerance for lost rekeying messages; and time-limited dynamic node attachment and detachment. Security evaluation shows that the proposed key distribution schemes generally satisfy the requirement of group communications in WSNs with lightweight communication and computation overhead, and are robust under poor communication channel quality.     

Security analysis on a conference scheme for mobile communications

The conference key distribution scheme (CKDS) enables three or more parties to derive a common conference key to protect the conversation content in their conference. Designing a conference key distribution scheme for mobile communications is a difficult task because wireless networks are more susceptible to attacks and mobile devices usually obtain low power and limited computing capability. In this paper we study a conference scheme for mobile communications and find that the scheme is insecure against the replay attack. With our replay attack, an attacker with a compromised conference key can cause the conferees to reuse the compromised conference key, which in turn completely reveals subsequent conversation content.     

云存储环境下的密文安全共享机制

With the convenient of storing and sharing data in cloud storage environment,the concerns about data security arised as well.To achieve data security on untrusted servers,user usually stored the encrypted data on the cloud storage environment.How to build a cipertext-based access control scheme became a pot issue.For the access control problems of ciphertext in cloud storage environment,a CP-ABE based data sharing scheme was proposed.Novel key generation and distribution strategies were proposed to reduce the reliance on a trusted third party.Personal information was added in decryption key to resistant conclusion attacks at the same time.Moreover,key revocation scheme was proposed to provide the data backward secrecy.The security and implement analysis proves that proposed scheme is suit for the real application environment.     

协同认知无线电MANET中的功率控制性能分析与仿真

针对现有移动通信系统与MANET共享同一频带时产生相互干扰的问题,文中分析了带有载干噪比信息认知方式的特征和性能,提出了基于全方位终端分布的仿真模型,并进行了计算机仿真。仿真结果证明,本方案能够较全面地反映出两个系统之间的干扰情况,分析方法和结论可以作为设计共享同一频带通信系统的参考。     

Measuring and Improving the Performance of Network Mobility Management in IPv6 Networks

Measuring the performance of an implementation of a set of protocols and analyzing the results is crucial to understanding the performance and limitations of the protocols in a real network environment. Based on this information, the protocols and their interactions can be improved to enhance the performance of the whole system. To this end, we have developed a network mobility testbed and implemented the network mobility (NEMO) basic support protocol and have identified problems in the architecture which affect the handoff and routing performance. To address the identified handoff performance issues, we have proposed the use of make-before-break handoffs with two network interfaces for NEMO. We have carried out a comparison study of handoffs with NEMO and have shown that the proposed scheme provides near-optimal performance. Further, we have extended a previously proposed route optimization (RO) scheme, OptiNets. We have compared the routing and header overheads using experiments and analysis and shown that the use of the extended OptiNets scheme reduces these overheads of NEMO to a level comparable with Mobile IPv6 RO. Finally, this paper shows that the proposed handoff and RO schemes enable NEMO protocol to be used in applications sensitive to delay and packet loss.     

Key distribution for secure VSAT satellite communications

This paper presents modified Yacobi (1989) scheme that does not use the secret key provided by the key distribution center, but uses instead a random number generated by the user. This paper also presents the modified Diffie-Hellman (1976) and ID (identity) method which has directly mutual authentication between users and is able to defend the network from impostors. The proposed scheme based on the DH was applied to VSAT satellite communications and simulated on a PC using Montgomery (1993) algorithm and MD5 (Message Digest) for a feasible study of secure VSAT satellite communications     

Host mobility key management in dynamic secure group communication

The key management has a fundamental role in securing group communications taking place over vast and unprotected networks. It is concerned with the distribution and update of the keying materials whenever any changes occur in the group membership. Wireless mobile environments enable members to move freely within the networks, which causes more difficulty to design efficient and scalable key management protocols. This is partly because both member location dynamic and group membership dynamic must be managed concurrently, which may lead to significant rekeying overhead. This paper presents a hierarchical group key management scheme taking the mobility of members into consideration intended for wireless mobile environments. The proposed scheme supports the mobility of members across wireless mobile environments while remaining in the group session with minimum rekeying transmission overhead. Furthermore, the proposed scheme alleviates 1-affect-n phenomenon, single point of failure, and signaling load caused by moving members at the core network. Simulation results shows that the scheme surpasses other existing efforts in terms of communication overhead and affected members. The security requirements studies also show the backward and forward secrecy is preserved in the proposed scheme even though the members move between areas.     

基于优化GDH协商的高效安全群组密钥管理方案

针对GDH(group diffie-hellman)方案中节点可能成为系统的瓶颈以及计算复杂度、通信代价和存储复杂度远高于某些集中式方案等缺陷,提出并实现了一种基于优化GDH协商的高效安全的动态群组密钥管理方案,并对其安全性进行了证明。通过对计算量和通信量进行分析比较表明,优化GDH协商协议具有很大的优势,并且能够快速产生或更新组密钥,具有很强的实用性。     

基于四粒子纠缠态的量子秘密共享方案

基于2个不同的四粒子纠缠态分别提出了三方、四方量子秘密共享方案,其中采用的秘密信息是一个相同的未知两粒子纠缠态。在量子秘密共享方案中发送者对所拥有的粒子实施适当的Bell态（或GHZ态）测量,发送者和合作者通过经典通讯把测量结果告知信息接收者,接收者在其他合作者的协助下通过实施相应的量子操作完成对初始量子态信息的重构。对所提出的2个方案进行了讨论和比较,发现四方量子秘密共享方案的安全性更加可靠。