High Performance Group Merging/Splitting Scheme for Group Key Management

The group merging/splitting event is different to the joining/leaving events in which only a member joins or leaves group, but in the group merging/splitting event two small groups merge together into a group or a group is divided into two independent parts. Rekeying is an importance issue for key management whose target is to guarantee forward security and backward security in case of membership changes, however rekeying efficiency is related to group scale in most existing group key management schemes, so as to those schemes are not suitable to the applications whose rekeying time delay is limited strictly. In particular, multiple members are involved in the group merging/splitting event, thus the rekeying performance becomes a worried problem. In this paper, a high performance group merging/splitting group key management scheme is proposed based on an one-encryption-key multi-decryption-key key protocol, in the proposed scheme each member has an unique decryption key that is corresponding to a common encryption key so as to only the common encryption key is updated when the group merging/splitting event happens, however the secret decryption key still keeps unchanged. In efficiency aspect, since no more than a message on merging/splitting event is sent, at time the network load is reduced since only a group member’s key material is enough for other group members to agree a fresh common encryption key. In security aspect, our proposed scheme achieves the key management security requirements including passive security, forward security, backward security and key independence. Therefore, our proposed scheme is suitable to the dynamitic networks that the rekeying time delay is limited strictly such as tolerate delay networks.     

Research on Self-Adaptive Group Key Management in Deep Space Networks

Deep space network is a must-have technology to improve communication, navigation, and propulsion in future space missions, a very long physical distance among space entities is difficult to overcome efficiently as a space mission could cover a huge space, some distinguished negative features including long time delay and non-reliable end-to-end link deteriorate channel state seriously, thence the operations of rekey could not be implemented on time due to poor channel state which incurs frequently failure and provides more opportunities for adversary in assaulting group key management consequently. To solve the question, a self-adaption group key management scheme is put forward for long time delay and non-reliable end-to-end link network, multi-decryption keys protocol is designed as a container for involving shared decryption keys, every shared decryption key is divided into a few key fragments with threshold cryptograph whose scale is different to adjust the environment requirement, so different numbers of key fragments are applied to the decryption process according to the channel state, the public key material can be revised by a legitimated entity for rekeying without 1-affect-n problem. Any legitimated entities have capability of cooperating to implement different decryption process with different threshold cryptograph mechanisms, thus a few entities cooperate to withdraw a shared key without the leaving entity’s participation in rekeying, so the reliable end-to-end channel for the leaving entity is not necessary. In security aspect, the decryption keys meet key independence, the backward security and forward security are guaranteed in rekeying, and the probability of selected cipher text attack is negligible for an adversary under hardness assumption. Therefore the suggested scheme provides a less message cost rekeying method, it reduces time delay, and the failure of rekeying is tolerated in order to adapt to the non-reliable end-to-end link. Therefore the suggested scheme is suitable to long time delay and non-reliable end-to-end link deep space networks.

     

Efficient Group Key Management for Non-reliable Link Networks

Some multi communication networks don’t provide a reliable link for group key management, so as to implementing rekeying is failure frequently. To deal with the question, this paper presents a novel group key management scheme for non-reliable link networks, a ciphertext encrypted a secret shared key can be decrypted with any legitimate members whose scale is more than the threshold value, even if part of members’ links aren’t reliable. In rekeying process, each key fragment is divided into two parts with he shared production mechanism, so as to the member’s independent key fragments still keep unchanged, but imperative updated key belongs to the group manager. Therefore, in efficient aspect, the message and computation cost of rekeying is reduced, and the dependence of the reliable channel is reduced; in the security aspect, our proposed scheme can guarantee forward security and backward security, and secure against collusion attack even if the number of leaving member is more than the threshold value. Therefore, our proposed scheme is suitable to the non-reliable link networks.     

Autonomous Shared Key Management Scheme for Space Networks

Key management is more difficult in space networks than in ground wireless networks as long time delay, large scale and difficult maintain. The main challenge is how to handle 1-affects- $n$ problem,which becomes more serious as space entities spread over a wide geographic area. To solve the question, this paper proposes a one-to-many mapping shared key agreement, which is based on one-to-many encryption mechanism model. In the proposed key agreement, each entity has different decryption key and shares an encryption key. When an entity joins or leaves network, updated keys only are a public encryption key and its decryption key. However, the other entities’ secret key remains unchanged, so as to each member has the ability to update key autonomously and securely, legitimate member has capability of revoke it’s secret decryption key independency without other member’s agreement. Consequently the performance of the proposed key management scheme is unrelated to the network scale, node mobility and topology structure. It is shown that our proposed key management scheme not only improves the efficiency and flexibility for space networks, but also achieves good security properties, including forward security and backward security and many more by theoretical analyses.     

基于LKH混合树模型的新型组播密钥更新方案

安全组播是组播技术走向实用化必须解决的问题。在组成员动态变化时,设计一个高效的密钥管理方案是安全组播研究的主要问题。提出了一种基于新型混合树模型的组播密钥更新方案。该方案将GC的存储开销减小为4,同时,在成员加入或离开组时,由密钥更新引起的通信开销与nm保持对数关系(n为组成员数,m为每一族包含的成员数)。     

Defense against collusion scheme based on elliptic curve cryptography for wireless sensor networks

Wireless Sensor Networks (WSNs) are being deployed for a wide variety of applications and the security problems of them have received considerable attention. Considering the limitations of power, com-putation capability and storage resources, this paper proposed an efficient defense against collusion scheme based on elliptic curve cryptography for wireless sensor networks in order to solve the problems that sensor node-key leaking and adversaries make compromised nodes as their collusions to launch new attack. In the proposed scheme, the group-key distribution strategy is employed to compute the private key of each sensor node, and the encryption and decryption algorithms are constructed based on Elliptic Curve Cryptography (ECC). The command center (node) only needs to broadcast a controlling header with three group elements, and the authorized sensor node can correctly recover the session key and use it to decrypt the broadcasting message. Analysis and proof of the proposed scheme’s efficiency and security show that the proposed scheme can resist the k-collusion attack efficiently.     

一种基于混合策略的动态组播密钥管理方案

组播密钥管理是当前组播安全研究的热点问题。在分析现有方案的基础上，考虑一种混合策略：将基于组的层次结构机制Iolus与基于密钥层次结构机制LKH的优点结合起来，提出了一种适合大型动态组播的可扩展的分层分组方式的密钥管理方案。该方案有效地降低了密钥更新的代价，具有较高的效率与较好的可扩展性．适合于解决大型动态组播的密钥管理问题。     

可证安全的基于证书广播加密方案

广播加密可使发送者选取任意用户集合进行广播加密,只有授权用户才能够解密密文.但是其安全性依赖广播中心产生和颁布群成员的解密密钥.针对这一问题,本文提出基于证书广播加密的概念,给出了基于证书广播加密的形式化定义和安全模型.结合基于证书公钥加密算法的思想,构造了一个高效的基于证书广播加密方案,并证明了方案的安全性.在方案中,用户私钥由用户自己选取,证书由认证中心产生,解密密钥由用户私钥和证书两部分组成,克服了密钥托管的问题.在方案中,广播加密算法中的双线性对运算可以进行预计算,仅在解密时做一次双线性对运算,提高了计算效率.     

基于离散对数问题的两层分散式组密钥管理方案

该文基于多个解密密钥映射到同一加密密钥的公钥加密算法提出一个组密钥更新协议,结合LKH算法为特定源多播模型设计一个两层分散式组密钥管理方案。证明它具有后向保密性、高概率的前向保密性和抗串谋性。通过上层私钥的长寿性和密钥转换的方法来缓解子组管理者的性能瓶颈及共享组密钥方法中普遍存在的1影响n问题。分析表明,采用混合密码体制的新方案在一定程度上兼备了两类不同组密钥管理方法的优势。     

基于椭圆曲线密码体制的安全电子邮件系统

针对电子邮件在传输过程中存在的安全问题，提出了一种基于三重DES和椭圆曲线密码体制的解决方案。其公钥管理是借鉴PGP系统管理公钥的方法；进而重点介绍了邮件的加密／解密、签名／验证的过程，有效地解决了电子邮件系统中的加密、签名和身份认证问题。     

A Multi-service Group Key Management Scheme for Stateless Receivers in Wireless Mesh Networks

Wireless mesh networks facilitate the development of the many group oriented applications by extending the coverage area of the group communication. Group communication in a wireless mesh network is complicated due to dynamic intermediate mesh points, access control for communications between different administrative domains, and the absence of a centralized network controller. In this study, we propose a topology-matching decentralized multi-service group key management scheme for wireless mesh networks. It allows service providers to update and deliver their group keys to valid members in a distributed manner using the identity-based encryption scheme. The analysis result indicates that the proposed scheme has advantages with regard to the rekeying cost and storage overhead for a member and a mesh point in multi-sender group communication environments. The stateless property is also achieved such that a stateless member, who could not be constantly online, can easily decrypt the rekeying messages without recording the past history of transmission.     

Cloud data secure deduplication scheme via role-based symmetric encryption

The rapid development of cloud computing and big data technology brings prople to enter the era of big data,more and more enterprises and individuals outsource their data to the cloud service providers.The explosive growth of data and data replicas as well as the increasing management overhead bring a big challenge to the cloud storage space.Meanwhile,some serious issues such as the privacy disclosure,authorized access,secure deduplication,rekeying and permission revocation should also be taken into account.In order to address these problems,a role-based symmetric encryption algorithm was proposed,which established a mapping relation between roles and role keys.Moreover,a secure deduplication scheme was proposed via role-based symmetric encryption to achieve both the privacy protection and the authorized deduplication under the hierarchical architecture in the cloud computing environment.Furthermore,in the proposed scheme,the group key agreement protocol was utilized to achieve rekeying and permission revocation.Finally,the security analysis shows that the proposed role-based symmetric encryption algorithm is provably secure under the standard model,and the deduplication scheme can meet the security requirements.The performance analysis and experimental results indicate that the proposed scheme is effective and efficient.     

一种改进的TLCH组播密钥管理方案

TLCH协议是一个适用于安全组播通信且可扩展性较好的组播密钥管理协议。它基于LKH的思想,采用双层的控制者的层次结构,并使用单向函数进行密钥更新,达到了较低的计算开销。使用hash函数对TLCH组播密钥管理方案中成员加入时的密钥更新算法进行改进。与原来的TLCH相比,改进后的TLCH可以进一步降低了通信开销。     

雾计算中细粒度属性更新的外包计算访问控制方案

针对基于密文策略的属性加密(CP-ABE)在低时延需求较高的雾计算环境中,存在加解密开销大、属性更新效率低的问题,提出了一种雾计算中细粒度属性更新的外包计算访问控制方案,使用模加法一致性秘密(密钥)分享技术构建访问控制树,将加解密计算操作外包给雾节点,降低用户加解密开销;结合重加密机制,在雾节点建立组密钥二叉树对密文进行重加密,实现对用户属性的灵活更新。安全性分析表明,所提方案在决策双线性Diffie-Hellman假设下是安全的。仿真实验结果表明,所提方案中用户加解密时间开销相比其他方案更小,属性更新效率更高。     

Dynamics of key management in secure satellite multicast

Security is an important concern in today's information age and particularly so in satellite systems, where eavesdropping can be easily performed. This paper addresses efficient key management for encrypted multicast traffic transmitted via satellite. We consider the topic of encrypting traffic in large multicast groups, where the group size and dynamics have a significant impact on the network load. We consider life cycle key management costs of a multicast connection, and show for a logical key hierarchy (LKH) how member preregistration and periodic admission reduces the initialization cost, and how the optimum outdegree of a hierarchical tree varies with the expected member volatility and rekey factor. This improves network utilization, but encryption at the network layer can pose problems on satellite links. We, therefore, propose and analyze an interworking solution between multilayer Internet protocol security (IPSEC) and LKH that also reduces key management traffic while enabling interworking with performance enhancing modules used on satellite links.     

基于安全防诬码的加密广播方案

提出了一种基于安全防诬码的加密广播方案。针对一种特权用户集大小受限的广播情形,利用安全防诬码构造了一种(n,k)-弹性加密广播方案。该方案只要求广播中心传输一次加密信息、用户存储一个密钥,就可完成广播任务。此外,特权用户集生成解密密钥的过程中,广播中心无需广播任何消息。相对于已有方案具有更低的系统带宽需求和存储复杂度。     

Performance Evaluation of Cost-Effective Multicast–Unicast Key Management Method

Group key management is one of the key security issues in multicast networks. The main challenge is to provide a secure group key management method which avoids high key update cost in terms of the number of transmitted keys. In order to achieve low key update cost for group key management, most of the existing methods increase their encryption/decryption cycles which requires a strong cryptographic function. In this paper, a cost-effective key management method is proposed to address the problem of high key update cost without increasing the encryption/decryption cycles. We evaluated our proposed method with existing tree-based methods by using Markov chain and Poisson Arrival Process. Results indicate the efficiency of our proposed method in reducing the key update cost significantly compared to the existing tree-based key management methods.     

An Enhanced Hierarchical Key Management Scheme for MANETs

Security is one of the major issues in Mobile Ad-hoc Networks (MANETs). Their natural characteristics make them vulnerable to numerous severe attacks. In this paper, we present an enhanced hierarchical key management scheme for secure group communications in MANETs. The proposed approach primarily aims at improving security and complexity, especially complexity in the level of ordinary members for joining or leaving processes to achieve the most possible dynamic characteristic of MANETs without neglecting network security. The proposal scheme is designed with the potential of developing an efficient model interested in keying applied on hierarchical structure to increase the security and make no need to apply rekeying of all group members in different sub-levels as made by hierarchical key management scheme (HKMS). Also, it reduces complexity of processing load, memory usage and improves resources. In the proposed model, each communication between two nodes have a unique key to make it more secure with encrypting messages by different keys for more than one time and support node flexibility. Experiments are carried out on the proposed scheme to show the effect of complexity on each node in different grades and results are compared with traditional HKMS.     

数据库三层安全结构设计

数据库的安全的一项关键技术是数据库加密,加密粒度涉及到整个数据库、表、字段、记录,但是,不论采取何种加密粒度,都不可避免影响到数据库的访问效率。如何能兼而得之？对此,可以设计一种三层结构,它包括系统CA模块、授权登录模块、加解密模块共三层,系统CA模块负责身份认证,授权登录负责用户权限管理,加解密模块直接保证数据库本身的安全。三层结构在保证数据库安全的前提下,有效保证了用户访问数据库的效率。     

An Efficient,Scalable Key Transport Scheme (ESKTS) for Delay/Disruption Tolerant Networks

In the past, security protocols including key transport protocols are designed with the assumption that there are two parties communication with each other and an adversary tries to intercept this communication. In Delay/Disruption Tolerant Networking (DTN), packet delivery relies on intermediate parties in the communication path to store and forward the packets. DTN security architecture requires that integrity and authentication should be verified at intermediate nodes as well as at end nodes and confidentiality should be maintained for end communicating parties. This requires new security protocols and key management to be defined for DTN as traditional end-to-end security protocols will not work with DTN. To contribute towards solving this problem, we propose a novel Efficient and Scalable Key Transport Scheme (ESKTS) to transport the symmetric key generated at a DTN node to other communicating body securely using public key cryptography and proxy signatures. It is unique effort to design a key transport protocol in compliance with DTN architecture. ESKTS ensures that integrity and authentication is achieved at hop-by-hop level as well as end-to-end level. It also ensures end-to-end confidentiality and freshness for end communicating parties. This scheme provides a secure symmetric key transport mechanism based on public key cryptography to exploit the unique bundle buffering characteristics of DTN to reduce communication and computation cost .