无线传感器网络中自治愈的群组密钥管理方案

 群组密钥管理的自治愈机制是保证无线传感器网络在不可靠信道上进行安全群组通信的重要 手段.基于采用双方向密钥链的群组密钥分发与撤销方法,提出了一个无线传感器网络中具有撤销能力的自治愈群组密钥管理方案.该方案实现了群组密钥的自治愈功能和节点撤销能力, 能够满足在较高丢包率的无线通信环境下传感器网络群组密钥管理的安全需求,确保了群组密钥保密性、前向保密性和后向保密性等安全属性.性能分析表明,该方案具有较小的计算和通信开销,能够适用于无线传感器网络.     

适合于无线传感器网络的混合式组密钥管理方案

针对无线传感器网络中经常出现节点加入或退出网络的情况,提出了一种安全有效的混合式组密钥管理方案.多播报文的加密和节点加入时的组密钥更新,采用了对称加密技术;而系统建立后,组密钥的分发和节点退出后的组密钥更新,采用了基于身份的公钥广播加密方法.方案可抗同谋、具有前向保密性、后向保密性等安全性质.与典型组密钥管理方案相比,方案在适当增加计算开销的情况下,有效降低了节点的存储开销和组密钥更新通信开销.由于节点的存储量、组密钥更新开销独立于群组大小,方案具有较好的扩展性,适合应用于无线传感器网络环境.     

无双线性对的基于身份的认证密钥协商协议

鉴于目前大多数基于身份的认证密钥协商(ID-AK)协议需要复杂的双线性对运算,该文利用椭圆曲线加法群构造了一个无双线性对的ID-AK协议。协议去除了双线性对运算,效率比已有协议提高了至少33.3%;同时满足主密钥前向保密性、完善前向保密性和抗密钥泄露伪装。在随机预言机模型下,协议的安全性可规约到标准的计算性Diffie-Hellman假设。     

一种新的基于椭圆曲线密码体制的 Ad hoc组密钥管理方案

在安全的组通信中,组密钥管理是最关键的问题.论文首先分析了组密钥管理的现状和存在的问题,然后基于椭圆曲线密码体制,针对Ad hoc网络提出了一种安全有效的分布式组密钥管理方案,并对其正确性和安全性进行了证明,由椭圆曲线离散对数困难问题保证协议的安全.针对Ad hoc网络节点随时加入或退出组的特点,提出了有效的组密钥更新方案,实现了组密钥的前向保密与后向保密.与其他组密钥管理方案相比,本方案更加注重组成员的公平性,没有固定的成员结构,并且还具有轮数少、存储开销、通信开销小等特点,适合于在Ad hoc网络环境中使用.     

适用于传感器网络的分级群组密钥管理

 由于无线传感器网络中经常出现节点加入或离开网络的情况,所以需要建立一种安全高效的群组密钥管理系统来保证无线传感器网络中群组通信的安全性.提出了一种基于密钥树和中国剩余定理的分级群组密钥管理方案.有sensor节点加入,先向新成员发送二级群组密钥,可参与一些不太敏感的数据的传送;待新成员获得GCKS的信任之后,则向其发送群组密钥,从而可参与有关机密信息的会话.节点离开时,通过利用完全子集方法将剩余成员进行分割,提出的方案可以利用中国剩余定理对群组密钥进行安全的更新.证明方案满足正确性、群组密钥保密性、前向保密性和后向保密性等安全性质.性能分析表明,此方案适合应用于无线传感器网络环境.     

一种无状态的传感器网络密钥预分配方案

 在无线传感器网络中,节点被敌方捕获以后将泄露节点内存储的群组密钥等秘密信息,所以需要建立一种安全高效的群组密钥管理系统来及时对被捕获节点进行撤销,以保证无线传感器网络中群组通信的安全.提出一种基于逻辑密钥树结构的密钥预分配方案,群组控制者和密钥服务器(GCKS)为逻辑密钥树中每一逻辑节点分配一个密钥集,每一sensor节点对应一个叶节点,以及一条从该叶节点到根节点的路径,GCKS将该路径上所有节点的密钥植入sensor节点.节点撤销时,GCKS将逻辑密钥树分成互不相连的子树,利用子树中sensor节点的共享密钥进行群组密钥的更新.分析表明本方案满足无状态性,以及正确性、群组密钥保密性、前向保密性和后向保密性等安全性质,具有较低的存储、通信和计算开销,适用于无线传感器网络环境.     

安全高效的空间信息网中密钥管理方案

空间信息网是卫星通信系统的进一步发展,安全高效的密钥管理是保障空间信息网内安全通信的关键。分析了空间信息网中密钥管理方案的安全需求,提出了按需建立密钥的思想,并依据该思想提出一个适用于空间信息网的安全高效的密钥管理方案。方案采用完全分布式的管理模式,每个结点管理并维护自己的密钥列表,方案具有认证安全性、前向保密性等安全性特征。仿真结果表明,与现有的空间信息网密钥管理方案相比,该方案在网络规模较大时能极大地降低通信开销,具有良好的通信效率。     

LTE网络切换密钥更新方案分析与改进

LTE用户切换时的密钥管理在很大程度上关系着用户安全,切换密钥管理包括密钥的生成、分发、更新和撤销。对现有长期演进(Long Term Evolution,LTE)网络切换密钥管理更新机制进行简要介绍,包括X2和S1切换密钥更新方案。针对X1切换仅有两跳前向密钥隔离的安全缺陷,借鉴S1切换方案设计思想,提出一跳前向密钥隔离的X2切换密钥更新方案(OFKS-X2),并对OFKS-X2密钥更新方案进行了安全性和实用性分析。结果表明,OFKS-X2密钥更新方案能够提供一跳前向密钥隔离,对协议有效性影响不大,且用户的消息工作量没有变化,网络侧的消息处理复杂度略有增加,用户侧计算量基本不变,网络侧计算量略有增加。     

面向多服务的基于大整数分解困难问题的叛逆者追踪方案

该文提出了一种面向多服务的基于大整数分解困难问题的叛逆者追踪方案。该方案的主要思想是基于大整数分解困难问题构造等式,并引进参数传递服务密钥,解密时利用上述等式和服务密钥可获得会话密钥。与现有两种方案相比,新方案具有多服务、黑盒追踪、密文长度是常量、增加用户或撤销用户以及前向安全性和后向安全性等优点,整体性能好于现有两种方案。     

一个矩阵密钥分配方案

本文表述了一个新的密钥分配方案。该方案基于这样的独特想法:让每个节点都有一组密钥,以便与其它任一节点共享一特殊子集,同时,具有所须产生的密钥量与节点数成正比的优点。而且,两个节点之间实际上可以没有迟延就开始会话。这种方案适用于内部人员在某种程度上能相互信任的环境。对外部人员的保密性与其它现存方案一样。本文还讲述了该方案的两种类型。对保密度和性能的分析表明,这是一种对一些密钥分配问题有实用价值的解决办法。     

一种前向安全的电子邮件协议

 电子邮件已成为Internet环境中传送通讯数据的一个重要应用.为了安全有效地传递电子邮件协议数据,目前很多研究者从电子邮件协议的基本安全性以及可认证电子邮件协议等方面提出了一些安全方案.但这些方案仅仅解决了电子邮件协议的某些安全需求,并不能从实用安全电子邮件协议的角度来提供完整的安全解决方案.本文首次给出了一个安全电子邮件的定义,提出了一个前向安全的电子邮件协议.该协议利用短期密钥来加密协议消息,并且使用Diffie-Hellman算法进行短期密钥协商.安全分析表明该协议不仅保证了协议的基本安全性,而且确保了协议的前向安全性.另外,该协议还提供了安全电子邮件协议中所需要的可认证性,时效性和敏感性.     

支持用户撤销的属性认证密钥协商协议

用户撤销是基于属性的认证密钥协商(ABAKA, attribute-based authenticated key agreement)协议在实际应用中所必需解决的问题。通过将Waters的基于属性的加密方案和Boneh-Gentry-Waters的广播加密方案相结合,提出了一个支持用户撤销的ABAKA协议。该协议能够实现对用户的即时撤销且不需要密钥权威对所有未被撤销的用户私钥进行定期更新。相比于现有的协议,该协议具有较高的通信效率,并能够在标准模型和修改的ABCK模型下可证安全,具有弱的完美前向安全性,并能够抵抗密钥泄露伪装攻击。     

基于保密度的OFDMA中继网络资源分配研究

考虑到异构双向中继网络中存在窃听者的安全资源分配问题,为了提高中继安全性,该文研究了受限于子信道分配和功率约束的用户安全保密度问题模型,与传统的保密容量模型相比,安全保密度模型更侧重于反映用户本身的安全程度。基于此保密度模型,该文进一步考虑了不同用户的安全服务质量(Quality of Service, QoS)需求和网络公平性,联合优化功率分配、子信道分配、子载波配对,并分别通过约束型粒子群、二进制约束型粒子群优化算法和经典的匈牙利算法找到最优解,实现资源的最优分配,提高网络中合法用户的保密度。仿真结果验证了所提算法的有效性。     

Key-minimal cryptosystems for unconditional secrecy

This paper is concerned with cryptosystems offering perfect or unconditional secrecy. For those perfect-secrecy systems which involve using keys just once, the theory is well established; however, this is not the case for those systems which involve using a key several times. This paper takes a rigorous approach to the definition of such systems, and exhibits some new families of examples of systems providing perfect secrecy for which the number of keys is minimal.     

Cloud data secure deduplication scheme via role-based symmetric encryption

The rapid development of cloud computing and big data technology brings prople to enter the era of big data,more and more enterprises and individuals outsource their data to the cloud service providers.The explosive growth of data and data replicas as well as the increasing management overhead bring a big challenge to the cloud storage space.Meanwhile,some serious issues such as the privacy disclosure,authorized access,secure deduplication,rekeying and permission revocation should also be taken into account.In order to address these problems,a role-based symmetric encryption algorithm was proposed,which established a mapping relation between roles and role keys.Moreover,a secure deduplication scheme was proposed via role-based symmetric encryption to achieve both the privacy protection and the authorized deduplication under the hierarchical architecture in the cloud computing environment.Furthermore,in the proposed scheme,the group key agreement protocol was utilized to achieve rekeying and permission revocation.Finally,the security analysis shows that the proposed role-based symmetric encryption algorithm is provably secure under the standard model,and the deduplication scheme can meet the security requirements.The performance analysis and experimental results indicate that the proposed scheme is effective and efficient.     

A function node-based Multiple Pairwise Keys Management protocol for Wireless Sensor Networks and energy consumption analysis

In this letter, a Function node-based Multiple Pairwise Keys Management (MPKMF)protocol for Wireless Sensor Networks (WSNs) is firstly designed, in which ordinary nodes and cluster head nodes are responsible for data collection and transmission, and function nodes are responsible for key management. There are more than one function nodes in the cluster consulting the key generation and other security decision-making. The function nodes are the second-class security center because of the characteristics of the distributed WSNs. Secondly, It is also described that the formation of function nodes and cluster heads under the control of the former, and five kinds of keys, I.e., individual key,pairwise keys, cluster key, management key, and group key. Finally, performance analysis and ex-periments show that, the protocol is superior in communication and energy consumption. The delay of establishing the cluster key meets the requirements, and a multiple pairwise key which adopts the coordinated security authentication scheme is provided.     

可证安全的基于证书广播加密方案

广播加密可使发送者选取任意用户集合进行广播加密,只有授权用户才能够解密密文.但是其安全性依赖广播中心产生和颁布群成员的解密密钥.针对这一问题,本文提出基于证书广播加密的概念,给出了基于证书广播加密的形式化定义和安全模型.结合基于证书公钥加密算法的思想,构造了一个高效的基于证书广播加密方案,并证明了方案的安全性.在方案中,用户私钥由用户自己选取,证书由认证中心产生,解密密钥由用户私钥和证书两部分组成,克服了密钥托管的问题.在方案中,广播加密算法中的双线性对运算可以进行预计算,仅在解密时做一次双线性对运算,提高了计算效率.     

Autonomic Group Key Management in Deep Space DTN

In deep space delay tolerant networks rekeying expend vast amounts of energy and delay time as a reliable end-to-end communication is very difficult to be available between members and key management center. In order to deal with the question, this paper puts forwards an autonomic group key management scheme for deep space DTN, in which a logical key tree based on one-encryption-key multi-decryption-key key protocol is presented. Each leaf node with a secret decryption key corresponds to a network member and each non-leaf node corresponds to a public encryption key generated by all leaf node’s decryption keys that belong to the non-leaf node’s sub tree. In the proposed scheme, each legitimate member has the same capability of modifying public encryption key with himself decryption key as key management center, so rekeying can be fulfilled successfully by a local leaving or joining member in lack of key management center support. In the security aspect, forward security and backward security are guaranteed. In the efficiency aspect, our proposed scheme’s rekeying message cost is half of LKH scheme when a new member joins, furthermore in member leaving event a leaving member makes tradeoff between computation cost and message cost except for rekeying message cost is constant and is not related to network scale. Therefore, our proposed scheme is more suitable for deep space DTN than LKH and the localization of rekeying is realized securely.     

An ID-based broadcast encryption scheme for key distribution

A broadcast encryption scheme enables a center to distribute keys and/or broadcast a message in a secure way over an insecure channel to an arbitrary subset of privileged recipients. In this paper, an ID-based broadcast encryption scheme is proposed, by which a center can distribute keys over a network, so that each member of a privileged subset of users can compute a specified key. Then a conventional private-key cryptosystem, such as DES, can be used to encrypt the subsequent broadcast with the distributed key. Because a key distribution can be done in an encrypted broadcast without any key pre-distribution, re-keying protocols for group membership operations can be simplified, a center can use the ID-based broadcast encryption scheme again to distribute a new and random session key. The ID-based broadcast encryption scheme from bilinear pairings is based on a variant of the Boneh-Franklin identity based encryption scheme.