CN109510707A - Group key management method based on tree model - Google Patents

Group key management method based on tree model Download PDF

Info

Publication number
CN109510707A
CN109510707A CN201910038920.5A CN201910038920A CN109510707A CN 109510707 A CN109510707 A CN 109510707A CN 201910038920 A CN201910038920 A CN 201910038920A CN 109510707 A CN109510707 A CN 109510707A
Authority
CN
China
Prior art keywords
key
group
interlayer
update
user
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201910038920.5A
Other languages
Chinese (zh)
Inventor
赵佳
刘俊杰
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Beijing Jiaotong University
Original Assignee
Beijing Jiaotong University
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Beijing Jiaotong University filed Critical Beijing Jiaotong University
Priority to CN201910038920.5A priority Critical patent/CN109510707A/en
Publication of CN109510707A publication Critical patent/CN109510707A/en
Pending legal-status Critical Current

Links

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0643Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/085Secret sharing or secret splitting, e.g. threshold schemes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Power Engineering (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The present invention provides a kind of group key management methods based on tree model, comprising: establishes hierarchical tree structure model;Based on the hierarchical tree structure model, key type is divided into interlayer key and group inner sealed key;It carries out the generation of interlayer key and group inner sealed key and issues;The update of key is carried out by changing the hierarchical tree structure model.Method of the invention carries out the management of key by the hierarchical tree structure model according to foundation to group, in key updating process, it ensure that in communication the forward security of data and backward safely, while reducing communication overhead and storage overhead, greatly improve the communication efficiency of system.

Description

Group key management method based on tree model
Technical field
The present invention relates to wireless network secure communication technique field more particularly to a kind of groups based on tree model Key management method.
Background technique
Vehicle-mounted net is the important crosspoint of Internet of Things and the big field of intelligent automobile two, and referring to makes vehicle and vehicle by the network equipment Between, Che Yuren, vehicle and roadside unit equipment, the mutual connection of the carry out such as vehicle and building, common communication, to realize information The various services for facilitating people to live such as exchange, publication, shared, keep trip, traffic of people etc. more intelligent.With vehicle Key usage amount in support grid is continuously increased, and proposes a variety of keys about according to the dynamic structure feature of In-vehicle networking both at home and abroad Managed Solution, most commonly seen is Local-distributed Managed Solution, the key pipe using distributed thought, at conventional authentication center The scheme for proposing or improving and optimizating on the basis of reason.The algorithm of Local-distributed Managed Solution is K private key component of generation, and Choose K vehicle node wherein to serve as service node, issuing for each valid certificate is needed by multiple service nodes There is provided what the correct certificate in part can just be completed simultaneously.For example, the K being selected originally is a when having vehicle application grant a certificate In service node must at least n or more agree to and sign and issue the correct certificate in part using the key components that oneself is held, finally A correct integrity key can be just combined into issue;Another kind is carried out on the basis of Local-distributed key managing project Improved complete distributed key management scheme, each vehicle node can serve as service node, all clothes in the program Business node collectively constitutes center.In this way, service node leaves network and causes center can not in Local-distributed scheme With the problem of be just solved.But the initialization of private key and to update work complicated, bigger memory space is needed to store pair The key answered reduces the huge traffic of storage efficiency and calculation amount of system.
Meanwhile the prior art proposes respectively also in relation with the design feature of In-vehicle networking for the problem of key management The different solution of kind specifically includes that a kind of autonomous group key management scheme of K grades of thresholding key passes through multi-level sharing Mode shares high-rise key by multiple decruption keys, and when dynamic change occurs for user, key updating has independence and close It is unrelated with network structure that key updates efficiency, but the program is inflexible, and rule is difficult the complicated language phenomenon of covering, new art Language emerges one after another, and artificial research regulation becomes infeasible;A kind of bursting tube of ID-ased cryptography encryption section network Reason scheme is proposed according to two different challenge models, but the program requires to carry out authentication every time, and efficiency compares It is low;There are also on the basis of Local-distributed key managing project, increases certificate revocation and key updating mechanism, need not rely on Any trusted authority mechanism, but the update efficiency of certificate is relatively low;Another is the group key management based on Floating Car Scheme realizes the authentication method at no specific assistant authentification center and is widely used, but the program certificate of necessity Putting maintenance into practice, use comparatively laborious.
During military communication, the weave and system of army has particularity, army's soldiers' enormous amount, when information transmits Node it is very much.It, can be according to the establishment of army due to the limitation of various objective condition especially outdoors in the environment of field operation It is divided into each level and unit at different levels.Between each level and unit have membership, army communication in there is also access Rights concerns.I.e. high-rise user can obtain the group session key between low layer, to know mutual between low layer user The communication information, it is on the contrary then cannot.Channel width when due to the intercommunication of each level and unit at different levels often relatively narrower, because This, in conjunction with the design feature of military vehicle-mounted net, need it is a kind of under military environments Dynamic Vehicle support grid based on tree-shaped knot The group key management method of structure model.
Summary of the invention
The present invention provides a kind of group key management methods based on tree model, to improve military In-vehicle networking The connected ratio of system reduces the traffic and calculation amount.
To achieve the goals above, this invention takes following technical solutions.
The present invention provides a kind of group key management methods based on tree model, comprising:
S1 establishes hierarchical tree structure model;
S2 is divided into interlayer key and group inner sealed key based on the hierarchical tree structure model, by key type;Carry out interlayer It the generation of key and group inner sealed key and issues;
S3 carries out the update of key by changing the hierarchical tree structure model.
Preferably, hierarchical tree structure model is established, comprising:
1) the bottom group that all users are M certain equal amount users is divided, M is positive integer;
2) group leader is determined in each bottom group, it is right as the key management unit of corresponding bottom group The bottom group carries out key management;
3) upper one layer of group leader is determined in every n group leader, if remaining bottom group leader's number is less than n, continues generation one A upper one layer of group leader, n is positive integer;
4) it repeats the above steps 3) until generating a top group leader.
It is preferably based on the hierarchical tree structure model, key type is divided into interlayer key and group inner sealed key;It carries out It the generation of interlayer key and group inner sealed key and issues, comprising:
1) each group of key management unit generates a temporary key K according to key schedule0
2) according to temporary key K0, each layer of interlayer key is calculated by uni-directional hash hash function;
3) the interlayer key is encrypted with interlayer shared key, each group of key management unit will be encrypted New key passes through G → Si j:{Ki}k(j)It is distributed in the user of respective layer, wherein j=1,2,3 ..., m;
4) in the bottom group, user establishes safety by way of registration in the key management unit and group of group Channel obtains group inner sealed key and private key with this.
Preferably, the update of key is carried out by changing the hierarchical tree structure model, comprising:
1) it when the addition of system detection to node or leaves, sending node change request is triggered into key updating algorithm When, corresponding change occurs for hierarchical tree structure model;
2) according to the hierarchical tree structure model after change, the update of key is carried out using key schedule.
Preferably, according to the hierarchical tree structure model after change, the update of key, packet are carried out using key schedule It includes:
1) being added for new user and leaving for old user: bottom small group of users occurs only to need in update group when dynamic change Key carries out the update of group inner sealed key using following formula (2) lightweight key management method:
F (x)=(x-H (s1, z)) (x-H (s2, z)) ... (x-H (sn, z))+k (2)
Wherein, Z ∈ RFq is randomly selected integer, and f (x) is further deformed into:
F (x)=anxn+…a1x+a0
Wherein, a0,a1,…,anBroadcasting vector sum Z for GC is random integers, and H is disclosed hash function, and GC is customized Trusted key manager, refer to that the key of the group members in communication system is responsible for management by a believable GC.
New group inner sealed key is sent on corresponding by interlayer shared key by group's key management unit after the completion of update Primary user;
2) customer upgrade: the interlayer key of respective upgrades layer is increased by the user by interlayer shared key and is managed Each group group key;
3) user degrades;
1. when upper-layer user is only downgraded to underlying User interlayer key only need to be updated, bottom group inner sealed key does not need more Newly, update method are as follows: key management unit generates a temporary key K according to key schedule0, according to uni-directional hash Hash Interlayer key is calculated in function;Then key between updated mew layer is distributed to by respective layer by interlayer shared key;
2. then updating the group for all groups that user is managed when upper-layer user is directly downgraded to user in bottom group group Interior key and interlayer key;The update method of group inner sealed key are as follows: the update of group inner sealed key is carried out using lightweight key management;Layer Between key updating method are as follows: key management unit according to key schedule generate a temporary key K0, breathed out according to uni-directional hash Interlayer key is calculated in uncommon function;The key of update is finally distributed to each layer and organizes interior user.
It can be seen by the technical solution that the group key management method based on tree model of aforementioned present invention provides Out, the present invention carries out the management of key by the hierarchical tree structure model according to foundation to groups of users, in key updating process In, when dynamic change occurs for group member, the guarantee that timely updates of the key between each layer and the group inner sealed key in each group The forward security of data and backward safely in communication;During communication because interlayer key be it is shared, based on tree-shaped The particularly apparent hop count for reducing information of the key managing project of structural model, reduces communication overhead and storage is opened Pin, greatly improves the communication efficiency of system.
The additional aspect of the present invention and advantage will be set forth in part in the description, these will become from the following description Obviously, or practice through the invention is recognized.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment Attached drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this For the those of ordinary skill of field, without creative efforts, it can also be obtained according to these attached drawings others Attached drawing.
Fig. 1 is the process flow of the method for managing resource in a kind of multimedia communications system that the embodiment of the present invention one provides Figure;
Fig. 2 is the tree-shaped hierarchical organization model schematic of embodiment;
Fig. 3 is the generation of interlayer key and group inner sealed key and issues flow chart;
Fig. 4 is the key updating flow chart of embodiment.
Specific embodiment
Embodiments of the present invention are described below in detail, the example of the embodiment is shown in the accompanying drawings, wherein from beginning Same or similar element or element with the same or similar functions are indicated to same or similar label eventually.Below by ginseng The embodiment for examining attached drawing description is exemplary, and for explaining only the invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singular " one " used herein, " one It is a ", " described " and "the" may also comprise plural form.It is to be further understood that being arranged used in specification of the invention Diction " comprising " refer to that there are the feature, integer, step, operation, element and/or component, but it is not excluded that in the presence of or addition Other one or more features, integer, step, operation, element, component and/or their group.It should be understood that when we claim member Part is " connected " or when " coupled " to another element, it can be directly connected or coupled to other elements, or there may also be Intermediary element.In addition, " connection " used herein or " coupling " may include being wirelessly connected or coupling.Wording used herein "and/or" includes one or more associated any cells for listing item and all combinations.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art Language and scientific term) there is meaning identical with the general understanding of those of ordinary skill in fields of the present invention.Should also Understand, those terms such as defined in the general dictionary, which should be understood that, to be had and the meaning in the context of the prior art The consistent meaning of justice, and unless defined as here, it will not be explained in an idealized or overly formal meaning.
In order to facilitate understanding of embodiments of the present invention, further by taking specific embodiment as an example below in conjunction with attached drawing to be solved Release explanation.
Embodiment
Fig. 1 is a kind of group key management method flow chart based on tree model of the present embodiment, referring to Fig.1, This method comprises:
S1 establishes hierarchical tree structure model.
1) the bottom group that all users are M certain equal amount users is divided, M is positive integer;
2) group leader is determined in each bottom group, it is right as the key management unit of corresponding bottom group The bottom group carries out key management;
3) upper one layer of group leader is determined in every n group leader, if remaining bottom group leader's number is less than n, continues generation one A upper one layer of group leader, n is positive integer;
4) it repeats the above steps 23) until generating a top group leader.
The present embodiment hierarchical tree structure model is established according to the special membership of army, the specific foundation of hierarchical tree Process is as follows:
1) according to the special establishment situation of army all users be divided into M bottom group Pi=(i=1,2,3, 4 ..., M), stipulated that group member is no more than 35 people.
2) group leader is determined in each bottom group of division, is denoted as Si (i=1,2,3 ..., M), group leader Si is simultaneously As bottom group key management unit Gi;To the management of bottom group according to lightweight key Managed Solution (ACP, acess control polynomial)。
3) every n group leader S is providedijThe group leader S of upper one layer of middle determinationi(j-1)If remaining bottom group leader number is less than n Then there is still a need for determine to generate a upper level group leader.
4) repeat above-mentioned step 3 determines each layer group leader until generating a highest group leader from lower to upperUntil.Considering to drop Under the premise of low storage overhead and raising computational efficiency, i-th layer of ID can be indicated with IDi, and enable IDi=I.Fig. 2 is this reality The tree-shaped hierarchical organization model schematic of example is applied, referring to Fig. 2, as n=2, is constructed according to the special membership of army member, Grade successively reduces from top to bottom in figure, i.e.,It is first layer group leader, successively arrivesIt is m layers of n-th of group leader.Most bottom Layer group is indicated with Pi, stipulated that group member is no more than 35 people.
In hierarchical tree structure model, Gi key management unit uses lightweight key Managed Solution (ACP, acess Control polynomial) access control multinomial, lightweight key management is carried out to bottom Pi group.The concept of ACP It is a kind of lightweight key Managed Solution for group communication proposed by Zou-Dai-Bertino et al. earliest, is used primarily in Group cipher is distributed under dynamic scene for self-organizing network.Program content is as described below:
Assuming that the key of the group members in communication system is responsible for management by a believable GC.If user group Q=Q1, Q2 ..., Qn }, GC is that each group members Qt ∈ Q issues private key Kt in advance.Setting Big prime a q, H:{ 0,1 } → Fq is anti-touch Hash function is hit, GC randomly chooses s ∈ Fq as group session key, constructs f (x) access control multinomial.F (x) form is as follows:
F (x)=(x-H (s1,z))(x-H(s2,z))…(x-H(sn,z))+k
Wherein, Z ∈RFqIt is randomly selected integer, R indicates set of real numbers.
F (x) is further deformed:
F (x)=anxn+…a1x+a0
GC broadcasts vector (a0,a1,…,an) and the arbitrary Q of random integers Zt∈ Q can use own private key Ki, random whole Number Z and disclosed hash function H calculates group session key k=f ((H (st, z)), do not have to and other entity interactions in system.
Private key without the outer member of group in the expression formula of f (x), so the outer member of group cannot calculate group session key k.Such as When fruit has member's variation, GC can reselect a random number Z' ∈RFqNew k' ∈ Fq, reconfigures access control multinomial ACP。
Tree-shaped group key refer to the data of the intercommunication of all members in this group all pass through this key into Row encryption and decryption, referred to as group's shared key, the generation of the key are generated by member's joint consultation in group. Because the group under military vehicle-mounted autonomous network environment has dynamic structure, group member has dynamic, in order to guarantee group After member's addition in group before data communication level security and group member exit after group in data communication peace All risk insurance is close, and group cipher needs constantly timely update, can be led to the problem of during update various consumption and, thus group key Management is essential.
S2 is divided into interlayer key and group inner sealed key based on the hierarchical tree structure model, by key type;Carry out interlayer It the generation of key and group inner sealed key and issues.
1) each group of key management unit G generates a temporary key K0 according to key schedule g:L → K × K;G generation Table algorithm, L represent hash function, and alphabetical K indicates key, are expressed as original old key and are calculated newly by individual event hash function Key.
2) according to temporary key K0, pass through uni-directional hash hash function Ki=H (Ki-1| | IDi), (i=1,2,3 ..., m) meter Calculate each layer of interlayer key Ki(i=1,2 ..., m);
3) interlayer shared key K is usedi jTo the interlayer key KiIt is encrypted, each group of key management unit will encrypt New key afterwards passes through G → Si j:{Ki}k(j)It is distributed in the user of respective layer, wherein j=1,2,3 ..., m;.By this Each layer of mode of member Si jThe new key of layer where just having obtained.
4) in the bottom group, the key management unit G of groupiWith user P in groupiIt is established by way of registration Exit passageway obtains group inner sealed key K with thisj(j=1,2,3 ..., M) and private key.
Pass through above 4 steps, bottom group PiThe group inner sealed key k of group where interior member can obtainj(j=1,2, 3 ..., N) and oneself private key.Interlayer key is by group leaderIt successively obtains in accordance with the order from top to bottom.Fig. 3 is interlayer The generation of key and group inner sealed key and issue flow chart.
S3 carries out the update of key by changing the hierarchical tree structure model.
31) it when the addition of system detection to node or leaves, sending node change request is triggered into key updating algorithm When, corresponding change occurs for hierarchical tree structure model;Wherein, Tree-structure Model changes the name etc. including node.
32) according to the hierarchical tree structure model after change, the update of key is carried out using key schedule.
Further, all members constitute hierarchical tree structure mould in the key managing project based on tree model Type, the structure of tree can also change when having associated member's variation, in order to guarantee the safety of data communication, it is necessary in time into Row key updating.
According to the hierarchical tree structure model after change, the update of key is carried out using key schedule, it is close referring to Fig. 4 The update of key the following steps are included:
1) being added for new user and leaving for old user: the addition of new user and leaving for old user, because upper layer is under Layer has access authority, so bottom group member occurs not needing to update interlayer key when dynamic change, it is only necessary to update group Interior key k.
The update of group inner sealed key is carried out using following formula (2) lightweight key management method:
F (x)=(x-H (s1, z)) (x-H (s2, z)) ... (x-H (sn, z))+k (2)
Wherein, Z ∈RFqIt is randomly selected integer, f (x) is further deformed into:
F (x)=anxn+…a1x+a0
Wherein, a0,a1,…,anBroadcasting vector sum Z for GC is random integers, and H is disclosed hash function,
By group key management unit G after the completion of updatejBy interlayer shared key new group inner sealed key k'iIt is sent to pair Answer upper level user
2) customer upgrade: customer upgrade refers to promotes in the user S' of low layer group into more advanced user S " originally, The access authority of S after promotion " becomes larger, and trust value improves, and is only needed at this time through interlayer shared key to be promotion user S " increases the group key of a interlayer key and each group managed, does not need the interlayer key for updating each layer.
3) user degrades;
1. as upper-layer user S " when being only downgraded to underlying User S', interlayer key only need to be updated, bottom group inner sealed key is not required to It updates, update method are as follows: key management unit generates a temporary key K according to key schedule0, according to uni-directional hash Interlayer key is calculated in hash function;Then key between updated mew layer is distributed to by correspondence by interlayer shared key Layer;
2. when upper-layer user S' is directly downgraded to user P in bottom group groupi, then all groups that user is managed are updated Group inner sealed key and interlayer key, the update method of group inner sealed key is to carry out group inner sealed key more using lightweight key management Newly, interlayer key updating method are as follows: key management unit generates a temporary key K according to key schedule0, dissipated according to unidirectional Interlayer key is calculated in column hash function, and new key is finally distributed to each layer and organizes interior user.
Safety analysis
In key managing project based on hierarchical tree structure model, interlayer key is calculated with uni-directional hash hash function Ki, specific calculation formula is as follows:
Ki=H (Ki-1||IDi), (i=1,2,3 ..., m)
By the property of uni-directional hash hash function it is found that giving arbitrary hashed value h, meet H (x=h) x value be can not It calculates.I.e. junior is by higher level's layer key KiIt cannot obtain Ki+1, access of the upper layer to lower layer known to the one-way of function Permission.
To bottom group PiKey management use lightweight key Managed Solution, the algorithm of the Managed Solution be using from Body key s, random number n and the calculated group session key of disclosed hash function, substantially increase safety, because even attacking Having hit H (s, n) is also that cannot obtain Pi.In key managing project based on tree model, in key updating process, work as group When dynamic change occurs for group user, key and timely updating for the group inner sealed key in each group between each layer be ensure that in communication The forward security of data and backward safety.
Storage overhead analysis
The storage number of the amount of storage of key key in other words is referred to as storage overhead.From the hierarchical tree structure model of Fig. 2 It is known that need to store key has a management and group device G (i.e. interlayer key management unit), team management device G ', intermediate each layer section Point Si and group internal user Pi.The specific key storage situation of i.e. above each node is as shown in table 1 below, wherein the symbol in table It is number consistent with the symbol in hierarchical tree structure model.
The key storage of each node of table 1
Communication overhead analysis
The item number for needing to send information when more new key is referred to as communication overhead.Based on hierarchical tree structure model In key managing project, updating interlayer key is calculated by uni-directional hash hash function, before the computation must be first One new key K' is generated by key management unit G according to key schedule, finally with shared key new key updating It is sent after message encryption, other layers obtain new interlayer key after decrypting by shared key.Small group of users increases and subtracts Few dynamic change mainly occurs in bottom, and group inner sealed key update be updated by lightweight key management, and And the algorithm is improved and optimizated, by innovatory algorithm it is known that when only single group member changes, member The variation of number directly decides the communication overhead of system.When updating expense is C=3m+n, i.e., this is carved with m member and is added It is left with n member.
By based on tree model key managing project and in the prior art to be usually used in dynamic military vehicle-mounted autonomous Key managing project in network is compared, and concrete condition is as shown in table 3 below.It is more more meaningful in order to make, it selects similar Key managing project it is assumed that selected small group of users number is all in the scheme of 3 kinds of key managements | P | in the case where compared Compared with wherein the prior art 1 is a kind of based on the close of member's membership for a kind of large-scale New Dynamic Key Management Schemes prior art 2 Key Managed Solution.
The key storage of each node of table 3
Compare the key managing project it can be seen that at identical conditions based on tree model, key by table 3 When more new management, since each group is respectively independent in other Managed Solutions, not shared key each other, to make in key Information hop count is increased when update, increases communication overhead, and because message cannot synchronize in time there are delay problem, Communication overhead in the storage overhead and bottom group of key etc. is better than other 2 kinds of key managing projects.In the process of communication In because interlayer key be it is shared, the key managing project based on tree model is particularly apparent to reduce information Hop count.And since each group is respectively independent in large-scale New Dynamic Key Management Schemes, not shared key each other, thus Make to increase information hop count in key updating, increases communication overhead, and because message cannot synchronize presence in time Delay problem.Therefore the key management method based on tree model that the present embodiment proposes improves to a certain extent is The communication efficiency of system, reduces communication overhead and storage overhead well.
Those skilled in the art will be understood that Fig. 2 only for simplicity and the quantity of disparate networks element that shows may Less than the quantity in a real network, but it is this omit be undoubtedly with will not influence inventive embodiments are carried out it is clear, abundant Disclosure premised on.
The detailed process for carrying out group key management with the method for the embodiment of the present invention is similar to the previous method embodiment, this Place repeats no more.
Those of ordinary skill in the art will appreciate that: attached drawing is the schematic diagram of one embodiment, and the process in attached drawing is simultaneously It is not necessarily necessary to the implementation present invention.
As seen through the above description of the embodiments, those skilled in the art can be understood that the present invention can It realizes by means of software and necessary general hardware platform.Based on this understanding, technical solution of the present invention essence On in other words the part that contributes to existing technology can be embodied in the form of software products, the computer software product It can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that a computer equipment (can be personal computer, server or the network equipment etc.) executes the certain of each embodiment or embodiment of the invention Method described in part.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto, In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by anyone skilled in the art, It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with scope of protection of the claims Subject to.

Claims (5)

1. a kind of group key management method based on tree model characterized by comprising
Establish hierarchical tree structure model;
Based on the hierarchical tree structure model, key type is divided into interlayer key and group inner sealed key;Carry out interlayer key and It the generation of group inner sealed key and issues;
The update of key is carried out by changing the hierarchical tree structure model.
2. the method according to claim 1, wherein described establishes hierarchical tree structure model, comprising:
21) the bottom group that all users are M certain equal amount users is divided, M is positive integer;
22) group leader is determined in each bottom group, as the key management unit of corresponding bottom group, to described Bottom group carries out key management;
23) upper one layer of group leader is determined in every n group leader, if remaining bottom group leader's number is less than n, continues to generate on one One layer of group leader, n are positive integer;
24) it repeats the above steps 23) until generating a top group leader.
3., will be close according to the method described in claim 2, it is characterized in that, described based on the hierarchical tree structure model Key type is divided into interlayer key and group inner sealed key;It carries out the generation of interlayer key and group inner sealed key and issues, comprising:
31) each group of key management unit generates a temporary key K according to key schedule0
32) according to temporary key K0, each layer of interlayer key is calculated by uni-directional hash hash function;
33) the interlayer key is encrypted with interlayer shared key, each group of key management unit will be encrypted new Key passes through G → Si j:{Ki}k(j)It is distributed in the user of respective layer, wherein j=1,2,3 ..., m;
34) in the bottom group, it is logical to establish safety by way of registration by user in the key management unit and group of group Road obtains group inner sealed key and private key with this.
4. the method according to claim 1, wherein described carried out by changing the hierarchical tree structure model The update of key, comprising:
41) it when the addition of system detection to node or leaves, when sending node change request is triggered key updating algorithm, etc. Corresponding change occurs for grade Tree-structure Model;
42) according to the hierarchical tree structure model after change, the update of key is carried out using key schedule.
5. according to the method described in claim 4, it is characterized in that, the hierarchical tree structure model according to after change, is adopted The update of key is carried out with key schedule, comprising:
51) being added for new user and leaving for old user: bottom small group of users occurs only to need when dynamic change close in update group Key carries out the update of group inner sealed key using following formula (2) lightweight key management method:
F (x)=(x-H (s1, z)) (x-H (s2, z)) ... (x-H (sn, z))+k (2)
Wherein, Z ∈ RFq is randomly selected integer, and f (x) is further deformed into:
F (x)=anxn+…a1x+a0
Wherein, a0,a1,…,anBroadcasting vector sum Z for GC is random integers, and H is disclosed hash function,
New group inner sealed key is sent to by interlayer shared key by corresponding upper level by group's key management unit after the completion of update User;
52) customer upgrade: the interlayer key of respective upgrades layer is increased by the user by interlayer shared key and is managed The group key of each group;
53) user degrades;
1. only interlayer key need to be updated when upper-layer user is only downgraded to underlying User, bottom group inner sealed key does not need to update, Update method are as follows: key management unit generates a temporary key K according to key schedule0, according to uni-directional hash hash function Interlayer key is calculated;Then key between updated mew layer is distributed to by respective layer by interlayer shared key;
2. then being updated close in the group for all groups that user is managed when upper-layer user is directly downgraded to user in bottom group group Key and interlayer key;The update method of group inner sealed key are as follows: the update of group inner sealed key is carried out using lightweight key management;Interlayer is close Key update method are as follows: key management unit generates a temporary key K according to key schedule0, according to uni-directional hash Hash letter Interlayer key is calculated in number;The key of update is finally distributed to each layer and organizes interior user.
CN201910038920.5A 2019-01-16 2019-01-16 Group key management method based on tree model Pending CN109510707A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201910038920.5A CN109510707A (en) 2019-01-16 2019-01-16 Group key management method based on tree model

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201910038920.5A CN109510707A (en) 2019-01-16 2019-01-16 Group key management method based on tree model

Publications (1)

Publication Number Publication Date
CN109510707A true CN109510707A (en) 2019-03-22

Family

ID=65757938

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201910038920.5A Pending CN109510707A (en) 2019-01-16 2019-01-16 Group key management method based on tree model

Country Status (1)

Country Link
CN (1) CN109510707A (en)

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110784319A (en) * 2019-10-31 2020-02-11 广州华多网络科技有限公司 Key tree reconstruction method, group key updating method, computer equipment and communication system
CN114079877A (en) * 2020-08-13 2022-02-22 如般量子科技有限公司 Group communication method and system based on hierarchical structure symmetric key pool
CN114244499A (en) * 2020-09-09 2022-03-25 如般量子科技有限公司 Group communication method and system based on tree structure symmetric key pool

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070297613A1 (en) * 2006-06-23 2007-12-27 Honeywell International Inc. Secure group communication among wireless devices with distributed trust
CN101309137A (en) * 2008-07-10 2008-11-19 浙江大学 Uni-directional function tree multicast key management method based on cipher sharing
WO2015129109A1 (en) * 2014-02-27 2015-09-03 ウイングアーク1st株式会社 Index management device
CN106027233A (en) * 2016-04-28 2016-10-12 江苏大学 Method for designing vehicle network group negotiation communication protocol

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070297613A1 (en) * 2006-06-23 2007-12-27 Honeywell International Inc. Secure group communication among wireless devices with distributed trust
CN101309137A (en) * 2008-07-10 2008-11-19 浙江大学 Uni-directional function tree multicast key management method based on cipher sharing
WO2015129109A1 (en) * 2014-02-27 2015-09-03 ウイングアーク1st株式会社 Index management device
CN106027233A (en) * 2016-04-28 2016-10-12 江苏大学 Method for designing vehicle network group negotiation communication protocol

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
刘俊杰: "军事车载网密钥管理方案研究", 《网络与信息安全学报》 *

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN110784319A (en) * 2019-10-31 2020-02-11 广州华多网络科技有限公司 Key tree reconstruction method, group key updating method, computer equipment and communication system
CN114079877A (en) * 2020-08-13 2022-02-22 如般量子科技有限公司 Group communication method and system based on hierarchical structure symmetric key pool
CN114244499A (en) * 2020-09-09 2022-03-25 如般量子科技有限公司 Group communication method and system based on tree structure symmetric key pool
CN114244499B (en) * 2020-09-09 2023-09-26 如般量子科技有限公司 Group communication method and system based on tree structure symmetric key pool

Similar Documents

Publication Publication Date Title
Luo et al. Hierarchical multi-authority and attribute-based encryption friend discovery scheme in mobile social networks
JP5637991B2 (en) Method for secure communication in network, communication device, network, and computer program
CN102356597B (en) A method for secure communication in a network, a communication device, a network and a computer program therefor
CN110247767B (en) Revocable attribute-based outsourcing encryption method in fog calculation
CN110602086B (en) Repealable and outsourced multi-authorization center attribute-based encryption method in fog computing
CN110377002A (en) A kind of adaptive interior CAN bus method of controlling security and system
CN108600174B (en) Access control mechanism of large cooperative network and implementation method thereof
CN105007284B (en) With the public audit method of secret protection in multi-manager group shared data
CN109510707A (en) Group key management method based on tree model
CN111431898B (en) Multi-attribute mechanism attribute-based encryption method with search function for cloud-assisted Internet of things
CN106022167A (en) Social privacy protection method of multi-level attribute management center based on characteristic encryption
CN110933033A (en) Cross-domain access control method for multiple Internet of things domains in smart city environment
CN113489591B (en) Traceable comparison attribute encryption method based on multiple authorization centers
CN115426136B (en) Cross-domain access control method and system based on block chain
CN105915333B (en) A kind of efficient key distribution method based on encryption attribute
CN115270145A (en) User electricity stealing behavior detection method and system based on alliance chain and federal learning
Parthasarathi et al. Weighted ternary tree approach for secure group communication among mobile applications
Zhao et al. Fuzzy identity-based dynamic auditing of big data on cloud storage
Xue et al. Forward secure and fine-grained data sharing for mobile crowdsensing
CN110933052A (en) Encryption and policy updating method based on time domain in edge environment
Dhanaraj et al. Probit cryptographic blockchain for secure data transmission in intelligent transportation systems
CN102624748B (en) Peer-to-peer (P2P) network access control method
CN110717760A (en) One-stop efficient PKI authentication service method based on block chain
CN109474438A (en) It is a kind of based on the intelligent terminal access authentication method selectively revealed
CN115664682A (en) Consensus method for sharing medical data based on alliance chain master-slave multi-chain

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20190322