CN109510707A - Group key management method based on tree model - Google Patents
Group key management method based on tree model Download PDFInfo
- Publication number
- CN109510707A CN109510707A CN201910038920.5A CN201910038920A CN109510707A CN 109510707 A CN109510707 A CN 109510707A CN 201910038920 A CN201910038920 A CN 201910038920A CN 109510707 A CN109510707 A CN 109510707A
- Authority
- CN
- China
- Prior art keywords
- key
- group
- interlayer
- update
- user
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
- H04L9/083—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
- H04L9/0833—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
- H04L9/0836—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/06—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
- H04L9/0643—Hash functions, e.g. MD5, SHA, HMAC or f9 MAC
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/085—Secret sharing or secret splitting, e.g. threshold schemes
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Power Engineering (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The present invention provides a kind of group key management methods based on tree model, comprising: establishes hierarchical tree structure model;Based on the hierarchical tree structure model, key type is divided into interlayer key and group inner sealed key;It carries out the generation of interlayer key and group inner sealed key and issues;The update of key is carried out by changing the hierarchical tree structure model.Method of the invention carries out the management of key by the hierarchical tree structure model according to foundation to group, in key updating process, it ensure that in communication the forward security of data and backward safely, while reducing communication overhead and storage overhead, greatly improve the communication efficiency of system.
Description
Technical field
The present invention relates to wireless network secure communication technique field more particularly to a kind of groups based on tree model
Key management method.
Background technique
Vehicle-mounted net is the important crosspoint of Internet of Things and the big field of intelligent automobile two, and referring to makes vehicle and vehicle by the network equipment
Between, Che Yuren, vehicle and roadside unit equipment, the mutual connection of the carry out such as vehicle and building, common communication, to realize information
The various services for facilitating people to live such as exchange, publication, shared, keep trip, traffic of people etc. more intelligent.With vehicle
Key usage amount in support grid is continuously increased, and proposes a variety of keys about according to the dynamic structure feature of In-vehicle networking both at home and abroad
Managed Solution, most commonly seen is Local-distributed Managed Solution, the key pipe using distributed thought, at conventional authentication center
The scheme for proposing or improving and optimizating on the basis of reason.The algorithm of Local-distributed Managed Solution is K private key component of generation, and
Choose K vehicle node wherein to serve as service node, issuing for each valid certificate is needed by multiple service nodes
There is provided what the correct certificate in part can just be completed simultaneously.For example, the K being selected originally is a when having vehicle application grant a certificate
In service node must at least n or more agree to and sign and issue the correct certificate in part using the key components that oneself is held, finally
A correct integrity key can be just combined into issue;Another kind is carried out on the basis of Local-distributed key managing project
Improved complete distributed key management scheme, each vehicle node can serve as service node, all clothes in the program
Business node collectively constitutes center.In this way, service node leaves network and causes center can not in Local-distributed scheme
With the problem of be just solved.But the initialization of private key and to update work complicated, bigger memory space is needed to store pair
The key answered reduces the huge traffic of storage efficiency and calculation amount of system.
Meanwhile the prior art proposes respectively also in relation with the design feature of In-vehicle networking for the problem of key management
The different solution of kind specifically includes that a kind of autonomous group key management scheme of K grades of thresholding key passes through multi-level sharing
Mode shares high-rise key by multiple decruption keys, and when dynamic change occurs for user, key updating has independence and close
It is unrelated with network structure that key updates efficiency, but the program is inflexible, and rule is difficult the complicated language phenomenon of covering, new art
Language emerges one after another, and artificial research regulation becomes infeasible;A kind of bursting tube of ID-ased cryptography encryption section network
Reason scheme is proposed according to two different challenge models, but the program requires to carry out authentication every time, and efficiency compares
It is low;There are also on the basis of Local-distributed key managing project, increases certificate revocation and key updating mechanism, need not rely on
Any trusted authority mechanism, but the update efficiency of certificate is relatively low;Another is the group key management based on Floating Car
Scheme realizes the authentication method at no specific assistant authentification center and is widely used, but the program certificate of necessity
Putting maintenance into practice, use comparatively laborious.
During military communication, the weave and system of army has particularity, army's soldiers' enormous amount, when information transmits
Node it is very much.It, can be according to the establishment of army due to the limitation of various objective condition especially outdoors in the environment of field operation
It is divided into each level and unit at different levels.Between each level and unit have membership, army communication in there is also access
Rights concerns.I.e. high-rise user can obtain the group session key between low layer, to know mutual between low layer user
The communication information, it is on the contrary then cannot.Channel width when due to the intercommunication of each level and unit at different levels often relatively narrower, because
This, in conjunction with the design feature of military vehicle-mounted net, need it is a kind of under military environments Dynamic Vehicle support grid based on tree-shaped knot
The group key management method of structure model.
Summary of the invention
The present invention provides a kind of group key management methods based on tree model, to improve military In-vehicle networking
The connected ratio of system reduces the traffic and calculation amount.
To achieve the goals above, this invention takes following technical solutions.
The present invention provides a kind of group key management methods based on tree model, comprising:
S1 establishes hierarchical tree structure model;
S2 is divided into interlayer key and group inner sealed key based on the hierarchical tree structure model, by key type;Carry out interlayer
It the generation of key and group inner sealed key and issues;
S3 carries out the update of key by changing the hierarchical tree structure model.
Preferably, hierarchical tree structure model is established, comprising:
1) the bottom group that all users are M certain equal amount users is divided, M is positive integer;
2) group leader is determined in each bottom group, it is right as the key management unit of corresponding bottom group
The bottom group carries out key management;
3) upper one layer of group leader is determined in every n group leader, if remaining bottom group leader's number is less than n, continues generation one
A upper one layer of group leader, n is positive integer;
4) it repeats the above steps 3) until generating a top group leader.
It is preferably based on the hierarchical tree structure model, key type is divided into interlayer key and group inner sealed key;It carries out
It the generation of interlayer key and group inner sealed key and issues, comprising:
1) each group of key management unit generates a temporary key K according to key schedule0;
2) according to temporary key K0, each layer of interlayer key is calculated by uni-directional hash hash function;
3) the interlayer key is encrypted with interlayer shared key, each group of key management unit will be encrypted
New key passes through G → Si j:{Ki}k(j)It is distributed in the user of respective layer, wherein j=1,2,3 ..., m;
4) in the bottom group, user establishes safety by way of registration in the key management unit and group of group
Channel obtains group inner sealed key and private key with this.
Preferably, the update of key is carried out by changing the hierarchical tree structure model, comprising:
1) it when the addition of system detection to node or leaves, sending node change request is triggered into key updating algorithm
When, corresponding change occurs for hierarchical tree structure model;
2) according to the hierarchical tree structure model after change, the update of key is carried out using key schedule.
Preferably, according to the hierarchical tree structure model after change, the update of key, packet are carried out using key schedule
It includes:
1) being added for new user and leaving for old user: bottom small group of users occurs only to need in update group when dynamic change
Key carries out the update of group inner sealed key using following formula (2) lightweight key management method:
F (x)=(x-H (s1, z)) (x-H (s2, z)) ... (x-H (sn, z))+k (2)
Wherein, Z ∈ RFq is randomly selected integer, and f (x) is further deformed into:
F (x)=anxn+…a1x+a0
Wherein, a0,a1,…,anBroadcasting vector sum Z for GC is random integers, and H is disclosed hash function, and GC is customized
Trusted key manager, refer to that the key of the group members in communication system is responsible for management by a believable GC.
New group inner sealed key is sent on corresponding by interlayer shared key by group's key management unit after the completion of update
Primary user;
2) customer upgrade: the interlayer key of respective upgrades layer is increased by the user by interlayer shared key and is managed
Each group group key;
3) user degrades;
1. when upper-layer user is only downgraded to underlying User interlayer key only need to be updated, bottom group inner sealed key does not need more
Newly, update method are as follows: key management unit generates a temporary key K according to key schedule0, according to uni-directional hash Hash
Interlayer key is calculated in function;Then key between updated mew layer is distributed to by respective layer by interlayer shared key;
2. then updating the group for all groups that user is managed when upper-layer user is directly downgraded to user in bottom group group
Interior key and interlayer key;The update method of group inner sealed key are as follows: the update of group inner sealed key is carried out using lightweight key management;Layer
Between key updating method are as follows: key management unit according to key schedule generate a temporary key K0, breathed out according to uni-directional hash
Interlayer key is calculated in uncommon function;The key of update is finally distributed to each layer and organizes interior user.
It can be seen by the technical solution that the group key management method based on tree model of aforementioned present invention provides
Out, the present invention carries out the management of key by the hierarchical tree structure model according to foundation to groups of users, in key updating process
In, when dynamic change occurs for group member, the guarantee that timely updates of the key between each layer and the group inner sealed key in each group
The forward security of data and backward safely in communication;During communication because interlayer key be it is shared, based on tree-shaped
The particularly apparent hop count for reducing information of the key managing project of structural model, reduces communication overhead and storage is opened
Pin, greatly improves the communication efficiency of system.
The additional aspect of the present invention and advantage will be set forth in part in the description, these will become from the following description
Obviously, or practice through the invention is recognized.
Detailed description of the invention
In order to illustrate the technical solution of the embodiments of the present invention more clearly, required use in being described below to embodiment
Attached drawing be briefly described, it should be apparent that, drawings in the following description are only some embodiments of the invention, for this
For the those of ordinary skill of field, without creative efforts, it can also be obtained according to these attached drawings others
Attached drawing.
Fig. 1 is the process flow of the method for managing resource in a kind of multimedia communications system that the embodiment of the present invention one provides
Figure;
Fig. 2 is the tree-shaped hierarchical organization model schematic of embodiment;
Fig. 3 is the generation of interlayer key and group inner sealed key and issues flow chart;
Fig. 4 is the key updating flow chart of embodiment.
Specific embodiment
Embodiments of the present invention are described below in detail, the example of the embodiment is shown in the accompanying drawings, wherein from beginning
Same or similar element or element with the same or similar functions are indicated to same or similar label eventually.Below by ginseng
The embodiment for examining attached drawing description is exemplary, and for explaining only the invention, and is not construed as limiting the claims.
Those skilled in the art of the present technique are appreciated that unless expressly stated, singular " one " used herein, " one
It is a ", " described " and "the" may also comprise plural form.It is to be further understood that being arranged used in specification of the invention
Diction " comprising " refer to that there are the feature, integer, step, operation, element and/or component, but it is not excluded that in the presence of or addition
Other one or more features, integer, step, operation, element, component and/or their group.It should be understood that when we claim member
Part is " connected " or when " coupled " to another element, it can be directly connected or coupled to other elements, or there may also be
Intermediary element.In addition, " connection " used herein or " coupling " may include being wirelessly connected or coupling.Wording used herein
"and/or" includes one or more associated any cells for listing item and all combinations.
Those skilled in the art of the present technique are appreciated that unless otherwise defined, all terms used herein (including technology art
Language and scientific term) there is meaning identical with the general understanding of those of ordinary skill in fields of the present invention.Should also
Understand, those terms such as defined in the general dictionary, which should be understood that, to be had and the meaning in the context of the prior art
The consistent meaning of justice, and unless defined as here, it will not be explained in an idealized or overly formal meaning.
In order to facilitate understanding of embodiments of the present invention, further by taking specific embodiment as an example below in conjunction with attached drawing to be solved
Release explanation.
Embodiment
Fig. 1 is a kind of group key management method flow chart based on tree model of the present embodiment, referring to Fig.1,
This method comprises:
S1 establishes hierarchical tree structure model.
1) the bottom group that all users are M certain equal amount users is divided, M is positive integer;
2) group leader is determined in each bottom group, it is right as the key management unit of corresponding bottom group
The bottom group carries out key management;
3) upper one layer of group leader is determined in every n group leader, if remaining bottom group leader's number is less than n, continues generation one
A upper one layer of group leader, n is positive integer;
4) it repeats the above steps 23) until generating a top group leader.
The present embodiment hierarchical tree structure model is established according to the special membership of army, the specific foundation of hierarchical tree
Process is as follows:
1) according to the special establishment situation of army all users be divided into M bottom group Pi=(i=1,2,3,
4 ..., M), stipulated that group member is no more than 35 people.
2) group leader is determined in each bottom group of division, is denoted as Si (i=1,2,3 ..., M), group leader Si is simultaneously
As bottom group key management unit Gi;To the management of bottom group according to lightweight key Managed Solution (ACP, acess
control polynomial)。
3) every n group leader S is providedijThe group leader S of upper one layer of middle determinationi(j-1)If remaining bottom group leader number is less than n
Then there is still a need for determine to generate a upper level group leader.
4) repeat above-mentioned step 3 determines each layer group leader until generating a highest group leader from lower to upperUntil.Considering to drop
Under the premise of low storage overhead and raising computational efficiency, i-th layer of ID can be indicated with IDi, and enable IDi=I.Fig. 2 is this reality
The tree-shaped hierarchical organization model schematic of example is applied, referring to Fig. 2, as n=2, is constructed according to the special membership of army member,
Grade successively reduces from top to bottom in figure, i.e.,It is first layer group leader, successively arrivesIt is m layers of n-th of group leader.Most bottom
Layer group is indicated with Pi, stipulated that group member is no more than 35 people.
In hierarchical tree structure model, Gi key management unit uses lightweight key Managed Solution (ACP, acess
Control polynomial) access control multinomial, lightweight key management is carried out to bottom Pi group.The concept of ACP
It is a kind of lightweight key Managed Solution for group communication proposed by Zou-Dai-Bertino et al. earliest, is used primarily in
Group cipher is distributed under dynamic scene for self-organizing network.Program content is as described below:
Assuming that the key of the group members in communication system is responsible for management by a believable GC.If user group Q=Q1,
Q2 ..., Qn }, GC is that each group members Qt ∈ Q issues private key Kt in advance.Setting Big prime a q, H:{ 0,1 } → Fq is anti-touch
Hash function is hit, GC randomly chooses s ∈ Fq as group session key, constructs f (x) access control multinomial.F (x) form is as follows:
F (x)=(x-H (s1,z))(x-H(s2,z))…(x-H(sn,z))+k
Wherein, Z ∈RFqIt is randomly selected integer, R indicates set of real numbers.
F (x) is further deformed:
F (x)=anxn+…a1x+a0
GC broadcasts vector (a0,a1,…,an) and the arbitrary Q of random integers Zt∈ Q can use own private key Ki, random whole
Number Z and disclosed hash function H calculates group session key k=f ((H (st, z)), do not have to and other entity interactions in system.
Private key without the outer member of group in the expression formula of f (x), so the outer member of group cannot calculate group session key k.Such as
When fruit has member's variation, GC can reselect a random number Z' ∈RFqNew k' ∈ Fq, reconfigures access control multinomial
ACP。
Tree-shaped group key refer to the data of the intercommunication of all members in this group all pass through this key into
Row encryption and decryption, referred to as group's shared key, the generation of the key are generated by member's joint consultation in group.
Because the group under military vehicle-mounted autonomous network environment has dynamic structure, group member has dynamic, in order to guarantee group
After member's addition in group before data communication level security and group member exit after group in data communication peace
All risk insurance is close, and group cipher needs constantly timely update, can be led to the problem of during update various consumption and, thus group key
Management is essential.
S2 is divided into interlayer key and group inner sealed key based on the hierarchical tree structure model, by key type;Carry out interlayer
It the generation of key and group inner sealed key and issues.
1) each group of key management unit G generates a temporary key K0 according to key schedule g:L → K × K;G generation
Table algorithm, L represent hash function, and alphabetical K indicates key, are expressed as original old key and are calculated newly by individual event hash function
Key.
2) according to temporary key K0, pass through uni-directional hash hash function Ki=H (Ki-1| | IDi), (i=1,2,3 ..., m) meter
Calculate each layer of interlayer key Ki(i=1,2 ..., m);
3) interlayer shared key K is usedi jTo the interlayer key KiIt is encrypted, each group of key management unit will encrypt
New key afterwards passes through G → Si j:{Ki}k(j)It is distributed in the user of respective layer, wherein j=1,2,3 ..., m;.By this
Each layer of mode of member Si jThe new key of layer where just having obtained.
4) in the bottom group, the key management unit G of groupiWith user P in groupiIt is established by way of registration
Exit passageway obtains group inner sealed key K with thisj(j=1,2,3 ..., M) and private key.
Pass through above 4 steps, bottom group PiThe group inner sealed key k of group where interior member can obtainj(j=1,2,
3 ..., N) and oneself private key.Interlayer key is by group leaderIt successively obtains in accordance with the order from top to bottom.Fig. 3 is interlayer
The generation of key and group inner sealed key and issue flow chart.
S3 carries out the update of key by changing the hierarchical tree structure model.
31) it when the addition of system detection to node or leaves, sending node change request is triggered into key updating algorithm
When, corresponding change occurs for hierarchical tree structure model;Wherein, Tree-structure Model changes the name etc. including node.
32) according to the hierarchical tree structure model after change, the update of key is carried out using key schedule.
Further, all members constitute hierarchical tree structure mould in the key managing project based on tree model
Type, the structure of tree can also change when having associated member's variation, in order to guarantee the safety of data communication, it is necessary in time into
Row key updating.
According to the hierarchical tree structure model after change, the update of key is carried out using key schedule, it is close referring to Fig. 4
The update of key the following steps are included:
1) being added for new user and leaving for old user: the addition of new user and leaving for old user, because upper layer is under
Layer has access authority, so bottom group member occurs not needing to update interlayer key when dynamic change, it is only necessary to update group
Interior key k.
The update of group inner sealed key is carried out using following formula (2) lightweight key management method:
F (x)=(x-H (s1, z)) (x-H (s2, z)) ... (x-H (sn, z))+k (2)
Wherein, Z ∈RFqIt is randomly selected integer, f (x) is further deformed into:
F (x)=anxn+…a1x+a0
Wherein, a0,a1,…,anBroadcasting vector sum Z for GC is random integers, and H is disclosed hash function,
By group key management unit G after the completion of updatejBy interlayer shared key new group inner sealed key k'iIt is sent to pair
Answer upper level user
2) customer upgrade: customer upgrade refers to promotes in the user S' of low layer group into more advanced user S " originally,
The access authority of S after promotion " becomes larger, and trust value improves, and is only needed at this time through interlayer shared key to be promotion user
S " increases the group key of a interlayer key and each group managed, does not need the interlayer key for updating each layer.
3) user degrades;
1. as upper-layer user S " when being only downgraded to underlying User S', interlayer key only need to be updated, bottom group inner sealed key is not required to
It updates, update method are as follows: key management unit generates a temporary key K according to key schedule0, according to uni-directional hash
Interlayer key is calculated in hash function;Then key between updated mew layer is distributed to by correspondence by interlayer shared key
Layer;
2. when upper-layer user S' is directly downgraded to user P in bottom group groupi, then all groups that user is managed are updated
Group inner sealed key and interlayer key, the update method of group inner sealed key is to carry out group inner sealed key more using lightweight key management
Newly, interlayer key updating method are as follows: key management unit generates a temporary key K according to key schedule0, dissipated according to unidirectional
Interlayer key is calculated in column hash function, and new key is finally distributed to each layer and organizes interior user.
Safety analysis
In key managing project based on hierarchical tree structure model, interlayer key is calculated with uni-directional hash hash function
Ki, specific calculation formula is as follows:
Ki=H (Ki-1||IDi), (i=1,2,3 ..., m)
By the property of uni-directional hash hash function it is found that giving arbitrary hashed value h, meet H (x=h) x value be can not
It calculates.I.e. junior is by higher level's layer key KiIt cannot obtain Ki+1, access of the upper layer to lower layer known to the one-way of function
Permission.
To bottom group PiKey management use lightweight key Managed Solution, the algorithm of the Managed Solution be using from
Body key s, random number n and the calculated group session key of disclosed hash function, substantially increase safety, because even attacking
Having hit H (s, n) is also that cannot obtain Pi.In key managing project based on tree model, in key updating process, work as group
When dynamic change occurs for group user, key and timely updating for the group inner sealed key in each group between each layer be ensure that in communication
The forward security of data and backward safety.
Storage overhead analysis
The storage number of the amount of storage of key key in other words is referred to as storage overhead.From the hierarchical tree structure model of Fig. 2
It is known that need to store key has a management and group device G (i.e. interlayer key management unit), team management device G ', intermediate each layer section
Point Si and group internal user Pi.The specific key storage situation of i.e. above each node is as shown in table 1 below, wherein the symbol in table
It is number consistent with the symbol in hierarchical tree structure model.
The key storage of each node of table 1
Communication overhead analysis
The item number for needing to send information when more new key is referred to as communication overhead.Based on hierarchical tree structure model
In key managing project, updating interlayer key is calculated by uni-directional hash hash function, before the computation must be first
One new key K' is generated by key management unit G according to key schedule, finally with shared key new key updating
It is sent after message encryption, other layers obtain new interlayer key after decrypting by shared key.Small group of users increases and subtracts
Few dynamic change mainly occurs in bottom, and group inner sealed key update be updated by lightweight key management, and
And the algorithm is improved and optimizated, by innovatory algorithm it is known that when only single group member changes, member
The variation of number directly decides the communication overhead of system.When updating expense is C=3m+n, i.e., this is carved with m member and is added
It is left with n member.
By based on tree model key managing project and in the prior art to be usually used in dynamic military vehicle-mounted autonomous
Key managing project in network is compared, and concrete condition is as shown in table 3 below.It is more more meaningful in order to make, it selects similar
Key managing project it is assumed that selected small group of users number is all in the scheme of 3 kinds of key managements | P | in the case where compared
Compared with wherein the prior art 1 is a kind of based on the close of member's membership for a kind of large-scale New Dynamic Key Management Schemes prior art 2
Key Managed Solution.
The key storage of each node of table 3
Compare the key managing project it can be seen that at identical conditions based on tree model, key by table 3
When more new management, since each group is respectively independent in other Managed Solutions, not shared key each other, to make in key
Information hop count is increased when update, increases communication overhead, and because message cannot synchronize in time there are delay problem,
Communication overhead in the storage overhead and bottom group of key etc. is better than other 2 kinds of key managing projects.In the process of communication
In because interlayer key be it is shared, the key managing project based on tree model is particularly apparent to reduce information
Hop count.And since each group is respectively independent in large-scale New Dynamic Key Management Schemes, not shared key each other, thus
Make to increase information hop count in key updating, increases communication overhead, and because message cannot synchronize presence in time
Delay problem.Therefore the key management method based on tree model that the present embodiment proposes improves to a certain extent is
The communication efficiency of system, reduces communication overhead and storage overhead well.
Those skilled in the art will be understood that Fig. 2 only for simplicity and the quantity of disparate networks element that shows may
Less than the quantity in a real network, but it is this omit be undoubtedly with will not influence inventive embodiments are carried out it is clear, abundant
Disclosure premised on.
The detailed process for carrying out group key management with the method for the embodiment of the present invention is similar to the previous method embodiment, this
Place repeats no more.
Those of ordinary skill in the art will appreciate that: attached drawing is the schematic diagram of one embodiment, and the process in attached drawing is simultaneously
It is not necessarily necessary to the implementation present invention.
As seen through the above description of the embodiments, those skilled in the art can be understood that the present invention can
It realizes by means of software and necessary general hardware platform.Based on this understanding, technical solution of the present invention essence
On in other words the part that contributes to existing technology can be embodied in the form of software products, the computer software product
It can store in storage medium, such as ROM/RAM, magnetic disk, CD, including some instructions are used so that a computer equipment
(can be personal computer, server or the network equipment etc.) executes the certain of each embodiment or embodiment of the invention
Method described in part.
The foregoing is only a preferred embodiment of the present invention, but scope of protection of the present invention is not limited thereto,
In the technical scope disclosed by the present invention, any changes or substitutions that can be easily thought of by anyone skilled in the art,
It should be covered by the protection scope of the present invention.Therefore, protection scope of the present invention should be with scope of protection of the claims
Subject to.
Claims (5)
1. a kind of group key management method based on tree model characterized by comprising
Establish hierarchical tree structure model;
Based on the hierarchical tree structure model, key type is divided into interlayer key and group inner sealed key;Carry out interlayer key and
It the generation of group inner sealed key and issues;
The update of key is carried out by changing the hierarchical tree structure model.
2. the method according to claim 1, wherein described establishes hierarchical tree structure model, comprising:
21) the bottom group that all users are M certain equal amount users is divided, M is positive integer;
22) group leader is determined in each bottom group, as the key management unit of corresponding bottom group, to described
Bottom group carries out key management;
23) upper one layer of group leader is determined in every n group leader, if remaining bottom group leader's number is less than n, continues to generate on one
One layer of group leader, n are positive integer;
24) it repeats the above steps 23) until generating a top group leader.
3., will be close according to the method described in claim 2, it is characterized in that, described based on the hierarchical tree structure model
Key type is divided into interlayer key and group inner sealed key;It carries out the generation of interlayer key and group inner sealed key and issues, comprising:
31) each group of key management unit generates a temporary key K according to key schedule0;
32) according to temporary key K0, each layer of interlayer key is calculated by uni-directional hash hash function;
33) the interlayer key is encrypted with interlayer shared key, each group of key management unit will be encrypted new
Key passes through G → Si j:{Ki}k(j)It is distributed in the user of respective layer, wherein j=1,2,3 ..., m;
34) in the bottom group, it is logical to establish safety by way of registration by user in the key management unit and group of group
Road obtains group inner sealed key and private key with this.
4. the method according to claim 1, wherein described carried out by changing the hierarchical tree structure model
The update of key, comprising:
41) it when the addition of system detection to node or leaves, when sending node change request is triggered key updating algorithm, etc.
Corresponding change occurs for grade Tree-structure Model;
42) according to the hierarchical tree structure model after change, the update of key is carried out using key schedule.
5. according to the method described in claim 4, it is characterized in that, the hierarchical tree structure model according to after change, is adopted
The update of key is carried out with key schedule, comprising:
51) being added for new user and leaving for old user: bottom small group of users occurs only to need when dynamic change close in update group
Key carries out the update of group inner sealed key using following formula (2) lightweight key management method:
F (x)=(x-H (s1, z)) (x-H (s2, z)) ... (x-H (sn, z))+k (2)
Wherein, Z ∈ RFq is randomly selected integer, and f (x) is further deformed into:
F (x)=anxn+…a1x+a0
Wherein, a0,a1,…,anBroadcasting vector sum Z for GC is random integers, and H is disclosed hash function,
New group inner sealed key is sent to by interlayer shared key by corresponding upper level by group's key management unit after the completion of update
User;
52) customer upgrade: the interlayer key of respective upgrades layer is increased by the user by interlayer shared key and is managed
The group key of each group;
53) user degrades;
1. only interlayer key need to be updated when upper-layer user is only downgraded to underlying User, bottom group inner sealed key does not need to update,
Update method are as follows: key management unit generates a temporary key K according to key schedule0, according to uni-directional hash hash function
Interlayer key is calculated;Then key between updated mew layer is distributed to by respective layer by interlayer shared key;
2. then being updated close in the group for all groups that user is managed when upper-layer user is directly downgraded to user in bottom group group
Key and interlayer key;The update method of group inner sealed key are as follows: the update of group inner sealed key is carried out using lightweight key management;Interlayer is close
Key update method are as follows: key management unit generates a temporary key K according to key schedule0, according to uni-directional hash Hash letter
Interlayer key is calculated in number;The key of update is finally distributed to each layer and organizes interior user.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910038920.5A CN109510707A (en) | 2019-01-16 | 2019-01-16 | Group key management method based on tree model |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201910038920.5A CN109510707A (en) | 2019-01-16 | 2019-01-16 | Group key management method based on tree model |
Publications (1)
Publication Number | Publication Date |
---|---|
CN109510707A true CN109510707A (en) | 2019-03-22 |
Family
ID=65757938
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201910038920.5A Pending CN109510707A (en) | 2019-01-16 | 2019-01-16 | Group key management method based on tree model |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN109510707A (en) |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110784319A (en) * | 2019-10-31 | 2020-02-11 | 广州华多网络科技有限公司 | Key tree reconstruction method, group key updating method, computer equipment and communication system |
CN114079877A (en) * | 2020-08-13 | 2022-02-22 | 如般量子科技有限公司 | Group communication method and system based on hierarchical structure symmetric key pool |
CN114244499A (en) * | 2020-09-09 | 2022-03-25 | 如般量子科技有限公司 | Group communication method and system based on tree structure symmetric key pool |
Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070297613A1 (en) * | 2006-06-23 | 2007-12-27 | Honeywell International Inc. | Secure group communication among wireless devices with distributed trust |
CN101309137A (en) * | 2008-07-10 | 2008-11-19 | 浙江大学 | Uni-directional function tree multicast key management method based on cipher sharing |
WO2015129109A1 (en) * | 2014-02-27 | 2015-09-03 | ウイングアーク1st株式会社 | Index management device |
CN106027233A (en) * | 2016-04-28 | 2016-10-12 | 江苏大学 | Method for designing vehicle network group negotiation communication protocol |
-
2019
- 2019-01-16 CN CN201910038920.5A patent/CN109510707A/en active Pending
Patent Citations (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
US20070297613A1 (en) * | 2006-06-23 | 2007-12-27 | Honeywell International Inc. | Secure group communication among wireless devices with distributed trust |
CN101309137A (en) * | 2008-07-10 | 2008-11-19 | 浙江大学 | Uni-directional function tree multicast key management method based on cipher sharing |
WO2015129109A1 (en) * | 2014-02-27 | 2015-09-03 | ウイングアーク1st株式会社 | Index management device |
CN106027233A (en) * | 2016-04-28 | 2016-10-12 | 江苏大学 | Method for designing vehicle network group negotiation communication protocol |
Non-Patent Citations (1)
Title |
---|
刘俊杰: "军事车载网密钥管理方案研究", 《网络与信息安全学报》 * |
Cited By (4)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN110784319A (en) * | 2019-10-31 | 2020-02-11 | 广州华多网络科技有限公司 | Key tree reconstruction method, group key updating method, computer equipment and communication system |
CN114079877A (en) * | 2020-08-13 | 2022-02-22 | 如般量子科技有限公司 | Group communication method and system based on hierarchical structure symmetric key pool |
CN114244499A (en) * | 2020-09-09 | 2022-03-25 | 如般量子科技有限公司 | Group communication method and system based on tree structure symmetric key pool |
CN114244499B (en) * | 2020-09-09 | 2023-09-26 | 如般量子科技有限公司 | Group communication method and system based on tree structure symmetric key pool |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
Luo et al. | Hierarchical multi-authority and attribute-based encryption friend discovery scheme in mobile social networks | |
JP5637991B2 (en) | Method for secure communication in network, communication device, network, and computer program | |
CN102356597B (en) | A method for secure communication in a network, a communication device, a network and a computer program therefor | |
CN110247767B (en) | Revocable attribute-based outsourcing encryption method in fog calculation | |
CN110602086B (en) | Repealable and outsourced multi-authorization center attribute-based encryption method in fog computing | |
CN110377002A (en) | A kind of adaptive interior CAN bus method of controlling security and system | |
CN108600174B (en) | Access control mechanism of large cooperative network and implementation method thereof | |
CN105007284B (en) | With the public audit method of secret protection in multi-manager group shared data | |
CN109510707A (en) | Group key management method based on tree model | |
CN111431898B (en) | Multi-attribute mechanism attribute-based encryption method with search function for cloud-assisted Internet of things | |
CN106022167A (en) | Social privacy protection method of multi-level attribute management center based on characteristic encryption | |
CN110933033A (en) | Cross-domain access control method for multiple Internet of things domains in smart city environment | |
CN113489591B (en) | Traceable comparison attribute encryption method based on multiple authorization centers | |
CN115426136B (en) | Cross-domain access control method and system based on block chain | |
CN105915333B (en) | A kind of efficient key distribution method based on encryption attribute | |
CN115270145A (en) | User electricity stealing behavior detection method and system based on alliance chain and federal learning | |
Parthasarathi et al. | Weighted ternary tree approach for secure group communication among mobile applications | |
Zhao et al. | Fuzzy identity-based dynamic auditing of big data on cloud storage | |
Xue et al. | Forward secure and fine-grained data sharing for mobile crowdsensing | |
CN110933052A (en) | Encryption and policy updating method based on time domain in edge environment | |
Dhanaraj et al. | Probit cryptographic blockchain for secure data transmission in intelligent transportation systems | |
CN102624748B (en) | Peer-to-peer (P2P) network access control method | |
CN110717760A (en) | One-stop efficient PKI authentication service method based on block chain | |
CN109474438A (en) | It is a kind of based on the intelligent terminal access authentication method selectively revealed | |
CN115664682A (en) | Consensus method for sharing medical data based on alliance chain master-slave multi-chain |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20190322 |