摘要
针对不依赖于专用的硬件设施、网络拓扑结构易变化的服务链进行了研究,提出一种适用于服务链的可认证组密钥管理方案。该方案基于双线性映射的密码体制并结合(t,n)门限的思想,采用身份认证的方法,提高了协议的效率和安全性。该方案在实现组密钥更新的同时也实现了服务链中虚拟网络功能间的连接安全,并对其正确性和安全性进行证明。分析结果表明该方案在保证服务链中各实例一定安全的同时,具有轮数少、通信和计算开销小的优点,适合用于服务链的动态密钥管理。
According to the characteristics of service chaining,such as the one is independent of dedicated hardware and the network topology of service chaining is variable,this paper proposed an authenticated group key management scheme for service chain. The scheme used a bilinear mapping based on the( t,n) threshold. It adopted the method of identity authentication and improved the efficiency and security of the protocol. The scheme completed the key update,at the same time it completed the identity authentication between adjacent virtual network functions. This paper discussed the security and correctness of the scheme. The analysis results show that the scheme can ensure the security of each instance in the service chain. It has the advantages of less number of wheels,less communication and computation overhead. It is suitable for dynamic key management of service chain.
作者
蒋华
姚莹
鞠磊
Jiang Hua;Yao Ying;Ju Lei(Dept.of Communication Enginering,Beijing Electronic Science & Technology Institute,Beijing 100070,China;College of Communication Engineering,Xidian University,Xi ' an 710071,China)
出处
《计算机应用研究》
CSCD
北大核心
2018年第6期1783-1785,共3页
Application Research of Computers
基金
国家自然科学基金资助项目(61640216)
关键词
服务链
组密钥
认证
虚拟网络功能
service chaining
group key
authentication
virtual network funetions
