在深入分析MANET组通信安全需求和已有工作的基础上,基于门限秘密分享机制和门限RSA方案,提出了分布式安全组通信协议DSGCP(Distributed Secure Group Communication Protocol)。该协议避免了组密钥管理的单点失效问题,降低了节点移动...在深入分析MANET组通信安全需求和已有工作的基础上,基于门限秘密分享机制和门限RSA方案,提出了分布式安全组通信协议DSGCP(Distributed Secure Group Communication Protocol)。该协议避免了组密钥管理的单点失效问题,降低了节点移动性和链路可靠性对于组密钥管理的影响,适应网络拓扑变化的特点,抗毁性强。描述了协议的组通信密钥更新算法、组控制密钥更新算法和合作解密算法,刻画了协议报文格式和主要协议过程,并基于实际Ad-hoc网络进行了协议实现和协议性能测试。展开更多
Simple authenticated key agrcement algorithm is one of the Diffie-Hellman key agreement variations. It prevents man-inthe-middle attack with only two more packets required to agree on the secret session key, but it ha...Simple authenticated key agrcement algorithm is one of the Diffie-Hellman key agreement variations. It prevents man-inthe-middle attack with only two more packets required to agree on the secret session key, but it has some weaknesses. In this paper, a new enhanced simple authenticated key agreement algorithm is proposed to overcome these weaknesses on the basis of analyzing the weaknesses of the related protocols. The new enhanced simple authenticated key agreement algorithm can get over replay attack and password guessing attack, provide perfect forward secrecy, and hold the merits of the simple authenticated key agreement algorithm.展开更多
IPsec has become an important supplement of IP to provide security protection. However, the heavyweight IPsec has a high transmission overhead and latency, and it cannot provide the address accountability. We propose ...IPsec has become an important supplement of IP to provide security protection. However, the heavyweight IPsec has a high transmission overhead and latency, and it cannot provide the address accountability. We propose the self-trustworthy and secure Internet protocol(T-IP) for authenticated and encrypted network layer communications. T-IP has the following advantages:(1) Self-Trustworthy IP address.(2) Low connection latency and transmission overhead.(3) Reserving the important merit of IP to be stateless.(4) Compatible with the existing TCP/IP architecture. We theoretically prove the security of our shared secret key in T-IP and the resistance to the known session key attack of our security-enhanced shared secret key calculation. Moreover, we analyse the possibility of the application of T-IP, including its resilience against the man-in-the-middle attack and Do S attack. The evaluation shows that T-IP has a much lower transmission overhead and connection latency compared with IPsec.展开更多
基金现代通信重点实验室基金(No.51436050605KG0102)国家高技术研究发展计划(863)(the National High-Tech Research and Development Plan of China under Grant No.2006AA01Z213)国家自然科学基金(the National Natural Science Foundation of China under Grant No.60673169)。
文摘在深入分析MANET组通信安全需求和已有工作的基础上,基于门限秘密分享机制和门限RSA方案,提出了分布式安全组通信协议DSGCP(Distributed Secure Group Communication Protocol)。该协议避免了组密钥管理的单点失效问题,降低了节点移动性和链路可靠性对于组密钥管理的影响,适应网络拓扑变化的特点,抗毁性强。描述了协议的组通信密钥更新算法、组控制密钥更新算法和合作解密算法,刻画了协议报文格式和主要协议过程,并基于实际Ad-hoc网络进行了协议实现和协议性能测试。
基金This work was supported by National"863"High Technology Research and Development Programof China under grant 2002AA145090
文摘Simple authenticated key agrcement algorithm is one of the Diffie-Hellman key agreement variations. It prevents man-inthe-middle attack with only two more packets required to agree on the secret session key, but it has some weaknesses. In this paper, a new enhanced simple authenticated key agreement algorithm is proposed to overcome these weaknesses on the basis of analyzing the weaknesses of the related protocols. The new enhanced simple authenticated key agreement algorithm can get over replay attack and password guessing attack, provide perfect forward secrecy, and hold the merits of the simple authenticated key agreement algorithm.
基金supported by the national key research and development program under grant 2017YFB0802301Guangxi cloud computing and large data Collaborative Innovation Center Project
文摘IPsec has become an important supplement of IP to provide security protection. However, the heavyweight IPsec has a high transmission overhead and latency, and it cannot provide the address accountability. We propose the self-trustworthy and secure Internet protocol(T-IP) for authenticated and encrypted network layer communications. T-IP has the following advantages:(1) Self-Trustworthy IP address.(2) Low connection latency and transmission overhead.(3) Reserving the important merit of IP to be stateless.(4) Compatible with the existing TCP/IP architecture. We theoretically prove the security of our shared secret key in T-IP and the resistance to the known session key attack of our security-enhanced shared secret key calculation. Moreover, we analyse the possibility of the application of T-IP, including its resilience against the man-in-the-middle attack and Do S attack. The evaluation shows that T-IP has a much lower transmission overhead and connection latency compared with IPsec.