基于单向函数树的高效分布式组密钥管理方案

针对集中式组密钥管理方案具有单失效点和密钥非公平产生等问题提出了一种基于单向函数树的高效分布式组密钥管理方案(D-OFT)。在该方案中,组密钥由所有合法用户共同协商产生,避免了不公平性;同时,该方案中采用分布式管理,不会形成单失效点;密钥更新消息长度保持在O(log n),具有良好的密钥更新效率;此外,方案中提供的用户加入组、离开组、组合并、组分裂等密钥更新算法均满足前向、后向安全性要求。结果表明:D-OFT方案非常适用于无中央控制节点且组成员关系动态变化的中小规模分布式安全组通信系统。

Efficient distributed group key management scheme using a one-way function tree

An efficient,secure distributed key management scheme(D-OFT) using a one-way function tree was developed to avoid the single failure point problem and the unfairness in group key generation or refreshment algorithms in centralized group key management schemes.In the D-OFT,all valid users jointly participate in negotiating the group key,thus eliminating the unfairness in the process of generating or refreshing a group key.Moreover,the D-OFT is a distributed scheme,so there is no single failure point.The algorithm also provides efficient key updating with a small re-key message size O(log n.Security and performance analyses show that this scheme meets the required forward and backward secrecy requirements when a new member leaves or joins a group,a subgroup is merged into another subgroup,or a group is partitioned into several subgroups.Hence,the D-OFT scheme can be easily deployed in small or medium size dynamic secure group communication systems with dynamic group membership and no centralized control node.