Physical-layer secret key generation(PSKG)provides a lightweight way for group key(GK)sharing between wireless users in large-scale wireless networks.However,most of the existing works in this field consider only grou...Physical-layer secret key generation(PSKG)provides a lightweight way for group key(GK)sharing between wireless users in large-scale wireless networks.However,most of the existing works in this field consider only group communication.For a commonly dual-task scenario,where both GK and pairwise key(PK)are required,traditional methods are less suitable for direct extension.For the first time,we discover a security issue with traditional methods in dual-task scenarios,which has not previously been recognized.We propose an innovative segment-based key generation method to solve this security issue.We do not directly use PK exclusively to negotiate the GK as traditional methods.Instead,we generate GK and PK separately through segmentation which is the first solution to meet dual-task.We also perform security and rate analysis.It is demonstrated that our method is effective in solving this security issue from an information-theoretic perspective.The rate results of simulation are also consistent with the our rate derivation.展开更多
The expanding and ubiquitous availability of the Internet of Things(IoT)have changed everyone’s life easier and more convenient.Same time it also offers a number of issues,such as effectiveness,security,and excessive...The expanding and ubiquitous availability of the Internet of Things(IoT)have changed everyone’s life easier and more convenient.Same time it also offers a number of issues,such as effectiveness,security,and excessive power consumption,which constitute a danger to intelligent IoT-based apps.Group managing is primarily used for transmitting and multi-pathing communications that are secured with a general group key and it can only be decrypted by an authorized group member.A centralized trustworthy system,which is in charge of key distribution and upgrades,is used to maintain group keys.To provide longitudinal access controls,Software Defined Network(SDN)based security controllers are employed for group administration services.Cloud service providers provide a variety of security features.There are just a few software security answers available.In the proposed system,a hybrid protocols were used in SDN and it embeds edge system to improve the security in the group communication.Tree-based algorithms compared with Group Key Establishment(GKE)and Multivariate public key cryptosystem with Broadcast Encryption in the proposed system.When all factors are considered,Broadcast Encryption(BE)appears to become the most logical solution to the issue.BE enables an initiator to send encrypted messages to a large set of recipients in a efficient and productive way,meanwhile assuring that the data can only be decrypted by defining characteristic.The proposed method improves the security,efficiency of the system and reduces the power consumption and minimizes the cost.展开更多
By introducing XOR operation and one-way function chains to group key management schemes based on the keys tree, a new group key management scheme based on the keys tree, XOR operation and one-way function chains is p...By introducing XOR operation and one-way function chains to group key management schemes based on the keys tree, a new group key management scheme based on the keys tree, XOR operation and one-way function chains is proposed. Initialization, member adding and member evicting operations are introduced. The new scheme is compared with three other group key management schemes which are based on the keys tree: SKDC, LKH, and OFF. As far as transmission, computation and storage costs are concerned, the performance of the new group key management scheme is the best. The security problem of the new scheme is analyzed. This new scheme provides backward and forward security, i.e.. newly admitted group members cannot read previous multicast messages and evicted members cannot read future multicast messages, even with collusion by many arbitrarily evicted members.展开更多
Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present ...Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present an efficient constant-round group key exchange protocol, which is provably secure under the intractability of computation Diffie-Hellman problem. Our protocol is a contributory key exchange with perfect forward secrecy and has only two communication rounds. So it is more efficient than other protocols. Moreover, our protocol provides a method to design efficient constant-round group key exchange protocols and most secret sharing schemes could be adopted to construct our protocol.展开更多
The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key managemen...The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.展开更多
Intelligent transportation system (ITS) is proposed as the most effective way to improve road safety and traffic efficiency. However, the future of ITS for large scale transportation infrastructures deployment highl...Intelligent transportation system (ITS) is proposed as the most effective way to improve road safety and traffic efficiency. However, the future of ITS for large scale transportation infrastructures deployment highly depends on the security level of vehicular communication systems (VCS). Security applications in VCS are fulfilled through secured group broadcast. Therefore, secure key management schemes are considered as a critical research topic for network security. In this paper, we propose a framework for providing secure key management within heterogeneous network. The seeurity managers (SMs) play a key role in the framework by retrieving the vehicle departnre infi^rmation, encapsulating block to transport keys and then executing rekeying to vehicles within the same security domain. The first part of this framework is a novel Group Key Management (GKM) scheme basing on leaving probability (LP) of vehicles to depart current VCS region. Vehicle's LP factor is introduced into GKM scheme to achieve a more effieient rekeying scheme and less rekeying costs. The second component of the framework using the blockchain concept to simplify the distributed key management in heterogeneous VCS domains. Extensive simulations and analysis are provided to show the effectiveness and effieiency of the proposed framework: Our GKM results demonstrate that probability-based BR reduees rekeying eost compared to the benchmark scheme, while the blockchain deereases the time eost of key transmission over heterogeneous net-works.展开更多
The m ajor advantages of EBS-based key rrkanagerrent scheme are its enhanced network survivability, high dynamic performance, and better support for network expansion. But it suffers from the collusion problem, which ...The m ajor advantages of EBS-based key rrkanagerrent scheme are its enhanced network survivability, high dynamic performance, and better support for network expansion. But it suffers from the collusion problem, which means it is prone to the cooperative attack of evicted members. A novel EBS-based collusion resistant group management scheme utilizing the construction of Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is proposed. The new scheme satisfies the desired security properties, such as forward secrecy, backward secrecy and collusion secrecy. Compared with existing EBS-based key rmnagement scheme, the new scheme can resolve EBS collusion problem completely. Even all evicted members work together, and share their individual piece of information, they could not access to the new group key. In addition, our scheme is more efficient in terms of conmnication and computation overhead when the group size is large. It can be well controlled even in the case of large-scale application scenarios.展开更多
Secure and reliable group communication is an increasingly active research area by growing popularity in group-oriented and collaborative applications. In this paper, we propose the first identity-based authenticated ...Secure and reliable group communication is an increasingly active research area by growing popularity in group-oriented and collaborative applications. In this paper, we propose the first identity-based authenticated group key agreement in multiple private key generators (PKG) environment. It is inspired on a new two-party identity-based key agreement protocol first proposed by Hoonjung Lee et al. In our scheme, although each member comes from different domain and belongs to different PKGs which do not share the common system parameters, they can agree on a shared secret group key. We show that our scheme satisfies every security requirements of the group key agreement protocols.展开更多
Group Key Agreement(GKA)is a cryptographic primitive allowing two or more entities to negotiate a shared session key over public networks.In existing GKA models,it is an open problem to construct a one-round multi-par...Group Key Agreement(GKA)is a cryptographic primitive allowing two or more entities to negotiate a shared session key over public networks.In existing GKA models,it is an open problem to construct a one-round multi-party GKA protocol.Wu et al.recently proposed the concept of asymmetric group key agreement(ASGKA)and realized a one-round ASGKA protocol,which affirmatively answers the above open problem in a relaxed way.However,the ASGKA protocol only applies to static groups.To fill this gap,this paper proposes an extended ASGKA protocol based on the Wu et al.protocol.The extension allows any member to join and leave at any point,provided that the resulting group size is not greater than n.To validate the proposal,extensive experiments are performed and the experimental results show that our protocol is more effective than a plain realization of the Wu et al.protocol for dynamic groups.The extended protocol is also more efficient than the up-to-date dynamic GKA protocol in terms of communication and computation.展开更多
Group key distribution is faced with two important problems, i.e. reliability and scalability, to support security multicast for large and dynamic groups. With group member increasing, traditional reliable multicast p...Group key distribution is faced with two important problems, i.e. reliability and scalability, to support security multicast for large and dynamic groups. With group member increasing, traditional reliable multicast protocol can not deal with them fully. Gossip-based group key distribution idea for wide-area dissemination was provided. It is based on an gossip-based loss recovery control mechanism. It can provide a probabilistic reliable guarantee for a information dissemination to reach every group member, which can achieve scalability and reliability. To achieve full reliability, three layers protocol model in group key distribution was provided. One is best effect layer, which provides unreliable dissemination. Other is gossip-based loss recovery layer, which provides probabilistic reliable guarantee. Last is vsync-based layer, which provide deterministic loss recovery. We integrate probabilistic loss recovery method with deterministic one. The model possess scalability that probabilistic method has and full reliability prosthesis by vsync-based. To evaluate the effectiveness of gossip technique in scalable and reliable multicast protocols. We have compared gossip protocol with other reliable multicast protocols. Experimental result shows that gossip protocol has better scalability than other.展开更多
The security issue is always the most important concern of networked client-server application. On the putpose to build the secure group communication among of a group of client users and one server, in this paper, we...The security issue is always the most important concern of networked client-server application. On the putpose to build the secure group communication among of a group of client users and one server, in this paper, we will present a new password-based group key agreement protocol. Our protocol will meet simplicity, efficiency, and many desired security properties.展开更多
The authentication and privacy of a group member is important in multicast communication. This paper proposes a privacy-preserving authenticated group-key management protocol for the Mobile Peer-to-Peer Network ( MP2...The authentication and privacy of a group member is important in multicast communication. This paper proposes a privacy-preserving authenticated group-key management protocol for the Mobile Peer-to-Peer Network ( MP2PN ). The MP2PN contains some super peers and each super peer controls a subgroup composed of regular peers. An efficient attribute-based signature based on Cipertext-Policy Attribute-Based Encryption (CP-ABE) is proposed and used in this group-key rmnagement protocol to authenticate a peer's at- tributes and identity. A peer can be described by a set of attributes or one unique special identity at- tribute. Peers that have some attributes in common can form a group and conmmnicate with each other anonymously and securely. Any super peer can initiate a group and act as a group controller. The group controller can authenticate a peer's attributes and identity as well as remove malicious peers. Any peer with attributes that rmtches the access structure can join the group and provide its input to form the group key. The proposed protocol pro- vides backward and forward secrecy. The sinmlation results show that this protocol is applicable for mobile devices and can meet the MP2PN requirements of group communication.展开更多
We present a provably secure authenticated tree based key agreement scheme for multicast. There is a wide variety of applications that can benefit from using our scheme, e. g. , pay-Tv, teleconferencing, software upda...We present a provably secure authenticated tree based key agreement scheme for multicast. There is a wide variety of applications that can benefit from using our scheme, e. g. , pay-Tv, teleconferencing, software updates. Compared with the previous published schemes, our scheme provides group member authentication without introducing additional mechanism. Future, we give the security proof of our scheme under the random oracle model.展开更多
Two ID-based authenticated group key agreement schemes, proposed by Choi et al and Du et al, are insecure against an impersonation attack and th ey only discussed the static group. This paper proposed a variant of BD ...Two ID-based authenticated group key agreement schemes, proposed by Choi et al and Du et al, are insecure against an impersonation attack and th ey only discussed the static group. This paper proposed a variant of BD protocol , which is fully authenticated by a proven-secure ID-based signature scheme. T he protocol can res ist the impersonation attack, and other security attributes are also satisfied. Compared with Choi et al and Du et al schemes, the proposed one is mor e efficient and applicable for dynamic groups.展开更多
Cloud data sharing service, which allows a group of people to work together to access and modify the shared data, is one of the most popular and efficient working styles in the enterprises. However, the cloud server i...Cloud data sharing service, which allows a group of people to work together to access and modify the shared data, is one of the most popular and efficient working styles in the enterprises. However, the cloud server is not completely trusted, and its security could be compromised by monetary reasons or caused by hacking and hardware errors. Therefore, despite of having advantages of scalability and flexibility, cloud storage service comes with privacy and the security concerns. A straightforward method to protect the user's privacy is to encrypt the data stored at the cloud. To enable the authenticated users to access the encrypted cloud data, a practical group key management algorithm for the cloud data sharing application is highly desired. The existing group key management mechanisms presume that the server is trusted. But, the cloud data service mode does not always meet this condition. How to manage the group keys to support the scenario of the cloud storage with a semi-trusted cloud server is still a challenging task. Moreover, the cloud storage system is a large-scale and open application, in which the user group is dynamic. To address this problem, we propose a practical group key management algorithm based on a proxy re-encryption mechanism in this paper. We use the cloud server to act as a proxy tore-encrypt the group key to allow authorized users to decrypt and get the group key by their private key. To achieve the hierarchical access control policy, our scheme enables the cloud server to convert the encrypted group key of the lower group to the upper group. The numerical analysis and experimental results further validate the high efficiency and security of the proposed scheme.展开更多
Canetti and Herzog have already proposed universally composable symbolic analysis(UCSA) to analyze mutual authentication and key exchange protocols. However,they do not analyze group key exchange protocol. Therefore,t...Canetti and Herzog have already proposed universally composable symbolic analysis(UCSA) to analyze mutual authentication and key exchange protocols. However,they do not analyze group key exchange protocol. Therefore,this paper explores an approach to analyze group key exchange protocols,which realize automation and guarantee the soundness of cryptography. Considered that there exist many kinds of group key exchange protocols and the participants’ number of each protocol is arbitrary. So this paper takes the case of Burmester-Desmedt(BD) protocol with three participants against passive adversary(3-BD-Passive) . In a nutshell,our works lay the root for analyzing group key exchange protocols automatically without sacrificing soundness of cryptography.展开更多
As the wireless medium is characterized by its lossy nature, reliable communication cannot be assumed in the key management scheme. Therefore self-healing is a good property for key distribution scheme in wireless app...As the wireless medium is characterized by its lossy nature, reliable communication cannot be assumed in the key management scheme. Therefore self-healing is a good property for key distribution scheme in wireless applications. A new self-healing key distribution scheme was proposed, which is optimal in terms of user memory storage and efficient in terms of communication complexity.展开更多
Group key management technique is a fundamental building block for secure and reliable group communication systems.In order to successfully achieve this goal, group session key needs to be generated and distributed to...Group key management technique is a fundamental building block for secure and reliable group communication systems.In order to successfully achieve this goal, group session key needs to be generated and distributed to all group members in a secure and authenticated manner.The most commonly used method is based on Lagrange interpolating polynomial over the prime field F p={0,1,2,…, p-1}. A novel approach to group key transfer protocol based on a category of algebraic-geometry code is presented over the infinite field GF(2 m). The attractive advantages are obvious. Especially, the non-repeatability, confidentiality, and authentication of group key transfer protocols are obtained easily. Besides, a more generalized and simple mathematical construction model is proposed which also can be applied perfectly to related fields of information security.展开更多
Group key exchange protocols are basic protocols to provide privacy and integrity in secure group communication. This paper discusses the security of one type of group key exchange protocols and defines the kind of pr...Group key exchange protocols are basic protocols to provide privacy and integrity in secure group communication. This paper discusses the security of one type of group key exchange protocols and defines the kind of protocols as broadcaster group protocols. It points out two attacks on this kind of protocols. The first attack can be avoided by using fresh values in each action during one session of the group protocol. The second attack should be related with concrete application. It also proposes a dynamic key agreement protocol as an example of solutions at the last part of the paper.展开更多
Time efficiency of key establishment and update is one of the major problems contributory key managements strive to address.To achieve better time efficiency in key establishment,we propose a Location-based Huffman(L-...Time efficiency of key establishment and update is one of the major problems contributory key managements strive to address.To achieve better time efficiency in key establishment,we propose a Location-based Huffman(L-Huffman) scheme.First,users are separated into several small groups to minimize communication cost when they are distributed over large networks.Second,both user's computation difference and message transmission delay are taken into consideration when Huffman coding is employed to forming the optimal key tree.Third,the combined weights in Huffman tree are located in a higher place of the key tree to reduce the variance of the average key generation time and minimize the longest key generation time.Simulations demonstrate that L-Huffman has much better performance in wide area networks and is a little better in local area network than Huffman scheme.展开更多
基金supported in part by the National Key R&D Program of China(No.2022YFB2902202)in part by the Fundamental Research Funds for the Central Universities(No.2242023K30034)+2 种基金in part by the National Natural Science Foundation of China(No.62171121,U22A2001),in part by the National Natural Science Foundation of China(No.62301144)in part by the National Natural Science Foundation of Jiangsu Province,China(No.BK20211160)in part by the Southeast University Startup Fund(No.4009012301)。
文摘Physical-layer secret key generation(PSKG)provides a lightweight way for group key(GK)sharing between wireless users in large-scale wireless networks.However,most of the existing works in this field consider only group communication.For a commonly dual-task scenario,where both GK and pairwise key(PK)are required,traditional methods are less suitable for direct extension.For the first time,we discover a security issue with traditional methods in dual-task scenarios,which has not previously been recognized.We propose an innovative segment-based key generation method to solve this security issue.We do not directly use PK exclusively to negotiate the GK as traditional methods.Instead,we generate GK and PK separately through segmentation which is the first solution to meet dual-task.We also perform security and rate analysis.It is demonstrated that our method is effective in solving this security issue from an information-theoretic perspective.The rate results of simulation are also consistent with the our rate derivation.
文摘The expanding and ubiquitous availability of the Internet of Things(IoT)have changed everyone’s life easier and more convenient.Same time it also offers a number of issues,such as effectiveness,security,and excessive power consumption,which constitute a danger to intelligent IoT-based apps.Group managing is primarily used for transmitting and multi-pathing communications that are secured with a general group key and it can only be decrypted by an authorized group member.A centralized trustworthy system,which is in charge of key distribution and upgrades,is used to maintain group keys.To provide longitudinal access controls,Software Defined Network(SDN)based security controllers are employed for group administration services.Cloud service providers provide a variety of security features.There are just a few software security answers available.In the proposed system,a hybrid protocols were used in SDN and it embeds edge system to improve the security in the group communication.Tree-based algorithms compared with Group Key Establishment(GKE)and Multivariate public key cryptosystem with Broadcast Encryption in the proposed system.When all factors are considered,Broadcast Encryption(BE)appears to become the most logical solution to the issue.BE enables an initiator to send encrypted messages to a large set of recipients in a efficient and productive way,meanwhile assuring that the data can only be decrypted by defining characteristic.The proposed method improves the security,efficiency of the system and reduces the power consumption and minimizes the cost.
文摘By introducing XOR operation and one-way function chains to group key management schemes based on the keys tree, a new group key management scheme based on the keys tree, XOR operation and one-way function chains is proposed. Initialization, member adding and member evicting operations are introduced. The new scheme is compared with three other group key management schemes which are based on the keys tree: SKDC, LKH, and OFF. As far as transmission, computation and storage costs are concerned, the performance of the new group key management scheme is the best. The security problem of the new scheme is analyzed. This new scheme provides backward and forward security, i.e.. newly admitted group members cannot read previous multicast messages and evicted members cannot read future multicast messages, even with collusion by many arbitrarily evicted members.
基金Supported by the National Natural Science Foundation of China (90204012, 60573035, 60573036) and the University IT Research Center Project of Korea
文摘Certificateless public key cryptography (CL-PKC) avoids the inherent escrow of identity-based cryptography and does not require certificates to guarantee the authenticity of public keys. Based on CL-PKC, we present an efficient constant-round group key exchange protocol, which is provably secure under the intractability of computation Diffie-Hellman problem. Our protocol is a contributory key exchange with perfect forward secrecy and has only two communication rounds. So it is more efficient than other protocols. Moreover, our protocol provides a method to design efficient constant-round group key exchange protocols and most secret sharing schemes could be adopted to construct our protocol.
基金Project(61100201) supported by National Natural Science Foundation of ChinaProject(12ZZ019) supported by Technology Innovation Research Program,Shang Municipal Education Commission,China+1 种基金Project(LYM11053) supported by the Foundation for Distinguished Young Talents in Higher Education of Guangdong Province,ChinaProject(NCET-12-0358) supported by New Century Excellent Talentsin University,Ministry of Education,China
文摘The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.
文摘Intelligent transportation system (ITS) is proposed as the most effective way to improve road safety and traffic efficiency. However, the future of ITS for large scale transportation infrastructures deployment highly depends on the security level of vehicular communication systems (VCS). Security applications in VCS are fulfilled through secured group broadcast. Therefore, secure key management schemes are considered as a critical research topic for network security. In this paper, we propose a framework for providing secure key management within heterogeneous network. The seeurity managers (SMs) play a key role in the framework by retrieving the vehicle departnre infi^rmation, encapsulating block to transport keys and then executing rekeying to vehicles within the same security domain. The first part of this framework is a novel Group Key Management (GKM) scheme basing on leaving probability (LP) of vehicles to depart current VCS region. Vehicle's LP factor is introduced into GKM scheme to achieve a more effieient rekeying scheme and less rekeying costs. The second component of the framework using the blockchain concept to simplify the distributed key management in heterogeneous VCS domains. Extensive simulations and analysis are provided to show the effectiveness and effieiency of the proposed framework: Our GKM results demonstrate that probability-based BR reduees rekeying eost compared to the benchmark scheme, while the blockchain deereases the time eost of key transmission over heterogeneous net-works.
基金Acknowledgements The authors would like to thank the reviewers for their detailed reviews and constructive comments, which have helped improve the quality of this paper. This work was supported by the National Natural Science Foundation of China under Crant No. 60873231, the Natural Science Foundation of Jiangsu Province under Grant No. BK2009426, Major State Basic Research Development Program of China under Cwant No.2011CB302903 and Key University Science Research Project of Jiangsu Province under Crant No. 11KJA520002.
文摘The m ajor advantages of EBS-based key rrkanagerrent scheme are its enhanced network survivability, high dynamic performance, and better support for network expansion. But it suffers from the collusion problem, which means it is prone to the cooperative attack of evicted members. A novel EBS-based collusion resistant group management scheme utilizing the construction of Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is proposed. The new scheme satisfies the desired security properties, such as forward secrecy, backward secrecy and collusion secrecy. Compared with existing EBS-based key rmnagement scheme, the new scheme can resolve EBS collusion problem completely. Even all evicted members work together, and share their individual piece of information, they could not access to the new group key. In addition, our scheme is more efficient in terms of conmnication and computation overhead when the group size is large. It can be well controlled even in the case of large-scale application scenarios.
基金Supported bythe National Basic Research Programof China(973 Program2004CB318004) the National Natural Sci-ence Foundation of China (90304007)
文摘Secure and reliable group communication is an increasingly active research area by growing popularity in group-oriented and collaborative applications. In this paper, we propose the first identity-based authenticated group key agreement in multiple private key generators (PKG) environment. It is inspired on a new two-party identity-based key agreement protocol first proposed by Hoonjung Lee et al. In our scheme, although each member comes from different domain and belongs to different PKGs which do not share the common system parameters, they can agree on a shared secret group key. We show that our scheme satisfies every security requirements of the group key agreement protocols.
基金National Natural Science Foundation of China under Grant No. 60970116,60970115 and 90718006
文摘Group Key Agreement(GKA)is a cryptographic primitive allowing two or more entities to negotiate a shared session key over public networks.In existing GKA models,it is an open problem to construct a one-round multi-party GKA protocol.Wu et al.recently proposed the concept of asymmetric group key agreement(ASGKA)and realized a one-round ASGKA protocol,which affirmatively answers the above open problem in a relaxed way.However,the ASGKA protocol only applies to static groups.To fill this gap,this paper proposes an extended ASGKA protocol based on the Wu et al.protocol.The extension allows any member to join and leave at any point,provided that the resulting group size is not greater than n.To validate the proposal,extensive experiments are performed and the experimental results show that our protocol is more effective than a plain realization of the Wu et al.protocol for dynamic groups.The extended protocol is also more efficient than the up-to-date dynamic GKA protocol in terms of communication and computation.
文摘Group key distribution is faced with two important problems, i.e. reliability and scalability, to support security multicast for large and dynamic groups. With group member increasing, traditional reliable multicast protocol can not deal with them fully. Gossip-based group key distribution idea for wide-area dissemination was provided. It is based on an gossip-based loss recovery control mechanism. It can provide a probabilistic reliable guarantee for a information dissemination to reach every group member, which can achieve scalability and reliability. To achieve full reliability, three layers protocol model in group key distribution was provided. One is best effect layer, which provides unreliable dissemination. Other is gossip-based loss recovery layer, which provides probabilistic reliable guarantee. Last is vsync-based layer, which provide deterministic loss recovery. We integrate probabilistic loss recovery method with deterministic one. The model possess scalability that probabilistic method has and full reliability prosthesis by vsync-based. To evaluate the effectiveness of gossip technique in scalable and reliable multicast protocols. We have compared gossip protocol with other reliable multicast protocols. Experimental result shows that gossip protocol has better scalability than other.
基金Supported by the National Natural Science Foun-dation of China (60572155) the National Natural Science Founda-tion of China for Distinguished Young Scholars (60225007)
文摘The security issue is always the most important concern of networked client-server application. On the putpose to build the secure group communication among of a group of client users and one server, in this paper, we will present a new password-based group key agreement protocol. Our protocol will meet simplicity, efficiency, and many desired security properties.
基金This paper was supported by the National Natural Science Foundation of China under Grant No. 61073042 the Fundamental Research Funds for the Central Universities under Grant No HEUCF100606 the Open Foundation of Network and Data Security Key Laboratory of Sichuan Province under Crant No 201107.
文摘The authentication and privacy of a group member is important in multicast communication. This paper proposes a privacy-preserving authenticated group-key management protocol for the Mobile Peer-to-Peer Network ( MP2PN ). The MP2PN contains some super peers and each super peer controls a subgroup composed of regular peers. An efficient attribute-based signature based on Cipertext-Policy Attribute-Based Encryption (CP-ABE) is proposed and used in this group-key rmnagement protocol to authenticate a peer's at- tributes and identity. A peer can be described by a set of attributes or one unique special identity at- tribute. Peers that have some attributes in common can form a group and conmmnicate with each other anonymously and securely. Any super peer can initiate a group and act as a group controller. The group controller can authenticate a peer's attributes and identity as well as remove malicious peers. Any peer with attributes that rmtches the access structure can join the group and provide its input to form the group key. The proposed protocol pro- vides backward and forward secrecy. The sinmlation results show that this protocol is applicable for mobile devices and can meet the MP2PN requirements of group communication.
基金Supported by the National Natural Science Foun-dation of China (90304007) the National Basic Research Programof China(973 Program2004CB318004)
文摘We present a provably secure authenticated tree based key agreement scheme for multicast. There is a wide variety of applications that can benefit from using our scheme, e. g. , pay-Tv, teleconferencing, software updates. Compared with the previous published schemes, our scheme provides group member authentication without introducing additional mechanism. Future, we give the security proof of our scheme under the random oracle model.
文摘Two ID-based authenticated group key agreement schemes, proposed by Choi et al and Du et al, are insecure against an impersonation attack and th ey only discussed the static group. This paper proposed a variant of BD protocol , which is fully authenticated by a proven-secure ID-based signature scheme. T he protocol can res ist the impersonation attack, and other security attributes are also satisfied. Compared with Choi et al and Du et al schemes, the proposed one is mor e efficient and applicable for dynamic groups.
基金partially supported by National Natural Science Foundation of China No.61202034,61232002,61303026,6157237861402339CCF Opening Project of Chinese Information Processing No.CCF2014-01-02+2 种基金the Program for Innovative Research Team of Wuhan No.2014070504020237Fundamental Application Research Plan of Suzhou City No.SYG201312Natural Science Foundation of Wuhan University No.2042016gf0020
文摘Cloud data sharing service, which allows a group of people to work together to access and modify the shared data, is one of the most popular and efficient working styles in the enterprises. However, the cloud server is not completely trusted, and its security could be compromised by monetary reasons or caused by hacking and hardware errors. Therefore, despite of having advantages of scalability and flexibility, cloud storage service comes with privacy and the security concerns. A straightforward method to protect the user's privacy is to encrypt the data stored at the cloud. To enable the authenticated users to access the encrypted cloud data, a practical group key management algorithm for the cloud data sharing application is highly desired. The existing group key management mechanisms presume that the server is trusted. But, the cloud data service mode does not always meet this condition. How to manage the group keys to support the scenario of the cloud storage with a semi-trusted cloud server is still a challenging task. Moreover, the cloud storage system is a large-scale and open application, in which the user group is dynamic. To address this problem, we propose a practical group key management algorithm based on a proxy re-encryption mechanism in this paper. We use the cloud server to act as a proxy tore-encrypt the group key to allow authorized users to decrypt and get the group key by their private key. To achieve the hierarchical access control policy, our scheme enables the cloud server to convert the encrypted group key of the lower group to the upper group. The numerical analysis and experimental results further validate the high efficiency and security of the proposed scheme.
基金supported by National Natural Science Foundation of China No.61003262,National Natural Science Foundation of China No.60873237Doctoral Fund of Ministry of Education of China No.20070007071
文摘Canetti and Herzog have already proposed universally composable symbolic analysis(UCSA) to analyze mutual authentication and key exchange protocols. However,they do not analyze group key exchange protocol. Therefore,this paper explores an approach to analyze group key exchange protocols,which realize automation and guarantee the soundness of cryptography. Considered that there exist many kinds of group key exchange protocols and the participants’ number of each protocol is arbitrary. So this paper takes the case of Burmester-Desmedt(BD) protocol with three participants against passive adversary(3-BD-Passive) . In a nutshell,our works lay the root for analyzing group key exchange protocols automatically without sacrificing soundness of cryptography.
基金The Specialized Research Fund for the Doctoral Program of Higher Education of China (No. 20050248043)
文摘As the wireless medium is characterized by its lossy nature, reliable communication cannot be assumed in the key management scheme. Therefore self-healing is a good property for key distribution scheme in wireless applications. A new self-healing key distribution scheme was proposed, which is optimal in terms of user memory storage and efficient in terms of communication complexity.
基金Supported by the National Natural Science Foundation of China(No.61501064)Sichuan Technology Support Program(No.2015GZ0088)
文摘Group key management technique is a fundamental building block for secure and reliable group communication systems.In order to successfully achieve this goal, group session key needs to be generated and distributed to all group members in a secure and authenticated manner.The most commonly used method is based on Lagrange interpolating polynomial over the prime field F p={0,1,2,…, p-1}. A novel approach to group key transfer protocol based on a category of algebraic-geometry code is presented over the infinite field GF(2 m). The attractive advantages are obvious. Especially, the non-repeatability, confidentiality, and authentication of group key transfer protocols are obtained easily. Besides, a more generalized and simple mathematical construction model is proposed which also can be applied perfectly to related fields of information security.
基金Supported by the National Natural Science Foun-dation of China (90104005 ,60473023) the National High Tech-nology Research and Development Programof China (863 Program)(2002AA41051)
文摘Group key exchange protocols are basic protocols to provide privacy and integrity in secure group communication. This paper discusses the security of one type of group key exchange protocols and defines the kind of protocols as broadcaster group protocols. It points out two attacks on this kind of protocols. The first attack can be avoided by using fresh values in each action during one session of the group protocol. The second attack should be related with concrete application. It also proposes a dynamic key agreement protocol as an example of solutions at the last part of the paper.
基金Supported by National Basic Research and Development Program of China (2007CB307102)
文摘Time efficiency of key establishment and update is one of the major problems contributory key managements strive to address.To achieve better time efficiency in key establishment,we propose a Location-based Huffman(L-Huffman) scheme.First,users are separated into several small groups to minimize communication cost when they are distributed over large networks.Second,both user's computation difference and message transmission delay are taken into consideration when Huffman coding is employed to forming the optimal key tree.Third,the combined weights in Huffman tree are located in a higher place of the key tree to reduce the variance of the average key generation time and minimize the longest key generation time.Simulations demonstrate that L-Huffman has much better performance in wide area networks and is a little better in local area network than Huffman scheme.