摘要
针对现有无证书群组密钥协商协议无法在敌手具有替换用户公钥或获知私钥生成中心(key generation center,KGC)主秘密密钥2类攻击能力下满足安全性,该文提出一种显式认证的无证书群组密钥协商协议。该协议通过在第二轮中添加签名消息、签名与群组用户身份集合、第一轮所有广播消息、第二轮用户发送的消息,保证了消息的新鲜性和身份的认证;对协议第二轮消息进行改进,使得敌手无法利用邻居节点进行攻击。分析结果表明:与其他无证书群组密钥协商协议相比,本协议可抗具有2类攻击能力的敌手,且计算量更小。
Current certificateless group key agreement protocols are not secure when adversaries can replace the participants' public keys or the key generation center (KGC) master secret key is known. An improved protocol appends a signature in the second round to eliminate this weakness. The signature is related to the group identity, the broadcast messages in the first round and the computed message in the second round, to ensure the protocol freshness and the entity authenticity. The message in the second round guarantees that the adversary cannot attack the protocol by corrupting neighboring entities. The improved protocol is resilient to these two attacks and is more efficient other certificateless group protocols.
作者
单纯
胡康文
薛静锋
胡昌振
赵小林
SHAN Chun HU Kangwen XUE Jingfeng HU Changzhen ZHAO Xiaolin(Beijing Key Laboratory of Software Security Engineering Technology, School of Software, Beijing Institute of Technology, Beijing 100081, China)
出处
《清华大学学报(自然科学版)》
EI
CAS
CSCD
北大核心
2017年第6期580-585,共6页
Journal of Tsinghua University(Science and Technology)
基金
国家重点研发计划项目(2016YFB0800700)
关键词
无证书
群组密钥协商协议
无线性对
certificateless public key cryptography
group keyagreement
paring-free
