抗合谋攻击能力可调的有状态组密钥更新协议

doi:10.11772/j.issn.1001-9081.2017102413

计算机应用 ›› 2018, Vol. 38 ›› Issue (5): 1372-1376.DOI: 10.11772/j.issn.1001-9081.2017102413

抗合谋攻击能力可调的有状态组密钥更新协议

敖丽¹, 刘璟¹, 姚绍文¹, 武楠²

1. 云南大学软件学院, 昆明 650500;
2. 云南大学信息学院, 昆明 650500

收稿日期:2017-10-12 修回日期:2017-12-04 发布日期:2018-05-24 出版日期:2018-05-10
通讯作者: 刘璟
作者简介:敖丽(1993-),女,云南曲靖人,硕士研究生,主要研究方向:信息安全、密码学;刘璟(1972-),男,四川绵阳人,副教授,博士,主要研究方向:信息安全、计算机网络安全、密码学;姚绍文(1966-),男,湖南永顺人,教授,博士生导师,博士,主要研究方向:信息安全、分布式计算;武楠(1989-),女,河南南阳人,硕士研究生,主要研究方向:信息安全、密码学。
基金资助:
国家自然科学基金资助项目（61363084）；云南大学第四批中青年骨干教师基金资助项目（XT412003）；云南大学师资队伍建设基金资助项目（XT412001）。

Stateful group rekeying scheme with tunable collusion resistance

AO Li¹, LIU Jing¹, YAO Shaowen¹, WU Nan²

1. School of Software, Yunnan University, Kunming Yunnan 650500, China;
2. School of Information Science and Engineering, Yunnan University, Kunming Yunnan 650500, China

Received:2017-10-12 Revised:2017-12-04 Online:2018-05-24 Published:2018-05-10
Contact: 刘璟
Supported by:
This work is partially supported by the National Natural Science Foundation of China (61363084), the Foundation for the 4th Batch of the Middle-aged and Youth Key Teachers of Yunnan University (XT412003), the Faculty Team Construction Foundation of Yunnan University (XT412001).

摘要/Abstract

摘要： 逻辑密钥分层（LKH）协议已经被证明在抗完全合谋攻击时，它通信开销的下界是O（log n），但是在一些资源受限或者商业应用场景中，用户仍然要求通信开销低于O（log n）。虽然，有状态的完全排外子树（SECS）协议具有常量通信开销的特性，却只能抵抗单用户攻击。考虑用户愿意牺牲一定安全性来降低通信开销的情况，利用LKH协议的完全抗合谋攻击特性和SECS协议具有常量通信开销的优势，设计并实现了一种混合的组密钥更新协议（H-SECS）。H-SECS协议根据应用场景的安全级别来配置子组数目，在通信开销和抗合谋攻击能力之间作一个最优的权衡。理论分析及仿真实验表明，与LKH协议和SECS协议相比，H-SECS协议的通信开销可以在O（1）和O（log n）区间进行调控。

关键词: 有状态, 组密钥更新, 逻辑密钥分层协议, 抗合谋攻击

Abstract: Logical Key Hierarchy (LKH) protocol has been proved that O(log n) is the lower bound of the communication complexity when resisting complete collusion attacks. However, in some resource-constrained or commercial application environments, user still require the communication overhead below O(log n). Although Stateful Exclusive Complete Subtree (SECS) protocol has the characteristic of constant communication overhead, but it can only resist single-user attacks. Considering the willingness of users to sacrifice some security to reduce communication overhead, based on LKH which has the characteristic of strict confidentiality, and combined with SECS which has constant communication overhead, a Hybrid Stateful Exclusive Complete Subtree (H-SECS) was designed and implemented. The number of subgroups was configured by H-SECS according to the security level of application scenario to make an optimal tradeoff between communication overhead and collusion resistance ability. Theoretical analysis and simulation results show that, compared with LKH protocol and SECS protocol, the communication overhead of H-SECS can be regulated in the ranges between O(1) and O(log n).

Key words: stateful, group rekeying, Logical Key Hierarchy (LKH) protocol, collusion resistance

中图分类号:

TP393.08

敖丽, 刘璟, 姚绍文, 武楠. 抗合谋攻击能力可调的有状态组密钥更新协议[J]. 计算机应用, 2018, 38(5): 1372-1376.

AO Li, LIU Jing, YAO Shaowen, WU Nan. Stateful group rekeying scheme with tunable collusion resistance[J]. Journal of Computer Applications, 2018, 38(5): 1372-1376.

参考文献

[1] WU Y, LIU J, HOU J, et al. A stateful multicast key distribution protocol based on identity-based encryption[C]//Proceedings of the 2017 IEEE/ACIS 16th International Conference on Computer and Information Science. Piscataway, NJ:IEEE, 2017:19-24.
[2] SHERMAN A T, MCGREW D A. Key establishment in large dynamic groups using one-way function trees[J]. IEEE Transactions on Software Engineering, 2003, 29(5):444-458.
[3] LIU J, YANG B. Collusion-resistant multicast key distribution based on homomorphic one-way function trees[J]. IEEE Transactions on Information Forensics and Security, 2011, 6(3):980-991.
[4] XU J, LI L, LU S, et al. A novel batch-based LKH tree balanced algorithm for group key management[J]. Science China Information Sciences, 2017, 60(10):108-301.
[5] WONG C K, GOUDA M, LAM S S. Secure group communications using key graphs[J]. IEEE/ACM Transactions on Networking, 2000, 8(1):16-30.
[6] WALLNER D, HARDER E, AGEE R. Key management for multicast:issues and architectures[EB/OL].[2017-06-20]. http://www.rfc-editor.org/in-notes/pdfrfc/rfc2627.txt.pdf.
[7] MICCIANCIO D, PANJWANI S. Optimal communication complexity of generic multicast key distribution[J]. IEEE/ACM Transactions on Networking, 2004, 16(4):803-813.
[8] DU W, HE M, X. Self-healing key distribution with revocation and resistance to the collusion attack in wireless sensor networks[C]//Proceedings of the 2nd International Conference on Provable Security. Berlin:Springer-Verlag, 2008:345-359.
[9] PERRING A, STANKOVI J C, WAGNER D. Security in wireless sensor networks[J]. Communications of the ACM, 2004, 47(6):53-57.
[10] 王洁,卢建朱,曾小飞. 可及时确定受攻击节点的无线传感器网络数据聚合方案[J]. 计算机应用,2016,36(9):2432-2437.(WANG J, LU J Z, ZENG X F. Data aggregation scheme for wireless sensor network to timely determine compromised nodes[J]. Journal of Computer Applications, 2016, 36(9):2432-2437.)
[11] FAN J, JUDGE P, AMMAR H M. HySOR:group key management with collusion-scalability tradeoffs using a hybrid structuring of receivers[C]//Proceedings of the 11th International Conference on Computer Communications and Networks. Washington, DC:IEEE Computer Society, 2002:196-201.
[12] 姬东耀,王育民. 公平有效的Web视频服务即付即看协议设计与分析[J]. 西安电子科技大学学报(自然科学版),2001,8(4):425-429.(JI D Y, WANG Y M. Analysis and design of fair and efficient pay-per-view protocols for Web-based video service[J]. Journal of Xidian University (Natural Science Edition), 2001, 8(4):425-429.)
[13] LIU J, HUANG Q, YANG B, et al. Efficient multicast key distribution using HOWP-based dynamic group access structures[J]. IEEE Transactions on Computers, 2013, 62(8):1656-1672.
[14] LIU J, LIU M, WANG C J, et al. Group rekeying in the exclusive subset-cover framework[J]. Theoretical Computer Science, 2017, 678:63-77.
[15] FIAT A, NAOR M. Broadcast encryption[C]//Proceedings of the 13th Annual International Conference on Advances in Cryptology. New York:Springer-Verlag, 1993:480-491.
[16] KIM H, HONG M S, YOON H, et al. Secure group communication with multiplicative one-way functions[C]//Proceedings of the 2005 International Conference on Information Technology:Coding and Computing. Washington, DC:IEEE Computer Society, 2005:685-690.
[17] CANETTI R, GARAY J, ITKIS G, et al. Multicast security:taxonomy and some efficient constructions[C]//Proceedings of the 1999 Conference on Computer Communications. Piscataway, NJ:IEEE, 1999:708-716.
[18] KRAWCZYK H, BELLARE M, CANETTI R. HMAC:keyed-hashing for message authentication[EB/OL].[2017-06-20]. http://ikamr.asp24.no/kdrs/pdf-copies/org.python.library-000000825.pdf.
[19] WANG X, YIN Y L, YU H. Finding collisions in the full SHA-1[C]//Proceedings of the 25th Annual International Conference on Advances in Cryptology. Berlin:Springer-Verlag, 2005:17-36.

抗合谋攻击能力可调的有状态组密钥更新协议

Stateful group rekeying scheme with tunable collusion resistance

PDF

可视化

摘要/Abstract

引用本文

使用本文

参考文献

相关文章 15

编辑推荐

Metrics

[1]	方介泼, 陶重犇. 应对零日攻击的混合车联网入侵检测系统[J]. 《计算机应用》唯一官方网站, 2024, 44(9): 2763-2769.
[2]	徐航, 杨智, 陈性元, 韩冰, 杜学绘. 基于自适应敏感区域变异的覆盖引导模糊测试[J]. 《计算机应用》唯一官方网站, 2024, 44(8): 2528-2535.
[3]	邓淼磊阚雨培孙川川徐海航樊少珺周鑫. 基于深度学习的网络入侵检测系统综述[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[4]	姚梓豪, 栗远明, 马自强, 李扬, 魏良根. 基于机器学习的多目标缓存侧信道攻击检测模型[J]. 《计算机应用》唯一官方网站, 2024, 44(6): 1862-1871.
[5]	朱亮慕京哲左洪强谷晶中朱付保. 基于联邦图神经网络的位置隐私保护推荐方案[J]. 《计算机应用》唯一官方网站, 0, (): 0-0.
[6]	李向军, 王俊洪, 王诗璐, 陈金霞, 孙纪涛, 王建辉. 基于多模型并行融合网络的恶意流量检测方法[J]. 《计算机应用》唯一官方网站, 2023, 43(S2): 122-129.
[7]	徐精诚, 陈学斌, 董燕灵, 杨佳. 融合特征选择的随机森林DDoS攻击检测[J]. 《计算机应用》唯一官方网站, 2023, 43(11): 3497-3503.
[8]	霍珊珊, 李艳俊, 刘健, 李寅霜. 密码组件安全指标测试工具设计与实现[J]. 《计算机应用》唯一官方网站, 2023, 43(10): 3156-3161.
[9]	郭祥, 姜文刚, 王宇航. 基于改进Inception-ResNet的加密流量分类方法[J]. 《计算机应用》唯一官方网站, 2023, 43(8): 2471-2476.
[10]	江魁, 余志航, 陈小雷, 李宇豪. 基于BERT-CNN的Webshell流量检测系统设计与实现[J]. 《计算机应用》唯一官方网站, 2023, 43(S1): 126-132.
[11]	郑超, 邬悦婷, 肖珂. 基于联邦学习和深度残差网络的入侵检测[J]. 《计算机应用》唯一官方网站, 2023, 43(S1): 133-138.
[12]	孙怡亭, 郭越, 李长进, 张红军, 刘康, 刘俊矫, 孙利民. 可编程逻辑控制器的控制逻辑注入攻击入侵检测方法[J]. 《计算机应用》唯一官方网站, 2023, 43(6): 1861-1869.
[13]	胡海岩, 康巧燕, 赵朔, 王建峰, 付有斌. 基于节点综合重要度排序的服务功能链部署优化方法[J]. 《计算机应用》唯一官方网站, 2023, 43(3): 860-868.
[14]	程靖云, 王布宏, 罗鹏. 基于深度语义融合的代码缺陷静态检测方法[J]. 《计算机应用》唯一官方网站, 2022, 42(10): 3170-3176.
[15]	毕文婷, 林海涛, 张立群. 基于多阶段演化信号博弈模型的移动目标防御决策算法[J]. 《计算机应用》唯一官方网站, 2022, 42(9): 2780-2787.