Group key management scheme based on distributed path computing element in multi-domain optical network

doi:10.11772/j.issn.1001-9081.2018092045

Journal of Computer Applications ›› 2019, Vol. 39 ›› Issue (4): 1095-1099.DOI: 10.11772/j.issn.1001-9081.2018092045

Previous Articles Next Articles

Group key management scheme based on distributed path computing element in multi-domain optical network

ZHOU Yang¹, WU Qiwu², JIANG Lingzhi³

1. Graduate Group, Engineering University of PAP, Xi'an Shaanxi 710086, China;
2. College of Equipment Management and Support, Engineering University of PAP, Xi'an Shaanxi 710086, China;
3. College of Information Engineering, Engineering University of PAP, Xi'an Shaanxi 710086, China

Received:2018-10-09 Revised:2018-11-23 Online:2019-04-10 Published:2019-04-10
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61402529).

基于分布式路径计算单元的多域光网络组密钥管理方案

周阳¹, 吴启武², 姜灵芝³

1. 武警工程大学研究生大队, 西安 710086;
2. 武警工程大学装备管理与保障学院, 西安 710086;
3. 武警工程大学信息工程学院, 西安 710086

通讯作者: 周阳
作者简介:周阳(1995-),男,江苏金坛人,硕士研究生,主要研究方向:智能光网络;吴启武(1981-),男,湖南安化人,副教授,博士,主要研究方向:智能光网络、信息安全;姜灵芝(1982-),女,湖南兴化人,讲师,硕士,主要研究方向:信息网络。
基金资助:
国家自然科学基金资助项目（61402529）。

Abstract

Abstract: A group key management scheme based on distributed Path Computation Element (PCE) architecture was proposed aiming at the communication characteristics and key management requirement of multi-domain optical networks in PCE architecture. Firstly, the key relation of multi-domain optical network under distributed PCE architecture was modeled as a two-layer key hypergraph by using hypergraph theory. Then, the key management method based on self-authenticated public key cryptosystem and member filtering technique was adopted in the autonomous domain layer and the group key agreement method based on elliptic curve cryptosystem was adopted in the PCE layer. Finally, the generation, distribution, update and dynamic management of the key were completed, and the confidentiality problem of the private key of member and the impersonation problem of the third party node were well solved. At the same time, the computational overhead of key update was reduced. The performance analysis shows that the proposed scheme has forward security, backward security, private key confidentiality and is against collusion attack. Compared with the typical decentralized scheme, the proposed scheme achieves better performance in terms of key storage capacity, encryption/decryption times and communication overhead.

Key words: Path Computation Element (PCE), multi-domain optical network, key management, self-authenticated public key, hypergraph

摘要： 针对分布式路径计算单元（PCE）架构下多域光网络的通信特点和密钥管理需求，提出一种该架构下的组密钥管理方案。首先使用超图理论对分布式PCE架构下的多域光网络密钥关系进行建模得到两层式密钥超图；然后在自治域层采用基于自认证公钥密码体制和成员过滤技术的密钥管理方法，在PCE层采用基于椭圆曲线密码体制的组密钥协商方法；最后完成密钥的产生、分发、更新和动态管理，较好地解决了成员的私钥保密性问题和第三方节点的冒充问题，减少了密钥更新时的计算开销。性能分析显示，该方案具有前向安全性、后向安全性、密钥保密性和抗合谋攻击等特点，与典型的分散式方案相比，在密钥存储量、加解密次数和通信开销等方面取得了较优的性能。

关键词: 路径计算单元, 多域光网络, 密钥管理, 自认证公钥, 超图

CLC Number:

TP309

ZHOU Yang, WU Qiwu, JIANG Lingzhi. Group key management scheme based on distributed path computing element in multi-domain optical network[J]. Journal of Computer Applications, 2019, 39(4): 1095-1099.

周阳, 吴启武, 姜灵芝. 基于分布式路径计算单元的多域光网络组密钥管理方案[J]. 计算机应用, 2019, 39(4): 1095-1099.

References

[1] FARREL A, VASSEUR J P, ASH J. RFC 4655, a Path Computation Element (PCE)-based architecture[S]. Geneva:IETF, 2006.
[2] ZHAO Q, DHODY D, PALLETI R. RFC 8306, extensions to the Path Computation Element communication Protocol (PCEP) for point-to-multipoint traffic engineering label switched paths[S]. Geneva:IETF, 2017.
[3] VASSEUR J, Le ROUX J L. RFC 5440, Path Computation Element (PCE) communication Protocol (PCEP)[S]. Geneva:IETF, 2009.
[4] DHODY D, KING D, FARREL A. RFC 8356, experimental codepoint allocation for the Path Computation Element communication Protocol (PCEP).[S]. Geneva:IETF, 2018.
[5] ABIRAMI E, PADMAVATHY T. Proficient key management scheme for multicast groups using group key agreement and broadcast encryption[C]//ICICES:Proceedings of the 2017 International Conference on Information Communication and Embedded Systems. Piscataway, NJ:IEEE, 2017:1-5.
[6] WONG C K, GOUDA M, LAM S S. Secure group communications using key graphs[J]. IEEE/ACM Transactions on Networking, 2000, 8(1):16-30.
[7] MITTRA S. Iolus:a framework for scalable secure multicasting[J]. ACM SIGCOMM Computer Communication Review, 1997, 27(4):277-288.
[8] STEINER M, TSUDIK G, WAIDNER M. Diffie-Hellman key distribution extended to group communication[C]//Proceedings of the 3rd ACM Conference on Computer and Communications Security. New York:ACM, 1996:31-37.
[9] STEINER M, TSUDIK G, WAIDNER M. Key agreement in dynamic peer groups[J]. IEEE Transactions on Parallel & Distributed Systems, 2000, 11(8):769-780.
[10] 吴启武, 文闻. 基于密钥超图和身份密码的多域光网络密钥管理方案[J]. 工程科学与技术, 2017, 49(5):85-92. (WU Q W, WEN W. A key management scheme based on key hypergraph and identity-based cryptography in multi-domain optical networks[J]. Advanced Engineering Sciences, 2017, 49(5):85-92.)
[11] 肖自金, 周海, 吴丽珍.基于椭圆曲线ElGamal代理加密机制的MANET组密钥分发方案[J]. 计算机应用与软件, 2013, 30(3):139-144. (XIAO Z J, ZHOU H, WU L Z. A new ECC ElGamal proxy encryption based group key distribution scheme for MANET[J]. Computer Applications and Software, 2013, 30(3):139-144.)
[12] 孙永辉, 陈越, 严新成, 等.基于ElGamal的安全组播密钥管理方案[J]. 信息工程大学学报, 2017, 18(2):195-199. (SUN Y H, CHEN Y, YAN X C, et al. Key management scheme for secure multicast based on ElGamal cryptography[J]. Journal of Information Engineering University, 2017, 18(2):195-199.)
[13] TSAUR W J, PAI H T. Dynamic key management schemes for secure group communication based on hierarchical clustering in mobile Ad Hoc networks[C]//ISPA 2007:Proceedings of the 2007 International Conference on Frontiers of High Performance Computing & Networking. Berlin:Springer, 2007:475-484.
[14] GUPTA S, KUMAR A, KUMAR N. Design of ECC based authenticated group key agreement protocol using self-certified public keys[C]//RAIT 2018:Proceedings of the 2018 4th International Conference on Recent Advances in Information Technology. Piscataway, NJ:IEEE, 2018:1-5.
[15] ODELU V. An effective and secure key-management scheme for hierarchical access control in E-medicine system[J]. Journal of Medical Systems, 2013, 37(2):9920.
[16] LOPEZ D, DE DIOS O G, WU Q, et al. RFC8253, PCEPS:usage of TLS to provide a secure transport for the Path Computation Element communication Protocol (PCEP)[S]. Geneva:IETF, 2017.

Group key management scheme based on distributed path computing element in multi-domain optical network

基于分布式路径计算单元的多域光网络组密钥管理方案

PDF

Knowledge

Abstract

Cite this article

share this article

References

Related Articles 15

Recommended Articles

Metrics

[1]	TIAN Ling, ZHANG Jinchuan, ZHANG Jinhao, ZHOU Wangtao, ZHOU Xue. Knowledge graph survey： representation， construction， reasoning and knowledge hypergraph theory [J]. Journal of Computer Applications, 2021, 41(8): 2161-2186.
[2]	HAN Si, ZHENG Baokun, CAO Qimin. Logical key hierarchy plus based key management program for wireless sensor network [J]. Journal of Computer Applications, 2019, 39(5): 1378-1384.
[3]	YU Jianglan, LI Xiangli, ZHAO Pengfei. Sparse non-negative matrix factorization based on kernel and hypergraph regularization [J]. Journal of Computer Applications, 2019, 39(3): 742-749.
[4]	LIU Shengjiu, LI Tianrui, YANG Zonglin, ZHU Jie. Measure method and properties of weighted hypernetwork [J]. Journal of Computer Applications, 2019, 39(11): 3107-3113.
[5]	SONG Tianyu, YANG Geng. Design and implementation of middleware system for ciphertext database [J]. Journal of Computer Applications, 2018, 38(12): 3450-3454.
[6]	CHEN Hao, WU Qiwu, LI Fang, JIANG Lingzhi. Hierarchical PCE-based and bimatrix game-based multicast dedicated protection algorithm in multi-domain optical network under static state [J]. Journal of Computer Applications, 2018, 38(11): 3299-3304.
[7]	XU Qian, CHEN Hongchang, WU Zheng, HUANG Ruiyang. User identification method across social networks based on weighted hypergraph [J]. Journal of Computer Applications, 2017, 37(12): 3435-3441.
[8]	LI Chengwen, WANG Xiaoming. Outsourced data encryption scheme with access privilege revocation [J]. Journal of Computer Applications, 2016, 36(1): 216-221.
[9]	WANG Binbin ZHANG Yanyan ZHANG Xuelin. Mixed key management scheme based on domain for wireless sensor network [J]. Journal of Computer Applications, 2014, 34(1): 90-94.
[10]	LUO Wenjun XU Min. Attribute-based encryption and re-encryption key management in cloud computing [J]. Journal of Computer Applications, 2013, 33(10): 2832-2834.
[11]	ZHANG Min-qing FU Wen-hua WU Xu-guang. Key management scheme based on composite design and identity encryption for clustered wireless sensor networks [J]. Journal of Computer Applications, 2012, 32(05): 1392-1396.
[12]	WU Qiu-lin LI Qiao-liang. Secure management of continuity key pre-distribution scheme based on SBIBD [J]. Journal of Computer Applications, 2012, 32(04): 960-963.
[13]	SUN Mei ZHAO Bing. Identity-based key management scheme for Ad Hoc network [J]. Journal of Computer Applications, 2012, 32(01): 104-106.
[14]	CAO Shuai ZHANG Chuan-rong SONG Cheng-yuan. Self-healing group key management scheme with collusion resistance [J]. Journal of Computer Applications, 2011, 31(10): 2692-2693.
[15]	Quan-di WANG Jin-feng LI Jie ZHOU. Modification of Cao's multicast key management scheme based on generalized cat map [J]. Journal of Computer Applications, 2011, 31(04): 975-977.