共查询到20条相似文献,搜索用时 15 毫秒
1.
2.
In multi-privileged group communications, since users, who can subscribe to different data streams according to their interests, have multiple access privileges, security issues are more difficult to be solved than those in traditional group communications. The common drawback of traditional key management schemes is that they will result in the “one-affect-many” problem, because they use a key graph to manage all the keys in a group, which makes one key being shared by many users. Recently, a key-policy attribute-based encryption (KP-ABE) scheme is proposed to encrypt messages to multiple users efficiently, which has been applied in secure multi-privileged group communications. However, user revocation in KP-ABE is still not resolved when applied to multi-privileged group communications. So, in this paper, by uniquely combining a collusion-resistant broadcast encryption system and a KP-ABE system with a non-monotone access structure, we propose a scalable encryption scheme for multi-privileged group communications (EMGC). Based on the features of different multi-privileged group communication systems, we also propose two constructions for our EMGC scheme. With the two constructions, a system can support a user not only to join/leave a group at will, but also to change his access privilege on demand, and the expenses during rekeying operations are small. Therefore, our scheme, which can accommodate a dynamic group of users, is more applicable to multi-privileged group communications. 相似文献
3.
Ad hoc networks are self-configurable networks with dynamic topologies. All involved nodes in the network share the responsibility for routing, access, and communications. The mobile ad hoc network can be considered as a short-lived collection of mobile nodes communicating with each other. Such networks are more vulnerable to security threats than traditional wireless networks because of the absence of the fixed infrastructure. For providing secure communications in such networks, lots of mechanisms have been proposed since the early 1990s, which also have to deal with the limitations of the mobile ad hoc networks, including high power saving and low bandwidth. Besides, public key infrastructure (PKI) is a well-known method for providing confidential communications in mobile ad hoc networks. In 2004, Varadharajan et al. proposed a secure communication scheme for cluster-based ad hoc networks based on PKI. Since the computation overheads of the PKI cryptosystem are heavy for each involved communicating node in the cluster, we propose an ID-based version for providing secure communications in ad hoc networks. Without adopting PKI cryptosystems, computation overheads of involved nodes in our scheme can be reduced by 25% at least. 相似文献
4.
5.
Zhenxia ZhangAuthor VitaeAzzedine BoukercheAuthor Vitae Hussam RamadanAuthor Vitae 《Journal of Parallel and Distributed Computing》2011,71(7):897-905
With the growing popularity of WiFi-based devices, WiFi-based wireless networks have received a great deal of interest in the wireless networks community. However, due to the limited transmission range of WiFi-based networks, mobile users have to switch their associated access points constantly to maintain continuing communications during their movement. The process of switching access points is called handoff. Handoff management is a key service in mobile networks, because providing seamless roaming in wireless networks is mandatory for supporting real-time applications in a mobile environment, such as VoIP, online games, and eConference. Security is another important issue in network communications, and to prevent possible attacks, authentication is required during the handoff process to guarantee the reliability of mobile clients and access points. In this paper, we propose a novel authentication scheme to achieve a smooth handoff in WiFi-based networks, which we refer to as TEASE. A tunnel is introduced to forward data packets between the new access point and the original reliable access point. The processing of a complete secure authentication and the transmitting of data between mobile terminals and their correspondence nodes can go on simultaneously. The security of handoff is achieved without increasing overhead to authentication servers, and handoff latency can be minimized to support seamless roaming. Simulation results show that our proposed scheme reduces significantly the communication interruption time and generates low packet loss ratio, and our method is suitable to be used for secure handoff in real-time applications. 相似文献
6.
Authenticated group key exchange (AGKE) protocol provides secure group communications for participants in cooperative and distributed applications over open network environments such as the Internet and wireless networks. In the past, a number of AGKE protocols based on the identity (ID)-based public key system (IDPKS) have been proposed, called ID-AGKE protocols. In the IDPKS system, users’ identities are viewed as the public keys to eliminate certificate management of the traditional certificate-based public key system. Nevertheless, any certificate-based public key systems or IDPKS systems must provide a revocation mechanism to revoke misbehaving/compromised users from the public key systems. However, there was little work on studying the revocation problem of the IDPKS system. Quite recently, Tseng and Tsai presented a new ID-based encryption scheme and its associated revocation mechanism to solve the revocation problem efficiently, called revocable ID-based public key system (R-IDPKS). In this paper, we follow Tseng and Tsai’s R-IDPKS system to propose the first revocable ID-AGKE (RID-AGKE) protocol. Security analysis is made to demonstrate that the proposed RID-AGKE protocol is a provably secure AGKE protocol and can resist malicious participants. As compared to the recently proposed ID-AGKE protocols, the proposed RID-AGKE protocol is provably secure and has better performance while providing an efficient revocation mechanism. 相似文献
7.
相对于传统有线网络集中化组密钥管理协议和算法,门限秘密共享技术能很好地适应移动自组网(MANET)的特点,提供高效可靠的安全保证。为了防止退出节点合谋重构组私钥威胁组通信安全,安全高效的组密钥更新算法是关键。在对合谋问题进行深入分析的基础上,本文提出了基于邻居节点权值的可验证的组密钥更新算法。该算法在保持组
私钥不变的情况下主动更新组成员的私钥份额,有效地解决了节点合谋、更新通信量大、恶意节点参与更新等问题。 相似文献
私钥不变的情况下主动更新组成员的私钥份额,有效地解决了节点合谋、更新通信量大、恶意节点参与更新等问题。 相似文献
8.
安全性是移动自组网络组通信的基本需求,安全、高效的组密钥更新算法是保证组通信安全的关键.在移动自组网络分布式组密钥管理框架(distrbuted group key management framework,简称DGKMF)的基础上,提出了一种组密钥更新算法--DGR(distributed group rekeying)算法.该算法能够利用局部密钥信息更新组密钥,适合拓扑结构变化频繁、连接短暂、带宽有限的移动自组网络.为了进一步降低算法的通信代价,通过在组密钥更新时动态生成组密钥更新簇,对DGR算法进行了改进,提出了CDGR(cluster distributed group rekeying)算法,并讨论了上述算法的安全性、正确性和完备性,分析了算法的通信代价.最后,利用ns2模拟器对算法的性能进行了分析.模拟结果显示,DGR和CDGR算法在组密钥更新成功率和延迟等方面均优于其他算法,并且由于采用簇结构,CDGR算法的更新延迟低于DGR算法. 相似文献
9.
《Computer》2003,36(2):18-20
Wireless technology is increasingly being used for Internet access and other IP-based communications. To make it easier for wireless users to exploit this trend, the Internet Engineering Task Force (IETF) designed Mobile IP version 4 in 1996. However, MIPv4 has not been deployed widely enough to provide much mobility and has several major shortcomings, including a cumbersome communications process and a limited number of IP addresses. The latter is a key problem because the number of mobile devices that need their own IP address to access the Internet is increasing rapidly. To overcome these deficiencies and introduce new capabilities, the IETF has been developing MIPv6. MIPv6 makes many more IP addresses available and lets mobile users stay connected to the Internet as they move between networks. The paper discusses MIPv6 implementation. 相似文献
10.
11.
传感器网络中一种基于分布式更新权限的组密钥管理方案 总被引:6,自引:1,他引:5
传统网络中的组密钥管理方案一般依赖于一个长期可信的节点,由该节点存储其他所有用户的信息进行组密钥管理.与传统网络不同的是传感器网络不存在这种可信节点,而且其资源十分有限,因此传统网络中的组密钥管理方案不适合传感器网络.结合传感器网络的特性,提出一种基于分布式更新权限的组密钥管理方案DRA,DRA在组密钥更新过程中引入广播机制,并构造权限分布函数、组密钥隐藏函数及广播认证函数以实现对妥协节点的剔除(revocation)及更新信息的完整性鉴别.理论分析及仿真结果表明,方案DRA在保证安全性的同时具有较小的存储开销和通信开销,并能有效地避免孤立节点的问题. 相似文献
12.
针对无线传感器网络节点计算和存储能力有限,能量受限等特点,提出了一种新的分簇传感器网络密钥预分配管理方案KDNKPD。该方案借助于Blundo二元多项式函数和密钥分发节点建立节点与簇头间的安全通信,能够适应簇首节点的按轮选举并解决了Blundo方案的安全问题。通过安全分析与性能分析比较和仿真实验表明,该方案提高了网络的安全性,减少了传感器节点的存储开销和计算开销。 相似文献
13.
14.
《Journal of Network and Computer Applications》2007,30(3):937-954
In mobile ad hoc networks, due to unreliable wireless media, host mobility and lack of infrastructure, providing secure communications is a big challenge. Usually, cryptographic techniques are used for secure communications in wired and wireless networks. Symmetric and asymmetric cryptography have their advantages and disadvantages. In fact, any cryptographic means is ineffective if its key management is weak. Key management is also a central aspect for security in mobile ad hoc networks. In mobile ad hoc networks, the computational load and complexity for key management are strongly subject to restriction by the node's available resources and the dynamic nature of network topology. We propose a secure and efficient key management (SEKM) framework for mobile ad hoc networks. SEKM builds a public key infrastructure (PKI) by applying a secret sharing scheme and using an underlying multi-cast server groups. We give detailed information on the formation and maintenance of the server groups. In SEKM, each server group creates a view of the certificate authority (CA) and provides certificate update service for all nodes, including the servers themselves. A ticket scheme is introduced for efficient certificate service. In addition, an efficient server group updating scheme is proposed. The performance of SEKM is evaluated through simulation. 相似文献
15.
16.
通信技术的发展,使多种接入技术并存的异构网络成为未来通信网络的发展趋势,随着用户业务QoS需求的提高和传输带宽的增加,现有的网络选择算法已经不能满足用户高质量的通信需求。针对异构无线网络频谱资源日益紧缺的问题,提出了由用户端和网络端共同参与的两级动态网络选择方案。该方案包括灰度关联分析法和二分图联合优化匹配算法,通过用户端和网络端的共同决策,算法在有效满足移动用户业务服务质量需求的前提下,优化了系统吞吐量,均衡了网络负载。仿真实验表明,相对传统算法,该方案极大地提高了异构网络频谱资源利用率并降低了用户在无线网络间的切换概率,实现了用户需求和网络资源的合理配置。 相似文献
17.
Dr. Sherali Zeadally Nicolas Sklavos Moganakrishnan Rathakrishnan Scott Fowler 《Information Security Journal: A Global Perspective》2013,22(5):264-277
ABSTRACT Recent advances in mobile computing and wireless communication technologies are enabling high mobility and flexibility of anytime, anywhere service access for mobile users. As a result, network connections of such users often span over heterogeneous networking environments consisting of wired and wireless networking technologies. Both network heterogeneity and user mobility make the securing of data transmission over heterogeneous networks challenging and complex. In this paper, we focus on the challenge of providing secure end-to-end network transmissions to wireless mobile users. To minimize service interruption during ongoing secure sessions of mobile users, we present the design and implementation of an approach based on the well-known Internet Protocol Security (IPSec) standard. We conducted a performance evaluation of our implementation using a Voice over IP (VoIP) application over an actual network testbed. Our empirical performance results demonstrate a packet loss improvement of 17% to 34% (for various VoIP packet sizes) and a handoff delay improvement of almost 24% validating the high efficiency of our proposed approach. 相似文献
18.
19.
Omar Cheikhrouhou Anis Koubâa Gianluca Dini Mohamed Abid 《Personal and Ubiquitous Computing》2011,15(8):783-797
Securing group communication in wireless sensor networks has recently been extensively investigated. Many works have addressed
this issue, and they have considered the grouping concept differently. In this paper, we consider a group as being a set of
nodes sensing the same data type, and we alternatively propose an efficient secure group communication scheme guaranteeing
secure group management and secure group key distribution. The proposed scheme (RiSeG) is based on a logical ring architecture,
which permits to alleviate the group controller’s task in updating the group key. The proposed scheme also provides backward
and forward secrecy, addresses the node compromise attack, and gives a solution to detect and eliminate the compromised nodes.
The security analysis and performance evaluation show that the proposed scheme is secure, highly efficient, and lightweight.
A comparison with the logical key hierarchy is preformed to prove the rekeying process efficiency of RiSeG. Finally, we present
the implementation details of RiSeG on top of TelosB sensor nodes to demonstrate its feasibility. 相似文献
20.
In secure group-oriented applications, key management schemes are employed to distribute and update keys such that unauthorized parties cannot access group communications. Key management, however, can disclose information about the dynamics of group membership, such as the group size and the number of joining and departing users. This is a threat to applications with confidential group membership information. This paper investigates techniques that can stealthily acquire group dynamic information from key management. We show that insiders and outsiders can successfully obtain group membership information by exploiting key establishment and key updating procedures in many popular key management schemes. Particularly, we develop three attack methods targeting tree-based centralized key management schemes. Further, we propose a defense technique utilizing batch rekeying and phantom users, and derive performance criteria that describe security level of the proposed scheme using mutual information. The proposed defense scheme is evaluated based on the data from MBone multicast sessions. We also provide a brief analysis on the disclosure of group dynamic information in contributory key management schemes 相似文献