Journal of Computer Applications ›› 2019, Vol. 39 ›› Issue (4): 1095-1099.DOI: 10.11772/j.issn.1001-9081.2018092045

Previous Articles     Next Articles

Group key management scheme based on distributed path computing element in multi-domain optical network

ZHOU Yang1, WU Qiwu2, JIANG Lingzhi3   

  1. 1. Graduate Group, Engineering University of PAP, Xi'an Shaanxi 710086, China;
    2. College of Equipment Management and Support, Engineering University of PAP, Xi'an Shaanxi 710086, China;
    3. College of Information Engineering, Engineering University of PAP, Xi'an Shaanxi 710086, China
  • Received:2018-10-09 Revised:2018-11-23 Online:2019-04-10 Published:2019-04-10
  • Supported by:
    This work is partially supported by the National Natural Science Foundation of China (61402529).

基于分布式路径计算单元的多域光网络组密钥管理方案

周阳1, 吴启武2, 姜灵芝3   

  1. 1. 武警工程大学 研究生大队, 西安 710086;
    2. 武警工程大学 装备管理与保障学院, 西安 710086;
    3. 武警工程大学 信息工程学院, 西安 710086
  • 通讯作者: 周阳
  • 作者简介:周阳(1995-),男,江苏金坛人,硕士研究生,主要研究方向:智能光网络;吴启武(1981-),男,湖南安化人,副教授,博士,主要研究方向:智能光网络、信息安全;姜灵芝(1982-),女,湖南兴化人,讲师,硕士,主要研究方向:信息网络。
  • 基金资助:
    国家自然科学基金资助项目(61402529)。

Abstract: A group key management scheme based on distributed Path Computation Element (PCE) architecture was proposed aiming at the communication characteristics and key management requirement of multi-domain optical networks in PCE architecture. Firstly, the key relation of multi-domain optical network under distributed PCE architecture was modeled as a two-layer key hypergraph by using hypergraph theory. Then, the key management method based on self-authenticated public key cryptosystem and member filtering technique was adopted in the autonomous domain layer and the group key agreement method based on elliptic curve cryptosystem was adopted in the PCE layer. Finally, the generation, distribution, update and dynamic management of the key were completed, and the confidentiality problem of the private key of member and the impersonation problem of the third party node were well solved. At the same time, the computational overhead of key update was reduced. The performance analysis shows that the proposed scheme has forward security, backward security, private key confidentiality and is against collusion attack. Compared with the typical decentralized scheme, the proposed scheme achieves better performance in terms of key storage capacity, encryption/decryption times and communication overhead.

Key words: Path Computation Element (PCE), multi-domain optical network, key management, self-authenticated public key, hypergraph

摘要: 针对分布式路径计算单元(PCE)架构下多域光网络的通信特点和密钥管理需求,提出一种该架构下的组密钥管理方案。首先使用超图理论对分布式PCE架构下的多域光网络密钥关系进行建模得到两层式密钥超图;然后在自治域层采用基于自认证公钥密码体制和成员过滤技术的密钥管理方法,在PCE层采用基于椭圆曲线密码体制的组密钥协商方法;最后完成密钥的产生、分发、更新和动态管理,较好地解决了成员的私钥保密性问题和第三方节点的冒充问题,减少了密钥更新时的计算开销。性能分析显示,该方案具有前向安全性、后向安全性、密钥保密性和抗合谋攻击等特点,与典型的分散式方案相比,在密钥存储量、加解密次数和通信开销等方面取得了较优的性能。

关键词: 路径计算单元, 多域光网络, 密钥管理, 自认证公钥, 超图

CLC Number: