自愈式密钥分配的研究

【作者】 翁刚金；

【导师】 许春香；

【作者基本信息】 电子科技大学 ， 信息与通信工程， 2009， 硕士

【摘要】 在保密通信过程中,确保通信安全的办法就是不断的分发新的会话密钥。通信消息经过这个会话密钥加密后传送。对于群组通信,特别是大规模的动态群组通信中,参与应用的用户可以在任何时间加入或离开由多方用户组成的一个群组。这种成员关系的动态性使得非法用户很容易地从群组通信中偷听和窃取数据。同时,在现有的网络环境,尤其是无线网络、无线自组织网络环境下,通信设施容易被敌手破坏,用户设备的靠电池供电,这就要求在计算开销、存储开销上必须高效。自愈式密钥分配使得用户能够恢复丢失的会话密钥,无需再向管理员发送密钥请求,这可以减少网络堵塞,减轻了管理员的负担。本文由此开展了对自愈式密钥分配的研究工作。本文首先全面深入地综述了密钥分配技术的相关研究工作,介绍了自愈式密钥分配的关键技术,总结了其设计模型。在此基础上,提出改进的设计模型,在性能上进行了比较。自愈式密钥分配的自愈性可以采用容错纠错技术,当前的容错纠错技术已经不能满足需求。采用多项式秘密共享技术来达到自愈性。共享型密钥分配模型其广播通信量与最大会话次数和能被删除的最大用户数有关。在增长型密钥分配模型中,采用增加额外信息的办法来达到自愈的目的,每次广播的消息都包含了前面的广播消息。如果某次未收到管理员的广播消息时,那么用户可以利用后面收到的广播消息恢复出丢失的会话密钥,其特点是广播通信量随会话次数的增加而增加。在迭代型密钥分配模型中,会话密钥通过哈希函数进行迭代,只有群组中的用户才能通过哈希函数迭代出会话密钥。迭代模型消除了最大会话密钥的限制,同时广播信息量大大减少,因为在某次广播消息丢失时,不再向前面的模型那样通过共享信息或额外信息恢复会话密钥,而是通过迭代法恢复会话密钥。对于共享型、增长型模型其广播通信量较大,对实际应用环境要求网络要有较好的通信效率。本文提出通信优化模型将存储开销变为(t + 1)logq,通信开销变为( 2t + 2+j)logq,迭代模型将通信开销变为(t + 1+j)logq,特别适合无线通信的应用。更多还原

【Abstract】 One method for enabling secure communication is perodic distribution of a new key to group members. All messages exchanged within the group during a fixed interval of time ,or session are comunicated securely through encryption under this session key. In group communication especially dynamic group communication in which users join or move out frequently,an adversary can easily get information which is not entitled to .In an unreliable network ,especially in mobile wireless networks,the adversary may intentionally disrupt the wireless communication,devices are powered by batteries,it is necessary to adapt efficient key distribution scheme in term of memory storage and communication complexity.In self-healing key distribution scheme users are capable of recovering lost group keys on their own ,without requesting addition transmissions from the group manager,thus cutting back on network traffic,decreasing the load on the group manager,and reducing the risk of user explosure through traffic analysis.At first, this paper concludes previous key distribution in detail.then give the defition of self-healing key distribution.analysises some existing constructions, presents new constructions which is more efficient in term of memory storage and communication complexity. Error correction techniques is not enough for application.In previous paper, polynomial-based secret sharing technique is used to ressit packet loss.In sharing scheme, broadcast size is decided by max number of sessions and number of revoked members.In growing scheme,users recover past and future session keys using additional information from two received broadcast messages.the broadcast size grows if the session continues.In iterative scheme,session key is recovered by the iteratice of hash function only if he is a member of the group. The construction eliminated the limitation of m sessions in previous and reduce the size of broadcast size comparing to the sharing scheme and growing scheme.In sharing scheme and growing scheme,the broadcast size is big, so the network must work efficiently.In newly commmunication construction the storage overhead is (t + 1)logq,the communication overhead is ( 2t + 2+j)logq,In newly iterative construction the communication overhead is (t + 1+j)logq which is fit for wireless networks.更多还原