基于分布式路径计算单元的多域光网络组密钥管理方案

针对分布式路径计算单元(PCE)架构下多域光网络的通信特点和密钥管理需求,提出一种该架构下的组密钥管理方案。首先使用超图理论对分布式PCE架构下的多域光网络密钥关系进行建模得到两层式密钥超图;然后在自治域层采用基于自认证公钥密码体制和成员过滤技术的密钥管理方法,在PCE层采用基于椭圆曲线密码体制的组密钥协商方法;最后完成密钥的产生、分发、更新和动态管理,较好地解决了成员的私钥保密性问题和第三方节点的冒充问题,减少了密钥更新时的计算开销。性能分析显示,该方案具有前向安全性、后向安全性、密钥保密性和抗合谋攻击等特点,与典型的分散式方案相比,在密钥存储量、加解密次数和通信开销等方面取得了较优的性能。

Group key management scheme based on distributed path computing element in multi-domain optical network

A group key management scheme based on distributed Path Computation Element (PCE) architecture was proposed aiming at the communication characteristics and key management requirement of multi-domain optical networks in PCE architecture. Firstly, the key relation of multi-domain optical network under distributed PCE architecture was modeled as a two-layer key hypergraph by using hypergraph theory. Then, the key management method based on self-authenticated public key cryptosystem and member filtering technique was adopted in the autonomous domain layer and the group key agreement method based on elliptic curve cryptosystem was adopted in the PCE layer. Finally, the generation, distribution, update and dynamic management of the key were completed, and the confidentiality problem of the private key of member and the impersonation problem of the third party node were well solved. At the same time, the computational overhead of key update was reduced. The performance analysis shows that the proposed scheme has forward security, backward security, private key confidentiality and is against collusion attack. Compared with the typical decentralized scheme, the proposed scheme achieves better performance in terms of key storage capacity, encryption/decryption times and communication overhead.