Traditional blockchain key management schemes store private keys in the same location,which can easily lead to security issues such as a single point of failure.Therefore,decentralized threshold key management schemes...Traditional blockchain key management schemes store private keys in the same location,which can easily lead to security issues such as a single point of failure.Therefore,decentralized threshold key management schemes have become a research focus for blockchain private key protection.The security of private keys for blockchain user wallet is highly related to user identity authentication and digital asset security.The threshold blockchain private key management schemes based on verifiable secret sharing have made some progress,but these schemes do not consider participants’self-interested behavior,and require trusted nodes to keep private key fragments,resulting in a narrow application scope and low deployment efficiency,which cannot meet the needs of personal wallet private key escrow and recovery in public blockchains.We design a private key management scheme based on rational secret sharing that considers the self-interest of participants in secret sharing protocols,and constrains the behavior of rational participants through reasonable mechanism design,making it more suitable in distributed scenarios such as the public blockchain.The proposed scheme achieves the escrow and recovery of personal wallet private keys without the participation of trusted nodes,and simulate its implementation on smart contracts.Compared to other existing threshold wallet solutions and keymanagement schemes based on password-protected secret sharing(PPSS),the proposed scheme has a wide range of applications,verifiable private key recovery,low communication overhead,higher computational efficiency when users perform one-time multi-key escrow,no need for trusted nodes,and personal rational constraints and anti-collusion attack capabilities.展开更多
Single-pixel imaging(SPI)enables an invisible target to be imaged onto a photosensitive surface without a lens,emerging as a promising way for indirect optical encryption.However,due to its linear and broadcast imagin...Single-pixel imaging(SPI)enables an invisible target to be imaged onto a photosensitive surface without a lens,emerging as a promising way for indirect optical encryption.However,due to its linear and broadcast imaging principles,SPI encryption has been confined to a single-user framework for the long term.We propose a multi-image SPI encryption method and combine it with orthogonal frequency division multiplexing-assisted key management,to achieve a multiuser SPI encryption and authentication framework.Multiple images are first encrypted as a composite intensity sequence containing the plaintexts and authentication information,simultaneously generating different sets of keys for users.Then,the SPI keys for encryption and authentication are asymmetrically isolated into independent frequency carriers and encapsulated into a Malus metasurface,so as to establish an individually private and content-independent channel for each user.Users can receive different plaintexts privately and verify the authenticity,eliminating the broadcast transparency of SPI encryption.The improved linear security is also verified by simulating attacks.By the combination of direct key management and indirect image encryption,our work achieves the encryption and authentication functionality under a multiuser computational imaging framework,facilitating its application in optical communication,imaging,and security.展开更多
By introducing XOR operation and one-way function chains to group key management schemes based on the keys tree, a new group key management scheme based on the keys tree, XOR operation and one-way function chains is p...By introducing XOR operation and one-way function chains to group key management schemes based on the keys tree, a new group key management scheme based on the keys tree, XOR operation and one-way function chains is proposed. Initialization, member adding and member evicting operations are introduced. The new scheme is compared with three other group key management schemes which are based on the keys tree: SKDC, LKH, and OFF. As far as transmission, computation and storage costs are concerned, the performance of the new group key management scheme is the best. The security problem of the new scheme is analyzed. This new scheme provides backward and forward security, i.e.. newly admitted group members cannot read previous multicast messages and evicted members cannot read future multicast messages, even with collusion by many arbitrarily evicted members.展开更多
In traditional networks , the authentication is performed by certificate authoritys(CA),which can't be built in distributed mobile Ad Hoc Networks however. In this pa per, we propose a fully self-organized public k...In traditional networks , the authentication is performed by certificate authoritys(CA),which can't be built in distributed mobile Ad Hoc Networks however. In this pa per, we propose a fully self-organized public key management based on bidirectional trust model without any centralized authority that allows users to generate their public-private key pairs, to issue certificates, and the trust relation spreads rationally according to the truly human relations. In contrast with the traditional self-organized public-key management, the average certificates paths get more short, the authentication passing rate gets more high and the most important is that the bidirectional trust based model satisfys the trust re quirement of hosts better.展开更多
The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key managemen...The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.展开更多
In this paper, we propose a practical and dynamic key management scheme based on the Rabin public key system and a set of matrices with canonical matrix multiplication to solve the access control problem in an arbitra...In this paper, we propose a practical and dynamic key management scheme based on the Rabin public key system and a set of matrices with canonical matrix multiplication to solve the access control problem in an arbitrary partially ordered user hierarchy. The advantage is in ensuring that the security class in the higher level can derive any of its successor’s secret keys directly and efficiently and show it is dynamic while a new security class is added into or a class is removed from the hierarchy. Even the ex-member problem can be solved efficiently. Moreover, any user can freely change its own key for some security reasons.展开更多
Secure sensor networks has received much attention in the last few years.A sensor network always works unattended possibly in a hostile environment such as a battlefield.In such environments,sensor networks are subjec...Secure sensor networks has received much attention in the last few years.A sensor network always works unattended possibly in a hostile environment such as a battlefield.In such environments,sensor networks are subject to node capture.Constrained energy,memory,and computational capabilities of sensor nodes mandate a clever design of security solutions to minimize overhead while maintaining secure communication over the lifespan of the network.In this paper,an authenticated dynamic key management scheme,ADKM has been proposed.It provides efficient,scalable,and survivable dynamic keying in a clustered sensor network with a large number of sensor nodes.ADKM employs a combinatorial exclusion basis system (EBS) for efficiency and one-way hash chains for authentication.Analysis of security and performance demonstrate that ADKM is efficient in security of sensor networks.展开更多
Intelligent transportation system (ITS) is proposed as the most effective way to improve road safety and traffic efficiency. However, the future of ITS for large scale transportation infrastructures deployment highl...Intelligent transportation system (ITS) is proposed as the most effective way to improve road safety and traffic efficiency. However, the future of ITS for large scale transportation infrastructures deployment highly depends on the security level of vehicular communication systems (VCS). Security applications in VCS are fulfilled through secured group broadcast. Therefore, secure key management schemes are considered as a critical research topic for network security. In this paper, we propose a framework for providing secure key management within heterogeneous network. The seeurity managers (SMs) play a key role in the framework by retrieving the vehicle departnre infi^rmation, encapsulating block to transport keys and then executing rekeying to vehicles within the same security domain. The first part of this framework is a novel Group Key Management (GKM) scheme basing on leaving probability (LP) of vehicles to depart current VCS region. Vehicle's LP factor is introduced into GKM scheme to achieve a more effieient rekeying scheme and less rekeying costs. The second component of the framework using the blockchain concept to simplify the distributed key management in heterogeneous VCS domains. Extensive simulations and analysis are provided to show the effectiveness and effieiency of the proposed framework: Our GKM results demonstrate that probability-based BR reduees rekeying eost compared to the benchmark scheme, while the blockchain deereases the time eost of key transmission over heterogeneous net-works.展开更多
Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cry...Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cryptology. In this paper, we analyze the key and credential mechanism which is two basic aspects in the cryptology application of trusted computing. We give an example application to illustrate that the TPM enabled key and credential mechanism can improve the security of computer system.展开更多
This paper proposed a distributed key management approach by using the recently developed concepts of certificate-based cryptosystem and threshold secret sharing schemes. Without any assumption of prefixed trust relat...This paper proposed a distributed key management approach by using the recently developed concepts of certificate-based cryptosystem and threshold secret sharing schemes. Without any assumption of prefixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide the key generation and key management services using threshold secret sharing schemes, which effectively solves the problem of single point of failure. The proposed approach combines the best aspects of identity-based key management approaches (implicit certification) and traditional public key infrastructure approaches (no key escrow).展开更多
A dedicated key server cannot be instituted to manage keys for MANETs since they are dynamic and unstable. The Lagrange's polynomial and curve fitting are being used to implement hierarchical key management for Mo...A dedicated key server cannot be instituted to manage keys for MANETs since they are dynamic and unstable. The Lagrange's polynomial and curve fitting are being used to implement hierarchical key management for Mobile Ad hoc Networks(MANETs). The polynomial interpolation by Lagrange and curve fitting requires high computational efforts for higher order polynomials and moreover they are susceptible to Runge's phenomenon. The Chebyshev polynomials are secure, accurate, and stable and there is no limit to the degree of the polynomials. The distributed key management is a big challenge in these time varying networks. In this work, the Chebyshev polynomials are used to perform key management and tested in various conditions. The secret key shares generation, symmetric key construction and key distribution by using Chebyshev polynomials are the main elements of this projected work. The significance property of Chebyshev polynomials is its recursive nature. The mobile nodes usually have less computational power and less memory, the key management by using Chebyshev polynomials reduces the burden of mobile nodes to implement the overall system.展开更多
A complex threshold key management framework has been proposed, which canaddress the challenges posed by the unique nature of Ad hoc network. Depending on the cooperation ofthe controller and participation nodes, this...A complex threshold key management framework has been proposed, which canaddress the challenges posed by the unique nature of Ad hoc network. Depending on the cooperation ofthe controller and participation nodes, this scheme should be efficient in the operationenvironmental alteration and toleianl faults of node, which take the advantages of the benefits ofboth key management approaches and alleviate their limitations. For the cooperation of thecontroller and participation nodes, a (t, n) threshold Elliptic curve sign-encryption scheme withthe specified receiver also has been proposed. Using this threshold sign-encryption scheme, the keymanagement distributes the trust between a controller and a set of participation nodes.展开更多
The m ajor advantages of EBS-based key rrkanagerrent scheme are its enhanced network survivability, high dynamic performance, and better support for network expansion. But it suffers from the collusion problem, which ...The m ajor advantages of EBS-based key rrkanagerrent scheme are its enhanced network survivability, high dynamic performance, and better support for network expansion. But it suffers from the collusion problem, which means it is prone to the cooperative attack of evicted members. A novel EBS-based collusion resistant group management scheme utilizing the construction of Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is proposed. The new scheme satisfies the desired security properties, such as forward secrecy, backward secrecy and collusion secrecy. Compared with existing EBS-based key rmnagement scheme, the new scheme can resolve EBS collusion problem completely. Even all evicted members work together, and share their individual piece of information, they could not access to the new group key. In addition, our scheme is more efficient in terms of conmnication and computation overhead when the group size is large. It can be well controlled even in the case of large-scale application scenarios.展开更多
Group Key Agreement(GKA)is a cryptographic primitive allowing two or more entities to negotiate a shared session key over public networks.In existing GKA models,it is an open problem to construct a one-round multi-par...Group Key Agreement(GKA)is a cryptographic primitive allowing two or more entities to negotiate a shared session key over public networks.In existing GKA models,it is an open problem to construct a one-round multi-party GKA protocol.Wu et al.recently proposed the concept of asymmetric group key agreement(ASGKA)and realized a one-round ASGKA protocol,which affirmatively answers the above open problem in a relaxed way.However,the ASGKA protocol only applies to static groups.To fill this gap,this paper proposes an extended ASGKA protocol based on the Wu et al.protocol.The extension allows any member to join and leave at any point,provided that the resulting group size is not greater than n.To validate the proposal,extensive experiments are performed and the experimental results show that our protocol is more effective than a plain realization of the Wu et al.protocol for dynamic groups.The extended protocol is also more efficient than the up-to-date dynamic GKA protocol in terms of communication and computation.展开更多
Key management is a fundamental security service in wireless sensor networks. The communication security problems for these networks are exacerbated by the limited power and energy of the sensor devices. In this paper...Key management is a fundamental security service in wireless sensor networks. The communication security problems for these networks are exacerbated by the limited power and energy of the sensor devices. In this paper, we describe the design and implementation of an efficient key management scheme based on low energy adaptive clustering hierarchy(LEACH) for wireless sensor networks. The design of the protocol is motivated by the observation that many sensor nodes in the network play different roles. The paper presents different keys are set to the sensors for meeting different transmitting messages and variable security requirements. Simulation results show that our key management protocol based-on LEACH can achieve better performance. The energy consumption overhead introduced is remarkably low compared with the original Kerberos schemes.展开更多
Recent advancements in wireless communication and microchip techniques have accelerated the development of wireless sensor networks (WSN). Key management in WSN is a critical and challenging problem because of the inn...Recent advancements in wireless communication and microchip techniques have accelerated the development of wireless sensor networks (WSN). Key management in WSN is a critical and challenging problem because of the inner characteristics of sensor networks: deployed in hostile environments, limited resource and ad hoc nature. This paper investigates the constraints and special requirements of key management in sensor network environment, and some basic evaluation metrics are introduced. The key pre-distribution scheme is thought as the most suitable solution for key management problem in wireless sensor networks. It can be classified into four classes: pure probabilistic key pre-distribution, polynomial-based, Blom's matrix-based, and deterministic key pre-distribution schemes. In each class of methods, the related research papers are discussed based on the basic evaluation metrics. Finally, the possible research directions in key management are discussed.展开更多
A new collusion attack on Pour-like schemes is proposed in this paper. Then, we present a collusion-free centralized multicast key management scheme based on characteristic values of members. The re-keying method that...A new collusion attack on Pour-like schemes is proposed in this paper. Then, we present a collusion-free centralized multicast key management scheme based on characteristic values of members. The re-keying method that other group members calculate new keys when a member is joining or leaving is also designed. It achieves forward secrecy and backward secrecy. Compared with typical existing centralized schemes, the storage of Group Key Controller (GKC) in our scheme halves the storage overhead of others, and communication overhead of GKC is 2 in case of joining re-keying. Especially, the leaving re-keying overhead is and the overall performance is excellent.展开更多
Wireless Sensor Network(WSN)has witnessed an unpredictable growth for the last few decades.It has many applications in various critical sectors such as real-time monitoring of nuclear power plant,disaster management,e...Wireless Sensor Network(WSN)has witnessed an unpredictable growth for the last few decades.It has many applications in various critical sectors such as real-time monitoring of nuclear power plant,disaster management,environment,military area etc.However,due to the distributed and remote deployment of sensor nodes in such networks,they are highly vulnerable to different security threats.The sensor network always needs a proficient key management scheme to secure data because of resourceconstrained nodes.Existing polynomial based key management schemes are simple,but the computational complexity is a big issue.Lucas polynomials,Fibonacci polynomials,Chebychev polynomials are used in Engineering,Physics,Combinatory and Numerical analysis etc.In this paper,we propose a key management scheme using(p,q)-Lucas polynomial to improve the security of WSN.In(p,q)-Lucas polynomial,p represents a random base number while q represents a substitute value of x in the polynomial.The value of p is unique,and q is different according to communication between nodes.Analysis of the proposed method on several parameters such as computational overhead,efficiency and storage cost have been performed and compared with existing related schemes.The analysis demonstrates that the proposed(p,q)-Lucas polynomial based key management scheme outperforms over other polynomials in terms of the number of keys used and efficiency.展开更多
In order to ensure the security of cloud storage, on the basis of the analysis of cloud storage security requirements, this paper puts forward a kind of" hidden mapping hyper-combined public key management scheme...In order to ensure the security of cloud storage, on the basis of the analysis of cloud storage security requirements, this paper puts forward a kind of" hidden mapping hyper-combined public key management scheme based on the hyperelliptic curve crypto system, which is applicable to the distributed cloud storage. A series of operation processes of the key management are elaborated, including key distribution, key updating and key agreement, etc. Analysis shows that the scheme can solve the problem of large-scale key management and storage issues in cloud storage effectively. The scheme feathers high efficiency and good scalability. It is able to resist collusion attack and ensure safe and reliable service provided by the cloud storaee system展开更多
Group key distribution is faced with two important problems, i.e. reliability and scalability, to support security multicast for large and dynamic groups. With group member increasing, traditional reliable multicast p...Group key distribution is faced with two important problems, i.e. reliability and scalability, to support security multicast for large and dynamic groups. With group member increasing, traditional reliable multicast protocol can not deal with them fully. Gossip-based group key distribution idea for wide-area dissemination was provided. It is based on an gossip-based loss recovery control mechanism. It can provide a probabilistic reliable guarantee for a information dissemination to reach every group member, which can achieve scalability and reliability. To achieve full reliability, three layers protocol model in group key distribution was provided. One is best effect layer, which provides unreliable dissemination. Other is gossip-based loss recovery layer, which provides probabilistic reliable guarantee. Last is vsync-based layer, which provide deterministic loss recovery. We integrate probabilistic loss recovery method with deterministic one. The model possess scalability that probabilistic method has and full reliability prosthesis by vsync-based. To evaluate the effectiveness of gossip technique in scalable and reliable multicast protocols. We have compared gossip protocol with other reliable multicast protocols. Experimental result shows that gossip protocol has better scalability than other.展开更多
基金the State’s Key Project of Research and Development Plan under Grant 2022YFB2701400in part by the National Natural Science Foundation of China under Grants 62272124 and 62361010+4 种基金in part by the Science and Technology Planning Project of Guizhou Province under Grant[2020]5017in part by the Research Project of Guizhou University for Talent Introduction underGrant[2020]61in part by theCultivation Project of Guizhou University under Grant[2019]56in part by the Open Fund of Key Laboratory of Advanced Manufacturing Technology,Ministry of Education under Grant GZUAMT2021KF[01]the Science and Technology Program of Guizhou Province(No.[2023]371).
文摘Traditional blockchain key management schemes store private keys in the same location,which can easily lead to security issues such as a single point of failure.Therefore,decentralized threshold key management schemes have become a research focus for blockchain private key protection.The security of private keys for blockchain user wallet is highly related to user identity authentication and digital asset security.The threshold blockchain private key management schemes based on verifiable secret sharing have made some progress,but these schemes do not consider participants’self-interested behavior,and require trusted nodes to keep private key fragments,resulting in a narrow application scope and low deployment efficiency,which cannot meet the needs of personal wallet private key escrow and recovery in public blockchains.We design a private key management scheme based on rational secret sharing that considers the self-interest of participants in secret sharing protocols,and constrains the behavior of rational participants through reasonable mechanism design,making it more suitable in distributed scenarios such as the public blockchain.The proposed scheme achieves the escrow and recovery of personal wallet private keys without the participation of trusted nodes,and simulate its implementation on smart contracts.Compared to other existing threshold wallet solutions and keymanagement schemes based on password-protected secret sharing(PPSS),the proposed scheme has a wide range of applications,verifiable private key recovery,low communication overhead,higher computational efficiency when users perform one-time multi-key escrow,no need for trusted nodes,and personal rational constraints and anti-collusion attack capabilities.
基金supported by the National Key R&D Program of China(Grant No.2021YFB3900300)National Natural Science Foundation of China(Grant Nos.61860206007,62275177,and 62371321)+4 种基金Ministry of Education Science and Technology Chunhui Project(Grant No.HZKY20220559)International S and T Cooperation Program of Sichuan Province(Grant No.2023YFH0030)Sichuan Science and Technology Innovation Seeding Project(Grant No.23-YCG034)Sichuan Science and Technology Program(Grant No.2023YFG0334)Chengdu Science and Technology Program(Grant No.2022-GH02-00001-HZ).
文摘Single-pixel imaging(SPI)enables an invisible target to be imaged onto a photosensitive surface without a lens,emerging as a promising way for indirect optical encryption.However,due to its linear and broadcast imaging principles,SPI encryption has been confined to a single-user framework for the long term.We propose a multi-image SPI encryption method and combine it with orthogonal frequency division multiplexing-assisted key management,to achieve a multiuser SPI encryption and authentication framework.Multiple images are first encrypted as a composite intensity sequence containing the plaintexts and authentication information,simultaneously generating different sets of keys for users.Then,the SPI keys for encryption and authentication are asymmetrically isolated into independent frequency carriers and encapsulated into a Malus metasurface,so as to establish an individually private and content-independent channel for each user.Users can receive different plaintexts privately and verify the authenticity,eliminating the broadcast transparency of SPI encryption.The improved linear security is also verified by simulating attacks.By the combination of direct key management and indirect image encryption,our work achieves the encryption and authentication functionality under a multiuser computational imaging framework,facilitating its application in optical communication,imaging,and security.
文摘By introducing XOR operation and one-way function chains to group key management schemes based on the keys tree, a new group key management scheme based on the keys tree, XOR operation and one-way function chains is proposed. Initialization, member adding and member evicting operations are introduced. The new scheme is compared with three other group key management schemes which are based on the keys tree: SKDC, LKH, and OFF. As far as transmission, computation and storage costs are concerned, the performance of the new group key management scheme is the best. The security problem of the new scheme is analyzed. This new scheme provides backward and forward security, i.e.. newly admitted group members cannot read previous multicast messages and evicted members cannot read future multicast messages, even with collusion by many arbitrarily evicted members.
基金Supported by the National Natural Science Funda-tion of China (60403027)
文摘In traditional networks , the authentication is performed by certificate authoritys(CA),which can't be built in distributed mobile Ad Hoc Networks however. In this pa per, we propose a fully self-organized public key management based on bidirectional trust model without any centralized authority that allows users to generate their public-private key pairs, to issue certificates, and the trust relation spreads rationally according to the truly human relations. In contrast with the traditional self-organized public-key management, the average certificates paths get more short, the authentication passing rate gets more high and the most important is that the bidirectional trust based model satisfys the trust re quirement of hosts better.
基金Project(61100201) supported by National Natural Science Foundation of ChinaProject(12ZZ019) supported by Technology Innovation Research Program,Shang Municipal Education Commission,China+1 种基金Project(LYM11053) supported by the Foundation for Distinguished Young Talents in Higher Education of Guangdong Province,ChinaProject(NCET-12-0358) supported by New Century Excellent Talentsin University,Ministry of Education,China
文摘The key exposure problem is a practical threat for many security applications. In wireless sensor networks (WSNs), keys could be compromised easily due to its limited hardware protections. A secure group key management scheme is responsible for secure distributing group keys among valid nodes of the group. Based on the key-insulated encryption (KIE), we propose a group key management scheme (KIE-GKMS), which integrates the pair-wise key pre-distribution for WSN. The KIE-GKMS scheme updates group keys dynamically when adding or removing nodes. Moreover, the security analysis proves that the KIE-GKMS scheme not only obtains the semantic security, but also provides the forward and backward security. Finally, the theoretical analysis shows that the KIE-GKMS scheme has constant performance on both communication and storage costs in sensor nodes.
文摘In this paper, we propose a practical and dynamic key management scheme based on the Rabin public key system and a set of matrices with canonical matrix multiplication to solve the access control problem in an arbitrary partially ordered user hierarchy. The advantage is in ensuring that the security class in the higher level can derive any of its successor’s secret keys directly and efficiently and show it is dynamic while a new security class is added into or a class is removed from the hierarchy. Even the ex-member problem can be solved efficiently. Moreover, any user can freely change its own key for some security reasons.
基金The work reported in this paper was supported by the National Natural Science Foundation of China under Grant No. 60972077, the National High-Tech Research and Development Plan of China under Grant No. 2009AA01 Z430, the Beijing Municipal Natural Science Foundation under Grant No. 9092009, the Fundamental Research Funds for the Central Universities under Grant No. B 1020211, China Postdoctoral Science Foundation funded project under Grant No. 20100471373, the "Six Talent Peaks Program" of Jiangsu Province of China and Program for New Century Excellent Talents in Hohai University.
文摘Secure sensor networks has received much attention in the last few years.A sensor network always works unattended possibly in a hostile environment such as a battlefield.In such environments,sensor networks are subject to node capture.Constrained energy,memory,and computational capabilities of sensor nodes mandate a clever design of security solutions to minimize overhead while maintaining secure communication over the lifespan of the network.In this paper,an authenticated dynamic key management scheme,ADKM has been proposed.It provides efficient,scalable,and survivable dynamic keying in a clustered sensor network with a large number of sensor nodes.ADKM employs a combinatorial exclusion basis system (EBS) for efficiency and one-way hash chains for authentication.Analysis of security and performance demonstrate that ADKM is efficient in security of sensor networks.
文摘Intelligent transportation system (ITS) is proposed as the most effective way to improve road safety and traffic efficiency. However, the future of ITS for large scale transportation infrastructures deployment highly depends on the security level of vehicular communication systems (VCS). Security applications in VCS are fulfilled through secured group broadcast. Therefore, secure key management schemes are considered as a critical research topic for network security. In this paper, we propose a framework for providing secure key management within heterogeneous network. The seeurity managers (SMs) play a key role in the framework by retrieving the vehicle departnre infi^rmation, encapsulating block to transport keys and then executing rekeying to vehicles within the same security domain. The first part of this framework is a novel Group Key Management (GKM) scheme basing on leaving probability (LP) of vehicles to depart current VCS region. Vehicle's LP factor is introduced into GKM scheme to achieve a more effieient rekeying scheme and less rekeying costs. The second component of the framework using the blockchain concept to simplify the distributed key management in heterogeneous VCS domains. Extensive simulations and analysis are provided to show the effectiveness and effieiency of the proposed framework: Our GKM results demonstrate that probability-based BR reduees rekeying eost compared to the benchmark scheme, while the blockchain deereases the time eost of key transmission over heterogeneous net-works.
基金Supported by the National Natural Science Foun-dation of China (60373087 ,60473023 ,90104005) HP Laborato-ry of China
文摘Trusted Computing technology is quickly developing in recent years. This technology manages to improve the computer security and archive a trusted computing environment. The core of trusted computing technology is cryptology. In this paper, we analyze the key and credential mechanism which is two basic aspects in the cryptology application of trusted computing. We give an example application to illustrate that the TPM enabled key and credential mechanism can improve the security of computer system.
文摘This paper proposed a distributed key management approach by using the recently developed concepts of certificate-based cryptosystem and threshold secret sharing schemes. Without any assumption of prefixed trust relationship between nodes, the ad hoc network works in a self-organizing way to provide the key generation and key management services using threshold secret sharing schemes, which effectively solves the problem of single point of failure. The proposed approach combines the best aspects of identity-based key management approaches (implicit certification) and traditional public key infrastructure approaches (no key escrow).
文摘A dedicated key server cannot be instituted to manage keys for MANETs since they are dynamic and unstable. The Lagrange's polynomial and curve fitting are being used to implement hierarchical key management for Mobile Ad hoc Networks(MANETs). The polynomial interpolation by Lagrange and curve fitting requires high computational efforts for higher order polynomials and moreover they are susceptible to Runge's phenomenon. The Chebyshev polynomials are secure, accurate, and stable and there is no limit to the degree of the polynomials. The distributed key management is a big challenge in these time varying networks. In this work, the Chebyshev polynomials are used to perform key management and tested in various conditions. The secret key shares generation, symmetric key construction and key distribution by using Chebyshev polynomials are the main elements of this projected work. The significance property of Chebyshev polynomials is its recursive nature. The mobile nodes usually have less computational power and less memory, the key management by using Chebyshev polynomials reduces the burden of mobile nodes to implement the overall system.
文摘A complex threshold key management framework has been proposed, which canaddress the challenges posed by the unique nature of Ad hoc network. Depending on the cooperation ofthe controller and participation nodes, this scheme should be efficient in the operationenvironmental alteration and toleianl faults of node, which take the advantages of the benefits ofboth key management approaches and alleviate their limitations. For the cooperation of thecontroller and participation nodes, a (t, n) threshold Elliptic curve sign-encryption scheme withthe specified receiver also has been proposed. Using this threshold sign-encryption scheme, the keymanagement distributes the trust between a controller and a set of participation nodes.
基金Acknowledgements The authors would like to thank the reviewers for their detailed reviews and constructive comments, which have helped improve the quality of this paper. This work was supported by the National Natural Science Foundation of China under Crant No. 60873231, the Natural Science Foundation of Jiangsu Province under Grant No. BK2009426, Major State Basic Research Development Program of China under Cwant No.2011CB302903 and Key University Science Research Project of Jiangsu Province under Crant No. 11KJA520002.
文摘The m ajor advantages of EBS-based key rrkanagerrent scheme are its enhanced network survivability, high dynamic performance, and better support for network expansion. But it suffers from the collusion problem, which means it is prone to the cooperative attack of evicted members. A novel EBS-based collusion resistant group management scheme utilizing the construction of Ciphertext-Policy Attribute-Based Encryption (CP-ABE) is proposed. The new scheme satisfies the desired security properties, such as forward secrecy, backward secrecy and collusion secrecy. Compared with existing EBS-based key rmnagement scheme, the new scheme can resolve EBS collusion problem completely. Even all evicted members work together, and share their individual piece of information, they could not access to the new group key. In addition, our scheme is more efficient in terms of conmnication and computation overhead when the group size is large. It can be well controlled even in the case of large-scale application scenarios.
基金National Natural Science Foundation of China under Grant No. 60970116,60970115 and 90718006
文摘Group Key Agreement(GKA)is a cryptographic primitive allowing two or more entities to negotiate a shared session key over public networks.In existing GKA models,it is an open problem to construct a one-round multi-party GKA protocol.Wu et al.recently proposed the concept of asymmetric group key agreement(ASGKA)and realized a one-round ASGKA protocol,which affirmatively answers the above open problem in a relaxed way.However,the ASGKA protocol only applies to static groups.To fill this gap,this paper proposes an extended ASGKA protocol based on the Wu et al.protocol.The extension allows any member to join and leave at any point,provided that the resulting group size is not greater than n.To validate the proposal,extensive experiments are performed and the experimental results show that our protocol is more effective than a plain realization of the Wu et al.protocol for dynamic groups.The extended protocol is also more efficient than the up-to-date dynamic GKA protocol in terms of communication and computation.
基金Supported by the Natural Science Foundation ofHunan Province (jj587402)
文摘Key management is a fundamental security service in wireless sensor networks. The communication security problems for these networks are exacerbated by the limited power and energy of the sensor devices. In this paper, we describe the design and implementation of an efficient key management scheme based on low energy adaptive clustering hierarchy(LEACH) for wireless sensor networks. The design of the protocol is motivated by the observation that many sensor nodes in the network play different roles. The paper presents different keys are set to the sensors for meeting different transmitting messages and variable security requirements. Simulation results show that our key management protocol based-on LEACH can achieve better performance. The energy consumption overhead introduced is remarkably low compared with the original Kerberos schemes.
文摘Recent advancements in wireless communication and microchip techniques have accelerated the development of wireless sensor networks (WSN). Key management in WSN is a critical and challenging problem because of the inner characteristics of sensor networks: deployed in hostile environments, limited resource and ad hoc nature. This paper investigates the constraints and special requirements of key management in sensor network environment, and some basic evaluation metrics are introduced. The key pre-distribution scheme is thought as the most suitable solution for key management problem in wireless sensor networks. It can be classified into four classes: pure probabilistic key pre-distribution, polynomial-based, Blom's matrix-based, and deterministic key pre-distribution schemes. In each class of methods, the related research papers are discussed based on the basic evaluation metrics. Finally, the possible research directions in key management are discussed.
文摘A new collusion attack on Pour-like schemes is proposed in this paper. Then, we present a collusion-free centralized multicast key management scheme based on characteristic values of members. The re-keying method that other group members calculate new keys when a member is joining or leaving is also designed. It achieves forward secrecy and backward secrecy. Compared with typical existing centralized schemes, the storage of Group Key Controller (GKC) in our scheme halves the storage overhead of others, and communication overhead of GKC is 2 in case of joining re-keying. Especially, the leaving re-keying overhead is and the overall performance is excellent.
文摘Wireless Sensor Network(WSN)has witnessed an unpredictable growth for the last few decades.It has many applications in various critical sectors such as real-time monitoring of nuclear power plant,disaster management,environment,military area etc.However,due to the distributed and remote deployment of sensor nodes in such networks,they are highly vulnerable to different security threats.The sensor network always needs a proficient key management scheme to secure data because of resourceconstrained nodes.Existing polynomial based key management schemes are simple,but the computational complexity is a big issue.Lucas polynomials,Fibonacci polynomials,Chebychev polynomials are used in Engineering,Physics,Combinatory and Numerical analysis etc.In this paper,we propose a key management scheme using(p,q)-Lucas polynomial to improve the security of WSN.In(p,q)-Lucas polynomial,p represents a random base number while q represents a substitute value of x in the polynomial.The value of p is unique,and q is different according to communication between nodes.Analysis of the proposed method on several parameters such as computational overhead,efficiency and storage cost have been performed and compared with existing related schemes.The analysis demonstrates that the proposed(p,q)-Lucas polynomial based key management scheme outperforms over other polynomials in terms of the number of keys used and efficiency.
基金This work was supported in part by the National Science Foundation Project of P.R.China,the Fundamental Research Funds for the Central Universities under Grant No.FRF-TP-14-046A2
文摘In order to ensure the security of cloud storage, on the basis of the analysis of cloud storage security requirements, this paper puts forward a kind of" hidden mapping hyper-combined public key management scheme based on the hyperelliptic curve crypto system, which is applicable to the distributed cloud storage. A series of operation processes of the key management are elaborated, including key distribution, key updating and key agreement, etc. Analysis shows that the scheme can solve the problem of large-scale key management and storage issues in cloud storage effectively. The scheme feathers high efficiency and good scalability. It is able to resist collusion attack and ensure safe and reliable service provided by the cloud storaee system
文摘Group key distribution is faced with two important problems, i.e. reliability and scalability, to support security multicast for large and dynamic groups. With group member increasing, traditional reliable multicast protocol can not deal with them fully. Gossip-based group key distribution idea for wide-area dissemination was provided. It is based on an gossip-based loss recovery control mechanism. It can provide a probabilistic reliable guarantee for a information dissemination to reach every group member, which can achieve scalability and reliability. To achieve full reliability, three layers protocol model in group key distribution was provided. One is best effect layer, which provides unreliable dissemination. Other is gossip-based loss recovery layer, which provides probabilistic reliable guarantee. Last is vsync-based layer, which provide deterministic loss recovery. We integrate probabilistic loss recovery method with deterministic one. The model possess scalability that probabilistic method has and full reliability prosthesis by vsync-based. To evaluate the effectiveness of gossip technique in scalable and reliable multicast protocols. We have compared gossip protocol with other reliable multicast protocols. Experimental result shows that gossip protocol has better scalability than other.