门限技术在组播密钥管理中的应用

目前组播协议以其节省带宽等优点被广泛认可,但在安全性和可靠性方面存在着一些问题。针对组播应用中所涉及到的密钥管理问题,提出一种运用动态门限技术和组播安全代理结合的方案,通过构建一个IP组播安全管理系统来实现组播密钥的分发和恢复,进而讨论了由成员加入和退出引起的密钥更新问题,最后针对该系统给出实验测试并讨论了采用此方案引起的更新代价,说明采用该方案可以较好地解决组播应用中的授权管理问题,实现安全组播。     

基于分级密钥管理的安全组播方案

该文提出了一个新的适用于大型动态组播群组的密钥管理方案,在分级结构中采用Hash链作 为数据传递密钥来实现层与层之间的数据传递,在子组内利用数字信封来实现密钥管理。此方案具有良好的计算、存储性能及动态安全性,为进一步研究提供了一个有价值的参考。     

WSN中同构模型下动态组密钥管理方案

研究了同构网络模型的组密钥管理问题,首次给出了一个明确的、更完整的动态组密钥管理模型,并提出了一种基于多个对称多项式的动态组密钥管理方案。该方案能够为任意多于2个且不大于节点总数的节点组成的动态多播组提供密钥管理功能,解决了多播组建立、节点加入、退出等所引发的与组密钥相关的问题。该方案支持节点移动,具有可扩展性,并很好地解决了密钥更新过程中多播通信的不可靠性。组成员节点通过计算获得组密钥,只需要少量的无线通信开销,大大降低了协商组密钥的代价。分析比较认为,方案在存储、计算和通信开销方面具有很好的性能,更适用于资源受限的无线传感器网络。     

基于LKH混合树模型的新型组播密钥更新方案

安全组播是组播技术走向实用化必须解决的问题。在组成员动态变化时,设计一个高效的密钥管理方案是安全组播研究的主要问题。提出了一种基于新型混合树模型的组播密钥更新方案。该方案将GC的存储开销减小为4,同时,在成员加入或离开组时,由密钥更新引起的通信开销与nm保持对数关系(n为组成员数,m为每一族包含的成员数)。     

组播通信的访问控制和密钥管理

IP组播是一种高效的多目标传输机制.随着网络的发展,组播在网络的应用占据着越来越重要的地位,其应用不断扩展,技术日益成熟.目前,组播作为一个崭新的学术研究领域,在组播路由算法、流量控制、可靠传输等方面的研究已有很多成果,而对于组播安全问题的研究特别是组播通信密钥的研究还很不成熟.本文通过研究绀播通信安全进行深入的研究,对比各种密钥管理方法,研究了可扩展的密钥管理方法.该密钥管理体系采用分层管理结构,采用子管理中心对各个子域进行管理,不仅可以高效地处理组播组成员动态加入和退出,同时,大大减少了密钥管理中心的负担.使该方法可以应用于大型、动态的组播系统.此外,该方法根据现有的网络和组播系统的要求,提出了控制中心由计算机组进行统一调度管理,避免了单点故障的问题,增加了系统的鲁棒性.     

一种安全组播传输策略

IP组播建立在一个非封闭的传输系统上,为了实现安全组播,除了密钥加密信息,还需要下层的通讯子网提供支持,这样才能彻底实现安全封闭的组播通讯。其中讨论了一些流行的密钥管理框架,密钥更新方案以及用户管理机制。通过这些方案可以防止信息泄漏、Dos攻击、组攻击、伪造信息,从而实现了组播的安全通讯。     

A novel batch-based group key management protocol applied to the Internet of Things

Many applications for ad hoc networks are based on a point-to-multipoint (multicast) communication paradigm, where a single source sends common data to many receivers, or, inversely, on a multipoint-to-point communication paradigm, where multiple sources send data to a single receiver. In such scenarios, communication can be secured by adopting a common secret key, denoted as “group key”, shared by multiple communication endpoints. In this work, we propose a novel centralized approach to efficiently distribute and manage a group key in generic ad hoc networks and Internet of Things, while reducing the computational overhead and network traffic due to group membership changes caused by users’ joins and leaves. In particular, the proposed protocol takes advantage of two possible leave strategies: (i) at a pre-determined time selected when the user joins the group or (ii) at an unpredictable time, as in the case of membership revocation. The proposed protocol is applied to two following relevant scenarios: (i) secure data aggregation in Internet of Things (IoT) and (ii) Vehicle-to-Vehicle (V2V) communications in Vehicular Ad hoc Networks (VANETs).     

一种基于混合策略的动态组播密钥管理方案

组播密钥管理是当前组播安全研究的热点问题。在分析现有方案的基础上，考虑一种混合策略：将基于组的层次结构机制Iolus与基于密钥层次结构机制LKH的优点结合起来，提出了一种适合大型动态组播的可扩展的分层分组方式的密钥管理方案。该方案有效地降低了密钥更新的代价，具有较高的效率与较好的可扩展性．适合于解决大型动态组播的密钥管理问题。     

基于智能卡的组播内容保护与支付系统

内容保护问题是实现数字内容网上交易的关键问题。传统的组播密钥管理都假设所有合法组用户可以知道组密钥,这种假设对于商业组播是不现实的。该文设计的组播内容保护和支付系统假设智能卡是安全的,所有攻击者包括持卡人都无法获知智能卡中的私钥和组密钥。系统使用最近提出基于身份加密方案,从而避免了公钥证书的使用。系统可以保证数字内容的安全传输,同时具有用户身份认证、内容认证和密钥管理方面的简单性,系统还支持用户的匿名消费。     

一种基于时间结构树的多播密钥管理方案

随着Internet的发展,多播通信技术得到了广泛的应用.其中组密钥管理是多播安全的核心问题.文中在分析已有研究的基础上,提出了一种基于时间结构树的密钥管理方案,采用周期性的密钥更新机制,通过安全滤波器分配新的组密钥,大大减少了密钥更新时的传输消息,提高了密钥更新的效率,实现密钥更新的可靠性.     

A secure group key management scheme for hierarchical mobile ad hoc networks

In this paper, we present a secure group key management scheme for hierarchical mobile ad hoc networks. Our approach aims to improve both scalability and survivability of group key management for large-scale wireless ad hoc networks. To achieve our goal, we propose the following approaches: (1) a multi-level security model, which follows a modified Bell-La Padula security model that is suitable in a hierarchical mobile ad hoc networking environment, and (2) a decentralized group key management infrastructure to achieve such a multi-level security model. Our approaches reduce the key management overhead and improve resilience to any single point failure problem. In addition, we have developed a roaming protocol that is able to provide secure group communication involving group members from different groups without requiring new keys; an advantage of this protocol is that it is able to provide continuous group communication even when the group manager fails.     

多层组播服务的安全架构

提出了一种适用于多层组播服务的安全架构,介绍了组成员控制、组密钥管理以及数据的安全传输.其安全架构能够提高多层组播服务的安全性和可管理性.     

Huffman-based group key establishment scheme with Location-aware

Time efficiency of key establishment and update is one of the major problems contributory key managements strive to address. To achieve better time efficiency in key establishment, we propose a Location-based Huffman (L-Huffman) scheme. First, users are separated into several small groups to minimize communication cost when they are distributed over large networks. Second, both user’s computation difference and message transmission delay are taken into consideration when Huffman coding is employed to forming the optimal key tree. Third, the combined weights in Huffman tree are located in a higher place of the key tree to reduce the variance of the average key generation time and minimize the longest key generation time. Simulations demonstrate that L-Huffman has much better performance in wide area networks and is a little better in local area network than Huffman scheme.     

A novel key management scheme for dynamic multicast communications

Secure multicasting allows the sender to deliver an identical secret to an arbitrary set of recipients through an insecure broadcasting channel, whereas the unintended recipients cannot obtain the secret. A practical approach for securing multicast communications is to apply a session key to encrypt the transmitted data. However, the challenges of secure multicast are to manage the session keys possessed by a dynamic group of recipients and to reduce the overhead of computation and transmission when the membership is changed. In this paper, we propose a new key management scheme for dynamic multicast communication, which is based on privacy homomorphism and Chinese remainder theorem. Our scheme can efficiently and securely deliver an identical message to multiple recipients. In particular, the complexity of the key update process in our scheme is O(1). Copyright © 2008 John Wiley & Sons, Ltd.     

一种改进的TLCH组播密钥管理方案

TLCH协议是一个适用于安全组播通信且可扩展性较好的组播密钥管理协议。它基于LKH的思想,采用双层的控制者的层次结构,并使用单向函数进行密钥更新,达到了较低的计算开销。使用hash函数对TLCH组播密钥管理方案中成员加入时的密钥更新算法进行改进。与原来的TLCH相比,改进后的TLCH可以进一步降低了通信开销。     

An efficient group key agreement protocol

Group key agreement protocol is important for collaborative and group-oriented application. Recently, for a network that consists of devices with limited resource, group key management has become an issue for secure routing or multicast. In this letter, we present an efficient group key agreement protocol that is an improvement of the Burrnester-Desmedt algorithm. We generalize the Improvement, which doesn't need the same modulus group for discrete logarithm problem.     

Adaptive group multicast with time-driven priority

This paper shows how to provide an adaptive real-time group multicast (many-to-many) communication service. Adaptive means that the number of nodes that transmit to the multicast group is continuously changing. In order to meet deterministic quality-of-service (QoS) requirements of a real-time group multicast, some communication resources are reserved. We show (1) how bandwidth is reserved for each multicast group and (2) how an active source can dynamically share the bandwidth allocated to this multicast group with other active group members. Quality-of-service support for a real-time multicast group is based on time-driven priority. In this scheme the time is divided into time frames of fixed duration, and all the time frames are aligned by using a common global time reference, which can be obtained from the Global Positioning System. Bandwidth is allocated to a multicast group as a whole, rather than individually to each user. The allocation is done by reserving time intervals within time frames in a periodic fashion. This type of allocation raises two problems that are studied in this paper: (1) scheduling: how time intervals are reserved to each multicast group and (2) adaptive sharing: how the active (transmitting) participants can dynamically share the time intervals that have been reserved for their multicast group. The proposed approach is based on the embedding of multiple virtual rings, one for each multicast group. By using the virtual rings, it is simple to route messages to all the participants while minimizing the bound on the buffer sizes and queueing delays. The final part of this paper introduces a scalable growth of the multicast group by adding multiple subtrees to the virtual ring     

基于LKH混合树的组播密钥更新方案

IP组播通信越来越得到广泛的应用，其密钥动态管理是一个值得关注的问题。本文主要对组播密钥更新方案进行分析，并对基于LKH密钥树的更新方案进行了改进。     

Huddle hierarchy based group key management protocol using gray code

Secure and reliable group communication is an active area of research. Its popularity is fuelled by the growing importance of group-oriented and collaborative applications. The central research challenge is secure and efficient group key management. The present paper is based on the huddle hierarchy based secure multicast group key management scheme using the most popular absolute encoder output type code named gray code. The focus is of twofolds. The first fold deals with the reduction of computation complexity which is achieved in this protocol by performing fewer multiplication operations during the key updating process. To optimize the number of multiplication operations, the fast Fourier transform, divide and conquer approach for multiplication of polynomial representation of integers, is used in this proposed work. The second fold aims at reducing the amount of information stored in the Group Center and group members while performing the update operation in the key content. Comparative analysis to illustrate the performance of various key distribution protocols is shown in this paper and it has been observed that this proposed algorithm reduces the computation and storage complexity significantly.     

ID-based group key exchange mechanism for virtual group with microservice

Currently, research on network functions virtualization focuses on using microservices in cloud environments. Previous studies primarily focused on communication between nodes in physical infrastructure. Until now, there is no sufficient research on group key management in virtual environments. The service is composed of microservices that change dynamically according to the virtual service. There are dependencies for microservices on changing the group membership of the service. There is also a high possibility that various security threats, such as data leakage, communication surveillance, and privacy exposure, may occur in interactive communication with microservices. In this study, we propose an ID-based group key exchange (idGKE) mechanism between microservices as one group. idGKE defines the microservices' schemes: group key gen, join group, leave group, and multiple group join. We experiment in a real environment to evaluate the performance of the proposed mechanism. The proposed mechanism ensures an essential requirement for group key management such as secrecy, sustainability, and performance, improving virtual environment security.