机会网络中基于社会属性的按需密钥管理方案

针对机会网络的间歇性连通、快速移动、自组织管理等特征,提出了基于社会属性的按需密钥管理方案。首先利用基于身份的门限签名方案,实现了节点社会属性的自认证。随后结合机会网络的路由特性,节点之间根据社会属性匹配度有选择地颁发身份证书,并建立可度量的信任网。算法在优化证书图的同时,避免了恶意节点可能导致的无效证书链路的生成。实验仿真表明,该方案可提供较高的证书链重构成功率与节点认证可达率,并有效地降低了密钥管理所需的网络开销。     

改进的基于自更新哈希链的认证方案

针对一些节点计算能力、通信带宽等资源受限的分布式自组网,文中介绍了几种常见的认证思想,并分析了它们的优缺点及适用性。通过采用自更新哈希链和对称密钥技术,提出一种改进的基于自更新哈希链的双向认证密钥协商方案。分析表明,该方案不仅具有较高的安全性能,而且避免了传统非对称算法的复杂运算,只进行简单的哈希哈数和对称密钥算法,大大减少了节点的计算和通信开销,在一定程度上满足资源受限网络的认证需求。     

一种基于自更新哈希链的双向认证签名方案

目前,哈希链技术已被广泛地应用于信息安全领域中的实体认证和数据源认证,但是哈希链有限的长度限制了它的应用。为此,提出一种基于自更新哈希链的双向认证签名方案。新方案采用自更新哈希链技术进行认证签名,避免了传统公钥算法的复杂运算,并且实现了哈希链在认证过程中自动平滑更新,达到无限使用的目的,从而显著提高了执行速度。同时,结合双向认证机制,能够有效地抵抗重放攻击和中间人攻击,大大增强了新方案的安全性。     

基于身份密码的机载自组织网络动态密钥管理

针对现有机载自组织网络密钥管理存在的预分配密钥更新困难、公钥证书传递开销大、分布式身份密钥传递需要安全信道的问题,该文提出一种无需安全信道的基于身份密码体制的动态密钥管理方案。该方案包括系统密钥自组织生成和用户私钥分布式管理两个算法;采取遮蔽密钥的办法,确保私钥在公共信道中全程安全传递,使得密钥管理易于部署、方便扩展;最后分析了方案的正确性与安全性。结果证明方案理论正确,能够抵抗假冒、重放、中间人攻击。     

一种隐私保护的安全DTN发布订阅协议

容迟网络是一种新型无线网络技术，近年来与命名数据网络有着融合发展的趋势。这里以发布／订阅多播协议为原型，构造了容迟网络环境下的命名数据网络环境，探讨了该环境下的安全和隐私问题。并进一步提出了基于群签名的数据包隐私保护验证方案，以及基于哈希链的防篡改TTL网络拥塞控制方案，来抵抗泛洪攻击等恶意行为。仿真实验表明基于TTL的网络拥塞控制安全方案可以有效地控制网络中的泛洪攻击等恶意行为，而哈希链方案可以有效防止用篡改TTL的方式来变相阻塞网络。     

车载网中可证安全的无证书聚合签名算法

为了实现车载自组织网络中车辆节点之间信息传输的安全认证,该文设计了一种无证书聚合签名方案。提出的方案采用无证书密码体制,消除了复杂的证书维护成本,同时也解决了密钥托管问题。通过路侧单元生成的假名与周围节点进行通信,实现了车辆用户的条件隐私保护。在随机预言模型下,证明了方案满足自适应选择消息攻击下的存在性不可伪造。然后,分析了方案的实现效率,并模拟实现了车载自组网(VANET)环境中车流密度与消息验证的时间延迟之间的关系。结果表明,该方案满足消息的认证性、匿名性、不可伪造性和可追踪性等性质,并且通信效率高、消息验证的时延短,更适合于动态的车载自组织网络环境。     

无线传感器网络中自治愈的群组密钥管理方案

 群组密钥管理的自治愈机制是保证无线传感器网络在不可靠信道上进行安全群组通信的重要 手段.基于采用双方向密钥链的群组密钥分发与撤销方法,提出了一个无线传感器网络中具有撤销能力的自治愈群组密钥管理方案.该方案实现了群组密钥的自治愈功能和节点撤销能力, 能够满足在较高丢包率的无线通信环境下传感器网络群组密钥管理的安全需求,确保了群组密钥保密性、前向保密性和后向保密性等安全属性.性能分析表明,该方案具有较小的计算和通信开销,能够适用于无线传感器网络.     

Sead协议哈希链机制的分析与改进

由于ADHOC网络是一种特殊的无线网络,其路由安全性显得尤为重要。文中深入研究了ADHOC网络中安全路由协议sead,对其中的哈希链保护机制进行了深入的分析,包括哈希链中链值的传播,哈希链值在节点间的验证机制。在对sead协议哈希链机制深入分析的基础上,发现其重新生成新链后所带来的哈希链过长以及其链值利用率低的问题,并提出了一个解决方案,节省了资源空间,提高了资源利用率。     

Ad hoc网中基于哈希的对偶密钥预分配方案

随机密钥预分配是无线Ad hoc网络中最有效的密钥管理机制。提出了一个适用于Ad hoc网络的基于哈希函数的对偶密钥预分配方案。方案利用哈希函数的单向性,由哈希链形成密钥池,节点仅需预分发数量较少的密钥,就能与邻近节点有效建立对偶密钥。方案具有较低的存储成本与计算开销,同时能达到完全连通性,并能动态管理节点与密钥。分析表明,方案具有较好的有效性和安全性,更适合Ad hoc网络。     

一种强不可伪造无证书签名方案的密码学分析与改进

无证书密码体制是无线网络中一种非常有效安全保护工具.2016年,Hung等人提出了标准模型下一种强不可伪造性的无证书签名方案,该方案声称在抗哈希碰撞问题和计算Diffle-Hellman困难问题假设下是安全不可伪造的.事实上,该方案对类型II敌手是不安全的.本文给出对Hung等的方案的安全性分析,并证明对于类型II敌手可以伪造出合法签名,针对存在问题提出一种改进的无证书签名方案.     

Self-healing group-wise key distribution schemes with time-limited node revocation for wireless sensor networks

In this article two novel group-wise key distribution schemes with time-limited node revocation are introduced for secure group communications in wireless sensor networks. The proposed key distribution schemes are based on two different hash chain structures, dual directional hash chain and hash binary tree. Their salient security properties include self-healing rekeying message distribution, which features a periodic one-way rekeying function with efficient tolerance for lost rekeying messages; and time-limited dynamic node attachment and detachment. Security evaluation shows that the proposed key distribution schemes generally satisfy the requirement of group communications in WSNs with lightweight communication and computation overhead, and are robust under poor communication channel quality.     

A heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks

A mobile ad hoc network does not require fixed infrastructure to construct connections among nodes. Due to the particular characteristics of mobile ad hoc networks, most existing secure protocols in wired networks do not meet the security requirements for mobile ad hoc networks. Most secure protocols in mobile ad hoc networks, such as secure routing, key agreement and secure group communication protocols, assume that all nodes must have pre‐shared a secret, or pre‐obtained public‐key certificates before joining the network. However, this assumption has a practical weakness for some emergency applications, because some nodes without pre‐obtained certificates will be unable to join the network. In this paper, a heterogeneous‐network aided public‐key management scheme for mobile ad hoc networks is proposed to remedy this weakness. Several heterogeneous networks (such as satellite, unmanned aerial vehicle, or cellular networks) provide wider service areas and ubiquitous connectivity. We adopt these wide‐covered heterogeneous networks to design a secure certificate distribution scheme that allows a mobile node without a pre‐obtained certificate to instantly get a certificate using the communication channel constructed by these wide‐covered heterogeneous networks. Therefore, this scheme enhances the security infrastructure of public key management for mobile ad hoc networks. Copyright © 2006 John Wiley & Sons, Ltd.     

一种基于冗余路径的自组网密钥管理方案研究

基于部分分布式门限机制的密钥管理方案能提供高的安全性,但认证成功率较低,可扩展性差;基于证书链的密钥管理方案适合自组网的特点,但不能满足高安全要求的应用环境.在Hubaux证书链方案的基础上,文中提出了基于冗余路径的自组网密钥管理方案,该方案提高了系统的安全性,防止了不诚实节点的欺骗攻击;仿真结果表明,通过增加本地节点存储的证书数量,可以达到较高的认证成功率,满足自组网应用的高安全要求.     

One-way hash chain-based self-healing group key distribution scheme with collusion resistance capability in wireless sensor networks

In order to resolve the collusion resistance problem in the one-way hash chain-based self-healing group key distribution schemes and improve the performance of previous self-healing group key distribution schemes, we propose a self-healing group key distribution scheme based on the revocation polynomial and a special one-way hash key chain for wireless sensor networks (WSNs) in this paper. In our proposed scheme, by binding the time at which the user joins the group with the capability of recovering previous group session keys, a new method is addressed to provide the capability of resisting the collusion attack between revoked users and new joined users, and a special one-way hash chain utilization method and some new methods to construct the personal secret, the revocation polynomial and the key updating broadcast packet are presented. Compared with existing schemes under same conditions, our proposed scheme not only supports more revoked users and sessions, but also provides a stronger security. Moreover, our proposed scheme reduces the communication overhead, and is especially suited for a large scale WSN in bad environments where a strong collusion attack resistance capability is required and many users will be revoked.     

簇式传感器网络的可认证动态密钥管理方案

Secure sensor networks has received much attention in the last few years. A sensor network always
works unattended possibly in a hostile environment such as a battlefield. In such environments, sensor networks are subject to node capture. Constrained energy,memory, and computational capabilities of sensor nodes mandate a clever design of security solutions to minimize overhead while maintaining secure communication over the lifespan of the network. In this paper, an authenticated dynamic key management scheme, ADKM has been proposed. It provides efficient, scalable, and survivable dynamic keying in a clustered sensor network with a large number of sensor nodes. ADKM employs a combinatorial exclusion basis system (EBS) for efficiency and one-way hash chains for authentication. Analysis of security and performance demonstrate that ADKM is efficient in security of sensor networks.     

基于分级密钥管理的安全组播方案

该文提出了一个新的适用于大型动态组播群组的密钥管理方案,在分级结构中采用Hash链作 为数据传递密钥来实现层与层之间的数据传递,在子组内利用数字信封来实现密钥管理。此方案具有良好的计算、存储性能及动态安全性,为进一步研究提供了一个有价值的参考。     

An efficient group key management protocol using code for key calculation: CKC

This paper presents a new group key management protocol, CKC (Code for Key Calculation) for secure IP multicast. In this protocol which is based on logical key hierarchy, only the group key needs to be sent to new member at join. Then, using the group key current members and the new member calculate the necessary keys by node codes and one-way hash function. A?node code is a random number assigned to each node to help users calculate necessary keys. Again, at leave server just sends the new group key to the remaining members. By this key, members calculate necessary keys using node codes and one-way hash function. The security of the keys is based on one-wayness of hash function. The results show that CKC reduces computational and communication overhead, and message size largely at join without increasing them at leave.     

移动社交网络中一种朋友发现的隐私安全保护策略

在移动社交网络中分享用户特征属性配置文件能够迅速找到与用户特征属性相同的朋友。然而,配置文件通常包含用户的敏感隐私信息,如果被恶意攻击者截获将有可能造成不可预计的后果。该文提出一种基于用户伪身份匿名与哈希值比对认证的双重握手机制的隐私保护方案,结合身份权限认证、单向哈希散列函数、密钥协商等技术保证恶意攻击者无法通过身份欺骗、伪造特征属性、窃听安全信道等方式获取用户配置文件的真实内容,从而保证用户的个人隐私不被泄漏。依靠可信第三方服务器强大的计算和抗攻击能力, 减轻智能用户终端计算负担和安全风险。安全分析和实验分析表明,该方案更具有隐私性、消息不可抵赖性和可验证性,比传统的解决方案更有效。     

安全高效的空间信息网中密钥管理方案

空间信息网是卫星通信系统的进一步发展,安全高效的密钥管理是保障空间信息网内安全通信的关键。分析了空间信息网中密钥管理方案的安全需求,提出了按需建立密钥的思想,并依据该思想提出一个适用于空间信息网的安全高效的密钥管理方案。方案采用完全分布式的管理模式,每个结点管理并维护自己的密钥列表,方案具有认证安全性、前向保密性等安全性特征。仿真结果表明,与现有的空间信息网密钥管理方案相比,该方案在网络规模较大时能极大地降低通信开销,具有良好的通信效率。     

Self-healing group key distribution with time-limited node revocation for wireless sensor networks

A novel key distribution scheme with time-limited node revocation is proposed for secure group communications in wireless sensor networks. The proposed scheme offers two important security properties: the seal-healing re-keying message distribution which features periodic one-way re-keying with implicitly authentication, efficient tolerance for the lost re-keying messages, and seamless Traffic Encryption Key (TEK) switch without disrupting ongoing data transmissions; and the time-limited dynamic node attachment and detachment, so that both forward and backward secrecy is assured by dual directional hash chains. It is shown that the communication and computation overhead of the proposed protocol is light, and the protocol is robust under poor communication channel quality and frequent group node topology change.