摘要
针对集中式组密钥管理方案具有单失效点和密钥非公平产生等问题提出了一种基于单向函数树的高效分布式组密钥管理方案(D-OFT)。在该方案中,组密钥由所有合法用户共同协商产生,避免了不公平性;同时,该方案中采用分布式管理,不会形成单失效点;密钥更新消息长度保持在O(log n),具有良好的密钥更新效率;此外,方案中提供的用户加入组、离开组、组合并、组分裂等密钥更新算法均满足前向、后向安全性要求。结果表明:D-OFT方案非常适用于无中央控制节点且组成员关系动态变化的中小规模分布式安全组通信系统。
An efficient, secure distributed key management scheme (D-OFT) using a one-way function tree was developed to avoid the single failure point problem and the unfairness in group key generation or refreshment algorithms in centralized group key management schemes. In the D-OFT, all valid users jointly participate in negotiating the group key, thus eliminating the unfairness in the process of generating or refreshing a group key. Moreover, the D-OFT is a distributed scheme, so there is no single failure point. The algorithm also provides efficient key updating with a small re-key message size O(logn). Security and performance analyses show that this scheme meets the required forward and backward secrecy requirements when a new member leaves or joins a group, a subgroup is merged into another subgroup, or a group is partitioned into several subgroups. Hence, the D-OFT scheme can be easily deployed in small or medium size dynamic secure group communication systems with dynamic group membership and no centralized control node.
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2005年第10期1417-1420,共4页
Journal of Tsinghua University(Science and Technology)
基金
国家自然科学基金资助项目(60372019
60473086
90412012
90104002
60218003
60273009)
国家"九七三"基础研究基金项目(2003CB314804)
关键词
分布式密钥管理
单向函数树
组通信
distributed key management
one-way function tree
group communication
