一种无状态的传感器网络密钥预分配方案

 在无线传感器网络中,节点被敌方捕获以后将泄露节点内存储的群组密钥等秘密信息,所以需要建立一种安全高效的群组密钥管理系统来及时对被捕获节点进行撤销,以保证无线传感器网络中群组通信的安全.提出一种基于逻辑密钥树结构的密钥预分配方案,群组控制者和密钥服务器(GCKS)为逻辑密钥树中每一逻辑节点分配一个密钥集,每一sensor节点对应一个叶节点,以及一条从该叶节点到根节点的路径,GCKS将该路径上所有节点的密钥植入sensor节点.节点撤销时,GCKS将逻辑密钥树分成互不相连的子树,利用子树中sensor节点的共享密钥进行群组密钥的更新.分析表明本方案满足无状态性,以及正确性、群组密钥保密性、前向保密性和后向保密性等安全性质,具有较低的存储、通信和计算开销,适用于无线传感器网络环境.     

适用于传感器网络的分级群组密钥管理

 由于无线传感器网络中经常出现节点加入或离开网络的情况,所以需要建立一种安全高效的群组密钥管理系统来保证无线传感器网络中群组通信的安全性.提出了一种基于密钥树和中国剩余定理的分级群组密钥管理方案.有sensor节点加入,先向新成员发送二级群组密钥,可参与一些不太敏感的数据的传送;待新成员获得GCKS的信任之后,则向其发送群组密钥,从而可参与有关机密信息的会话.节点离开时,通过利用完全子集方法将剩余成员进行分割,提出的方案可以利用中国剩余定理对群组密钥进行安全的更新.证明方案满足正确性、群组密钥保密性、前向保密性和后向保密性等安全性质.性能分析表明,此方案适合应用于无线传感器网络环境.     

基于分层结构的组密钥管理技术研究

群组通信系统广泛应用于无线通信领域和开放式环境下的网络应用中,群组中不断变化的成员关系会影响群组通信的安全性,组密钥管理技术是实现安全群组通信的关键技术。文章介绍组密钥管理技术的概念及基本问题,对各种组密钥管理技术方案进行分析比较。在此基础上,研究基于分层结构的域间组密钥管理协议,分析其优缺点,并研究其密钥更新算法。     

无线传感器网络中自治愈的群组密钥管理方案

 群组密钥管理的自治愈机制是保证无线传感器网络在不可靠信道上进行安全群组通信的重要 手段.基于采用双方向密钥链的群组密钥分发与撤销方法,提出了一个无线传感器网络中具有撤销能力的自治愈群组密钥管理方案.该方案实现了群组密钥的自治愈功能和节点撤销能力, 能够满足在较高丢包率的无线通信环境下传感器网络群组密钥管理的安全需求,确保了群组密钥保密性、前向保密性和后向保密性等安全属性.性能分析表明,该方案具有较小的计算和通信开销,能够适用于无线传感器网络.     

基于网格的组密钥管理

目前,尚未有一个综合的信任机制解决方案来满足网格安全与信任需求.网格中,群组通信是实现大规模信息资源共享的一种重要方式,但是如何保障组播的安全性却是一个十分复杂的问题.而组密钥管理策略是保障组播安全性的重要方式之一,所以对基于网格的组密钥管理的研究非常迫切.     

一种基于服务器端的群组密钥协商方案

群组密钥协商是群组通信中非常重要的基本工具,现有群组密钥协商机制需要本地组成员全部参与协商,这严重制约群组通信系统的可扩展性与高效性。针对这个问题,文中提出了一种基于服务器端的群组密钥协商方案。该方案仅需要与每个组成员连接的服务器组间密钥协商,从而能够降低群组的存储开销和通信开销。同时在客户端函数库内通过设计一个单向映射机制实现从服务器组密钥到群组密钥变换。与基于客户端函数库的密钥协商机制相比,其可扩展性及密钥协商效率更高。     

基于服务器组的群组密钥协商机制

为了解决现有的组密钥协商机制需要组成员在本地全部参与协商,从而严重制约安全群组通信系统可扩展性与高效性的问题,提出一种基于服务器端的密钥协商策略.该机制中,仅需要与每个组成员连接的服务器组间密钥协商,降低了群组的存储开销和通信开销.同时在客户端函数库内通过设计一个单向映射机制实现从服务器组密钥到群组密钥变换.与基于客户端函数库的密钥协商机制相比,其可扩展性及密钥协商效率更高.     

一个新的广播信道会议密钥协商协议

群组用户试图在开放式网络上进行安全通信时,需运行一个会议密钥协议来支持一个共同的会议密钥K.本文中,利用基于MDS码(Maximum Distance Code,极大最小距离可分码)的秘密共享方案作为基本构件,提出了一个新颖高效、可证明安全的广播信道下会议密钥协商协议.该协议在广义的Diffie-Hellman Problem(DHP)困难假设下,被动攻击者得不到任何有关诚实参与者协商出的会议密钥的信息;且无论存在多少恶意参与者,诚实参与者一定能够协商出一共同的会议密钥.     

基于RSA的门限密钥托管方案

本文借鉴D.Boneh(1997)中密钥产生和Y.Desmedt(1991)中的密钥分拆思想,提出了一种有t个容错能力的(t+1,n)门限托管方案,方案可以避免阈下攻击,验证用户的托管密钥正确性,有效地检查出失效的托管代理,并具有密钥备份的能力。方案可用于多种通信方式。     

基于RSA的门限密钥托管方案

本文借鉴Ｄ．Ｂｏｎｅｈ（１９９７）中密钥产生和Ｙ．Ｄｅｓｍｅｄｔ（１９９１）中的密钥分拆思想,提出了一种有ｔ个容错能力的（ｔ＋１,ｎ）门限托管方案,方案可以避免阈下难用户的托管密钥正确性,有效地检查出失效的托管代理,并具有密钥备份的能力,方案可用于多种通信方式。     

Autonomic Group Key Management in Deep Space DTN

In deep space delay tolerant networks rekeying expend vast amounts of energy and delay time as a reliable end-to-end communication is very difficult to be available between members and key management center. In order to deal with the question, this paper puts forwards an autonomic group key management scheme for deep space DTN, in which a logical key tree based on one-encryption-key multi-decryption-key key protocol is presented. Each leaf node with a secret decryption key corresponds to a network member and each non-leaf node corresponds to a public encryption key generated by all leaf node’s decryption keys that belong to the non-leaf node’s sub tree. In the proposed scheme, each legitimate member has the same capability of modifying public encryption key with himself decryption key as key management center, so rekeying can be fulfilled successfully by a local leaving or joining member in lack of key management center support. In the security aspect, forward security and backward security are guaranteed. In the efficiency aspect, our proposed scheme’s rekeying message cost is half of LKH scheme when a new member joins, furthermore in member leaving event a leaving member makes tradeoff between computation cost and message cost except for rekeying message cost is constant and is not related to network scale. Therefore, our proposed scheme is more suitable for deep space DTN than LKH and the localization of rekeying is realized securely.     

Centralized Key Management Scheme in Wireless Sensor Networks

Today, key management is widely recognized as an important aspect of security in wireless sensor networks. In these networks, sensor nodes can be either mobile or static. Therefore, supporting the mobility of the nodes can be regarded as a purpose of key management schemes. In our previous work, we presented a key management scheme that was more efficient with respect to security and connectivity compared to the other ones. In that scheme, it is assumed that the nodes are static. In this paper we are going to present a scheme that supports the mobility of the nodes and makes the initial scheme more flexible. The basic criterion for the evaluation of the scheme is the communication overhead. First, the nodes establish a secure link with the cluster heads and then establish a secure link among themselves with the help of the cluster heads. We have analyzed this scheme with regards to the communication overhead and we will compare it with the other schemes.     

基于LKH混合树模型的新型组播密钥更新方案

安全组播是组播技术走向实用化必须解决的问题。在组成员动态变化时,设计一个高效的密钥管理方案是安全组播研究的主要问题。提出了一种基于新型混合树模型的组播密钥更新方案。该方案将GC的存储开销减小为4,同时,在成员加入或离开组时,由密钥更新引起的通信开销与nm保持对数关系(n为组成员数,m为每一族包含的成员数)。     

一种改进的TLCH组播密钥管理方案

TLCH协议是一个适用于安全组播通信且可扩展性较好的组播密钥管理协议。它基于LKH的思想,采用双层的控制者的层次结构,并使用单向函数进行密钥更新,达到了较低的计算开销。使用hash函数对TLCH组播密钥管理方案中成员加入时的密钥更新算法进行改进。与原来的TLCH相比,改进后的TLCH可以进一步降低了通信开销。     

面向分层无人机网络的去中心群组密钥管理方案

为解决现有分层无人机(UAV)网络中群组密钥管理存在的单点故障问题，群组成员离线导致整个群组无法计算、及时更新组密钥的问题，该文提出一种支持异步计算的去中心群组密钥管理方案。该方案采用异步棘轮树(ART)协议实现对群组密钥的预部署，各成员能对组密钥进行异步计算、自主更新；利用区块链技术的去中心化特性解决了单点故障问题，提高了群组密钥管理的透明性与公平性。性能评估表明，与同类方案相比，该方案中的簇成员无人机具有较低的计算开销和通信开销，适合应用于分层无人机网络环境。     

Efficient Group Key Management for Non-reliable Link Networks

Some multi communication networks don’t provide a reliable link for group key management, so as to implementing rekeying is failure frequently. To deal with the question, this paper presents a novel group key management scheme for non-reliable link networks, a ciphertext encrypted a secret shared key can be decrypted with any legitimate members whose scale is more than the threshold value, even if part of members’ links aren’t reliable. In rekeying process, each key fragment is divided into two parts with he shared production mechanism, so as to the member’s independent key fragments still keep unchanged, but imperative updated key belongs to the group manager. Therefore, in efficient aspect, the message and computation cost of rekeying is reduced, and the dependence of the reliable channel is reduced; in the security aspect, our proposed scheme can guarantee forward security and backward security, and secure against collusion attack even if the number of leaving member is more than the threshold value. Therefore, our proposed scheme is suitable to the non-reliable link networks.     

WSN中一种改进的密钥管理方案研究

密钥管理作为传感器网络安全中最为基本的环节,在认证和加密过程中起着重要作用。针对无线传感器网络(Wireless Sensor Network,WSN)的通信密钥易被破解的缺点以及为建立安全信道而增加密钥会造成网络的连通率低的问题,提出了一种改进的无线传感器网络密钥管理方案,通过定位算法得到网络中的坐标,利用所得到的位置信息对所存储的密钥空间进行优化,可以增大2个邻居节点拥有相同密钥空间的概率。实验结果表明:该方法占用较小密钥存储空间,能明显改善网络连通性和网络的安全性等性能,提高安全性。     

基于EBS和属性加密的抗共谋组密钥管理方案

The major advantages of EBS-based key management scheme are its enhanced network survivability, high dynamic performance, and better support for network expansion. But it suffers from the collusion problem, which means it is prone to the cooperative attack of evicted members. A novel EBS-based collusion resistant group management scheme utilizing the construction of Cipher-text-Policy Attribute-Based Encryption (CP-ABE) is proposed. The new scheme satisfies the desired security properties, such as forward secrecy, backward secrecy and collusion secrecy. Compared with existing EBS-based key management scheme, the new scheme can resolve EBS collusion problem completely. Even all evicted members work together, and share their individual piece of information, they could not access to the new group key. In addition, our scheme is more efficient in terms of communication and computation overhead when the group size is large. It can be well controlled even in the case of large-scale application scenarios .     

角度估计辅助量子密钥分发的毫米波大规模MIMO系统安全传输方案

毫米波大规模多输入多输出（multiple input multiple output ,MIMO）技术是第五代移动通信的关键技术之一,能够同时服务于多用户,显著提高系统吞吐量,但数据高速传输的同时,会面临很多安全威胁,容易受到攻击。现有的安全传输方案通常采用经典加密算法来保障通信安全,其安全性基于算法的计算复杂度,无法察觉窃听。量子密钥分发基于量子力学基本原理使通信双方产生并分享一个随机密钥,且一旦有第三方试图窃听则通信双方便会察觉,因此具有更高的安全性。本文提出一种基于量子密钥分发的毫米波大规模MIMO系统安全传输方案,同时用角度估计的方法产生参考序列作为量子密钥分发选择量子基的依据,既利用量子态的特性保证了通信系统的安全,又利用了毫米波MIMO通信系统的信号角度信息以提高密钥效率。实验结果表明,本文所提利用角度信息的方案相较于直接利用量子密钥分发,在充分保障系统通信安全的同时,密钥生成效率也有显著提升。      

A Secure Crypto Base Authentication and Communication Suite in Wireless Body Area Network (WBAN) for IoT Applications

To monitor the functions of human body and their surroundings Wireless Body Area Network (WBAN) is used, which are based on low powered and light weight wireless sensors devices. WBAN highly supports numerous applications but this study will focus on the security of ubiquitous healthcare applications. In E-health research monitoring the critical data in terms of security has become a major challenge as WBAN deals with various threats day by day. Therefore the design of secure and reasonably resource optimal algorithms with a robust key generation and management scheme is today’s need. There must be only authorized user’s who can have access to patient related data; otherwise it can be exploited by anyone. This proposed study is aiming to formulate the two security suite for WBAN, which comprises on KBS keys, KAISC and Hash algorithm three improved versions of key management procedures and authentication procedure respectively. Firstly the KBS Keys and improved Hashing suite which is an independent and adaptive key management and authentication scheme for improving the security of WBANs will be used, and secondly KAISC will be used for inter-sensor communication and key management security scheme. All above mentioned procedures will be suitably blend with the encryption and decryption process which will securely send the patient’s critical data to the base station and further to the concerned doctor. The novelty of work is that the proposed methodology is not only simple but also advanced and much secured procedure of key generation and management that will be further validated by the performance analysis. This technique will be beneficial for the continuous monitoring of patient’s critical data in remote areas also.