CN101820621A - Key updating method based on local information collaboration - Google Patents

Abstract

The invention relates to a key updating method based on local information collaboration, applied to the field of network information secrecy. The method does not need network synchronization, a credible center is formed by node cooperation and broadcasts a key updating material in part of channels, accept nodes carry out cooperation forwarding and the key updating efficiency of Ad hoc network in multi-channel is enhanced, therefore, the updating efficiency of the method is reduced to n from o(n), wherein n is number of frequency bands. For ensuring the security during updating, the invention provides a ring signature based on a threshold mechanism so as to protect the anonymity of a trusted third party. The technical scheme can effectively resist attack of malicious nodes to key updating process.

Description

Key updating method based on local information collaboration

Technical field

The present invention relates to multichannel Ad hoc key management and Safety Design field, particularly provide a kind of distribution not have the key updating scheme of trusted party based on local information collaboration.

Background technology

Ad hoc network can be operated in a plurality of frequency ranges by cognitive radio technology, does not disturb under registered user's the prerequisite and freely uses unauthorized frequency range effectively to improve the situation of frequency spectrum resource shortage.By cognitive engine, radio node can connect under different equipment, environment, policy and frequency range, and a kind of self-organizing, distribution, flexible and intelligent communication modes are provided.Because existing conventional wireless network agreement is to be based upon on the fixed frequency spectrum basis, therefore and be not suitable for multi channel Ad hoc network, so design safety, reliably and efficiently multichannel Ad hoc procotol is very necessary.Follow the development of this technology, at the exclusive attack of the multi channel Ad hoc network water surface of also appearing again, as main user's imitation, main user interference, spectrum management attack, control channel saturation attack, frequency spectrum switch selfish behavior, stride layer attacks, channel parasitism and key consume are attacked etc.Wherein a class is attacked particularly noticeable, such attack method is by being increased in the time delay in the frequency spectrum use, destroy efficiency of transmission, so that more attack opportunity to be provided, during consume is attacked as key, the assailant is by increasing the time delay in the frequency spectrum selection, provide more that multimachine can crack session key, stride and utilize the frequency spectrum handover delay in the layer attacks, the order of chaotic packet, reduce the efficiency of transmission of transport layer, the probability that causes retransmitting increases.So encryption technology is as the basis of the safety of wireless network, it is crucial studying and safe, efficient and feasible multichannel Ad hoc netkey management agreement is provided.An important ring in the key updating process key management four-stage, yet because the dynamic spectrum strategy of multi-channel wireless electric network, make its management be difficult to conventional wireless network, under the prerequisite of not destroying the spectrum allocation may strategy, reducing Network Synchronization and attack opportunity, is a matter of opening of multichannel Ad hoc key updating process.This paper proposes a kind of key updating method based on local information collaboration on the basis of analyzing multichannel Ad hoc network renewal process, this method not only can effectively improve update efficiency by local cooperative cooperating, and has protected the safety of trusted third party.

In conventional wireless network, if two euclidean distance between node pair satisfy transmission requirement, then can receive broadcast between node, yet in multichannel Ad hoc network, because the environment difference of radio node work, cause node to be operated in different frequency ranges, even two euclidean distance between node pair meet transmission requirement, because the difference of frequency range, the broadcast message that destination node can't the reception sources node, or need time of delay, to consult same channel.As shown in Figure 1, node (4,5,6) need switch to frequency range f ₁, could communicate by letter with node 1, this process will cause time delay, and node 7 because and node 1 no common signal channel, can't communicate, yet node 7 and node 4,5 have common signal channel f ₃And f ₄, can connect between them.

Provide the definition of the blind state of radio node thus: if distance is less than maximum transmission distance between two node A and B, and the working frequency range of node A and B is different, i.e. f _A≠ f _B, claim that then A is that Node B is at frequency range f _BUnder blind node, otherwise Node B is that node A is at frequency range f _AUnder blind node.The blind state that two kinds of forms are arranged in multichannel Ad hoc network: (1) non-interference mode is the blind state of main user job frequency range as the user, has avoided main user's communications is disturbed; (2) spatial reuse of node, as shown in Figure 1, node 1,2,3,12 working frequency range are f ₁, f ₁, f ₂, f ₂, node the 12, the 3rd, node 1,2 is at frequency range f ₁Under blind node, same node the 1, the 2nd, node 3,12 is at frequency range f ₂Under blind node, two pairs of nodes can be set up glitch-free communicating to connect under identical space-time.Though the blind condition improvement of node the service efficiency of frequency spectrum, yet prolonged network delay, to node 2,3,12 broadcasts, need wait node 3,12 to switch to frequency range f as node 1 ₁Therefore the blind state of node has also disturbed the efficient of key updating, and node can not be accepted updating message simultaneously.

If allow the node of blind state accept key updating message, just must with the sending node negotiated channel.Yet negotiations process not only faces stationary problem, and negotiations process also certainly will reduce the time of transfer of data, has increased the disturbed chance of node, allows all nodes or most of node work in similar frequency bands in multichannel Ad hoc network, is difficult.Existing solution has:

A plurality of nodes are formed trusted third party, broadcast updating message on all channels.The needed time delay of this method is δ | f _Max-f _Min|, δ is a time delay factor.As can be seen from the above equation, the bandwidth of time delay and frequency spectrum is linear, and the frequency spectrum scope of application is wide more, and then time delay is big more.When trusted third party's node and node communicate, need to support synchronously, destroyed the flexibility that the node frequency spectrum uses, and believable third party can both be attacked on each channel.Therefore this method value is applicable to the multichannel Ad hoc network that number of frequency bands is less.

Radio node is consulted identical channel with the third party jointly by control channel.It is difficult consulting unified channel in all nodes of network, and is subjected to main user's interference easily.Though the less control channel that utilizes, saturated channel attack still can be organized key updating process, and negotiations process has simultaneously increased offered load.

Using control channel to carry out updating message sends, method above this method is similar, different is that this method does not need the channel negotiations process, though reduced time delay, yet the preciousness of control channel, and the defective that very easily is subjected to saturated channel attack, make this method can not guarantee the stability of key updating process.

The key updating process of node cooperative cooperating sends key updating message by trusted third party's selection portion frequency-division section, transmits this message by the node that receives key updating message on untapped frequency range.This method does not need the channel negotiations process, also need not the support of control channel, the time delay that trusted third party is spent on frequency spectrum switches is limited, node still can freely be selected frequency range in renewal process, can not cause interference, guarantee the flexibility of node, owing to select local channel at random main user, therefore reduced by the possibility of saturated channel attack, even the carrying out that also can't stop key updating process takes place to attack simultaneously.

Summary of the invention

Topology of networks is Ad hoc, node evenly distributes, and scale is N, and trusted third party's number of nodes is M, available number of frequency bands is that H and distribution are uniform, agreement is used the beginning of a field identification renewal process of control channel, and control channel immobilizes, and data channel can arbitrarily switch, the internodal communication of trusted third party is safe, each node has two antennas, and one is used to send message, and one is used to accept message.

Set up the local information collaboration cooperative model, node is divided into accepts more new material node (accept nodes) and new material node (not accept nodes) more not, hereinafter to be referred as recipient and not recipient, the node number that each node can transmit in each stage is λ.Constantly this two category node of t proportion in total node is remembered respectively and is made s (t) and i (t).Each node from frequency range switch in the next frequency range effectively that the more new node of transmission is a constant, be called the stage turnover rate.When the recipient when the recipient is not at same frequency spectrum, new material becomes the recipient to make not the recipient accept more.According to hypothesis, each recipient can make the individual regenerator of acceptance of λ s (t) become the regenerator in per stage, because having accepted the user of updating message is Ni (t), thus the total individual not regenerator of λ Ns (t) i (t) of each stage be updated, so λ Nsi be exactly more new node count N _iIncrement rate, promptly have:

$N\frac{\mathrm{di}}{\mathrm{dt}}=\mathrm{\λNsi}$

Again because: s (t)+i (t)=1

Remember initial time again, base station transmission information receives more that the user's of new material ratio is i ₀, then

$\frac{\mathrm{di}}{\mathrm{dt}}=\mathrm{\&lambda;i}(1-i),i\left(0\right)={\mathrm{<figure-callout\; id="0"\; label="i"\; filenames="H2010100340804E00012.png"\; state="\{\{state\}\}">i</figure-callout>}}_0$

Can obtain the key updating model

$i\left(t\right)=\frac{1}{1+(\frac{1}{i_0}-1)e^{-\mathrm{\&lambda;t}}}$

Can analyze by above formula and to obtain when the i=1/2 time,

In the moment of the maximum of key updating speed just, this is constantly

By this model analysis, improve i ₀Update time can be shortened with λ.Notice also that simultaneously the number of nodes that received renewal when network 1/2 when following, follows new speed to be in the increase state all the time in the network And when more the ratio of new node surpassed 1/2, the speed of renewal descended

Therefore make fast that more the quantity occupation rate of new node reaches 1/2, can effectively reduce update time.

Can obtain algorithm design thought from above analysis, the broadcast key of base station by a plurality of data channels be new material more, and the node cooperative cooperating that receives key material is transmitted to the node that does not receive this material.For reducing the effect of base station in key updating, time cost just, because after obtaining the key updating material above the half node, turnover rate will descend, the effect of base station reduces, so the concluding time is obtained key with new for 1/2 node is arranged in network.Switching by intermediate node replaces the frequency spectrum of base station to switch the delay that has reduced key updating.Reduce the time of base station, can freely choose the frequency spectrum of broadcasting, do not needed base station and internodal negotiation synchronization mechanism.Because its flexibility has higher fail safe, but need authenticate forwarding information.Though newspaper higher turnover rate, can not guarantee obtaining of whole nodes, therefore need compensation mechanism, make the node that does not at the appointed time obtain key information initiatively obtain key updating information.

Part trusted third party node is broadcasted updating message on a plurality of channels of random choose, after the node of half is accepted message, go off the air.The updating message that the node cooperative cooperating obtains from a plurality of data channels.When surpassing fixed time threshold value t _mAfter, stop the forwarding of updating message.Trusted third party's node is counted N and number of available channels H according to node, calculates t _mIf the number of nodes on each frequency range is identical, N/H node then arranged, on each channel if at interval t _mIn, make the number of nodes of accepting message in the network surpass 50%, then the number of times that switches at least is n, satisfies following formula:

$\frac{N(1+n)n}{H}\&GreaterEqual;\frac{\mathrm{<figure-callout\; id="2"\; label="N"\; filenames="H2010100340804E00012.png"\; state="\{\{state\}\}">N</figure-callout>}}{2}$

Calculate: $t_m=\mathrm{\&delta;}\left(\frac{\sqrt{2H+1}-1}{2}\right).$

This scheme can guarantee validity, fail safe, the robustness of multichannel Ad hoc network cryptographic key updating process.

On efficient, the key updating process value needs part trusted third party node, does not need synchronization mechanism and control channel, and the time delay that trusted third party spends in key updating is Less than O (δ H).

In fail safe, because the renewal process of trusted third party is anonymous, the probability of the third party's node in renewal of the identification of assailant's success is 1/m, since the assailant is difficult to discern all trusted third party's nodes, then the key updating process also is difficult to stop.Even the part of nodes in trusted third party's node is identified and is broken, need only its quantity less than k, the assailant still can not destroy key updating process.Node also can't be forged updating message, and node is after accepting message SM, by ring signature authentication (ringverify (z, a, b, s ₁, s ₂..., s _m, c ₁, c ₂..., c _mIts legitimacy true) is judged by)==, however this process node and do not know the source of this message.Simultaneously, because privacy key is based upon on this difficult problem of discrete logarithm, also be difficult therefore to cracking of privacy key.

On robustness, even the broadcast channel that the prediction of assailant's success is all and all trusted third party's nodes, yet because each node uses the order of channel is at random, so the saturated channel attack of initiation that the assailant also can't be successful, therefore also can't stop the broadcasting of key updating message.The anonymity of trusted third party's node, and the randomness that channel uses has all increased the attack difficulty, the subparticipation of trusted third party's node simultaneously, also guaranteed when trusted third party's number of nodes of initiating renewal process is less than threshold value, by activating new trusted third party node, the life cycle of having improved renewal process.

Agreement KUSLIC describes:

The node set U={U of trusted third party ₁, U ₂..., U _m, m＞k.Each node uses E1Gamal method secret to hold an exclusive key fragment, and establishing secret fragment is x _i, f=1,2 ..., m, verification public key is

PKI is

A (x) ∈ Z _P[x] is a K order polynomial at random, Z _PBe the addition cyclic group of mould p, two hash function H ₁: 0,1} ^*→ Z _qAnd H ₂: 0,1} ^*→ G, and 0,1} ^mBinary string for any bit length.Node (the U of trusted third party _i, the issue of 1≤f≤l) PKI

Part of nodes quantity in the trusted third party be l (agreement KUSLIC is described below for l≤m), cooperation signature, and broadcasting updating message:

Step 1: by the updating message of trusted third party's node issue through authentication, particular content is certain node U of trusted third party _SThe broadcasting updating message, expressly be m ∈ 0,1} ^*→ G, PKI is

Select a random number k ey ∈ _RZ _P, updating message is a (a=g ^Key, key ∈ _RZ _P)) and b (b=mh ^Key);

Step 2: receiving node is preserved the content of upgrading, and particular content is except U _S, each receiving node calculates d

) and preserve this value;

Step 3: the part of nodes by trusted third party is signed to updating message, and this message is sent broadcast transmission, and particular content is as follows, each node U _lComprise U _SCarry out following steps, with to message (b=mh ^Key, a ₁={ g ^Key| l=s},

) sign, export signature information SM (z, a, b, s at last ₁, s ₂..., s _m, c ₁, c ₂..., c _m);

(a) node U _lCalculate Y=H ₂(y ₁, y ₂..., y _n),

(b) node U _lSelect a plurality of random numbers: r, s _i, c _i∈ _RZ _q, 1≤i≤m, i ≠ l;

(c) node U _lCalculate

(i=1,2 .., l-1, l+1, m);

(d) node U _lCalculate u _l=g ^r, v _l=z ^r

(e) node U _lCalculate

s _l=r-c _lx _l

(f) node U _lObtain SM _l

${\mathrm{SM}}_l=\left\{\begin{array}{c}z,a_1,b,s_1,{\mathrm{<figure-callout\; id="2"\; label="s"\; filenames="H2010100340804E00012.png"\; state="\{\{state\}\}">s</figure-callout>}}_2,...,s_m,c_1,{\mathrm{<figure-callout\; id="2"\; label="c"\; filenames="H2010100340804E00012.png"\; state="\{\{state\}\}">c</figure-callout>}}_2,...,c_m,U_l=U_s\\ z,a_2,b,s_1,{\mathrm{<figure-callout\; id="2"\; label="s"\; filenames="H2010100340804E00012.png"\; state="\{\{state\}\}">s</figure-callout>}}_2,...,s_m,c_1,{\mathrm{<figure-callout\; id="2"\; label="c"\; filenames="H2010100340804E00012.png"\; state="\{\{state\}\}">c</figure-callout>}}_2,...,c_m,U_l\&NotEqual;U_s\end{array}\right.$

Step 4: each node statistics has sent the frequency range of updating message and for sending the frequency range of message, particular content is set

With the frequency range set, gather FH as ₂={ f _i, i=1,2 ..., H} is as not gathering with frequency range.Each node U _lAt selected channel set

Last broadcasting SM _l, l=1,2 ... l, and calculate FH ₁=FH ₁+ { f _j, FH ₂=FH ₂-{ f _j;

Step 5: each node is collected the set of updating message, when updating message surpasses threshold value, and if satisfy the signature requirement, then satisfying more new demand, node is new key more, and it thes contents are as follows, and each node is held a massage set SMS, and the starting stage To preserve message SM.When node receives message SM _NewAfter, if this message is legal and S set MS in do not have this message, then preserve, the message checking is as follows:

$\left(a\right)\&ForAll;{\mathrm{SM}}_l\&Element;\mathrm{SMS},z\&Element;{\mathrm{SM}}_l,z_{\mathrm{new}}\&Element;{\mathrm{SM}}_{\mathrm{new}}\&DoubleRightArrow;z_{\mathrm{new}}\&NotEqual;z;$

(b) calculate h=H ₂(y ₁, y ₂..., y _n),

And checking

Step 6: node will agree that the message upgraded sends from the frequency range of random choose, and it thes contents are as follows, and node is in the frequency range set of random choose

Broadcast SM _New, and calculate FH ₁=FH ₁+ { f _i, FH ₂=FH ₂-{ f _i;

Step 7: node recovers the plaintext that upgrades keying material by surpassing in a plurality of message of threshold value, particular content is as follows, as overtime threshold value t _mAfter, each node selects k message SM to recover expressly from massage set SMS, carries out key updating process, if the quantity of SM is less than k, then collaborative neighbor node carries out message request;

Step 8: the network operation.

Description of drawings:

Fig. 1: the blind state of node

Fig. 2: renewal process

Fig. 3: execution in step

Embodiment:

Step 1: configuration node hardware module, node have two antennas;

Step 2: the scale of offline network trusted party estimation network and available frequency band quantity calculate time threshold t _Update, t _mAnd t _Vss

Step 3: form the trusted party of network by a plurality of trusted third party node with cooperation way, each trusted party node uses E1Gamal method secret to hold an exclusive key fragment, and the issue PKI;

Step 4: by a plurality of trusted third party in this locality node makeup ring signature, so that new key is more signed;

Step 5: if the network operation time is above t _Update, then issue the updating message of signing by the trusted party node;

Step 6: carry out the KUSLIC agreement, in the agreement, surpass t when update time _mThe time, then the trusted party node withdraws from renewal process;

Step 7: surpass t when the running time of network trusted Centroid _Vss, then use the E1Gamal method to upgrade PKI and private key fragment;

Step 8: the network operation.

Claims (2)

1. based on the key updating method of local information collaboration, it is characterized in that: radio node need not the negotiated channel process, part trusted third party node is initiated key updating process, by a plurality of channel radio updating message of trusted third party's node random choose, radio node is transmitted message after acceptance, after radio node is collected and is surpassed the message of number of thresholds, just can recover message, renewal process need not to reveal the identity information of trusted third party's node, and concrete execution in step is as follows:

Step 1: configuration node hardware module, node have two antennas;

Step 2: the scale of offline network trusted party estimation network and available frequency band quantity calculate time threshold t _Update, t _mAnd t _Vss

Step 3: form the trusted party of network by a plurality of trusted third party node with cooperation way, each trusted party node uses ElGamal method secret to hold an exclusive key fragment, and the issue PKI;

Step 4: by a plurality of trusted third party in this locality node makeup ring signature, so that new key is more signed;

Step 5: if the network operation time is above t _Update, then issue the updating message of signing by the trusted party node;

Step 6: carry out the KUSLIC agreement, in the agreement, surpass t when update time _mThe time, then the trusted party node withdraws from renewal process;

Step 7: surpass t when the running time of network trusted Centroid _Vss, then use El Gamal method to upgrade PKI and private key fragment;

Step 8: the network operation.

2. update method as claimed in claim 1 is characterized in that: described KUSLIC protocol step is as follows:

The node set U={U of trusted third party ₁, U ₂..., U _m, m＞k, each node use ElGamal method secret to hold an exclusive key fragment, and establishing secret fragment is x _i, i=1,2 ..., m, verification public key is

PKI is

A (x) ∈ Z _P[x] is a K order polynomial at random, Z _PBe the addition cyclic group of mould p, two hash function H ₁: 0,1} ^*→ Z _qAnd H ₂: 0,1} ^*→ G, and 0,1} ^mBe the binary string of any bit length, the node (U of trusted third party _i, the issue of 1≤i≤l) PKI

Part of nodes quantity in the trusted third party be l (agreement KUSLIC is described below for l≤m), cooperation signature, and broadcasting updating message:

Step 1: by the updating message of trusted third party's node issue through authentication, particular content is certain node U of trusted third party _SThe broadcasting updating message, expressly be m ∈ 0,1} ^*→ G, PKI is

Select a random number k ey ∈ _RZ _P, updating message is a (a=g ^KeyKey ∈ _RZ _P)) and b (b=mh ^Key);

Step 2: receiving node is preserved the content of upgrading, and particular content is except U _S, each receiving node calculates

And preserve this value;

Step 3: the part of nodes by trusted third party is signed to updating message, and this message is sent broadcast transmission, and particular content is as follows, each node U _lComprise U _SCarry out following steps, with to message

Sign, export signature information SM (z, a, b, s at last ₁, s ₂..., s _m, c ₁, c ₂..., c _m);

(a) node U _lCalculate $Y=H_2(y_1,y_2,...,y_n),z=h^{x_1};$

(b) node U _lSelect a plurality of random numbers: r, s _i, c _i∈ _RZ _q, 1≤i≤m, i ≠ l;

(c) node U _lCalculate $u_i=g^{s_i}{y}_i^{c_i},v_i=Y^{s_i}{z}^{c_i}(i=\mathrm{1,2}...,l-1,l+1,m);$

(d) node U _lCalculate u _l=g ^r, v _l=z ^r

(e) node U _lCalculate $c_l=H_1(z,a,b,u_1,u_2,...,u_m,v_1,v_2,...,v_m)-\underset{i\&NotEqual;1}{\mathrm{\&Sigma;}}{c}_i,s_l=r-c_l{x}_l;$

(f) node U _lObtain SM _l

${\mathrm{SM}}_l=\begin{array}{}\left\{\begin{array}{c}z,a_1,b,s_1,s_2,...,s_m,c_1,c_2,...,c_m,U_l=U_s\\ z,a_2,b,s_1,s_2,...,s_m,c_1,c_2,...,c_m,U_l\&NotEqual;U_s\end{array}\right.\end{array}$

Step 4: each node statistics has sent the frequency range of updating message and for sending the frequency range of message, particular content is set

With the frequency range set, gather FH as ₂={ f _i, i=1,2 ..., H} is as not gathering with frequency range; Each node Ul is at selected channel set

Last broadcasting SM _l, l=1,2 ..l, and calculate FH ₁=FH ₁+ { f _j, FH ₂=FH ₂-{ f _j;

Step 5: each node is collected the set of updating message, when updating message surpasses threshold value, and if satisfy the signature requirement, then satisfying more new demand, node is new key more, and it thes contents are as follows, and each node is held a massage set SMS, and the starting stage To preserve message SM; When node receives message SM _NewAfter, if this message is legal and S set MS in do not have this message, then preserve, the message checking is as follows:

(a)

(b) calculate h=H ₂(y ₁, y ₂..., y _n),

And checking $\underset{i=1}{\overset{m}{\mathrm{\&Sigma;}}}{c}_i=H_1(z,a,b,u_1,u_2,...,u_m,v_1,v_2,...,v_m);$

Step 6: node will agree that the message upgraded sends from the frequency range of random choose, and it thes contents are as follows, and node is in the frequency range set of random choose

Broadcast SM _New, and calculate

FH ₁＝FH ₁+{f _j}，FH ₂＝FH ₂-{f _j}；

Step 7: node recovers the plaintext that upgrades keying material by surpassing in a plurality of message of threshold value, particular content is as follows, as overtime threshold value t _mAfter, each node selects k message SM to recover expressly from massage set SMS, carries out key updating process, if the quantity of SM is less than k, then collaborative neighbor node carries out message request;

Step 8: the network operation.

Images