CN106685657B - A kind of template method for establishing group's code key in dynamic ad hoc network - Google Patents
A kind of template method for establishing group's code key in dynamic ad hoc network Download PDFInfo
- Publication number
- CN106685657B CN106685657B CN201710042391.7A CN201710042391A CN106685657B CN 106685657 B CN106685657 B CN 106685657B CN 201710042391 A CN201710042391 A CN 201710042391A CN 106685657 B CN106685657 B CN 106685657B
- Authority
- CN
- China
- Prior art keywords
- user
- secret
- subregion
- point
- group
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/0822—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/02—Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/04—Key management, e.g. using generic bootstrapping architecture [GBA]
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W12/00—Security arrangements; Authentication; Protecting privacy or anonymity
- H04W12/10—Integrity
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04W—WIRELESS COMMUNICATION NETWORKS
- H04W84/00—Network topologies
- H04W84/18—Self-organising networks, e.g. ad-hoc networks or sensor networks
Abstract
The invention discloses a kind of to establish the template method of group's code key in dynamic ad hoc network, and this method establishes a kind of logic shared secret distribution hierarchical structure on the network node before the foundation of adhoc network, and this structure has ignored the relationship of node physically.And the template method is realized in subset code key scheme and one-way hash chain scheme, furthermore present invention also proposes a kind of collusion resistant mechanism.
Description
Technical field
The invention belongs to calculate network communication field, it is related to a kind of mould that group's code key is established in dynamic ad hoc network
Plate method.
Background technique
The progress of computing technique and hardware results in a large amount of portable computing devices with all purpose communication and computing capability
Development.These equipment do not need the communications infrastructure for having strong for communication, establish because they have from group
The ability of node-to-node communication is knitted, and still maintains and is connected to network core.
The prior art for adhoc point to point network Secure Group Communication had certain research, but realize network node
There is imbalance between storage and communication efficiency, therefore realizing balance storage and communicating is a thing with challenge.
Realize that a kind of method of balance storage and communication assumes that given sender shares between two or more group members
The additional secret of sub-fraction.These additional secrets not only reduce the cost for establishing group key, and make at node
Carrying cost can manage.But the major obstacle for executing this balance shared secret distribution is that group is formed dynamically at runtime,
And it is difficult to predict the set that will be appointed as the node of group membership by giving sender.Therefore, in the foundation of dynamic group code key
The design for realizing storage and communicating the shared secret distribution protocol of desirable balance is a challenging problem.
Summary of the invention
Goal of the invention: problem to be solved by this invention is in view of the deficiencies of the prior art, to provide one kind in dynamic adhoc
The template method of group's code key is established in network.It, can be by the way that logically protection saves in a structured manner from template by construction
Group is put to be effectively reduced the cost of group's code key foundation, and it is smaller to still maintain the storage at node.
Technical solution: the invention discloses a kind of template sides that group's code key is established in dynamic adhoc point to point network
Method.Its core is user in dynamic adhoc point to point network being divided into the area Liang Ge, and it is secret to carry out group using hs (X, Y) scheme
The foundation of key, and can to establish safe group in dynamic adhoc point to point network secret for recursive operation hs (X, Y)
Key, comprising the following steps:
Step 1, group's code key template is established in dynamic adhoc point to point network;
Step 2, subset code key distribution approach is established;
Step 3, one-way hash chain code key distribution approach is established;
Step 4, the collusion resistant mechanism of group's code key in dynamic adhoc point to point network is established.
Wherein step 1 the following steps are included:
Step 1-1 establishes the complete logical connection of network node: based on being fully connected figure, the wherein vertex of figure
User in corresponding dynamic adhoc point to point network, formwork structure is logical layered architecture, and constructs in a recursive manner, is covered
Lid self-organization nodes set, and ensure that the complete logical between self-organization nodes connects, it is disposed but regardless of its physics;
Step 1-2, in the highest level of logical layered architecture, by inserting knot at two mutual exclusion subregions, by each subregion
It is considered as individual logic entity and carries out secret distribution;
Step 1-3 establishes safe group's code key using hs (X, Y) scheme between any user: assuming that by adhoc point pair
User in spot net is divided into two mutual exclusion part X1 and X2, and enabling s1 is the main secret of X1, and s2 is the main secret of X2, R1 X1
Random value, R2 is the random value of X2, respectively application scheme hs (X1, X2) and hs (X2, X1), then for given user xj∈
X1,xk∈ X2, using following formula in user xjAnd xkBetween establish safe group's code key:
F (s2, j) XOR f (s1, k),
Wherein XOR expression or operation, f (s2, j) and f (s1, k) are one-way function f () defined in hs (X, Y) scheme
Two examples.xjIndicate the user in X1, xkRespectively indicate the user in X2, j value be 1 into X1 user's number, k value
For 1 into X2 user's number, hs (X, Y) schema definition it is as follows:
User in dynamic adhoc point to point network is divided into two groups, is set as X and Y, the user in Y is named as y1,
y2,…,yn, ynIndicate the nth user in Y, n value is natural number, and the user in X is named as x1,x2,…,xm., xmIndicate X
In m-th of user, m value is natural number, create a secret and a random value, be denoted as sec and RAN respectively, and by he
Give each user in X;User from Y is assumed to be yc, c value is 1~n, then the user obtains secret f (sec, c),
F (sec, c) is the one-way function for acting on sec and c, ycSec, user y cannot be extracted from secret f (sec, c)cIt can be with
Secret f (sec, RAN) can be received from X, any message by f (sec, c) encryption can only be by ycIt is decrypted with the user in X,
The program is known as hs (X, Y) scheme, and secret sec is denoted as the main secret of X, and hs (X, Y) scheme is a kind of template method.
Step 1-4, recurrence use hs (X, Y) scheme, the safe group between user are established inside subregion X1 and X2
Code key, until only one user in each subregion.
Step 2 the following steps are included:
User in adhoc network is divided into two subregions M, N by step 2-1;
Two secret pond M1 and M2, M1={ K is arranged in step 2-21,K2,K3,K4, s }, M2={ C1,C2,C3,C4, r }, M points
User in area receives the secret in secret pond M1, and the user in N subregion receives the secret in secret pond M2, and wherein s and r distinguishes
Indicate the random value of secret pond M1 and the random value of secret pond M2, for encrypting, K1,K2,K3,K4, C1,C2,C3,C4It all indicates secret
It is close;
Step 2-3 carries out the received secret of user in M mixing secret set hK is calculated according to the following formulai:
WhereinIt is single hash function an of safety, indicates secret according to random value and secret pond generation mixing
It is close.KiIndicate that i-th of secret in secret pond M1, i value are 1~4;
User in step 2-4, N subregion receives two groups of secret, one group of pairwise communications for safety, and another group is used to pacify
Full group communication, for the pairwise communications of safety, each user receives the unique sub-set of mixing secret set;For the group of safety
Communication, each user receive the exclusive or value of partial secret in non-mixed secret unique sub-set.
Step 3 the following steps are included:
User in adhoc point to point network is divided into two subregions S, R by step 3-1;
Step 3-2, for given subregion, it is assumed that be S subregion, distribute two random seed PtAnd Pg, according to the two
Random seed instantiates two one-way hash chains, respectively forward direction chain h (Pt),h2(Pt),…,h|R|(Pt), reverse strand h (Pg),h2
(Pg),…,h|R|(Pg), the length of each chain is | R |;
Wherein h is an one-way hash function, h (Pt) and h (Pg) be function h two hash function examples, h|R|(Pt)
Indicate one-way hash function h in seed PtOn apply | R | secondary, h|R|(Pg) similarly indicate that one-way hash function h exists
Seed PgOn apply | R | it is secondary;
It is assumed to be R subregion, distributes two random seed QtAnd Qg, two unidirectional Kazakhstan are instantiated according to the two random seeds
Uncommon chain, respectively forward direction chain h (Qt),h2(Qt),…,h|S|(Qt), reverse strand h (Qg),h2(Qg),…,h|S|(Qg), each chain
Length is | S |.
Wherein h (Qt) and h (Qg) it is two hash functions, h|S|(Qt) indicate one-way hash function h in seed QtOn
Apply | S | secondary, h|S|(Qg) similarly indicate one-way hash function h in seed QgOn apply | S | it is secondary.
Step 3-3, for user Rd, a cryptographic Hash, R are received from each chaind∈ R (indicates RdIt is the user in R),
So that the combination of these cryptographic Hash is only by user RdIt is known;,
User in step 3-4, S subregion generates secret and is combined with the secret received from R subregion, forms business
Encrypt code key;User in R subregion generates secret and is combined with the secret received from S subregion, composition business encryption
Code key.
Step 4 the following steps are included:
User in adhoc point to point network is divided into the area Liang Ge A and B by step 4-1, it is assumed that the point-to-point net of dynamic adhoc
Network group interior joint sum is N, N=| A |+| B |, wherein | A | indicate user's number in A, | B | indicate user's number in subregion B;
Step 4-2, random selection user's block A from subregion A1,A2,A3, so that:
Random selection user's block B from subregion B1,B2,B3, so that:
Subregion is rearranged, i.e., by A1,A2,A3It is placed into B subregion, B1,B2,B3It is placed into A subregion;
Step 4-3, in the way of described in step 1 on the subregion after rearranging execution group code key foundation.This
Kind of mode ensure that the user in subregion is random distribution, and the secret that several user sharings are additional, with original private point
Hair is compared to bigger collusion resistant characteristic.
The utility model has the advantages that
1) present invention describes a kind of novel dynamic security group guaranteed based on the method for template in ad hoc networks
Communication.Our solution does not need the presence of dynamic group controller, and ensures the confidentiality and integrity between node.I
Work be realized in dynamic self-organization group merely with symmetric key distribution protocol group key establish forward position.We note that
It arrives, there are also further spaces to develop more secret distribution protocols, with additional ability and reduce to centralized group
The dependence of controller.
2) present invention realizes mentions for the distribution of security key present in document and the key distribution that may be proposed future
Useful foundation is supplied.Any such key distribution protocol survives according to the wish or system of network administrator and can be with
It can be readily embedded in the template under the calculating pressure of tolerance.
Detailed description of the invention
The present invention is done with reference to the accompanying drawings and detailed description and is further illustrated, it is of the invention above-mentioned or
Otherwise advantage will become apparent.
Fig. 1 is the basic flow chart of the method for the present invention.
Fig. 2 is subset code key distribution approach distribution map.
Fig. 3 is one-way hash chain scheme distribution map.
Fig. 4 is collusion resistant mechanism user block interchange graph.
Specific embodiment
The present invention will be further described with reference to the accompanying drawings and embodiments.
The structure chart of this method is that group is established in dynamic ad hoc network first as shown in Figure 1, be divided into four parts
Then the template of code key establishes subset code key distribution approach as shown in Figure 2, then establishes one-way hash chain code key as shown in Figure 3
Distribution approach, finally as shown in figure 4, setting up collusion resistant mechanism in dynamic ad hoc network.
Specifically, as shown in Figure 1, the invention discloses a kind of to establish the mould of group's code key in dynamic ad hoc network
Plate method, mainly including the following steps:
Step 1, group's code key template is established in dynamic adhoc point to point network;
Step 2, subset code key distribution approach is established;
Step 3, one-way hash chain code key distribution approach is established;
Step 4, the collusion resistant mechanism of group's code key in dynamic adhoc point to point network is established.
Wherein step 1 the following steps are included:
Step 1-1 establishes the complete logical connection of network node: based on being fully connected figure, the wherein vertex of figure
User in corresponding dynamic adhoc point to point network, formwork structure is logical layered architecture, and constructs in a recursive manner, is covered
Lid self-organization nodes set, and ensure that the complete logical between self-organization nodes connects, it is disposed but regardless of its physics;
Step 1-2, in the highest level of logical layered architecture, by inserting knot at two mutual exclusion subregions, by each subregion
It is considered as individual logic entity and carries out secret distribution;
Step 1-3 establishes safe group's code key using hs (X, Y) scheme between any user: assuming that by adhoc point pair
User in spot net is divided into two mutual exclusion part X1 and X2, and enabling s1 is the main secret of X1, and s2 is the main secret of X2, R1 X1
Random value, R2 is the random value of X2, respectively application scheme hs (X1, X2) and hs (X2, X1), then for given user xj∈
X1,xk∈ X2, using following formula in user xjAnd xkBetween establish safe group's code key:
F (s2, j) XOR f (s1, k),
Wherein XOR expression or operation, f (s2, j) and f (s1, k) are one-way function f () defined in hs (X, Y) scheme
Two examples.xjIndicate the user in X1, xkRespectively indicate the user in X2, j value be 1 into X1 user's number, k value
For 1 into X2 user's number, hs (X, Y) schema definition it is as follows:
User in dynamic adhoc point to point network is divided into two groups, is set as X and Y, the user in Y is named as y1,
y2,…,yn, ynIndicate the nth user in Y, n value is natural number, and the user in X is named as x1,x2,…,xm, xmIndicate X
In m-th of user, m value is natural number, create a secret and a random value, be denoted as sec and RAN respectively, and by he
Give each user in X;User from Y is assumed to be yc, c value is 1~n, then the user obtains secret f (sec, c),
F (sec, c) is the one-way function for acting on sec and c, ycSec, user y cannot be extracted from secret f (sec, c)cIt can
Secret f (sec, RAN) is received from X, any message by f (sec, c) encryption can only be by ycWith user's decryption in X, the party
Case is known as hs (X, Y) scheme, and secret sec is denoted as the main secret of X, and hs (X, Y) scheme is a kind of template method.
Step 1-4, recurrence use hs (X, Y) scheme, the safe group between user are established inside subregion X1 and X2
Code key, until only one user in each subregion.
Step 2 the following steps are included:
User in adhoc network is divided into two subregions M, N by step 2-1;
Two secret pond M1 and M2, M1={ K is arranged in step 2-21,K2,K3,K4, s }, M2={ C1,C2,C3,C4, r }, M points
User in area receives the secret in secret pond M1, and the user in N subregion receives the secret in secret pond M2, and wherein s and r distinguishes
Indicate the random value of secret pond M1 and the random value of secret pond M2, for encrypting, K1,K2,K3,K4, C1,C2,C3,C4It all indicates secret
It is close;
Step 2-3 carries out the received secret of user in M mixing secret set hK is calculated according to the following formulai:
WhereinIt is single hash function an of safety, indicates secret according to random value and secret pond generation mixing
It is close.KiIndicate that i-th of secret in secret pond M1, i value are 1~4;
User in step 2-4, N subregion receives two groups of secret, one group of pairwise communications for safety, and another group is used to pacify
Full group communication, for the pairwise communications of safety, each user receives the unique sub-set of mixing secret set;For the group of safety
Communication, each user receive the exclusive or value of partial secret in non-mixed secret unique sub-set.
Step 3 the following steps are included:
User in adhoc point to point network is divided into two subregions S, R by step 3-1;
Step 3-2, for given subregion, it is assumed that be S subregion, distribute two random seed PtAnd Pg, according to the two
Random seed instantiates two one-way hash chains, respectively forward direction chain h (Pt),h2(Pt),…,h|R|(Pt), reverse strand h (Pg),h2
(Pg),…,h|R|(Pg), the length of each chain is | R |;
Wherein h is an one-way hash function, h (Pt), and h (Pg) be function h two hash function examples, h|R|(Pt)
Indicate one-way hash function h in seed PtOn apply | R | secondary, h|R|(Pg) similarly indicate that one-way hash function h exists
Seed PgOn apply | R | it is secondary;
It is assumed to be R subregion, distributes two random seed QtAnd Qg, two unidirectional Kazakhstan are instantiated according to the two random seeds
Uncommon chain, respectively forward direction chain h (Qt),h2(Qt),…,h|S|(Qt), reverse strand h (Qg),h2(Qg),…,h|S|(Qg), each chain
Length is | S |.
Wherein h (Qt) and h (Qg) it is two hash functions, h|S|(Qt) indicate one-way hash function h in seed QtOn
Apply | S | secondary, h|S|(Qg) indicate one-way hash function h in seed QgOn apply | S | it is secondary.
Step 3-3, for user Rd, a cryptographic Hash, R are received from each chaind∈ R (indicates RdIt is the user in R),
So that the combination of these cryptographic Hash is only by user RdIt is known;
User in step 3-4, S subregion generates secret and is combined with the secret received from R subregion, forms business
Encrypt code key;User in R subregion generates secret and is combined with the secret received from S subregion, composition business encryption
Code key.
Step 4 the following steps are included:
User in adhoc point to point network is divided into the area Liang Ge A and B by step 4-1, it is assumed that the point-to-point net of dynamic adhoc
Network group interior joint sum is N, N=| A |+| B |, wherein | A | indicate user's number in A, | B | indicate user's number in subregion B;
Step 4-2, random selection user's block A from subregion A1,A2,A3, so that:
User's block B is selected from subregion B1,B2,B3, so that:
Subregion is rearranged, i.e., by A1,A2,A3It is placed into B subregion, B1,B2,B3It is placed into A subregion;
Step 4-3, in the way of described in step 1 on the subregion after rearranging execution group code key foundation.This
Kind of mode ensure that the user in subregion is random distribution, and the secret that several user sharings are additional, with original private point
Hair is compared to bigger collusion resistant characteristic.
Embodiment 2
The implementation hardware environment of the present embodiment is: in 3.4GHz Intel (R) Core on the PC of 7 operating system of Windows
(TM) i5-3570 processor is tested using java language.
The invention discloses a kind of template method for establishing group's code key in dynamic adhoc point to point network, feature exists
Group's code key template can be established in dynamic adhoc point to point network in passing through recursive utilization hs (X, Y) scheme.And
The collusion resistant characteristic of the template method is improved by the method that user's block exchanges, comprising the following steps:
Step 1, group's code key template is established in dynamic adhoc point to point network
Step 2, application of the subset code key distribution method in template method.
Step 3, application of the one-way hash chain method in template method.
Step 4, the collusion resistant mechanism that group's code key is established in dynamic adhoc point to point network.
Wherein Fig. 2 is subset code key distribution approach figure, and wherein S-partition and R-partition indicates S subregion and R
User in adhoc network is divided into S by subregion, two subregions of R, S1, S2, S3, S4, S5, S6 are respectively the user in S subregion
(or perhaps network node), it is assumed here that be 6, therefore only arrive S6.R1, R2, R3, R4, R5, R6 are the user in subregion R,
S and R subregion mutual exclusion, and the combination of S and R subregion is entire adhoc network.{ K1, K2, K3, K4, r } is required for S subregion
Secret pond, K1, K2, K3, K4 are the secret in secret pond, and r is the random value of S subregion.{ C1, C2, C3, C4, s } is R subregion
Secret pond, C1, C2, C3, C4 be secret, s be R subregion random value.HMAC is uni-directional hash letter defined in specification
Number, can be seen that each user (or network node) according to recursive call hs (X, the Y) scheme mentioned in the function and text
In store three by hash after code key, shown at left and right sides of figure respectively.Such as code key hC1 is stored in S1,
HC2, hC3XOR hC4.
Fig. 3 is one-way hash chain code key distribution approach figure, and wherein S-partition and R-partition is such as Fig. 2 institute
The two mutual exclusion subregions shown, S1, S2, S3, S4, S5, S6 are respectively user's (or perhaps network node) in S subregion.R1,
R2, R3, R4, R5, R6 are the user in subregion R, Pt,PgIt is two random seeds of S subregion.Qt,QgBe two of R subregion with
Machine.Forward Chain indicates that positive chain, Reverse Chain indicate reverse strand.Positive chain in S subregion is h
(Qt),h2(Qt),…,h6(Qt), reverse strand h6(Qg),h5(Qg),…,h(Qg).Positive chain in R subregion is h (Pt),h2
(Pt),…,h6(Pt), reverse strand h6(Pg),h5(Pg),…,h(Pg), wherein storing two in each user (or node)
H (Q is stored in code key, such as S1t),h6(Qg)。
Fig. 4 indicates to carry out collusion resistant implementation of strategies scheme in dynamic ad hoc network.A-partition and B-
Partition indicates subregion A and B that adhoc nodes are divided into mutual exclusion again.| A |=N/2 and | B |=N/2 indicate A
With the half in two subregions of B respectively containing adhoc network node.A1, A2, A3 are indicated randomly selected three in A subregion
User's block (Random user blocks indicates random user block), | A1+A2+A3 |=N/4 indicates three selected subregions
In user's (or node) number account for 1/4 of total node number in adhoc network, the i.e. half of A subregion, similarly B1, B2, B3 are indicated
Randomly selected three user's blocks in B subregion, | B1+B2+B3 |=N/4, indicate selected in B subregion user (or section
Point) number accounts for the 1/4 of adhoc nodes summary, i.e. half in B subregion.Then by A1, A2, A3 and the B in A subregion points
B1 in area, B2, B3 swap (i.e. Secret Distribution, key distribution).In the adhoc network of redistribution
The long foundation for re-starting template distribution method and carrying out group's code key.
The present invention provides a kind of to establish the template method of group's code key in dynamic ad hoc network, implements the skill
There are many method and approach of art scheme, the above is only a preferred embodiment of the present invention, it is noted that this technology is led
For the those of ordinary skill in domain, various improvements and modifications may be made without departing from the principle of the present invention, these
Improvements and modifications also should be regarded as protection scope of the present invention.The available prior art of each component part being not known in the present embodiment
It is realized.
Claims (1)
1. a kind of template method for establishing group's code key in dynamic ad hoc network, which comprises the following steps:
Step 1, group's code key template is established in dynamic adhoc point to point network;
Step 2, subset code key distribution approach is established;
Step 3, one-way hash chain scheme is established;
Step 4, the collusion resistant mechanism of group's code key in dynamic adhoc point to point network is established;
Step 1 the following steps are included:
Step 1-1 establishes the complete logical connection of network node: based on being fully connected figure, the wherein vertex correspondence of figure
User in dynamic adhoc point to point network, formwork structure are logical layered architectures, and construct in a recursive manner that covering is certainly
Organization node set, and ensure that the complete logical between self-organization nodes connects, it is disposed but regardless of its physics;
Each subregion is considered as in the highest level of logical layered architecture by inserting knot at two mutual exclusion subregions by step 1-2
Individual logic entity carries out secret distribution;
Step 1-3 establishes safe group's code key using hs (X, Y) scheme between any user: assuming that by the point-to-point net of adhoc
User in network is divided into two mutual exclusion part X1 and X2, enable s1 be X1 main secret, s2 be X2 main secret, R1 be X1 with
Machine value, R2 are the random value of X2, respectively application scheme hs (X1, X2) and hs (X2, X1), then for giving user xj∈ X1, xk∈
X2, using following formula in user xjAnd xkBetween establish safe group's code key:
F (s2, j) XOR f (s1, k),
Wherein XOR expression or operation, f (s2, j) and f (s1, k) are two of one-way function f () defined in hs (X, Y) scheme
Example, xjIndicate the user in X1, xkIndicate the user in X2, j value be 1 into X1 user's number, k value be 1 to be used into X2
Family number, hs (X, Y) schema definition are as follows:
User in dynamic adhoc point to point network is divided into two groups, is set as X and Y, the user in Y is named as y1, y2...,
yn, ynIndicate the nth user in Y, n value is natural number, and the user in X is named as x1, x2..., xm, xmIndicate the in X
M user, m value are natural number, create a secret and a random value, are denoted as sec and RAN respectively, and give them to X
In each user;User from Y is assumed to be yc, c value is 1~n, then the user obtains secret f (sec, c), f (sec,
It c) is the one-way function for acting on sec and c, user ycSec, user y cannot be extracted from secret f (sec, c)cIt can be from X
Middle reception secret f (sec, RAN), any message by f (sec, c) encryption can only be by user ycWith user's decryption in X, the party
Case is known as hs (X, Y) scheme, and secret sec is denoted as the main secret of X;
Step 1-4, recurrence use hs (X, Y) scheme, safe group's code key between user are established inside subregion X1 and X2,
Until only one user in each subregion;
Step 2 the following steps are included:
User in adhoc network is divided into two subregions M and N by step 2-1;
Two secret pond M1 and M2, M1={ K is arranged in step 2-21, K2, K3, K4, s }, M2={ C1, C2, C3, C4, r }, in M subregion
User receive the secret in secret pond M1, the secret in user's reception secret pond M2 in N subregion, wherein s and r is respectively indicated
The random value of secret pond M1 and the random value of secret pond M2, for encrypting, K1, K2, K3, K4, C1, C2, C3, C4It all indicates secret;
Step 2-3 carries out the received secret of user in M mixing secret set hK is calculated according to the following formulai:
WhereinIt is single hash function an of safety, indicates secret according to random value and secret pond generation mixing, KiTable
Show that i-th of secret in secret pond M1, i value are 1~4;
User in step 2-4, N subregion receives two groups of secret, one group of pairwise communications for safety, and another group is used for safety
Group communication, for the pairwise communications of safety, each user receives the unique sub-set of mixing secret set;It is logical for the group of safety
News, each user receive the exclusive or value of partial secret in non-mixed secret unique sub-set;
Step 3 the following steps are included:
User in adhoc point to point network is divided into two subregions S, R by step 3-1;
Step 3-2, for given subregion, it is assumed that be S subregion, distribute two random seed PtAnd Pg, according to the two with machine
Two one-way hash chains of sub-instanceization, respectively forward direction chain h (Pt), h2(Pt) ..., h|R|(Pt), reverse strand h (Pg), h2
(Pg) ..., h|R|(Pg), the length of each chain is | R |;
Wherein h () is a hash function, h (Pt) and h (Pg) be function h two hash function examples, h|R|(Pt) indicate single
To hash function h in seed PtOn apply | R | secondary, h|R|(Pg) indicate one-way hash function h in seed PgOn answer
With | R | it is secondary;
It is assumed to be R subregion, distributes two random seed QtAnd Qg, two one-way hash chains are instantiated according to the two random seeds,
Respectively forward direction chain h (Qt), h2(Qt) ..., h|S|(Qt), reverse strand h (Qg), h2(Qg) ..., h|S|(Qg), the length of each chain
Degree is | S |;
Wherein h (Qt) and h (Qg) it is two hash functions, h|S|(Qt) indicate one-way hash function h in seed QtOn apply
| S | secondary, h|S|(Qg) indicate one-way hash function h in seed QgOn apply | S | it is secondary;
Step 3-3, for user Rd, a cryptographic Hash is received from each chain, so that the combination of these cryptographic Hash is only by user Rd
It is known, RdIt is the user in R, i.e. Rd∈R;
User in step 3-4, S subregion generates secret and is combined with the secret received from R subregion, forms business encryption
Code key;User in R subregion generates secret and is combined with the secret received from S subregion, and composition business encrypts code key;
Step 4 the following steps are included:
User in adhoc point to point network is divided into the area Liang Ge A and B by step 4-1, it is assumed that dynamic adhoc point to point network group
Interior joint sum is N, N=| A |+| B |, wherein | A | indicate user's number in subregion A, | B | indicate user's number in subregion B;
Step 4-2, random selection user's block A from subregion A1, A2, A3, so that:
Random selection user's block B from subregion B1, B2, B3, so that:
Subregion is rearranged, i.e., by A1, A2, A3It is placed into B subregion, B1, B2, B3It is placed into A subregion;
Step 4-3, the subregion in the way of described in step 1 before user keeps in the case where secret after rearranging
The upper foundation for executing group's code key.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710042391.7A CN106685657B (en) | 2017-01-20 | 2017-01-20 | A kind of template method for establishing group's code key in dynamic ad hoc network |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201710042391.7A CN106685657B (en) | 2017-01-20 | 2017-01-20 | A kind of template method for establishing group's code key in dynamic ad hoc network |
Publications (2)
Publication Number | Publication Date |
---|---|
CN106685657A CN106685657A (en) | 2017-05-17 |
CN106685657B true CN106685657B (en) | 2019-06-18 |
Family
ID=58859363
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201710042391.7A Active CN106685657B (en) | 2017-01-20 | 2017-01-20 | A kind of template method for establishing group's code key in dynamic ad hoc network |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106685657B (en) |
Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101529794A (en) * | 2006-09-07 | 2009-09-09 | 摩托罗拉公司 | Method and apparatus for establishing security associations between nodes of an AD HOC wireless network |
CN102256248A (en) * | 2011-07-05 | 2011-11-23 | 淮阴工学院 | Scheme for managing Ad hoc group key |
CN105071938A (en) * | 2015-07-14 | 2015-11-18 | 中国科学技术大学 | Group authentication method based on threshold secret sharing |
-
2017
- 2017-01-20 CN CN201710042391.7A patent/CN106685657B/en active Active
Patent Citations (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN101529794A (en) * | 2006-09-07 | 2009-09-09 | 摩托罗拉公司 | Method and apparatus for establishing security associations between nodes of an AD HOC wireless network |
CN102256248A (en) * | 2011-07-05 | 2011-11-23 | 淮阴工学院 | Scheme for managing Ad hoc group key |
CN105071938A (en) * | 2015-07-14 | 2015-11-18 | 中国科学技术大学 | Group authentication method based on threshold secret sharing |
Non-Patent Citations (2)
Title |
---|
A Template Approach to Group Key Establishment in Dynamic Ad-hoc Groups;Bruhadeshwar Bezawada等;《2016 IEEE 24th International Conference on Network Protocols (ICNP) 》;20161111;摘要,第II节 |
具有抗合谋攻击能力的自治愈群组密钥管理方案;曹 帅等;《计算机应用》;20111031;全文 |
Also Published As
Publication number | Publication date |
---|---|
CN106685657A (en) | 2017-05-17 |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN103986574B (en) | A kind of Tiered broadcast encryption method of identity-based | |
CN101399660B (en) | Method and device for negotiating group cipher | |
CN103023653A (en) | Low-power-consumption communication method and device for safety group of internet of things | |
CN103475469A (en) | Method and device for achieving SM2 algorithm with combination of CPU and GPU | |
TW200841282A (en) | Method and system for secure data aggregation in wireless sensor networks | |
CN108462573A (en) | A kind of flexible quantum safety moving communication means | |
RU2014126582A (en) | SIMPLIFIED MANAGEMENT OF GROUP SECRET KEYS | |
CN101588233A (en) | AES coprocessor system and AES structure in wireless sensor network node application | |
Wang et al. | Attribute-based equality test over encrypted data without random oracles | |
Sekar et al. | Comparative study of encryption algorithm over big data in cloud systems | |
Guo et al. | Cross-channel: Scalable off-chain channels supporting fair and atomic cross-chain operations | |
Dua et al. | A study of applications based on elliptic curve cryptography | |
CN106685657B (en) | A kind of template method for establishing group's code key in dynamic ad hoc network | |
Rong et al. | Authenticated health monitoring scheme for wireless body sensor networks | |
Al-Haija | Toward secure non-deterministic distributed wireless sensor network using probabilistic key management approaches | |
Liu et al. | Dynamic multi-party quantum private comparison protocol with single photons in both polarization and spatial-mode degrees of freedom | |
Bechkit | New key management schemes for resource constrained wireless sensor networks | |
Thylashri et al. | Vitality and peripatetic sustain cluster key management schemes in MANET | |
RU2330382C1 (en) | Preliminary key distribution circuit for cluster networks and its functioning method | |
Elleuchi et al. | An efficient secure scheme for wireless sensor networks | |
Devi et al. | An Efficient Autonomous Key Management with Verifiable Secret Sharing Schemes for Reduced Communication/Computation Costs in MANET | |
CN104301103A (en) | Multi-password recovery method based on ring Zn conic curve public key cryptosystem | |
Poornima et al. | PERSEN: power-efficient logical ring based key management for clustered sensor networks | |
Chen et al. | TinyStream: a lightweight and novel stream cipher scheme for wireless sensor networks | |
Zhang et al. | Privacy-preserving attribute-based encryption supporting expressive access structures |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
GR01 | Patent grant | ||
GR01 | Patent grant |