面向移动边缘计算的密钥管理协议

Private Key Management Scheme for Mobile Edge Computing

移动边缘计算(Mobile Edge Computing,MEC)将互联网服务环境和云计算技术在网络边缘相结合,为移动用户提供高带宽、低延迟的计算和存储服务.在MEC网络中,移动用户和服务器之间组成一个群组进行通信和数据传输,一旦密钥泄露,将会造成严重的安全隐患和经济损失.通过设计密钥管理协议,可以实现密钥的分发、更新和存储等功能来保护MEC网络隐私安全.然而传统的密钥管理协议不适合MEC网络.因此需要结合MEC网络的物理特性和实际需求,设计面向MEC的密钥管理协议.本文的研究分为两部分:首先构造了一个非交互透明零知识可验证多项式委托并基于该技术设计了一种支持通信秘密可验证、秘密份额可动态更新、服务器节点可动态变化的门限秘密共享协议,保护MEC服务器私钥的安全;然后,提出一种支持用户自由进出,保障网络通信安全的MEC通信密钥管理协议,保护MEC网络中移动用户的通信和数据安全.进一步通过形式化证明和混合仿真游戏对所提协议进行了严格的安全证明,结果表明本文密钥管理协议满足前向安全和后向安全,并可抵抗各类已知攻击.与相关协议的对比结果显示,新协议在提高安全性的同时,保持了较高的效率,适于MEC网络环境.

Mobile edge computing(MEC)combines the Internet service environment and cloud computing technology at the edge of the network to provide mobile users with high bandwidth and low latency computing and storage services.In the MEC network,mobile users and servers form a group for communication and data transmission.Once the private key of the server or the data encryption key of mobile users is leaked,it will cause serious security risks and economic losses,and this loss is often irreversible.By designing the key management protocol for MEC,the functions of key distribution,update,and storage can be realized to protect the privacy and security of the MEC network.However,the node structure in MEC changes dynamically in real-time:on the one hand,with the continuous development of MEC,the servers in the MEC network will be added or replaced;On the other hand,mobile users in the MEC network will frequently join or exit the network.Therefore,key management protocols need to ensure forward security and backward security,and also need to consider resisting collusion attacks in the distributed key management protocol,which brings challenges to how to design the private key management scheme for MEC.In recent years,researchers have proposed a number of distributed network key management protocols,but these key management protocols are not suitable for MEC networks.Because there are a large number of mobile devices in the MEC network,the traditional network key management protocol is difficult to meet the needs of MEC network users for frequent free movement,device location identification,and low communication delay,and it is difficult to be directly applied to MEC network.On the one hand,MEC servers need to securely manage their private keys,which can derive authentication certificates,communication keys,and broadcast keys for mobile users that log in to the MEC network.On the other hand,mobile users and MEC servers need to use data encryption keys to ensure secure communication and data transmission.Therefore,it is necessary to design a key management protocol for MEC based on the physical characteristics and actual requirements of the MEC network.The research of this paper is divided into two parts:firstly,a non-interactive transparent zero-knowledge verifiable polynomial delegate is constructed,and based on this technology,a threshold secret sharing protocol supporting verifiable communication secret,dynamic update of secret share,and dynamic change of server node is designed to protect the security of MEC servers private key;Then,a MEC network key management protocol is proposed to support users’free access and ensure the security of network communication,to protect the communication and data security of mobile users in MEC network.Then we strictly prove the security of the proposed protocol through formal proof and hybrid simulation games.The results show that the private key management scheme for MEC proposed in this paper meets forward security and backward security,and can resist all kinds of known attacks.Compared with related protocols,the results show that the new protocol not only improves security but also maintains high efficiency,which is suitable for the MEC network environment.