CN106685657B - A kind of template method for establishing group's code key in dynamic ad hoc network - Google Patents

A kind of template method for establishing group's code key in dynamic ad hoc network Download PDF

Info

Publication number
CN106685657B
CN106685657B CN201710042391.7A CN201710042391A CN106685657B CN 106685657 B CN106685657 B CN 106685657B CN 201710042391 A CN201710042391 A CN 201710042391A CN 106685657 B CN106685657 B CN 106685657B
Authority
CN
China
Prior art keywords
user
secret
subregion
point
group
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201710042391.7A
Other languages
Chinese (zh)
Other versions
CN106685657A (en
Inventor
赵俊峰
夏元轶
吕高建
郭延文
刘向阳
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University
Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Original Assignee
Nanjing University
Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University, Information and Telecommunication Branch of State Grid Jiangsu Electric Power Co Ltd filed Critical Nanjing University
Priority to CN201710042391.7A priority Critical patent/CN106685657B/en
Publication of CN106685657A publication Critical patent/CN106685657A/en
Application granted granted Critical
Publication of CN106685657B publication Critical patent/CN106685657B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/0822Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) using key encryption key
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/02Protecting privacy or anonymity, e.g. protecting personally identifiable information [PII]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/04Key management, e.g. using generic bootstrapping architecture [GBA]
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W12/00Security arrangements; Authentication; Protecting privacy or anonymity
    • H04W12/10Integrity
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04WWIRELESS COMMUNICATION NETWORKS
    • H04W84/00Network topologies
    • H04W84/18Self-organising networks, e.g. ad-hoc networks or sensor networks

Abstract

The invention discloses a kind of to establish the template method of group's code key in dynamic ad hoc network, and this method establishes a kind of logic shared secret distribution hierarchical structure on the network node before the foundation of adhoc network, and this structure has ignored the relationship of node physically.And the template method is realized in subset code key scheme and one-way hash chain scheme, furthermore present invention also proposes a kind of collusion resistant mechanism.

Description

A kind of template method for establishing group's code key in dynamic ad hoc network
Technical field
The invention belongs to calculate network communication field, it is related to a kind of mould that group's code key is established in dynamic ad hoc network Plate method.
Background technique
The progress of computing technique and hardware results in a large amount of portable computing devices with all purpose communication and computing capability Development.These equipment do not need the communications infrastructure for having strong for communication, establish because they have from group The ability of node-to-node communication is knitted, and still maintains and is connected to network core.
The prior art for adhoc point to point network Secure Group Communication had certain research, but realize network node There is imbalance between storage and communication efficiency, therefore realizing balance storage and communicating is a thing with challenge. Realize that a kind of method of balance storage and communication assumes that given sender shares between two or more group members The additional secret of sub-fraction.These additional secrets not only reduce the cost for establishing group key, and make at node Carrying cost can manage.But the major obstacle for executing this balance shared secret distribution is that group is formed dynamically at runtime, And it is difficult to predict the set that will be appointed as the node of group membership by giving sender.Therefore, in the foundation of dynamic group code key The design for realizing storage and communicating the shared secret distribution protocol of desirable balance is a challenging problem.
Summary of the invention
Goal of the invention: problem to be solved by this invention is in view of the deficiencies of the prior art, to provide one kind in dynamic adhoc The template method of group's code key is established in network.It, can be by the way that logically protection saves in a structured manner from template by construction Group is put to be effectively reduced the cost of group's code key foundation, and it is smaller to still maintain the storage at node.
Technical solution: the invention discloses a kind of template sides that group's code key is established in dynamic adhoc point to point network Method.Its core is user in dynamic adhoc point to point network being divided into the area Liang Ge, and it is secret to carry out group using hs (X, Y) scheme The foundation of key, and can to establish safe group in dynamic adhoc point to point network secret for recursive operation hs (X, Y) Key, comprising the following steps:
Step 1, group's code key template is established in dynamic adhoc point to point network;
Step 2, subset code key distribution approach is established;
Step 3, one-way hash chain code key distribution approach is established;
Step 4, the collusion resistant mechanism of group's code key in dynamic adhoc point to point network is established.
Wherein step 1 the following steps are included:
Step 1-1 establishes the complete logical connection of network node: based on being fully connected figure, the wherein vertex of figure User in corresponding dynamic adhoc point to point network, formwork structure is logical layered architecture, and constructs in a recursive manner, is covered Lid self-organization nodes set, and ensure that the complete logical between self-organization nodes connects, it is disposed but regardless of its physics;
Step 1-2, in the highest level of logical layered architecture, by inserting knot at two mutual exclusion subregions, by each subregion It is considered as individual logic entity and carries out secret distribution;
Step 1-3 establishes safe group's code key using hs (X, Y) scheme between any user: assuming that by adhoc point pair User in spot net is divided into two mutual exclusion part X1 and X2, and enabling s1 is the main secret of X1, and s2 is the main secret of X2, R1 X1 Random value, R2 is the random value of X2, respectively application scheme hs (X1, X2) and hs (X2, X1), then for given user xj∈ X1,xk∈ X2, using following formula in user xjAnd xkBetween establish safe group's code key:
F (s2, j) XOR f (s1, k),
Wherein XOR expression or operation, f (s2, j) and f (s1, k) are one-way function f () defined in hs (X, Y) scheme Two examples.xjIndicate the user in X1, xkRespectively indicate the user in X2, j value be 1 into X1 user's number, k value For 1 into X2 user's number, hs (X, Y) schema definition it is as follows:
User in dynamic adhoc point to point network is divided into two groups, is set as X and Y, the user in Y is named as y1, y2,…,yn, ynIndicate the nth user in Y, n value is natural number, and the user in X is named as x1,x2,…,xm., xmIndicate X In m-th of user, m value is natural number, create a secret and a random value, be denoted as sec and RAN respectively, and by he Give each user in X;User from Y is assumed to be yc, c value is 1~n, then the user obtains secret f (sec, c), F (sec, c) is the one-way function for acting on sec and c, ycSec, user y cannot be extracted from secret f (sec, c)cIt can be with Secret f (sec, RAN) can be received from X, any message by f (sec, c) encryption can only be by ycIt is decrypted with the user in X, The program is known as hs (X, Y) scheme, and secret sec is denoted as the main secret of X, and hs (X, Y) scheme is a kind of template method.
Step 1-4, recurrence use hs (X, Y) scheme, the safe group between user are established inside subregion X1 and X2 Code key, until only one user in each subregion.
Step 2 the following steps are included:
User in adhoc network is divided into two subregions M, N by step 2-1;
Two secret pond M1 and M2, M1={ K is arranged in step 2-21,K2,K3,K4, s }, M2={ C1,C2,C3,C4, r }, M points User in area receives the secret in secret pond M1, and the user in N subregion receives the secret in secret pond M2, and wherein s and r distinguishes Indicate the random value of secret pond M1 and the random value of secret pond M2, for encrypting, K1,K2,K3,K4, C1,C2,C3,C4It all indicates secret It is close;
Step 2-3 carries out the received secret of user in M mixing secret set hK is calculated according to the following formulai:
WhereinIt is single hash function an of safety, indicates secret according to random value and secret pond generation mixing It is close.KiIndicate that i-th of secret in secret pond M1, i value are 1~4;
User in step 2-4, N subregion receives two groups of secret, one group of pairwise communications for safety, and another group is used to pacify Full group communication, for the pairwise communications of safety, each user receives the unique sub-set of mixing secret set;For the group of safety Communication, each user receive the exclusive or value of partial secret in non-mixed secret unique sub-set.
Step 3 the following steps are included:
User in adhoc point to point network is divided into two subregions S, R by step 3-1;
Step 3-2, for given subregion, it is assumed that be S subregion, distribute two random seed PtAnd Pg, according to the two Random seed instantiates two one-way hash chains, respectively forward direction chain h (Pt),h2(Pt),…,h|R|(Pt), reverse strand h (Pg),h2 (Pg),…,h|R|(Pg), the length of each chain is | R |;
Wherein h is an one-way hash function, h (Pt) and h (Pg) be function h two hash function examples, h|R|(Pt) Indicate one-way hash function h in seed PtOn apply | R | secondary, h|R|(Pg) similarly indicate that one-way hash function h exists Seed PgOn apply | R | it is secondary;
It is assumed to be R subregion, distributes two random seed QtAnd Qg, two unidirectional Kazakhstan are instantiated according to the two random seeds Uncommon chain, respectively forward direction chain h (Qt),h2(Qt),…,h|S|(Qt), reverse strand h (Qg),h2(Qg),…,h|S|(Qg), each chain Length is | S |.
Wherein h (Qt) and h (Qg) it is two hash functions, h|S|(Qt) indicate one-way hash function h in seed QtOn Apply | S | secondary, h|S|(Qg) similarly indicate one-way hash function h in seed QgOn apply | S | it is secondary.
Step 3-3, for user Rd, a cryptographic Hash, R are received from each chaind∈ R (indicates RdIt is the user in R), So that the combination of these cryptographic Hash is only by user RdIt is known;,
User in step 3-4, S subregion generates secret and is combined with the secret received from R subregion, forms business Encrypt code key;User in R subregion generates secret and is combined with the secret received from S subregion, composition business encryption Code key.
Step 4 the following steps are included:
User in adhoc point to point network is divided into the area Liang Ge A and B by step 4-1, it is assumed that the point-to-point net of dynamic adhoc Network group interior joint sum is N, N=| A |+| B |, wherein | A | indicate user's number in A, | B | indicate user's number in subregion B;
Step 4-2, random selection user's block A from subregion A1,A2,A3, so that:
Random selection user's block B from subregion B1,B2,B3, so that:
Subregion is rearranged, i.e., by A1,A2,A3It is placed into B subregion, B1,B2,B3It is placed into A subregion;
Step 4-3, in the way of described in step 1 on the subregion after rearranging execution group code key foundation.This Kind of mode ensure that the user in subregion is random distribution, and the secret that several user sharings are additional, with original private point Hair is compared to bigger collusion resistant characteristic.
The utility model has the advantages that
1) present invention describes a kind of novel dynamic security group guaranteed based on the method for template in ad hoc networks Communication.Our solution does not need the presence of dynamic group controller, and ensures the confidentiality and integrity between node.I Work be realized in dynamic self-organization group merely with symmetric key distribution protocol group key establish forward position.We note that It arrives, there are also further spaces to develop more secret distribution protocols, with additional ability and reduce to centralized group The dependence of controller.
2) present invention realizes mentions for the distribution of security key present in document and the key distribution that may be proposed future Useful foundation is supplied.Any such key distribution protocol survives according to the wish or system of network administrator and can be with It can be readily embedded in the template under the calculating pressure of tolerance.
Detailed description of the invention
The present invention is done with reference to the accompanying drawings and detailed description and is further illustrated, it is of the invention above-mentioned or Otherwise advantage will become apparent.
Fig. 1 is the basic flow chart of the method for the present invention.
Fig. 2 is subset code key distribution approach distribution map.
Fig. 3 is one-way hash chain scheme distribution map.
Fig. 4 is collusion resistant mechanism user block interchange graph.
Specific embodiment
The present invention will be further described with reference to the accompanying drawings and embodiments.
The structure chart of this method is that group is established in dynamic ad hoc network first as shown in Figure 1, be divided into four parts Then the template of code key establishes subset code key distribution approach as shown in Figure 2, then establishes one-way hash chain code key as shown in Figure 3 Distribution approach, finally as shown in figure 4, setting up collusion resistant mechanism in dynamic ad hoc network.
Specifically, as shown in Figure 1, the invention discloses a kind of to establish the mould of group's code key in dynamic ad hoc network Plate method, mainly including the following steps:
Step 1, group's code key template is established in dynamic adhoc point to point network;
Step 2, subset code key distribution approach is established;
Step 3, one-way hash chain code key distribution approach is established;
Step 4, the collusion resistant mechanism of group's code key in dynamic adhoc point to point network is established.
Wherein step 1 the following steps are included:
Step 1-1 establishes the complete logical connection of network node: based on being fully connected figure, the wherein vertex of figure User in corresponding dynamic adhoc point to point network, formwork structure is logical layered architecture, and constructs in a recursive manner, is covered Lid self-organization nodes set, and ensure that the complete logical between self-organization nodes connects, it is disposed but regardless of its physics;
Step 1-2, in the highest level of logical layered architecture, by inserting knot at two mutual exclusion subregions, by each subregion It is considered as individual logic entity and carries out secret distribution;
Step 1-3 establishes safe group's code key using hs (X, Y) scheme between any user: assuming that by adhoc point pair User in spot net is divided into two mutual exclusion part X1 and X2, and enabling s1 is the main secret of X1, and s2 is the main secret of X2, R1 X1 Random value, R2 is the random value of X2, respectively application scheme hs (X1, X2) and hs (X2, X1), then for given user xj∈ X1,xk∈ X2, using following formula in user xjAnd xkBetween establish safe group's code key:
F (s2, j) XOR f (s1, k),
Wherein XOR expression or operation, f (s2, j) and f (s1, k) are one-way function f () defined in hs (X, Y) scheme Two examples.xjIndicate the user in X1, xkRespectively indicate the user in X2, j value be 1 into X1 user's number, k value For 1 into X2 user's number, hs (X, Y) schema definition it is as follows:
User in dynamic adhoc point to point network is divided into two groups, is set as X and Y, the user in Y is named as y1, y2,…,yn, ynIndicate the nth user in Y, n value is natural number, and the user in X is named as x1,x2,…,xm, xmIndicate X In m-th of user, m value is natural number, create a secret and a random value, be denoted as sec and RAN respectively, and by he Give each user in X;User from Y is assumed to be yc, c value is 1~n, then the user obtains secret f (sec, c), F (sec, c) is the one-way function for acting on sec and c, ycSec, user y cannot be extracted from secret f (sec, c)cIt can Secret f (sec, RAN) is received from X, any message by f (sec, c) encryption can only be by ycWith user's decryption in X, the party Case is known as hs (X, Y) scheme, and secret sec is denoted as the main secret of X, and hs (X, Y) scheme is a kind of template method.
Step 1-4, recurrence use hs (X, Y) scheme, the safe group between user are established inside subregion X1 and X2 Code key, until only one user in each subregion.
Step 2 the following steps are included:
User in adhoc network is divided into two subregions M, N by step 2-1;
Two secret pond M1 and M2, M1={ K is arranged in step 2-21,K2,K3,K4, s }, M2={ C1,C2,C3,C4, r }, M points User in area receives the secret in secret pond M1, and the user in N subregion receives the secret in secret pond M2, and wherein s and r distinguishes Indicate the random value of secret pond M1 and the random value of secret pond M2, for encrypting, K1,K2,K3,K4, C1,C2,C3,C4It all indicates secret It is close;
Step 2-3 carries out the received secret of user in M mixing secret set hK is calculated according to the following formulai:
WhereinIt is single hash function an of safety, indicates secret according to random value and secret pond generation mixing It is close.KiIndicate that i-th of secret in secret pond M1, i value are 1~4;
User in step 2-4, N subregion receives two groups of secret, one group of pairwise communications for safety, and another group is used to pacify Full group communication, for the pairwise communications of safety, each user receives the unique sub-set of mixing secret set;For the group of safety Communication, each user receive the exclusive or value of partial secret in non-mixed secret unique sub-set.
Step 3 the following steps are included:
User in adhoc point to point network is divided into two subregions S, R by step 3-1;
Step 3-2, for given subregion, it is assumed that be S subregion, distribute two random seed PtAnd Pg, according to the two Random seed instantiates two one-way hash chains, respectively forward direction chain h (Pt),h2(Pt),…,h|R|(Pt), reverse strand h (Pg),h2 (Pg),…,h|R|(Pg), the length of each chain is | R |;
Wherein h is an one-way hash function, h (Pt), and h (Pg) be function h two hash function examples, h|R|(Pt) Indicate one-way hash function h in seed PtOn apply | R | secondary, h|R|(Pg) similarly indicate that one-way hash function h exists Seed PgOn apply | R | it is secondary;
It is assumed to be R subregion, distributes two random seed QtAnd Qg, two unidirectional Kazakhstan are instantiated according to the two random seeds Uncommon chain, respectively forward direction chain h (Qt),h2(Qt),…,h|S|(Qt), reverse strand h (Qg),h2(Qg),…,h|S|(Qg), each chain Length is | S |.
Wherein h (Qt) and h (Qg) it is two hash functions, h|S|(Qt) indicate one-way hash function h in seed QtOn Apply | S | secondary, h|S|(Qg) indicate one-way hash function h in seed QgOn apply | S | it is secondary.
Step 3-3, for user Rd, a cryptographic Hash, R are received from each chaind∈ R (indicates RdIt is the user in R), So that the combination of these cryptographic Hash is only by user RdIt is known;
User in step 3-4, S subregion generates secret and is combined with the secret received from R subregion, forms business Encrypt code key;User in R subregion generates secret and is combined with the secret received from S subregion, composition business encryption Code key.
Step 4 the following steps are included:
User in adhoc point to point network is divided into the area Liang Ge A and B by step 4-1, it is assumed that the point-to-point net of dynamic adhoc Network group interior joint sum is N, N=| A |+| B |, wherein | A | indicate user's number in A, | B | indicate user's number in subregion B;
Step 4-2, random selection user's block A from subregion A1,A2,A3, so that:
User's block B is selected from subregion B1,B2,B3, so that:
Subregion is rearranged, i.e., by A1,A2,A3It is placed into B subregion, B1,B2,B3It is placed into A subregion;
Step 4-3, in the way of described in step 1 on the subregion after rearranging execution group code key foundation.This Kind of mode ensure that the user in subregion is random distribution, and the secret that several user sharings are additional, with original private point Hair is compared to bigger collusion resistant characteristic.
Embodiment 2
The implementation hardware environment of the present embodiment is: in 3.4GHz Intel (R) Core on the PC of 7 operating system of Windows (TM) i5-3570 processor is tested using java language.
The invention discloses a kind of template method for establishing group's code key in dynamic adhoc point to point network, feature exists Group's code key template can be established in dynamic adhoc point to point network in passing through recursive utilization hs (X, Y) scheme.And The collusion resistant characteristic of the template method is improved by the method that user's block exchanges, comprising the following steps:
Step 1, group's code key template is established in dynamic adhoc point to point network
Step 2, application of the subset code key distribution method in template method.
Step 3, application of the one-way hash chain method in template method.
Step 4, the collusion resistant mechanism that group's code key is established in dynamic adhoc point to point network.
Wherein Fig. 2 is subset code key distribution approach figure, and wherein S-partition and R-partition indicates S subregion and R User in adhoc network is divided into S by subregion, two subregions of R, S1, S2, S3, S4, S5, S6 are respectively the user in S subregion (or perhaps network node), it is assumed here that be 6, therefore only arrive S6.R1, R2, R3, R4, R5, R6 are the user in subregion R, S and R subregion mutual exclusion, and the combination of S and R subregion is entire adhoc network.{ K1, K2, K3, K4, r } is required for S subregion Secret pond, K1, K2, K3, K4 are the secret in secret pond, and r is the random value of S subregion.{ C1, C2, C3, C4, s } is R subregion Secret pond, C1, C2, C3, C4 be secret, s be R subregion random value.HMAC is uni-directional hash letter defined in specification Number, can be seen that each user (or network node) according to recursive call hs (X, the Y) scheme mentioned in the function and text In store three by hash after code key, shown at left and right sides of figure respectively.Such as code key hC1 is stored in S1, HC2, hC3XOR hC4.
Fig. 3 is one-way hash chain code key distribution approach figure, and wherein S-partition and R-partition is such as Fig. 2 institute The two mutual exclusion subregions shown, S1, S2, S3, S4, S5, S6 are respectively user's (or perhaps network node) in S subregion.R1, R2, R3, R4, R5, R6 are the user in subregion R, Pt,PgIt is two random seeds of S subregion.Qt,QgBe two of R subregion with Machine.Forward Chain indicates that positive chain, Reverse Chain indicate reverse strand.Positive chain in S subregion is h (Qt),h2(Qt),…,h6(Qt), reverse strand h6(Qg),h5(Qg),…,h(Qg).Positive chain in R subregion is h (Pt),h2 (Pt),…,h6(Pt), reverse strand h6(Pg),h5(Pg),…,h(Pg), wherein storing two in each user (or node) H (Q is stored in code key, such as S1t),h6(Qg)。
Fig. 4 indicates to carry out collusion resistant implementation of strategies scheme in dynamic ad hoc network.A-partition and B- Partition indicates subregion A and B that adhoc nodes are divided into mutual exclusion again.| A |=N/2 and | B |=N/2 indicate A With the half in two subregions of B respectively containing adhoc network node.A1, A2, A3 are indicated randomly selected three in A subregion User's block (Random user blocks indicates random user block), | A1+A2+A3 |=N/4 indicates three selected subregions In user's (or node) number account for 1/4 of total node number in adhoc network, the i.e. half of A subregion, similarly B1, B2, B3 are indicated Randomly selected three user's blocks in B subregion, | B1+B2+B3 |=N/4, indicate selected in B subregion user (or section Point) number accounts for the 1/4 of adhoc nodes summary, i.e. half in B subregion.Then by A1, A2, A3 and the B in A subregion points B1 in area, B2, B3 swap (i.e. Secret Distribution, key distribution).In the adhoc network of redistribution The long foundation for re-starting template distribution method and carrying out group's code key.
The present invention provides a kind of to establish the template method of group's code key in dynamic ad hoc network, implements the skill There are many method and approach of art scheme, the above is only a preferred embodiment of the present invention, it is noted that this technology is led For the those of ordinary skill in domain, various improvements and modifications may be made without departing from the principle of the present invention, these Improvements and modifications also should be regarded as protection scope of the present invention.The available prior art of each component part being not known in the present embodiment It is realized.

Claims (1)

1. a kind of template method for establishing group's code key in dynamic ad hoc network, which comprises the following steps:
Step 1, group's code key template is established in dynamic adhoc point to point network;
Step 2, subset code key distribution approach is established;
Step 3, one-way hash chain scheme is established;
Step 4, the collusion resistant mechanism of group's code key in dynamic adhoc point to point network is established;
Step 1 the following steps are included:
Step 1-1 establishes the complete logical connection of network node: based on being fully connected figure, the wherein vertex correspondence of figure User in dynamic adhoc point to point network, formwork structure are logical layered architectures, and construct in a recursive manner that covering is certainly Organization node set, and ensure that the complete logical between self-organization nodes connects, it is disposed but regardless of its physics;
Each subregion is considered as in the highest level of logical layered architecture by inserting knot at two mutual exclusion subregions by step 1-2 Individual logic entity carries out secret distribution;
Step 1-3 establishes safe group's code key using hs (X, Y) scheme between any user: assuming that by the point-to-point net of adhoc User in network is divided into two mutual exclusion part X1 and X2, enable s1 be X1 main secret, s2 be X2 main secret, R1 be X1 with Machine value, R2 are the random value of X2, respectively application scheme hs (X1, X2) and hs (X2, X1), then for giving user xj∈ X1, xk∈ X2, using following formula in user xjAnd xkBetween establish safe group's code key:
F (s2, j) XOR f (s1, k),
Wherein XOR expression or operation, f (s2, j) and f (s1, k) are two of one-way function f () defined in hs (X, Y) scheme Example, xjIndicate the user in X1, xkIndicate the user in X2, j value be 1 into X1 user's number, k value be 1 to be used into X2 Family number, hs (X, Y) schema definition are as follows:
User in dynamic adhoc point to point network is divided into two groups, is set as X and Y, the user in Y is named as y1, y2..., yn, ynIndicate the nth user in Y, n value is natural number, and the user in X is named as x1, x2..., xm, xmIndicate the in X M user, m value are natural number, create a secret and a random value, are denoted as sec and RAN respectively, and give them to X In each user;User from Y is assumed to be yc, c value is 1~n, then the user obtains secret f (sec, c), f (sec, It c) is the one-way function for acting on sec and c, user ycSec, user y cannot be extracted from secret f (sec, c)cIt can be from X Middle reception secret f (sec, RAN), any message by f (sec, c) encryption can only be by user ycWith user's decryption in X, the party Case is known as hs (X, Y) scheme, and secret sec is denoted as the main secret of X;
Step 1-4, recurrence use hs (X, Y) scheme, safe group's code key between user are established inside subregion X1 and X2, Until only one user in each subregion;
Step 2 the following steps are included:
User in adhoc network is divided into two subregions M and N by step 2-1;
Two secret pond M1 and M2, M1={ K is arranged in step 2-21, K2, K3, K4, s }, M2={ C1, C2, C3, C4, r }, in M subregion User receive the secret in secret pond M1, the secret in user's reception secret pond M2 in N subregion, wherein s and r is respectively indicated The random value of secret pond M1 and the random value of secret pond M2, for encrypting, K1, K2, K3, K4, C1, C2, C3, C4It all indicates secret;
Step 2-3 carries out the received secret of user in M mixing secret set hK is calculated according to the following formulai:
WhereinIt is single hash function an of safety, indicates secret according to random value and secret pond generation mixing, KiTable Show that i-th of secret in secret pond M1, i value are 1~4;
User in step 2-4, N subregion receives two groups of secret, one group of pairwise communications for safety, and another group is used for safety Group communication, for the pairwise communications of safety, each user receives the unique sub-set of mixing secret set;It is logical for the group of safety News, each user receive the exclusive or value of partial secret in non-mixed secret unique sub-set;
Step 3 the following steps are included:
User in adhoc point to point network is divided into two subregions S, R by step 3-1;
Step 3-2, for given subregion, it is assumed that be S subregion, distribute two random seed PtAnd Pg, according to the two with machine Two one-way hash chains of sub-instanceization, respectively forward direction chain h (Pt), h2(Pt) ..., h|R|(Pt), reverse strand h (Pg), h2 (Pg) ..., h|R|(Pg), the length of each chain is | R |;
Wherein h () is a hash function, h (Pt) and h (Pg) be function h two hash function examples, h|R|(Pt) indicate single To hash function h in seed PtOn apply | R | secondary, h|R|(Pg) indicate one-way hash function h in seed PgOn answer With | R | it is secondary;
It is assumed to be R subregion, distributes two random seed QtAnd Qg, two one-way hash chains are instantiated according to the two random seeds, Respectively forward direction chain h (Qt), h2(Qt) ..., h|S|(Qt), reverse strand h (Qg), h2(Qg) ..., h|S|(Qg), the length of each chain Degree is | S |;
Wherein h (Qt) and h (Qg) it is two hash functions, h|S|(Qt) indicate one-way hash function h in seed QtOn apply | S | secondary, h|S|(Qg) indicate one-way hash function h in seed QgOn apply | S | it is secondary;
Step 3-3, for user Rd, a cryptographic Hash is received from each chain, so that the combination of these cryptographic Hash is only by user Rd It is known, RdIt is the user in R, i.e. Rd∈R;
User in step 3-4, S subregion generates secret and is combined with the secret received from R subregion, forms business encryption Code key;User in R subregion generates secret and is combined with the secret received from S subregion, and composition business encrypts code key;
Step 4 the following steps are included:
User in adhoc point to point network is divided into the area Liang Ge A and B by step 4-1, it is assumed that dynamic adhoc point to point network group Interior joint sum is N, N=| A |+| B |, wherein | A | indicate user's number in subregion A, | B | indicate user's number in subregion B;
Step 4-2, random selection user's block A from subregion A1, A2, A3, so that:
Random selection user's block B from subregion B1, B2, B3, so that:
Subregion is rearranged, i.e., by A1, A2, A3It is placed into B subregion, B1, B2, B3It is placed into A subregion;
Step 4-3, the subregion in the way of described in step 1 before user keeps in the case where secret after rearranging The upper foundation for executing group's code key.
CN201710042391.7A 2017-01-20 2017-01-20 A kind of template method for establishing group's code key in dynamic ad hoc network Active CN106685657B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201710042391.7A CN106685657B (en) 2017-01-20 2017-01-20 A kind of template method for establishing group's code key in dynamic ad hoc network

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201710042391.7A CN106685657B (en) 2017-01-20 2017-01-20 A kind of template method for establishing group's code key in dynamic ad hoc network

Publications (2)

Publication Number Publication Date
CN106685657A CN106685657A (en) 2017-05-17
CN106685657B true CN106685657B (en) 2019-06-18

Family

ID=58859363

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201710042391.7A Active CN106685657B (en) 2017-01-20 2017-01-20 A kind of template method for establishing group's code key in dynamic ad hoc network

Country Status (1)

Country Link
CN (1) CN106685657B (en)

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101529794A (en) * 2006-09-07 2009-09-09 摩托罗拉公司 Method and apparatus for establishing security associations between nodes of an AD HOC wireless network
CN102256248A (en) * 2011-07-05 2011-11-23 淮阴工学院 Scheme for managing Ad hoc group key
CN105071938A (en) * 2015-07-14 2015-11-18 中国科学技术大学 Group authentication method based on threshold secret sharing

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101529794A (en) * 2006-09-07 2009-09-09 摩托罗拉公司 Method and apparatus for establishing security associations between nodes of an AD HOC wireless network
CN102256248A (en) * 2011-07-05 2011-11-23 淮阴工学院 Scheme for managing Ad hoc group key
CN105071938A (en) * 2015-07-14 2015-11-18 中国科学技术大学 Group authentication method based on threshold secret sharing

Non-Patent Citations (2)

* Cited by examiner, † Cited by third party
Title
A Template Approach to Group Key Establishment in Dynamic Ad-hoc Groups;Bruhadeshwar Bezawada等;《2016 IEEE 24th International Conference on Network Protocols (ICNP) 》;20161111;摘要,第II节
具有抗合谋攻击能力的自治愈群组密钥管理方案;曹 帅等;《计算机应用》;20111031;全文

Also Published As

Publication number Publication date
CN106685657A (en) 2017-05-17

Similar Documents

Publication Publication Date Title
CN103986574B (en) A kind of Tiered broadcast encryption method of identity-based
CN101399660B (en) Method and device for negotiating group cipher
CN103023653A (en) Low-power-consumption communication method and device for safety group of internet of things
CN103475469A (en) Method and device for achieving SM2 algorithm with combination of CPU and GPU
TW200841282A (en) Method and system for secure data aggregation in wireless sensor networks
CN108462573A (en) A kind of flexible quantum safety moving communication means
RU2014126582A (en) SIMPLIFIED MANAGEMENT OF GROUP SECRET KEYS
CN101588233A (en) AES coprocessor system and AES structure in wireless sensor network node application
Wang et al. Attribute-based equality test over encrypted data without random oracles
Sekar et al. Comparative study of encryption algorithm over big data in cloud systems
Guo et al. Cross-channel: Scalable off-chain channels supporting fair and atomic cross-chain operations
Dua et al. A study of applications based on elliptic curve cryptography
CN106685657B (en) A kind of template method for establishing group's code key in dynamic ad hoc network
Rong et al. Authenticated health monitoring scheme for wireless body sensor networks
Al-Haija Toward secure non-deterministic distributed wireless sensor network using probabilistic key management approaches
Liu et al. Dynamic multi-party quantum private comparison protocol with single photons in both polarization and spatial-mode degrees of freedom
Bechkit New key management schemes for resource constrained wireless sensor networks
Thylashri et al. Vitality and peripatetic sustain cluster key management schemes in MANET
RU2330382C1 (en) Preliminary key distribution circuit for cluster networks and its functioning method
Elleuchi et al. An efficient secure scheme for wireless sensor networks
Devi et al. An Efficient Autonomous Key Management with Verifiable Secret Sharing Schemes for Reduced Communication/Computation Costs in MANET
CN104301103A (en) Multi-password recovery method based on ring Zn conic curve public key cryptosystem
Poornima et al. PERSEN: power-efficient logical ring based key management for clustered sensor networks
Chen et al. TinyStream: a lightweight and novel stream cipher scheme for wireless sensor networks
Zhang et al. Privacy-preserving attribute-based encryption supporting expressive access structures

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant