量子密钥分发网络端端密钥协商最优路径选择算法

针对量子密钥分发(QKD)网络端端密钥协商路径选择问题,设计了一种基于改进Dijkstra算法的端端密钥协商最优路径选择算法。首先,基于有效路径策略,剔除网络中的失效链路;然后,基于最短路径策略,通过改进Dijkstra算法,得到密钥消耗最少的多条最短路径;最后,基于最优路径策略,从多条最短路径中选择一条网络服务效率最高的最优路径。分析结果表明,该算法很好地解决了最优路径不唯一、最优路径非最短、最优路径非最优等问题,可以降低QKD网络端端密钥协商时密钥消耗量,提高网络服务效率。     

QKD网络中组密钥协商的研究

传统组密钥协商方法很难满足QKD(Quantum Key Distribution)网络的实用需求。针对这种情况,提出一种适用于多种QKD网络结构的复合式量子组密钥协商方案。该方案将不同结构的QKD网络归为统一的形式,充分利用密钥缓存池中的密钥,在经典信道上完成安全协商过程,最终参与组播通信的QKD设备都能获得一致的组密钥,并将这些密钥分发给用户。与几种传统组密钥协商方案对比,该方案具有很好的安全性和可扩展性,并在绝大数应用环境下具有很高的效率。     

基于Shamir算法的多QKD网络密钥共享策略

量子通信是近年来发展的新型交叉学科,是量子论和信息安全论相结合的新研究领域。量子密钥分发(Quantum Key Distribution,QKD)是最先实用化的量子通信技术,其需求主要包括小型化、低成本、应用场景等。当前应用主要局限于传输距离有限,需要专用基础设施。针对目前存在的问题,基于Shamir密钥共享算法设计了一种密钥共享策略,使处于不同QKD网络内的用户可直接通过量子密钥进行加密通信。     

云计算密钥管理架构研究与设计

针对目前云计算环境中尚缺乏一个完整的密钥管理方案, 分析了云计算环境密钥管理的特殊安全需求, 基于XML密钥管理规范建立了云计算密钥管理框架。设计了云计算密钥管理架构以及各部分模块功能, 提出了基于信任域的工作模式, 对系统进行了性能和安全性分析, 并提出相应的解决方案。实验分析结果表明, 该方案相对于传统PKI系统性能更高, 能够更好地满足云计算密钥管理需求。     

基于密钥矩阵的组播密钥管理方案

安全性是组播应用的基本需求,安全、高效的组播密钥管理方案是保证组播通信安全的关键。该文在分析组播通信安全需求的基础上,提出一种基于密钥矩阵的组播密钥管理方案。该方案利用密钥对进行密钥更新,适合网络拓扑变化频繁、带宽有限的网络需求。通过比较发现,该方案在通信、存储开销以及计算复杂度方面均优于LKH, Iolus等其他方案。     

基于非对称密钥的移动网络密钥协商方案

在一个移动电子商务的解决方案中,尤其要注意加密数据的传送,应使用可靠、高效的加密算法实现安全的密钥管理协议。本文基于非对称密钥,提出基于非对称密钥的移动网络的密钥协商方案,具体分析模拟了该方案在实际移动商务环境中的通信过程,以及成员动态变化时密钥的更新过程。本方案有效的减少了冗余加密数据发送,使密钥更新延时更低,避免密钥过度更新而造成的网络拥塞,提高了密钥管理的安全和效率,适用于在实际移动商务环境中使用。     

移动自组网络安全分布式组密钥管理方案

组密钥管理通过为组成员生成、发送和更新组密钥来满足加密认证等安全需求,许多应用于军事战场、紧急救灾等场合的移动自组网络需要安全组通信支持.然而节点的移动性、链路的不稳定性以及缺乏可信中心等特点使移动自组网络组密钥管理面临巨大的挑战.基于可验证秘密分享机制和门限密码术,提出了一种安全的分布式组密钥管理方案VGK.方案能有效地抵制主动攻击和恶意节点的合谋攻击,而且具有鲁棒性和自适应性的特点.模拟实验表明,敌对环境下该方案中组密钥的更新效率和成功率均优于其它提出的协议.     

一种分布式管理的域密钥方法

传统域密钥管理方案缺乏考虑无线移动网络自身特点给域密钥管理带来的困难,很难直接适用。在分析传统域密钥管理方案不足的基础上,研究具有自恢复能力的域密钥管理,但该类现行方案受更新次数的限制,不能满足大规模无线移动需求。为此,设计了私钥异步更新策略,引入分布式管理框架,对该类方案中具有代表性的北卡罗莱州立大学方案进行改进,使之能更好地适用于大规模无线移动网络。     

QKD网络量子信道管理关键技术研究

随着网络的发展,网络传播的信息日益增多,其中某些信息需要较高的安全性,因此信息加密手段的研究具有重大意义。量子密钥分发(Quantum Key Distribution,QKD)技术基于量子力学中的不可克隆定理,即不可能复制一个未知的量子态而不对其造成扰动,保证了其无条件的安全性,能够实现安全的密钥分发。但目前QKD网络规模较小,不能满足大规模组网的需求。同时,经典网络的路由技术已经不能适应QKD网络,量子信道寻径成为了一个需要解决的问题。鉴于以上问题,提出了一种能够满足较大规模QKD通信的基于光开关切换的QKD网络模型,并重点设计了其网络结构和信令体系,在此基础上设计了一个用于量子信道寻径的先导信号协议,并提出了量子信道管理机制。经实验验证,该模型的性能良好。     

无线传感器网络基于路由的两级密钥管理方案

在现有基于密钥树的密钥预分配协议的基础上,结合传感器节点的路由拓扑,根据不同节点的通信要求,提出一种适用于分簇网络的两级密钥管理方案,簇间采用逐级加密和认证机制,簇内指定一个管理节点负责生成和维护全簇的路由密钥树。结果分析表明,该方案可在保证安全的同时实现高效数据传输。     

Multiple stochastic paths scheme on partially-trusted relay quantum key distribution network

Quantum key distribution (QKD) technology provides proven unconditional point-to-point security based on fundamental quantum physics. A QKD network also holds promise for secure multi-user communications over long distances at high-speed transmission rates. Although many schemes have been proposed so far, the trusted relay QKD network is still the most practical and flexible scenario. In reality, the insecurity of certain relay sections cannot be ignored, so to solve the fatal security problems of partially-trusted relay networks we suggest a multiple stochastic paths scheme. Its features are: (i) a safe probability model that may be more practical for real applications; (ii) a multi-path scheme with an upper bound for the overall safe probability; (iii) an adaptive stochastic routing algorithm to generate sufficient different paths and hidden routes. Simulation results for a typical partially-trusted relay QKD network show that this generalized scheme is effective. Supported by the National Fundamental Research Program of China (Grant No. 2006CB921900), the National Natural Science Foundation of China (Grant Nos. 60537020 and 60621064), the Knowledge Innovation Project of the Chinese Academy of Sciences, and the Chinese Academy of Sciences International Partnership Project     

A reliable QoS-aware routing scheme for neighbor area network in smart grid

A reliable bi-directional communication network is one of the key factors in smart grid (SG) to meet application requirements and improve energy efficiency. As a promising communication infrastructure, wireless mesh network (WMN) can provide high speed and cost-effect communication for SG. However, challenges remain to maintain high reliability and quality of service (QoS) when applying WMNs to SG. In this paper, we first propose a hybrid wireless mesh protocol (HWMP) based neighbor area network (NAN) QoS-aware routing scheme, named HWMP-NQ, to meet the QoS requirements by applying an integrated routing metric to route decision with effective link condition probing and queue optimization. To further improve the reliability of the proposed HWMP-NQ, we present a multi-gateway backup routing scheme along with a routing reliability correction factor to mitigate the impact of routing oscillations. Finally, we evaluate the performances of the proposed schemes on NS3 simulator. Extensive simulations demonstrate that HWMP-NQ can distinguish different applications and satisfy the QoS requirements respectively, and also improve the average packet delivery ratio and throughput with a reduced routing overhead, even with a high failure rate of mesh nodes.     

Link stability estimation based on link connectivity changes in mobile ad-hoc networks

Link stability issue is significant in many aspects, especially for the route selection process in mobile ad-hoc networks (MANETs). Most previous works focus on the link stability in static environments, with fixed sampling windows which are only suitable for certain network topologies. In this paper, we propose a scheme to estimate the link stability based on link connectivity changes, which can be performed on the network layer, without the need of peripheral devices or low layer data. We adopt a variable sized sampling window and propose a method to estimate the link transition rates. The estimation scheme is not restricted to specific network topologies or mobility models. After that, we propose a routing method which adjusts its operating mode based on the estimated link stability. Simulation results show that the proposed scheme can provide correct estimation in both stationary and non-stationary scenarios, and the presented routing protocol outperforms conventional routing schemes without link stability estimation.     

一种基于身份的层次式空间网络组密钥管理方案

随着航天技术、移动通信技术和网络技术的迅速发展以及信息化建设的逐渐深入,空间信息系统也在向着网络化的趋势加速发展,其应用前景受到了极大的关注,故其对安全的要求越来越高。文中提出的基于身份的空间网络组密钥管理方案ID-GKM中,采用分层分组式的组密钥管理机制,方案除了包括常有的组密钥生成分发、密钥更新外,还考虑了私钥更新。在私钥更新部分,采用B&F提出的基于身份的公钥加密机制,提出了适合空间网络的私钥更新机制。该方案能够适应空间网络的层次化架构,满足其对强扩展性、高可靠性等的要求。另外,针对地面终端节点与空间节点不同的特点,提出地面组管理的密钥更新应采用批量更新的方案,该方案结合使用了定期和基于队列更新的思想,且可以考虑采用基于代理重加密的组密钥管理方案来解决LKH方案中组密钥更新时对用户必须在线的要求。     

传感器网络安全研究

由于传感器网络自身的一些特殊需求,加上其节点资源非常有限和网络特征的多样性,其安全问题在很大程度上不同于传统网络.给出了传感器网络的安全体系结构,力图对该领域的研究进行整体的描述.讨论了3个方面的问题:1)所采用的密码体制,如SKE,MAC,PKC等;2)密钥管理中的多种密钥建立算法;3)路由、能耗和容错等多因素相关的综合考虑.最后,简要介绍了其他一些安全问题以及该领域今后的研究热点.     

Algorithm for efficient generation of link-state updates in ATM networks

In the routing framework defined by the ATM Forum Private Network Node Interface (P-NNI) working group, each node broadcasts link-state update (LSU) messages (which include information such as available bandwidth, maximum delay, etc.) about the outgoing links attached to it to other nodes in the network. For each connection request, the source node selects an end-to-end route that meets the quality of service (QoS) requirements of the connection based on the most recent information that it has about network links. Up-to-date information about network links is, therefore, key to making “good” routing decisions. The triggering of LSU broadcasts after adding or removing a single connection on any link would certainly enable optimal paths to be calculated but at a potentially significant cost in processing and bandwidth. A periodic update scheme, on the other hand, might be more preferable since it can be used to bound the frequency of updates at the expense of delaying important updates (such as those reporting large changes in link load). The goal of an efficient LSU generating algorithm is, therefore, to provide “accurate” information on link loads while keeping the number of LSUs under control. In this paper, we investigate the issue of when to broadcast LSUs and its effects to the network performance. A simulation model is built to model the basic routing framework developed at the ATM Forum P-NNI working group. Based on the intuition gained by running the simulation model with different schemes and parameters, a hybrid LSU generating algorithm, combining event-driven and periodic update strategies, is proposed to substantially reduce the number of LSUs generated in the network without a significant negative impact on the network performance. The proposed algorithm is not limited to the P-NNI framework and it can be used in networking technologies that are based on the link-state principles.     

基于自认证公钥的全分布式移动Ad hoc网络密钥管理方案*

针对移动Ad hoc网络中迫切需要解决的安全问题是建立一个安全、高效、可行的密钥管理系统,提出了一种基于自认证公钥,结合全分布式的网络结构的新的适合于Ad hoc网络密钥管理方案。新方案有效地解决了节点间的信任问题,并具有良好的安全性、可用性和扩展性,效率较高,适用于有计划的、长期的Ad hoc网络。