基于身份密碼的機載自組織網絡動態(tài)密鑰管理
doi: 10.11999/JEIT171148
-
1.
空軍工程大學信息與導航學院 ??西安 ??710077
-
2.
國防科技大學信息通信學院 ??西安 ??710106
-
3.
西安郵電大學 ??西安 ??710121
基金項目: 國家自然科學基金(61401499, 61502386)
Identity Based Dynamic Key Management of Airborne Ad Hoc Network
-
1.
Information and Navigation College, Air Force Engineering University, Xi’an 710077, China
-
2.
Information and Communication College, National University of Defense Technology, Xi’an 710106, China
-
3.
Xi’an University of Posts & Telecommunications, Xi’an 710121, China
Funds: The National Natural Science Foundation of China (61401499, 61502386)
-
摘要: 針對現(xiàn)有機載自組織網絡密鑰管理存在的預分配密鑰更新困難、公鑰證書傳遞開銷大、分布式身份密鑰傳遞需要安全信道的問題,該文提出一種無需安全信道的基于身份密碼體制的動態(tài)密鑰管理方案。該方案包括系統(tǒng)密鑰自組織生成和用戶私鑰分布式管理兩個算法;采取遮蔽密鑰的辦法,確保私鑰在公共信道中全程安全傳遞,使得密鑰管理易于部署、方便擴展;最后分析了方案的正確性與安全性。結果證明方案理論正確,能夠抵抗假冒、重放、中間人攻擊。Abstract: Because of nowadays airborne network’s updating difficulty of pre-allocated symmetrical key, high communication cost of public key certificate and the requirement of security channel for distributed identity-based key management, identity-based dynamic key management of airborne network is proposed. It is composed of two algorithms: self-organized generation of master key without the trusted third party and distributed management of user’s private key. Moreover, the master key share and user private partition can be delivered without the pre-established security channel by blinding them so that the scheme is easy to develop and flexible to extend. Finally, the correctness and security of the proposed scheme are proved, it is shown that it can provide the ability to resist the impersonation attack, replay attack and man-in-the-middle attack.
-
Key words:
- Airborne network /
- Identity-based cryptography /
- Key management /
- Self-organized /
- Distributed
-
李杰, 宮二玲, 孫志強, 等. 下一代機載網絡技術評述[J]. 指揮與控制學報, 2015, 1(3): 351–356. DOI: JCC.CN.2015.00351.LI Jie, GONG Erling, SUN Zhiqiang, et al.. An overview of next generation airborne networks[J]. Journal of Command and Control, 2015, 1(3): 351–356. DOI: JCC.CN.2015.00351. 梁一鑫, 程光, 郭曉軍, 等. 機載網絡體系結構及其協(xié)議棧研究進展[J]. 軟件學報, 2016, 27(1): 96–111.DOI: 10.13328/j.cnki.jos.004925.LIANG Yixin, CHENG Guang, GUO Xiaojun, et al.. Research progress on architecture and protocol stack of the airborne network[J]. Journal of Software, 2016, 27(1): 96–111. DOI: 10.13328/j.cnki.jos.004925. SHANTHI K and MURUGAN D. Pair-wise key agreement and hop-by-hop authentication protocol for MANET[J]. Wireless Networks, 2016, 23(4): 1–9.DOI: 10.1007/s11276-015-1191-x. PHUNG P H and MINH Q T. DASSR: A distributed authentication scheme for secure routing in wireless ad-hoc networks[C]. International Conference on Future Data and Security Engineering. Can Tho, Vietnam, 2016: 219–236. DONG Ying, SUI Aifeng, YIU S M, et al.. Providing distributed certificate authority service in cluster-based mobile ad hoc networks[J]. Computer Communications, 2007, 30(11/12): 2442–2452. doi: 10.1016/j.comcom.2007.04.011. 韓磊, 劉吉強, 趙佳, 等. 移動ad hoc網絡分布式輕量級CA 密鑰管理方案[J].四川大學學報(工程科學版), 2011, 43(6): 133–139.DOI: 10.15961/j.jsuese.2011.06.021.HAN Lei, LIU Jiqiang, ZHAO Jia, et al..Distributed lite CA key management scheme in mobile ad hoc networks[J].Journal of Sichuan University (Engineering Science Edition), 2011, 43(6): 133–139. doi: 10.15961/j.jsuese.2011.06.021. DATKO B. Supporting secure, ad hoc joins for tactical networks[R]. Maryland: United States Naval Academy Trident Scholar Project Report, 2002. CAPKUN S, NUTTYAN L, and HUBAUX J P. Self-organized public-key management for mobile ad hoc networks[J]. IEEE Transactions on Mobile Computing, 2003, 2(1): 52–64. DOI: 10.1109/TMC.2003.1195151. RAFSANJANI M K and SHOJAIEMEHR B. Improvement of self-organized public key management for MANET[J]. Journal of American Science, 2012, 8(1): 197–202. JANANI V S and MANIKANDAN M S K. Trust-based hexagonal clustering for efficient certificate management scheme in mobile ad hoc networks[R]. Sadhana, 2016. OMAR M, BOUFAGHES H, MAMMERI L, et al.. Secure and reliable certificate chains recovery protocol for mobile ad hoc networks[J]. Journal of Network & Computer Applications, 2016, 62(C): 153-162. DOI: 10.1016/j.jnca.2016.01.007 SHAMIR. Identity-based cryptosystems and signature schemes[J]. LNCS, 1984, 21(2): 47–53.DOI: 10.1007/3-540-39568-7 5. BONEH D and FRANKLIN M. Identity-based encryption from the weil pairing[C]. International Cryptology Conference on Advances in Cryptology. Santa Barbara, USA, 2001: 213–229. 曹丹, 王小峰, 王飛, 等. SA-IBE: 一種安全可追責的基于身份加密方案[J].電子與信息學報, 2011, 33(12): 2922–2928.DOI: 10.3724/SP.J.1146.2011.00399.CAO Dan, WANG Xiaofeng, WANG Fei, et al.. SA-IBE: A secure and accountable identity-based encryption scheme[J] Journal of Electronics & Information Technology, 2011, 33(12): 2922–2928. doi: 10.3724/SP.J.1146.2011.00399. ZHANG Tao, YUE Kang, and YAN Jinkui. A distributed anonymous authentication scheme for mobile ad hoc network from bilinear maps[C]. International Conference on Mechatronic Science, Electric Engineering and Computer. Jilin, China, 2011: 314–318. NARAYANA V L and BHARATHI C R. Identity based cryptography for mobile ad hoc networks[J]. Journal of Theoretical and Applied Information Technology, 2017, 95(5): 1173–1182. 羅長遠, 李偉, 邢洪智, 等. 空間網絡中基于身份的分布式密鑰管理研究[J].電子與信息學報, 2010, 32(1): 183–188.DOI: 10.3724/SP.J.1146.2009.00461.LUO Changyuan, LI Wei, XING Hongzhi, et al.. Research on identity-based distributed key management in space network[J]. Journal of Electronics & Information Technology, 2010, 32(1): 183–188. doi: 10.3724/SP.J.1146.2009.00461. XIA Pengrui, WU Meng, WANG Kun, et al. Identity-based fully distributed certificate authority in an OLSR MANET[C]. International Conference on Wireless Communications, Networking and Mobile Computing. Dalian, China, 2008: 1–4. 任艷麗, 蔡建興, 黃春水, 等.基于身份加密中可驗證的私鑰生成外包算法[J].通信學報, 2015, 36(11): 61-66. DOI: 10.11959/j.issn.1000-436x.2015233.REN Yanli, CAI Jianxing, HUANG Chunshui, et al.. Verifiable outsourcing private key generation algorithm in an identity-based encryption scheme[J]. Journal of Communications, 2015, 36(11): 61–66. DOI: 10.11959/j.issn.1000-436x.2015233. 李慧賢, 龐遼軍, 王育民. 適合ad hoc網絡無需安全信道的密鑰管理方案[J].通信學報, 2010, 31(1): 112–117.LI Huixian, PANG Liaojun, and WANG Yumin. Key management scheme without secure channel for ad hoc networks[J]. Journal of Communications, 2010, 31(1): 112–117. -