CN115412288A - Key management method and device - Google Patents

Key management method and device Download PDF

Info

Publication number
CN115412288A
CN115412288A CN202210837262.8A CN202210837262A CN115412288A CN 115412288 A CN115412288 A CN 115412288A CN 202210837262 A CN202210837262 A CN 202210837262A CN 115412288 A CN115412288 A CN 115412288A
Authority
CN
China
Prior art keywords
node
key
nodes
group
leaf
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202210837262.8A
Other languages
Chinese (zh)
Inventor
谢绒娜
史国振
李宗俞
李莉
董秀则
娄嘉鹏
宋坤原
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
School Of Electronic Technology Central Office Of Communist Party Of China (beijing Institute Of Electronic Technology)
Original Assignee
School Of Electronic Technology Central Office Of Communist Party Of China (beijing Institute Of Electronic Technology)
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by School Of Electronic Technology Central Office Of Communist Party Of China (beijing Institute Of Electronic Technology) filed Critical School Of Electronic Technology Central Office Of Communist Party Of China (beijing Institute Of Electronic Technology)
Priority to CN202210837262.8A priority Critical patent/CN115412288A/en
Publication of CN115412288A publication Critical patent/CN115412288A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/062Network architectures or network communication protocols for network security for supporting key management in a packet data network for key distribution, e.g. centrally by trusted party
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0816Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
    • H04L9/0819Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
    • H04L9/083Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP]
    • H04L9/0833Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key
    • H04L9/0836Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s) involving central third party, e.g. key distribution center [KDC] or trusted third party [TTP] involving conference or group key using tree structure or hierarchical structure
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0866Generation of secret information including derivation or calculation of cryptographic keys or passwords involving user or device identifiers, e.g. serial number, physical or biometrical information, DNA, hand-signature or measurable physical characteristics
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0861Generation of secret information including derivation or calculation of cryptographic keys or passwords
    • H04L9/0869Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/08Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
    • H04L9/0891Revocation or update of secret information, e.g. encryption key update or rekeying

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention provides a key management method and a device, which are applied to group communication, wherein the connection between group members adopts a tree structure, and the method comprises the following steps: generating a new group key according to a group key when the trigger item occurs and a random number or an identity of a newly added node in the tree structure based on a preset trigger item, and finishing updating the group key when the trigger item occurs; the trigger items comprise node adding, node leaving, preset time period, subgroup leaving and subgroup adding, and the random numbers are generated by root nodes in a tree structure; the invention independently completes the update of each group key by each node, avoids man-in-the-middle attack in key distribution, and simultaneously improves the freshness and confidentiality of the group key.

Description

Key management method and device
Technical Field
The present invention relates to the field of communications technologies, and in particular, to a method and an apparatus for managing a secret key.
Background
In the prior art, in the initialization stage, a manager of the entire group completes generation and distribution of a group key, the manager of the entire group performs distribution of the group key using a key negotiated with a group user, and the group user decrypts the group key using the key negotiated with the manager of the entire group after receiving a ciphertext of the group key to obtain the group key. The updating of the group key and the distribution of the group key to the group users are done by the administrator of the entire group as the group users change dynamically.
However, in terms of communication security, although the prior art realizes that the user newly joining the group cannot obtain the group key before joining and the user exiting the group cannot obtain the group key after exiting, the following two drawbacks still exist: the security of the technology is poor, the integrity and non-repudiation of the group key cannot be guaranteed, and the potential safety hazard of man-in-the-middle attack exists; the timing update of the group key cannot be realized, and the freshness of the group key cannot be ensured. In addition, the prior art has the defect of large calculation and communication burden of the manager of the whole group in terms of communication performance.
Disclosure of Invention
The invention provides a key management method and a device, which are used for solving the problems of poor communication safety and insufficient communication performance of the key management method in the prior art, and the updating of respective group keys is independently completed through each node, and simultaneously a key derivation function and an encryption authentication scheme are introduced, thereby avoiding man-in-the-middle attack in key distribution, and improving the freshness, confidentiality, integrity and non-repudiation of the group keys.
The invention provides a key management method, which is applied to group communication, wherein the connection between group members adopts a tree structure, and the method comprises the following steps:
generating a new group key according to a group key when the trigger item occurs and a random number or an identity of a newly added node in the tree structure based on a preset trigger item, and finishing updating the group key when the trigger item occurs;
the trigger items comprise node joining, node leaving, a preset time period, subgroup leaving and subgroup joining, and the random numbers are generated by root nodes in a tree structure.
According to the key management method provided by the present invention, before the generating a new group key based on the preset trigger item, according to the group key when the trigger item occurs, and the random number or the identity of the newly added node in the tree structure, and completing the updating of the group key when the trigger item occurs, the method further includes:
an individual key initialization step, namely generating respective seed keys and individual keys of respective child nodes by non-leaf nodes in a tree structure, and distributing the individual keys of the respective child nodes to the respective child nodes;
and initializing a group key, namely generating respective group keys by the non-leaf nodes based on the respective seed keys generated by the non-leaf nodes and the individual keys of the respective child nodes, and distributing the respective group keys to the leaf nodes of the tree structure layer by layer.
According to the key management method provided by the present invention, the generating respective seed keys and respective individual keys of respective child nodes by non-leaf nodes in the tree structure, and distributing the individual keys of the respective child nodes to the respective child nodes, specifically includes:
all nodes except the root node in the tree structure perform identity authentication with respective father nodes and negotiate respective session keys;
calling a random number generation function by the non-leaf node to generate respective seed keys;
calling a key derivation function by the non-leaf nodes to generate individual keys of the respective child nodes based on the identity of the child nodes of the non-leaf nodes and the seed keys of the non-leaf nodes;
sending, by the non-leaf nodes, individual keys of respective child nodes to the respective child nodes based on the session key.
According to the key management method provided by the present invention, after the sending, by the non-leaf node, the individual key of the respective child node to the respective child node based on the session key, the method further includes:
verifying, by child nodes of the non-leaf nodes, respective personal keys based on respective session keys;
and after the verification is passed, the child nodes of the non-leaf nodes store the respective personal keys.
According to the key management method provided by the present invention, the generating of the respective group key by the non-leaf node based on the respective seed key generated by the non-leaf node and the individual key of the respective child node, and the layer-by-layer distribution to the leaf nodes of the tree structure specifically includes:
calling a random number generation function by the root node of the tree structure to generate a random number initial state value;
calling, by the non-leaf nodes, key derivation functions to generate respective group keys based on the respective seed keys generated by the non-leaf nodes and the individual keys of the respective child nodes;
distributing group keys and initial random number values of all nodes from the node to the root node to the child nodes by all nodes including the root node except the leaf child nodes and the father nodes of the leaf nodes in the tree structure;
the parent node of the leaf node in the tree structure distributes the group keys of all nodes from the self node to the root node to the respective child nodes.
According to the key management method provided by the present invention, after the distributing the group key and the initial random number value of all nodes from the self node to the root node, the method further comprises:
verifying the group key and the initial random number value of all nodes from the parent node to the root node of each child node except the parent node of the leaf node and the parent node of the leaf node in the tree structure based on each individual key;
and after verification is passed, the child nodes of all nodes including the root node except the parent nodes of the leaf nodes and the parent nodes of the leaf nodes in the tree structure store the group keys and the random number initial state values of all nodes from the parent nodes to the root node, which are received by the child nodes respectively.
According to the key management method provided by the present invention, after said distributing the group keys of all nodes from the self node to the root node, the method further comprises:
verifying, by the leaf nodes in the tree structure, the received group keys of all nodes from the self node to the root node, which are sent by the respective parent nodes, based on the respective individual keys;
and after the verification is passed, the leaf child nodes in the tree structure store the received group keys of all the nodes from the self node to the root node, which are sent by the respective parent nodes.
According to the key management method provided by the present invention, the preset trigger item is a node join, and correspondingly, the new group key is generated according to the group key when the trigger item occurs, and the random number or the identity of the newly added node in the tree structure, and the update of the group key when the trigger item occurs is completed, which specifically includes:
generating an individual key of a newly added node by a father node of the newly added node, and sending the individual key of the newly added node to the newly added node;
based on the stored group keys and the identity identification of the newly added node when the node is added, calling a key derivation function by a non-leaf node of the tree structure, updating the stored group keys by itself, and sending the updated group keys of all nodes from the node to a root node to the leaf node by a parent node of the leaf node, wherein the updated group keys stored by the non-leaf node comprise the respective group keys;
or based on the respective group key when the node is added and the identity of the newly added node, calling a key derivation function by the non-leaf node of the tree structure, updating the respective group key by itself, and distributing the updated group keys of all nodes from the node to the root node to the leaf nodes of the tree structure layer by the non-leaf node;
or the nodes in the tree structure call a key derivation function to update the respective stored group keys according to the respective stored group keys when the nodes are added and the identity of the newly added node, and the parent node of the newly added node sends the updated group keys of all nodes from the node to the root node to the newly added node.
According to the key management method provided by the present invention, the generating of the individual key of the newly added node by the parent node of the newly added node and the sending of the individual key of the newly added node to the newly added node specifically include:
the newly added node and the father node of the newly added node carry out identity authentication and negotiate out a session key;
based on the identity of the newly added node and the seed key of the father node of the newly added node, calling a key derivation function by the father node of the newly added node to generate an individual key of the newly added node;
and sending the generated personal key of the newly-added node to the newly-added node by the parent node of the newly-added node based on the session key.
According to the key management method provided by the present invention, after the parent node of the newly joining node transmits the generated individual key of the newly joining node to the newly joining node, the method further includes:
verifying the personal key of the new joining node based on the session key;
and if the verification is passed, the newly added node stores the received personal key of the newly added node.
According to the key management method provided by the present invention, after the non-leaf node distributes the updated group key layer by layer from its own node to all nodes of the root node to the leaf node, the method further comprises:
verifying the group keys of all the nodes from the father node to the root node after the updating received by the nodes of the tree structure;
and after verification is passed, the node of the tree structure stores the updated group keys of all the nodes from the parent node to the root node after the update is received by the node of the tree structure.
According to the key management method provided by the present invention, the preset trigger item is a node leaving, and correspondingly, a new group key is generated according to the group key when the trigger item occurs, and the random number or the identity of the newly added node in the tree structure, and the update of the group key when the trigger item occurs is completed, which specifically includes:
based on the respective group key and the random number when the node leaves, the non-leaf node calls a key derivation function to update the respective group key by itself, and the non-leaf node distributes the updated group keys of all nodes from the self node to the root node to the leaf node layer by layer;
or calling a key derivation function to update the respective stored group key by the non-leaf nodes in the tree structure according to the respective stored group key and random number when the nodes leave, and sending the updated group keys of all nodes from the self node to the root node to the leaf node by the parent node of the leaf node.
According to the key management method provided by the present invention, after the non-leaf node distributes the updated group key layer by layer from its own node to all nodes of the root node to the leaf node, the method further includes:
verifying the group keys of all the nodes from the father node to the root node after the updating received by the nodes of the tree structure;
and after verification is passed, the node of the tree structure stores the updated group keys of all the nodes from the parent node to the root node after the update is received by the node of the tree structure.
According to the key management method provided by the present invention, when the preset trigger item is a preset time period, correspondingly, a new group key is generated according to the group key when the trigger item occurs, and the random number or the identity of the newly added node in the tree structure, and the update of the group key when the trigger item occurs is completed, which specifically includes:
based on the respective group key and the random number when the preset time period is reached, the non-leaf node calls a key derivation function to update the respective group key by itself, and the non-leaf node distributes the updated group keys of all nodes from the self node to the root node to the leaf node layer by layer;
or calling a key derivation function to update the respective stored group key by the non-leaf nodes in the tree structure according to the respective stored group key and random number when the preset time period is reached, and distributing the updated group keys of all nodes from the self node to the root node to the leaf node by the parent node of the leaf node.
According to the key management method provided by the present invention, after the non-leaf node distributes the updated group keys of all nodes from its own node to the root node to the leaf nodes layer by layer, the method further includes:
verifying the updated group keys of all nodes from the father node to the root node, which are received by the nodes of the tree structure;
and after verification is passed, the node of the tree structure stores the updated group keys of all the nodes from the parent node to the root node after the update is received by the node of the tree structure.
According to the key management method provided by the present invention, the preset trigger item is a subgroup departure, and correspondingly, a new group key is generated according to the group key when the trigger item occurs, and the random number or the identity of the newly added node in the tree structure, and the update of the group key when the trigger item occurs is completed, which specifically includes:
calling a random number generating function by a root node of the tree structure to generate a new random number, and distributing the new random number to respective child nodes by all nodes including the root node except parent nodes of leaf nodes and leaf nodes in the tree structure;
based on the respective group key and the new random number when the subgroup leaves, calling a key derivation function by the non-leaf node, and updating the respective group key by self;
and the non-leaf node distributes the updated group keys of all the nodes from the self node to the root node to the leaf nodes layer by layer.
According to the key management method provided by the present invention, after said distributing said new random number, the method further comprises:
verifying the new random numbers received by the non-leaf nodes except the root node in the tree structure;
and after the verification is passed, storing the respectively received new random numbers by all the non-leaf nodes except the root node in the tree structure.
According to the key management method provided by the present invention, after the non-leaf node distributes the updated group keys of all nodes from its own node to the root node to the leaf nodes layer by layer, the method further includes:
verifying the updated group keys of all nodes from the father node to the root node, which are received by the nodes of the tree structure;
and after verification, the nodes of the tree structure store the updated group keys of all the nodes from the father node to the root node, which are received by the nodes of the tree structure.
According to the key management method provided by the present invention, the preset trigger item is added to a subgroup, and correspondingly, a new group key is generated according to the group key when the trigger item occurs, and the random number or the identity of the newly added node in the tree structure, and the update of the group key when the trigger item occurs is completed, which specifically includes:
generating a personal key of the highest management node of the newly added subgroup by a parent node of the highest management node of the newly added subgroup, and sending the generated personal key of the highest management node of the newly added subgroup to the highest management node of the newly added subgroup;
based on the respective group key when the subgroups are added and the identity of the highest management node of the newly added subgroups, calling a key derivation function by a non-leaf node in the tree structure, updating the respective group key by itself, and distributing the updated group keys of all nodes from the self node to the root node to the leaf nodes of the tree structure layer by the non-leaf node;
or the nodes in the tree structure call a key derivation function to update the stored group keys according to the stored group keys when the subgroups are added and the identity of the highest management node newly added into the subgroups;
sending the updated group key and random number of all nodes from the node to the root node to the newly-added subgroup highest management node by the father node of the newly-added subgroup highest management node;
and the initialization of the individual key and the group key of the newly added subgroup is realized by the highest management node of the newly added subgroup.
According to the key management method provided by the present invention, the generating, by the parent node of the highest management node of the newly added subgroup, the personal key of the highest management node of the newly added subgroup, and sending the generated personal key of the highest management node of the newly added subgroup to the highest management node of the newly added subgroup, specifically includes:
the newly added highest management node of the subgroup and a father node of the newly added subgroup carry out identity authentication and negotiate out a session key;
based on the identity of the highest management node of the newly added subgroup, calling a key derivation function by the parent node of the highest management node of the newly added subgroup, and generating the personal key of the highest management node of the newly added subgroup;
and based on the session key, sending the generated individual key of the newly-added subgroup highest management node to the newly-added subgroup highest management node by the parent node of the newly-added subgroup highest management node.
According to the key management method provided by the present invention, after the parent node of the newly added subgroup highest management node sends the generated individual key of the newly added subgroup highest management node to the newly added subgroup highest management node, the method further comprises:
verifying, by a newly-joined subgroup highest management node, the personal key based on the session key;
and after the verification is passed, the newly added subgroup highest management node saves the received personal key.
According to the key management method provided by the present invention, after the non-leaf node distributes the updated group key layer by layer from its own node to all nodes of the root node to the leaf nodes of the tree structure, the method further comprises:
verifying the group keys of all the nodes from the father node to the root node after the updating received by the nodes of the tree structure;
and after verification is passed, the node of the tree structure stores the updated group keys of all the nodes from the parent node to the root node after the update is received by the node of the tree structure.
According to the key management method provided by the invention, the initialization of the individual key and the group key of the newly added subgroup is realized by the highest management node of the newly added subgroup, and the method specifically comprises the following steps:
generating respective seed keys and individual keys of respective child nodes by non-leaf nodes newly added into the subgroups;
and generating respective group keys by the non-leaf nodes in the newly added subgroup based on the respective seed keys generated by the non-leaf nodes in the newly added subgroup and the individual keys of the respective child nodes, and distributing the group keys of all the nodes from the self node to the root node to the leaf nodes of the newly added subgroup layer by the non-leaf nodes of the newly added subgroup.
According to the key management method provided by the invention, the individual keys and the group keys are distributed by using a verifiable encryption scheme.
The invention also provides a key management device, which is applied to group communication, the connection between the group members adopts a tree structure, and the device comprises:
the group key updating module is used for generating a new group key according to a preset trigger item, the group key when the trigger item occurs and a random number or an identity of a newly added node in the tree structure, and updating the group key when the trigger item occurs;
the trigger items comprise node joining, node leaving, a preset time period, subgroup leaving and subgroup joining, and the random numbers are generated by root nodes in a tree structure.
The invention also provides an electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, the processor implementing the steps of the method for the purpose of identification of an intention of audio data as described when executing the program.
The invention also provides a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, implements the steps of the key management method as described.
The key management method and the device are applied to group communication, a tree structure is adopted for connection among group members, a new group key is generated according to the group key when a trigger item occurs and a random number or an identity of a newly added node in the tree structure based on a preset trigger item, and the group key when the trigger item occurs is updated; the random number is used for updating a key when the trigger item is a preset time period or a group member leaves, and is generated by a root node in a tree structure; the invention independently completes the update of each group key by each node, avoids man-in-the-middle attack in key distribution, and simultaneously improves the freshness, confidentiality, integrity and non-repudiation of the group key.
Drawings
In order to more clearly illustrate the technical solutions of the present invention or the prior art, the drawings needed for the description of the embodiments or the prior art will be briefly described below, and it is obvious that the drawings in the following description are some embodiments of the present invention, and those skilled in the art can also obtain other drawings according to the drawings without creative efforts.
FIG. 1 is a flow chart illustrating a key management method provided by the present invention;
FIG. 2 is a first diagram illustrating a tree structure provided by the present invention;
FIG. 3 is a second schematic structural diagram of a tree structure provided by the present invention;
FIG. 4 is a third schematic structural diagram of a tree structure provided by the present invention;
FIG. 5 is a schematic diagram of a key management device according to the present invention;
fig. 6 is a schematic structural diagram of an electronic device provided in the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention clearer, the technical solutions of the present invention will be clearly and completely described below with reference to the accompanying drawings, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
The following describes the key management method, apparatus, electronic device and storage medium of the present invention in detail by using embodiments with reference to fig. 1 to 6.
Fig. 1 is a schematic flowchart of a key management method provided by the present invention, and as shown in fig. 1, the key management method provided by the present invention is applied to group communication, and connections between group members adopt a tree structure, including:
step S110, based on a preset trigger item, generating a new group key according to the group key when the trigger item occurs and a random number or an identity of a newly added node in the tree structure, and completing updating of the group key when the trigger item occurs;
the trigger items comprise node joining, node leaving, a preset time period, subgroup leaving and subgroup joining, and the random numbers are generated by root nodes in a tree structure.
In a specific embodiment, nodes of a tree structure correspond to group members one to one, the group members include a group manager and group members, a root node in the tree structure corresponds to a highest manager representing the whole group in the group manager, each non-leaf node except the root node in the tree structure corresponds to a highest manager representing a subgroup in the group manager, and leaf nodes in the tree structure correspond to group members representing the group members in the group members; each node except the root node in the tree structure has one father node, and each node except the leaf nodes in the tree structure has at least one child node. The preset trigger item refers to a condition for triggering real-time update of the group key, and once the trigger item appears, the group key is updated, mainly including change of group members in the group or a preset timing update period. The group key is used for communication between groups, and the non-leaf nodes are used for maintaining own individual keys and group keys and storing the group keys of all nodes from own parent nodes to the root node.
In this embodiment, when the triggering item occurs as node joining or subgroup joining, the non-leaf nodes in the tree structure generate respective new group keys according to the respective group keys when the triggering item occurs and the identity of the newly added node in the tree structure; when the triggering items are node leaving, subgroup leaving and a preset time period, the non-leaf nodes in the tree structure generate respective new group keys according to respective group keys and random numbers when the triggering items occur, wherein the random numbers are generated by root nodes in the tree structure.
The key management method provided by the invention is characterized in that based on a preset trigger item, non-leaf nodes in a tree structure complete the updating of respective group keys according to the respective group keys when the trigger item occurs; the invention independently completes the update of each group key by each node, avoids man-in-the-middle attack in key distribution, and simultaneously improves the freshness, confidentiality, integrity and non-repudiation of the group key.
In a specific embodiment, according to the key management method provided by the present invention, before the generating a new group key based on a preset trigger item according to the group key when the trigger item occurs and a random number or an identity of a newly added node in the tree structure, and completing updating the group key when the trigger item occurs, the method further includes:
an individual key initialization step, namely generating respective seed keys and individual keys of respective child nodes by non-leaf nodes in a tree structure, and distributing the individual keys of the respective child nodes to the respective child nodes;
and initializing a group key, namely generating respective group keys by the non-leaf nodes based on the respective seed keys generated by the non-leaf nodes and the individual keys of the respective child nodes, and distributing the respective group keys to the leaf nodes of the tree structure layer by layer.
In the present embodiment, the individual key is used for distribution of the group key, and the leaf node stores the individual key of itself and the group key of all nodes from the parent node of itself to the root node.
In this embodiment, the initialization of the individual key and the group key is completed for all nodes on the tree structure, the respective seed key and the individual key of the respective child node are generated by the non-leaf nodes in the tree structure, the respective group key is generated by the non-leaf nodes based on the respective seed key and the individual key of the respective child node generated by the non-leaf nodes, and the generated group key is distributed layer by layer to the leaf nodes of the tree structure by the non-leaf nodes.
It should be emphasized that the layer-by-layer distribution in this application means that the group keys of all nodes from the own node to the root node are distributed to the own child nodes in sequence from the root node until the leaf nodes in the tree structure, and the distribution process is finished.
The key management method provided by the invention further discloses the personal key initialization step and the group key initialization step, thereby powerfully supporting the updating of the subsequent group key, avoiding man-in-the-middle attack in key distribution, and simultaneously improving the freshness, confidentiality, integrity and non-repudiation of the group key.
In a specific embodiment, according to the key management method provided by the present invention, the generating respective seed keys and respective individual keys of child nodes by non-leaf nodes in a tree structure, and distributing the individual keys of the respective child nodes to the respective child nodes specifically includes:
all nodes except the root node in the tree structure perform identity authentication with respective father nodes and negotiate respective session keys;
calling a random number generation function by the non-leaf node to generate respective seed keys;
calling a key derivation function by the non-leaf nodes to generate individual keys of the respective child nodes based on the identity of the child nodes of the non-leaf nodes and the seed keys of the non-leaf nodes;
sending, by the non-leaf nodes, the individual keys of the respective child nodes to the respective child nodes based on the session key.
In this embodiment, all nodes except the root node in the tree structure perform identity authentication with their respective parent nodes and negotiate out their respective session keys; calling a random number generation function (PRF) by a non-leaf node to generate respective seed keys, wherein the PRF comprises but is not limited to a noise chip, a pseudo-random number generator and sampling; based on the identity of the child node of the non-leaf node and the seed Key of the non-leaf node, calling a Key derivation function KDF (Key derivation Functions) by the non-leaf node to generate the personal Key of each child node, wherein the Key derivation function KDF includes but is not limited to a HASH function, an HMAC function, a symmetric cryptographic algorithm, an asymmetric cryptographic algorithm, and a pseudo-random number generator, which is not specifically limited in the present invention; and calling an encryption authentication function CE-Enc () by the non-leaf node according to the session key negotiated with each child node to encrypt and authenticate the personal key of each child node to generate a ciphertext C and a commitment value T of the personal key of each child node, and sending the ciphertext C and the commitment value T to each child node. In addition, the individual key of the root node in the tree structure is generated by calling a random number generation function PRF, or a key derivation function KDF is called according to the seed key and the identity of the individual key.
The key management method provided by the invention strongly supports the updating of the subsequent group key by further disclosing the specific implementation path of the individual key initialization step, avoids man-in-the-middle attack in key distribution, and simultaneously improves the freshness, confidentiality, integrity and non-repudiation of the group key.
In a specific embodiment, according to the key management method provided by the present invention, after the sending, by the non-leaf node, the individual key of the respective child node to the respective child node based on the session key, the method further includes:
verifying, by child nodes of the non-leaf nodes, respective personal keys based on respective session keys;
and if the verification is passed, the child nodes of the non-leaf nodes store the respective personal keys.
In the embodiment, the child nodes of the non-leaf nodes call the encryption authentication function CE-Dec () to generate the plaintext M of the personal key of the child node according to the respective session key, the received ciphertext C and the commitment value T of the personal key, and call the encryption authentication function CE-Ver () to verify the integrity and the authenticity of the plaintext M of the respective personal key according to the respective session key, the plaintext M and the commitment value T; and if the verification is passed, the child nodes of the non-leaf nodes store the respective personal keys, if the verification is not passed, the child nodes of the non-leaf nodes generate key error messages and send the key error messages to the respective father nodes.
The key management method provided by the invention further discloses the verification step of the individual key in the individual key initialization step, improves the safety of the individual key, and powerfully supports the confidentiality, the integrity and the non-repudiation of the group key.
In order to better explain the personal key initialization step, in this embodiment, assuming that the height of the tree structure is h, and h is a positive integer greater than or equal to 2, the whole process of the personal key initialization step includes: the nodes with the height of 2 to h and the corresponding father nodes carry out identity authentication and negotiate out respective session keys; nodes with the height of 1 to h-1 call a random number generation function PRF (pseudo random Functions) to generate respective seed keys; the nodes with the height of 1 to h-1 call a Key derivation function KDF (Key derived Functions) to calculate the personal keys of the child nodes according to the identity identifications of the child nodes and the seed keys of the child nodes; the nodes with the height of 1 to h-1 call an encryption authentication function CE-Enc () according to the session key negotiated with each child node and the personal key of each child node to generate a ciphertext C and a commitment value T of the personal key of each child node, and distribute the ciphertext C and the commitment value T of the personal key of the corresponding child node to each child node; respective child nodes of the nodes with the height of 1 to h-1 call an encryption authentication function CE-Dec () to generate plaintext M of respective personal keys based on respective session keys, and received ciphertext C and commitment value T of respective personal keys, and call the encryption authentication function CE-Ver () to verify the integrity and authenticity of respective personal keys according to the respective session keys, the plaintext M of respective personal keys and the commitment value T; and if the verification is not passed, the child nodes of the non-leaf nodes generate key error messages and send the key error messages to respective father nodes.
To better illustrate the personal key initialization step. In this embodiment, fig. 2 is a first schematic structural diagram of a tree structure provided by the present invention, and as shown in fig. 2, the height of the tree structure is taken as 4, and at the same time:
u 1,1 the manager represents the layer 1, the level 1 user, namely the whole group;
u x,y represents the xth user of the xth layer;
ID x,y represents u x,y The identity of (2);
k x,y represents u x,y The personal key of (1);
gk x,y denotes u x,y A maintained group key;
sk x,y represents u x,y A session key negotiated with a parent node of the user;
Figure BDA0003749070410000161
representing group key gk x,y Updating the state after z times, wherein the z values of different nodes can be the same or different;
GK: all group keys from the root node to a node;
CE-Enc (k, m) represents the generation of ciphertext C and commitment value T by performing verifiable encryption on message m using key k; the CE-Enc () may be encrypted by a symmetric cryptographic algorithm or an asymmetric cryptographic algorithm, and the commitment value may be a symmetric algorithm, a HASH, an asymmetric algorithm, a code, or the like, which is not specifically limited in the present invention.
CE-Dec (k, C, T) represents performing decryptable verification on ciphertext C and commitment value T using key k; CE-Dec () corresponds to CE-Enc () and decryption verification is performed using an algorithm corresponding to CE-Enc ().
CE-Ver (k, m, T) represents the integrity and authenticity verification of the message m using the key k and the commitment value T; CE-Ver () corresponds to CE-Enc () and is verified using an algorithm corresponding to CE-Enc ().
h represents the height of the key tree;
Figure BDA0003749070410000162
represents an exclusive or operation;
| represents join operation;
s x,y denotes u x,y The seed key of (1);
u childrenix,y represents u x,y The ith child node of (2);
t represents a key updating mark, and t = t + random number during key updating;
r represents by u 1,1 The generated random number is used for key updating or timing key updating when the user leaves.
The above settings are applicable to all embodiments in the present application, and are not described in detail in other embodiments.
The overall process steps of the personal key initialization step specifically include:
1. node u 2,1 ~u 4,10 Identity authentication is carried out with respective father node and respective session key sk is negotiated 2,1 ~sk 4,10
2. Node u 1,1 ~u 3,4 Calling a random number generating function PRF () to generate respective seed keys s 1,1 ~s 3,4 =PRF()。
3. Node u i,1 ~u 3,4 Calculate respective child node u 2,1 ~u 4,10 Personal key k of 2,1 ~k 4,10 . By node u 1,1 Calculating own child node u 2,1 Personal key k 2,1 For example, node u 1,1 According to own child node u 2,1 ID of 2,1 Its own seed key s 1,1 Calling key derivation function KDF to generate own child node u 2,1 Personal key k of 2,1 ,k 2,1 =KDF(ID 2,1 ,s 1,1 ). Node u 2,2 ~u 4,10 Personal key k of 2,2 ~k 4,10 The calculation method is analogized by the following steps:
k 2,2 =KDF(ID 2,2 ,s 1,1 );
k 3,1 =KDF(ID 3,1 ,s 2,1 );
k 3,2 =KDF(ID 3,2 ,s 2,1 );
k 3,3 =KDF(ID 3,3 ,s 2,2 );
k 3,4 =KDF(ID 3,4 ,s 2,2 );
k 4,1 =KDF(ID 4,1 ,s 3,1 );
k 4,2 =KDF(ID 4,2 ,s 3,1 );
k 4,3 =KDF(ID 4,3 ,s 3,1 );
k 4,4 =KDF(ID 4,4 ,s 3,2 );
k 4,5 =KDF(ID 4,5 ,s 3,2 );
k 4,6 =KDF(ID 4,6 ,s 3,2 );
k 4,7 =KDF(ID 4,7 ,s 3,3 );
k 4,8 =KDF(ID 4,8 ,s 3,3 );
k 4,9 =KDF(ID 4,9 ,s 3,4 );
k 4,10 =KDF(ID 4,10 ,s 3,4 )。
4. node u 1,1 ~u 3,4 To respective child node u 2,1 ~u 4,10 Distributing the corresponding personal key k 2,1 ~k 4,10 . By node u 1,1 To own child node u 2,1 Distributing a personal key k 2,1 For example, node u 1,1 According to the child node u 2,1 Negotiated session key sk 2,1 Node u of its own child 2,1 Personal key k of 2,1 Calling the encryption authentication function CE-Enc () to generate the individual key k 2,1 Cipher text C of 2,1 And a commitment value T 2,1 And C is 2,1 And a commitment value T 2,1 Child node u sent to itself 2,1 ,u 1,1 →u 2,1 :C 2,1 ||T 2,1 =CE-Enc(sk 2,1 ,k 2,1 ). Node u 1,1 ~u 3,4 The process is repeated:
u 1,1 →u 2,2 :C 2,2 ||T 2,2 =CE-Enc(sk 2,2 ,k 2,2 );
u 2,1 →u 3,1 :C 3,1 ||T 3,1 =CE-Enc(sk 3,1 ,k 3,1 );
u 2,1 →u 3,2 :C 3,2 ||T 3,2 =CE-Enc(sk 3,2 ,k 3,2 );
u 2,2 →u 3,3 :C 3,3 ||T 3,3 =CE-Enc(sk 3,3 ,k 3,3 );
u 2,2 →u 3,4 :C 3,4 ||T 3,4 =CE-Enc(sk 3,4 ,k 3,4 );
u 3,1 →u 4,1 :C 4,1 ||T 4,1 =CE-Enc(sk 4,1 ,k 4,1 );
u 3,1 →u 4,2 :C 4,2 ||T 4,2 =CE-Enc(sk 4,2 ,k 4,2 );
u 3,1 →u 4,3 :C 4,3 ||T 4,3 =CE-Enc(sk 4,3 ,k 4,3 );
u 3,2 →u 4,4 :C 4,4 ||T 4,4 =CE-Enc(sk 4,4 ,k 4,4 );
u 3,2 →u 4,5 :C 4,5 ||T 4,5 =CE-Enc(sk 4,5 ,k 4,5 );
u 3,2 →u 4,6 :C 4,6 ||T 4,6 =CE-Enc(sk 4,6 ,k 4,6 );
u 3,3 →u 4,7 :C 4,7 ||T 4,7 =CE-Enc(sk 4,7 ,k 4,7 );
u 3,3 →u 4,8 :C 4,8 ||T 4,8 =CE-Enc(sk 4,8 ,k 4,8 );
u 3,4 →u 4,9 :C 4,9 ||T 4,9 =CE-Enc(sk 4,9 ,k 4,9 );
u 3,4 →u 4,10 :C 4,10 ||T 4,10 =CE-Enc(sk 4,10 ,k 4,10 )。
5. node u 2,1 ~u 4,10 For individual key k 2,1 ~k 4,10 Integrity and authenticity verification is performed. By node u 2,1 For individual key k 2,1 For integrity and authenticity verification, node u 2,1 According to the session key sk 2,1 Personal key k received in step 4 2,1 Cipher text C of 2,1 And a commitment value T 2,1 Calling encryption authentication function CE-Dec () to generate individual key k 2,1 Clear text M of 2,1 ,u 2,1 :M 2,1 =CE-Dec(sk 2,1 ,C 2,1 ,T 2,1 ) According to the session key sk 2,1 Personal key k 2,1 Clear text M of 2,1 A commitment value T 2,1 Calling encryption authentication function CE-Ver () to personal key k 2,1 Carry out integrity and authenticity verification u 2,1 :CE-Ver(sk 2,1 ,M 2,1 ,T 2,1 ). If the verification passes, u 2,1 Personal key k 2,1 Saving, if the verification fails, u 2,1 Generating a key error message and sending the key error message to u 1,1 . Node u 2,2 ~u 4,10 The same operations are performed:
u 2,2 :M 2,2 =CE-Dec(sk 2,2 ,C 2,2 ,T 2,2 );
u 2,2 :CE-Ver(sk 2,2 ,M 2,2 ,T 2,2 );
u 3,1 :M 3,1 =CE-Dec(sk 3,1 ,C 3,1 ,T 3,1 );
u 3,1 :CE-Ver(sk 3,1 ,M 3,1 ,T 3,1 );
u 3,2 :M 3,2 =CE-Dec(sk 3,2 ,C 3,2 ,T 3,2 );
u 3,2 :CE-Ver(sk 3,2 ,M 3,2 ,T 3,2 );
u 3,3 :M 3,3 =CE-Dec(sk 3,3 ,C 3,3 ,T 3,3 );
u 3,3 :CE-Ver(sk 3,3 ,M 3,3 ,T 3,3 );
u 3,4 :M 3,4 =CE-Dec(sk 3,4 ,C 3,4 ,T 3,4 );
u 3,4 :CE-Ver(sk 3,4 ,M 3,4 ,T 3,4 );
u 4,1 :M 4,1 =CE-Dec(sk 4,1 ,C 4,1 ,T 4,1 );
u 4,1 :CE-Ver(sk 4,1 ,M 4,1 ,T 4,1 );
u 4,2 :M 4,2 =CE-Dec(sk 4,2 ,C 4,2 ,T 4,2 );
u 4,2 :CE-Ver(sk 4,2 ,M 4,2 ,T 4,2 );
u 4,3 :M 4,3 =CE-Dec(sk 4,3 ,C 4,3 ,T 4,3 );
u 4,3 :CE-Ver(sk 4,3 ,M 4,3 ,T 4,3 );
u 4,4 :M 4,4 =CE-Dec(sk 4,4 ,C 4,4 ,T 4,4 );
u 4,4 :CE-Ver(sk 4,4 ,M 4,4 ,T 4,4 );
u 4,5 :M 4,5 =CE-Dec(sk 4,5 ,C 4,5 ,T 4,5 );
u 4,5 :CE-Ver(sk 4,5 ,M 4,5 ,T 4,5 );
u 4,6 :M 4,6 =CE-Dec(sk 4,6 ,C 4,6 ,T 4,6 );
u 4,6 :CE-Ver(sk 4,6 ,M 4,6, T 4,6 );
u 4,7 :M 4,7 =CE-Dec(sk 4,7 ,C 4,7 ,T 4,7 );
u 4,7 :CE-Ver(sk 4,7 ,M 4,7 ,T 4,7 );
u 4,8 :M 4,8 =CE-Dec(sk 4,8 ,C 4,8 ,T 4,8 );
u 4,8 :CE-Ver(sk 4,8 ,M 4,8 ,T 4,8 );
u 4,9 :M 4,9 =CE-Dec(sk 4,9 ,C 4,9 ,T 4,9 );
u 4,9 :CE-Ver(sk 4,9 ,M 4,9 ,T 4,9 );
u 4,10 :M 4,10 =CE-Dec(sk 4,10 ,C 4,10 ,T 4,10 );
u 4,10 :CE-Ver(sk 4,10 ,M 4,10 ,T 4,10 )。
in a specific embodiment, according to the key management method provided by the present invention, the generating, by the non-leaf node, a respective group key based on the respective seed key generated by the non-leaf node and the respective individual key of the child node, and distributing the respective group key to the leaf nodes of the tree structure layer by layer specifically includes:
calling a random number generation function by the root node of the tree structure to generate a random number initial state value;
calling, by the non-leaf nodes, key derivation functions to generate respective group keys based on the respective seed keys generated by the non-leaf nodes and the individual keys of the respective child nodes;
distributing group keys and initial random number values of all nodes from the node to the root node to the child nodes by all nodes including the root node except the leaf child nodes and the father nodes of the leaf nodes in the tree structure;
the parent node of the leaf node in the tree structure distributes the group keys of all nodes from the self node to the root node to the respective child nodes.
In this embodiment, a root node of a tree structure calls a random number generation function PRF to generate a random number initial state value; based on respective seed keys generated by the non-leaf nodes and individual keys of respective child nodes, calling a key derivation function KDF by the non-leaf nodes to generate respective group keys; all nodes including root nodes except leaf nodes and father nodes of the leaf nodes in the tree structure call an encryption authentication function CE-Enc () to carry out encryption authentication on the group keys of all the nodes and the initial random number values according to personal keys of respective children, the group keys of all the nodes from the node to the root node and the initial random number values, generate ciphertext C and a commitment value T of the initial random number values and send the group keys of all the nodes and the ciphertext C and the commitment value T of the initial random number values to the respective child nodes; and calling an encryption authentication function CE-Enc () by a father node of a leaf node in the tree structure according to the individual key of each child node to carry out encryption authentication on the group keys of all nodes from the father node to the root node so as to generate a ciphertext C and a commitment value T of the group keys of all nodes from the father node to the root node, and sending the ciphertext C and the commitment value T to each child node.
The key management method provided by the invention strongly supports the updating of the subsequent group key by further disclosing the specific implementation path of the group key initialization step, avoids man-in-the-middle attack in key distribution, and simultaneously improves the freshness, confidentiality, integrity and non-repudiation of the group key.
In an embodiment, according to the key management method provided by the present invention, after the distributing the group key and the initial random number value of all nodes from the self node to the root node, the method further includes:
verifying the group key and the initial random number value of all nodes from the parent node to the root node of each child node except the parent node of the leaf node and the parent node of the leaf node in the tree structure based on each individual key;
and after verification is passed, the child nodes of all nodes including the root node except the parent nodes of the leaf nodes and the parent nodes of the leaf nodes in the tree structure store the group keys and the random number initial state values of all nodes from the parent nodes to the root node, which are received by the child nodes respectively.
In the embodiment, the group keys of all nodes from the parent node to the root node and the ciphertexts C and the commitment values T of the random number initial state values are received by the child nodes of all nodes including the root node except the parent node of the leaf node and the parent node of the leaf node in the tree structure according to respective individual keys, the encryption authentication function CE-Dec () is called to generate the group keys of all nodes from the parent node to the root node and the plaintext M of the random number initial state values, and the encryption authentication function CE-Ver () is called according to the respective individual keys, the plaintext M and the commitment values T to verify the group keys and the random number initial state values of all nodes from the parent node to the root node; and after verification is passed, the child nodes of all nodes including the root node except the leaf child nodes and the parent nodes of the leaf nodes in the tree structure store the group keys and the random initial state values of all nodes from the parent nodes to the root node, which are received by the child nodes respectively.
According to the key management method provided by the invention, the verification steps of the group keys and the initial random number values of the group keys of all nodes from the parent node to the root node, which are respectively received by the child nodes of all nodes including the root node except the leaf child nodes and the parent nodes of the leaf nodes in the tree structure in the initialization step of the group key, are further disclosed, so that the security of the group key is improved, and the confidentiality, the integrity and the non-repudiation of the group key are powerfully supported.
In a specific embodiment, according to the key management method provided by the present invention, after the distributing the group key of all nodes from the self node to the root node, the method further includes:
verifying, by the leaf nodes in the tree structure, the received group keys of all nodes from the self node to the root node, which are sent by the respective parent nodes, based on the respective individual keys;
and after the verification is passed, the leaf child nodes in the tree structure store the received group keys of all the nodes from the self node to the root node, which are sent by the respective parent nodes.
In the embodiment, the leaf nodes in the tree structure call an encryption authentication function CE-Dec () according to the respective individual key, the received ciphertext C and the commitment value T of the group key of all the nodes from the self node to the root node, which are sent by the respective parent node, to generate a plaintext M of the group key of all the nodes from the self node to the root node, and call an encryption authentication function CE-Ver () according to the respective individual key, the plaintext M and the commitment value T to verify the group key of all the nodes from the self node to the root node, which is sent by the respective parent node; and if the verification is passed, the leaf nodes in the tree structure store the received group keys of all the nodes from the self node to the root node, which are sent by the respective father nodes, and if the verification is not passed, the leaf nodes in the tree structure generate key error messages and send the key error messages to the respective father nodes.
The key management method provided by the invention further discloses the verification step of the group keys of all the nodes from the self node to the root node, which are sent by the leaf child nodes in the tree structure to the respective parent nodes in the initialization step of the group keys, so that the security of the group keys is improved, and the confidentiality, the integrity and the non-repudiation of the group keys are powerfully supported.
To better explain the group key initialization step, in this embodiment, assuming that the height of the tree structure is h, and h is a positive integer greater than or equal to 2, the overall flow of the group key initialization step includes: a root node in the key tree structure calls a random number generation function PRF to generate a random number initial state value; the nodes with the height of 1 to h-1 call a key derivation function KDF to generate respective group keys according to respective seed keys and respective individual keys of child nodes; the distributing, by the nodes with a height of 1 to a height of h-2, the group keys and the initial random number values of all nodes from their own node to the root node to their respective child nodes includes: the nodes with the height of 1 to h-2 call an encryption authentication function CE-Enc () to generate the group keys of all the nodes from the respective nodes to the root node, the ciphertexts C and the commitment values T of the random number initial values according to the personal keys of the respective child nodes, the group keys of all the nodes from the respective nodes to the root node and the random number initial values, and distribute the corresponding group keys of all the nodes from the respective nodes to the root node and the ciphertexts C and the commitment values T of the random number initial values to the respective child nodes; the integrity and authenticity verification of the group key and the initial random number value of all nodes from the parent node to the root node by the respective child nodes of the nodes with the height of 1 to h-2 based on the respective individual keys specifically comprises the following steps: calling an encryption authentication function CE-Dec () by respective child nodes of the nodes with the height of 1 to h-2 according to respective individual keys, received group keys of all nodes from respective parent nodes to a root node and a ciphertext C and a commitment value T of a random number initial state value to generate group keys of all nodes from respective parent nodes to the root node and a plaintext M of the random number initial state value, calling an encryption authentication function CE-Ver () according to the respective individual keys, the plaintext M and the commitment value T to perform integrity and authenticity verification on the group keys of all nodes from respective parent nodes to the root node and the random number initial state value, if the verification is passed, storing the group keys of all nodes from respective parent nodes to the root node and the random number initial state value by respective child nodes of the nodes with the height of 1 to h-2, and if the verification is not passed, generating error messages by respective child nodes of the nodes with the height of 1 to h-2 to send the respective parent nodes; distributing the group key of all nodes from the own node to the root node to the respective child nodes by the nodes with the height h-1, specifically comprising: the nodes with the height h-1 call an encryption authentication function CE-Enc () to carry out encryption authentication on the group keys of all the nodes from the respective self nodes to the root node according to the individual keys of the respective child nodes, generate the ciphertext C and the commitment value T of the group keys of all the nodes from the respective self nodes to the root node, and send the ciphertext C and the commitment value T of the group keys of all the nodes from the respective self nodes to the root node to the respective child nodes; the integrity and authenticity verification of the group key of all the nodes from the parent node to the root node by the child nodes of the node with the height h-1 specifically comprises the following steps: and calling an encryption authentication function CE-Dec () by respective child nodes of the nodes with the height h-1 to generate plaintext M of the group keys of all the nodes from respective parent nodes to the root node according to respective personal keys and received ciphertext C and commitment value T of the group keys of all the nodes from respective parent nodes to the root node, calling an encryption authentication function CE-Ver () to verify the integrity and authenticity of the group keys of all the nodes from respective parent nodes to the root node according to the respective personal keys, the plaintext M and the commitment value T of the group keys of all the nodes from respective parent nodes to the root node, if the group keys are verified, storing the group keys of all the nodes from respective parent nodes to the root node by the respective child nodes of the nodes with the height h-1, and if the group keys are not verified, generating key error messages by the respective child nodes of the nodes with the height h-1 to send the respective parent nodes.
To better illustrate the group key initialization procedure. In this embodiment, fig. 2 is a schematic structural diagram of a tree structure provided by the present invention, as shown in fig. 2, if the height of the tree structure is 4 and the same setting is taken, the overall flow of the group key initialization step specifically includes:
1. highest management node u 1,1 Calling a random number generation function PRF to generate a random number initial state value r 0 =PRF()。
2. Node u 1,1 ~u 3,4 Computing group keys
Figure BDA0003749070410000241
By node u 1,1 Computing group keys
Figure BDA0003749070410000242
For example, node u 1,1 According to the seed key s 1,1 Personal key k of child node 2,1 、k 2,2 Invoking KDF function to generate group key
Figure BDA0003749070410000251
Figure BDA0003749070410000252
Node u 2,1 ~u 3,4 The same operations are performed:
u 2,1
Figure BDA0003749070410000253
u 2,2
Figure BDA0003749070410000254
u 3,1
Figure BDA0003749070410000255
u 3,2
Figure BDA0003749070410000256
u 3,3
Figure BDA0003749070410000257
u 3,4
Figure BDA0003749070410000258
3. node u 1,1 ~u 2,2 To child node u 2,1 ~u 3,4 Distributing groupsSecret key GK and random number initial state value r 0
By node u 1,1 To child node u 2,1 Distributing group keys
Figure BDA0003749070410000259
And a random number initial state value r 0 For example, node u 1,1 According to child node u 2,1 Personal key k of 2,1 Group key
Figure BDA00037490704100002510
And a random number initial state value r 0 Calling encryption authentication function CE-Enc () to generate group key
Figure BDA00037490704100002511
And a random number initial state value r 0 C of 2,1 And a commitment value T 2,1 And the ciphertext C 2,1 And a commitment value T 2,1 Send to child node u 2,1 ,u 1,1 →u 2,1
Figure BDA00037490704100002512
Node u 1,1 ~u 3,4 The same operations are performed:
u 1,1 →u 2,2
Figure BDA00037490704100002513
u 2,1 →u 3,1
Figure BDA00037490704100002514
u 2,1 →u 3,2
Figure BDA00037490704100002515
u 2,2 →u 3,3
Figure BDA00037490704100002516
u 2,2 →u 3,4
Figure BDA00037490704100002517
4. node u 2,1 ~u 3,4 For group key GK and random number initial state r 0 Integrity and authenticity verification is performed.
By node u 2,1 Pair group key
Figure BDA00037490704100002518
And a random number initial state value r 0 For integrity and authenticity verification, node u 2,1 According to the personal key k 2,1 And the group key received in step 3
Figure BDA0003749070410000261
And a random number initial state value r 0 Cipher text C of 2,1 And a commitment value T 2,1 Generating group key by calling encryption authentication function CE-Dec ()
Figure BDA0003749070410000262
And a random number initial state value r 0 Clear text M of 2,1 ,u 2,1 :M 2,1 =CE-Dec(k 2,1 ,C 2,1 ,T 2,1 ) According to the personal key k 2,1 Plaintext M 2,1 Commitment value T 2,1 Calling encryption authentication function CE-Ver () to group key
Figure BDA0003749070410000263
And a random number initial state value r 0 Carry out integrity and authenticity verification u 2,1 :CE-Ver(k 2,,1 ,M 2,1 ,T 2,1 ). If the verification passes, u 2,1 Group key
Figure BDA0003749070410000264
And a random number initial state value r 0 Preservation ofIf the verification fails, u 2,1 Generating a key error message and sending the key error message to u 1,1 . Node u 2,2 ~u 3,4 The same operations are performed:
u 2,2 :M 2,2 =CE-Dec(k 2,2 ,C 2,2 ,T 2,2 );
u 2,2 :CE-Ver(k 2,2 ,M 2,2 ,T 2,2 );
u 3,1 :M 3,1 =CE-Dec(k 3,1 ,C 3,1 ,T 3,1 );
u 3,1 :CE-Ver(k 3,1 ,M 3,1 ,T 3,1 );
u 3,2 :M 3,2 =CE-Dec(k 3,2 ,C 3,2 ,T 3,2 );
u 3,2 :CE-Ver(k 3,2 ,M 3,2 ,T 3,2 );
u 3,3 :M 3,3 =CE-Dec(k 3,3 ,C 3,3 ,T 3,3 );
u 3,3 :CE-Ver(k 3,3 ,M 3,3 ,T 3,3 );
u 3,4 :M 3,4 =CE-Dec(k 3,4 ,C 3,4 ,T 3,4 );
u 3,4 :CE-Ver(k 3,4 ,M 3,4 ,T 3,4 )。
5. node u 3,1 ~u 3,4 To child node u 4,1 ~u 4,10 The group key GK is distributed.
By node u 3,1 To child node u 4,1 Distributing group keys
Figure BDA0003749070410000265
For example, node u 3,1 According to child node u 4,1 Personal key k of 4,1 Group key
Figure BDA0003749070410000266
Calling encryption authentication function CE-Enc () to generate ciphertext C 4,1 And a commitment value T 4,1 And the ciphertext C 4,1 And a commitment value T 4,1 Sent to child node u 4,1 ,u 3,1 →u 4,1
Figure BDA0003749070410000267
Figure BDA0003749070410000268
Node u 3,1 ~u 3,4 The same operations are performed:
u 3,1 →u 4,2
Figure BDA0003749070410000269
u 3,1 →u 4,3
Figure BDA00037490704100002610
u 3,2 →u 4,4
Figure BDA00037490704100002611
u 3,2 →u 4,5
Figure BDA0003749070410000271
u 3,2 →u 4,6
Figure BDA0003749070410000272
u 3,3 →u 4,7
Figure BDA0003749070410000273
u 3,3 →u 4,8
Figure BDA0003749070410000274
u 3,4 →u 4,9
Figure BDA0003749070410000275
u 3,4 →u 4,10
Figure BDA0003749070410000276
6. node u 4,1 ~u 4,10 And carrying out integrity and authenticity verification on the group key GK.
By node u 4,1 For individual key k 4,1 Group key
Figure BDA0003749070410000277
For integrity and authenticity verification, node u 4,1 According to the personal key k 4,1 And the group key received in step 5
Figure BDA0003749070410000278
Cipher text C of 4,1 And a commitment value T 4,1 Generating group key by calling encryption authentication function CE-Dec ()
Figure BDA0003749070410000279
Clear text M of 4,1 ,u 4,1 :M 4,1 =CE-Dec(k 4,1 ,C 4,1 ,T 4,1 ) According to the personal key k 4,1 Group key
Figure BDA00037490704100002710
Clear text M of 4,1 A commitment value T 4,1 Calling encryption authentication function CE-Ver () to group key
Figure BDA00037490704100002711
Performing integrity and authenticity verification, u 4,1 :CE-Ver(k 4,1 ,M 4,1 ,T 4,1 ). If the verification passes, u 4,1 Group key
Figure BDA00037490704100002712
Saving, if the verification fails, u 4,1 Generating a key error message and sending the key error message to u 3,1 . Node u 4,2 ~u 4,10 The same operations are performed:
u 4,2 :M 4,2 =CE-Dec(k 4,2 ,C 4,2 ,T 4,2 );
u 4,2 :CE-Ver(k 4,2 ,M 4,2 ,T 4,2 );
u 4,3 :M 4,3 =CE-Dec(k 4,3 ,C 4,3 ,T 4,3 );
u 4,3 :CE-Ver(k 4,3 ,M 4,3 ,T 4,3 );
u 4,4 :M 4,4 =CE-Dec(k 4,4 ,C 4,4 ,T 4,4 );
u 4,4 :CE-Ver(k 4,4 ,M 4,4 ,T 4,4 );
u 4,5 :M 4,5 =CE-Dec(k 4,5 ,C 4,5 ,T 4,5 );
u 4,5 :CE-Ver(k 4,5 ,M 4,5 ,T 4,5 );
u 4,6 :M 4,6 =CE-Dec(k 4.6 ,C 4,6 ,T 4,6 );
u 4,6 :CE-Ver(k 4,6 ,M 4,6 ,T 4,6 );
u 4,7 :M 4,7 =CE-Dec(k 4,7 ,C 4,7 ,T 4,7 );
u 4,7 :CE-Ver(k 4,7 ,M 4,7 ,T 4,7 );
u 4,8 :M 4,8 =CE-Dec(k 4,8 ,C 4,8 ,T 4,8 );
u 4,8 :CE-Ver(k 4,8 ,M 4,8 ,T 4,8 );
u 4,9 :M 4,9 =CE-Dec(k 4,9 ,C 4,9 ,T 4,9 );
u 4,9 :CE-Ver(k 4,9 ,M 4,9 ,T 4,9 );
u 4,10 :M 4,10 =CE-Dec(k 4,10 ,C 4,10 ,T 4,10 );
u 4,10 :CE-Ver(k 4,10 ,M 4,10 ,T 4,10 )。
in a specific embodiment, according to the key management method provided by the present invention, the preset trigger item is a node join, and correspondingly, the new group key is generated according to the group key when the trigger item occurs, and the random number or the identity of the node newly added in the tree structure, and the update of the group key when the trigger item occurs is completed, which specifically includes:
generating a personal key of a newly added node by a father node of the newly added node, and sending the personal key of the newly added node to the newly added node;
based on the stored group keys and the identity identification of the newly added node when the node is added, calling a key derivation function by a non-leaf node of the tree structure, updating the stored group keys by itself, and sending the updated group keys of all nodes from the node to a root node to the leaf node by a parent node of the leaf node, wherein the updated group keys stored by the non-leaf node comprise the respective group keys;
or based on the respective group key when the node is added and the identity of the newly added node, calling a key derivation function by a non-leaf node of the tree structure, updating the respective group key by itself, and distributing the updated group keys of all nodes from the node to the root node layer by layer to the leaf nodes of the tree structure by the non-leaf node;
or the nodes in the tree structure call a key derivation function to update the respective stored group keys according to the respective stored group keys when the nodes are added and the identity of the newly added node, and the parent node of the newly added node sends the updated group keys of all nodes from the node to the root node to the newly added node.
In this embodiment, the newly added node defaults to a leaf node in the tree structure, and if the newly added node is a non-leaf node in the tree structure, it is processed as subgroup addition.
In this embodiment, first, a parent node of a newly added node generates an individual key of the newly added node, and sends the generated individual key of the newly added node to the newly added node; then, the group key of the tree structure is updated, and at this time, there are three update paths including:
the first node joins in the group key updating path, based on the stored group key and the identity of the newly joined node when the node joins in, the non-leaf node of the tree structure calls the key derivation function to update the stored group key, and the father node of the leaf node sends the updated group key of all nodes from the self node to the root node to the leaf node including the newly joined node, wherein the group key stored by the non-leaf node includes the group key;
the second node joins in a group key updating path, based on respective group keys when the nodes are joined and the identity identification of the newly joined node, a key derivation function is called by a non-leaf node of the tree structure, the respective group keys are updated by self, and the updated group keys of all nodes from the self node to the root node are distributed to leaf nodes of the tree structure including the newly joined node layer by the non-leaf node;
and a third node is added into the group key updating path, and the nodes in the tree structure call a key derivation function to update the respective stored group keys according to the respective stored group keys when the nodes are added and the identity of the newly added node.
In this embodiment, a first group key update path is taken as an example for expansion, and non-leaf nodes in a tree structure call a key derivation function KDF to generate a new group key according to an original group key stored in each node when a node is added, an identity of a newly added node, and/or a key update flag; and the parent node of the newly added node calls an encryption authentication function CE-Enc () according to the personal key of the newly added node to carry out encryption authentication on the group keys of all the nodes from the parent node of the newly added node to the root node, generates the ciphertext C and the commitment value T of the group keys of all the nodes from the parent node of the newly added node to the root node, and sends the ciphertext C and the commitment value T of the group keys of all the nodes from the parent node of the newly added node to the root node to the newly added node. The key update flag is used to mark key update, and is generally expressed by the number of key updates, but is not limited to the number of key updates. When generating the group key, the key updating mark is an optional parameter and is not an optional parameter; when the node changes, the updating mode of the key updating mark is the original key updating mark value plus a random number. The key update marks of different nodes may be the same or different, and the present invention is not limited thereto.
That is to say, when the preset trigger is node joining, the group key with changed group relationship must be updated, and other group keys without change may or may not be updated, which is not limited in the present invention. The new group key can be generated by the nodes calling key derivation functions respectively; or generating a new group key by a non-leaf node and distributing the new group key to leaf nodes of a tree structure layer by layer; or generating a new group key by a non-leaf node, and distributing the new group key to leaf nodes of the tree structure by parent nodes of the leaf nodes; the group key may also be updated in a manner combining the above manners, which is not limited in the present invention.
The key management method further discloses the updating step of the group key when the preset triggering item is added into the node, further explains the process that each node independently completes the updating of each group key, and improves the security and confidentiality of the group key.
In a specific embodiment, according to the key management method provided by the present invention, the generating, by a parent node of a newly joining node, an individual key of the newly joining node, and sending the individual key of the newly joining node to the newly joining node specifically includes:
the newly added node and the father node of the newly added node carry out identity authentication and negotiate out a session key;
based on the identity of the newly added node and the seed key of the father node of the newly added node, calling a key derivation function by the father node of the newly added node to generate a personal key of the newly added node;
and sending the generated individual key of the newly-added node to the newly-added node by the parent node of the newly-added node based on the session key.
In this embodiment, the newly added node performs identity authentication with its own parent node and negotiates a session key; the father node of the newly added node calls a key derivation function KDF to generate an individual key of the newly added node according to the identity of the newly added node and the seed key of the father node; and the parent node of the newly added node calls an encryption authentication function CE-Enc () to generate a ciphertext C and a commitment value T of the personal key of the newly added node according to the session key negotiated with the child node, namely the newly added node and the personal key of the newly added node, and sends the ciphertext C and the commitment value T of the personal key of the newly added node to the newly added node.
According to the key management method provided by the invention, through further disclosing the generation step of the personal key of the newly added node in the group key updating when the preset trigger item is the node, the support is provided for each subsequent node to independently complete the updating of the respective group key, and the safety and confidentiality of the group key are improved.
In a specific embodiment, according to the key management method provided by the present invention, after the parent node of the newly joining node sends the generated individual key of the newly joining node to the newly joining node, the method further includes:
verifying the personal key of the new joining node based on the session key;
and the newly added node stores the received personal key of the newly added node after passing the verification.
In the embodiment, the newly added node calls an encryption authentication function CE-Dec () to generate a plaintext M of the personal key according to the session key negotiated with the parent node of the newly added node and the received ciphertext C and the commitment value T of the personal key, and calls the encryption authentication function CE-Ver () to verify the personal key of the newly added node according to the session key, the plaintext M of the personal key and the commitment value T; and if the verification is passed, the newly added node stores the received personal key, and if the verification is not passed, the newly added node generates a key error message and sends the key error message to the father node of the new access node.
According to the key management method provided by the invention, the safety of the personal key is improved and the update of the group key is powerfully supported by further disclosing the preset triggering item as the verification step of the personal key of the newly added node generated when the node is added.
In a specific embodiment, according to the key management method provided by the present invention, after the non-leaf node distributes the updated group keys of all nodes from its own node to the root node layer by layer to the leaf node, the method further includes:
verifying the updated group keys of all nodes from the father node to the root node, which are received by the nodes of the tree structure;
and after verification is passed, the node of the tree structure stores the updated group keys of all the nodes from the parent node to the root node after the update is received by the node of the tree structure.
In this embodiment, the leaf node in the tree structure including the newly added node verifies the group keys of all the updated nodes from its parent node to the root node, which are received by the leaf node, and only if the verification passes, the group keys can be stored. Taking a verification process of a newly added node as an example for expansion, calling an encryption authentication function CE-Dec () by the newly added node according to a personal key of the newly added node, a received ciphertext C and a commitment value T of a group key of all nodes from a parent node of the newly added node to a root node to generate a plaintext M of the group key of all nodes from the parent node of the newly added node to the root node, and calling the encryption authentication function CE-Ver () according to the personal key of the newly added node, the plaintext M of the group key of all nodes from the parent node of the newly added node to the root node and the commitment value T to verify the received group key of all nodes from the parent node of the newly added node to the root node; and if the verification is passed, the newly added node saves the received group keys of all the nodes from the father node of the newly added node to the root node, and if the verification is not passed, the newly added node generates a key error message and sends the key error message to the father node of the newly added node.
According to the key management method provided by the invention, the security and confidentiality of the group key are improved by further disclosing the verification step of the generated group key when the preset trigger item is added as a node.
To better illustrate the update situation of the group key when the preset trigger is node joining. In this embodiment, fig. 3 is a schematic structural diagram of a tree structure provided by the present invention, and as shown in fig. 3, the height of the tree structure is taken as 4, and the same setting is simultaneously taken, assuming that after the group key initialization step, the node u 4,11 Apply for joining the group. Upon initialization, the group key of the non-leaf node in the tree structure is
Figure BDA0003749070410000321
In the initialization phase, the key update flag t =0. Due to the addition of the node, the key update flag t =0+1=1. Node u 4,11 Group key to be updated is added to a group
Figure BDA0003749070410000322
Figure BDA0003749070410000331
The overall process step of updating the group key specifically includes:
1. newly joining node u 4,11 With its own parent node u 3,4 Performs identity authentication and negotiates out a session key sk 4,11
2. Node u 3,4 Generating node u 4,11 Personal key k of 4,11 . Node u 3,4 According to node u 4,11 ID of 4,11 Seed key s 3,4 Invoking a Key derivation function KDF generating node u 4,11 The individual key of (2): k is a radical of 4,11 =KDF(ID 4,11 ,s 3,4 )。
3. Newly joining node u 4,11 Parent node u of 3,4 To child node u 4,11 Distributing personal key k 4,11 . Newly joining node u 4,11 Parent node u of 3,4 According to and child node u 4,11 Negotiated session key sk 4,11 Child node u 4,11 Personal key k of 4,11 Calling encryption authentication function CE-Enc () to generate individual key k 4,11 Cipher text C of 4,11 And a commitment value T 4,11 And the personal key k is combined 4,11 C of 4,11 And a commitment value T 4,11 Sent to child node u 4,11 Formulated as follows:
u 3,4 →u 4,11 :C 4,11 ||T 4,11 =CE-Enc(sk 4,11 ,k 4,11 )
4. newly joined node u 4,11 For individual key k 4,11 Integrity and authenticity verification is performed.
Newly joining node u 4,11 From the session key sk 4,11 And the personal key k received in step 3 4,11 Cipher text C of 4,11 And a commitment value T 4,11 Calling encryption authentication function CE-Dec () to generate individual key k 4,11 Clear text M of 4,11 =CE-Dec(sk 4,11 ,C 4,11 ,T 4,11 ) From the session key sk 4,11 Plaintext M 4,11 A commitment value T 4,11 Calling a cryptographic authentication function CE-Ver (sk) 4,11 ,M 4,11 ,T 4,11 ) For individual key k 4,11 Integrity and authenticity verification is performed. If the verification passes, u 4,11 Personal key k 4,11 Saving, if the verification fails, u 4,11 Generating a key error message and sending the key error message to u 3,4
5. Node u 1,1 ~u 4,10 And calculating the updated group key by itself.
1) Node u 1,1 ~u 4,10 Based on old group key
Figure BDA0003749070410000332
Newly added node u 4,11 ID of 4,11 Calling a key derivation function KDF to generate a new group key, with a key update flag t =1
Figure BDA0003749070410000333
2) Node u 2,2 、u 3,3 、u 3,4 、u 4,7 、u 4,8 、u 4,9 、u 4,10 According to old group key
Figure BDA0003749070410000334
Newly added node u 4,11 ID of 4,11 Calling a key derivation function KDF to generate a new group key, with a key update flag t =1
Figure BDA0003749070410000341
3) Node u 3,4 、u 4,9 、u 4,10 Based on old group key
Figure BDA0003749070410000342
Newly added node u 4,11 ID of 4,11 Calling a key derivation function KDF to generate a new group key, with a key update flag t =1
Figure BDA0003749070410000343
6. Node u 3,4 To node u 4,11 Distributing group keys
Figure BDA0003749070410000344
Newly added node u 4,11 Parent node u of 3,4 According to u 4,11 Personal key k of 4,11 、u 3,4 To u 1,1 Of all intermediate nodes
Figure BDA0003749070410000345
Calling encryption authentication function CE-Enc () to generate u 3,4 To u 1,1 Of all intermediate nodes
Figure BDA0003749070410000346
Figure BDA0003749070410000347
Cipher text C of 4,11 And a commitment value T 4,11 And the ciphertext C 4,11 And a commitment value T 4,11 Is sent to u 4,11
u 3,4 →u 4,11
Figure BDA0003749070410000348
7. Newly joining node u 4,11 Based on the personal key k 4,11 For u to u 3,4 To u 1,1 Group key of all nodes of
Figure BDA0003749070410000349
Integrity and authenticity verification is performed.
Newly joining node u 4,11 According to the personal key k 4,11 And the step ofU received in 6 3,4 To u 1,1 Of all intermediate nodes
Figure BDA00037490704100003410
C of 4,11 And a commitment value T 4,11 Calling encryption authentication function CE-Dec () to generate clear text M 4,11 =CE-Dec(k 4,11 ,C 4,11 ,T 4,11 ) According to the personal key k 4,11 Plaintext M 4,11 A commitment value T 4,11 Calling encrypted authentication function CE-Ver (k) 4,11 ,M 4,11 ,T 4,11 ) For u is paired 3,4 To u 1,1 Group key of all nodes of
Figure BDA00037490704100003411
Carrying out integrity and authenticity verification, if the verification is passed, u 4,11 Save slave u 3,4 To u 1,1 Group key of all nodes of
Figure BDA00037490704100003412
Figure BDA00037490704100003413
If the verification fails, u 4,11 Generating a key error message and sending the key error message to u 3,4
In the key update procedure of the above example, the key update flag t participates in the new group key
Figure BDA00037490704100003414
And (4) generating. The key update flag t may not participate in the generation of the new group key,
Figure BDA00037490704100003415
the invention is not explicitly limited herein.
The above example only updates the relevant group key
Figure BDA00037490704100003416
At a nodeGroup key for joining a group whose group relationship does not change
Figure BDA00037490704100003417
Figure BDA0003749070410000351
The update may or may not be performed, and the present invention is not limited explicitly. New group key
Figure BDA0003749070410000352
The self-updating is generated by calling a key derivation function by the node by referring to the method; or generating a new group key by a non-leaf node and distributing the new group key to leaf nodes of a tree structure layer by layer; or generating a new group key by a non-leaf node, and distributing the new group key to leaf nodes of the tree structure by parent nodes of the leaf nodes; the group key may also be updated by combining the above manners, and the present invention is not limited thereto.
In a specific embodiment, according to the key management method provided by the present invention, the preset trigger item is a node leaving, and correspondingly, the new group key is generated according to the group key when the trigger item occurs, and the random number or the identity of the node newly added to the tree structure, and the update of the group key when the trigger item occurs is completed, which specifically includes:
based on the respective group key and the random number when the node leaves, the non-leaf node calls a key derivation function to update the respective group key by itself, and the non-leaf node distributes the updated group keys of all nodes from the self node to the root node to the leaf node layer by layer;
or non-leaf nodes in the tree structure call a key derivation function to update the respective stored group keys according to the respective stored group keys and random numbers when the nodes leave, and the parent nodes of the leaf nodes send the updated group keys of all nodes from the self nodes to the root nodes to the leaf nodes.
In this embodiment, when the trigger item is a node leave, there are two update paths of the group key in the tree structure, including:
the first node leaves the group key updating path, based on the respective group key and random number when the node leaves, the non-leaf node calls the key derivation function to update the respective group key, and the non-leaf node distributes the updated group keys of all nodes from the node to the root node to the leaf nodes layer by layer;
the second kind of node leaves the group key updating path, and the non-leaf nodes in the tree structure automatically update the respective stored group keys according to the respective original stored group keys and random numbers when the node leaves, wherein the respective stored group keys comprise the respective group keys; and the parent node of the leaf node in the tree structure sends the updated group key to the respective leaf node, the updating of the group key is participated by a random number when the triggering item is that the node leaves, and the leaf node does not keep the random number and can not update the group key stored by the leaf node, so the group key is distributed by the parent node of the leaf node.
In this embodiment, taking the second type of node leaving the group key update as an example, the expansion is performed. Non-leaf nodes in the tree structure call a key derivation function KDF to update the respective stored group keys according to the respective stored group keys, random numbers and/or key update marks when the nodes leave; and calling an encryption authentication function CE-Enc () by a father node of a leaf node in the tree structure according to the personal key of the child node or the group key of the father node to carry out encryption authentication on the group key of all the updated nodes from the father node to the root node, generating the ciphertext C and the commitment value T of the group key of all the nodes from the father node to the root node, and sending the ciphertext C and the commitment value T of the group key of all the nodes from the father node to the root node to the child nodes.
The key management method further discloses the updating step of the group key when the preset triggering item is the node leaves, further explains the process that each node independently completes the updating of each group key, and improves the security and confidentiality of the group key.
In a specific embodiment, according to the key management method provided in the present invention, after the non-leaf node distributes layer by layer the updated group keys of all nodes from its own node to the root node to the leaf node, the method further includes:
verifying the group keys of all the nodes from the father node to the root node after the updating received by the nodes of the tree structure;
and after verification is passed, the node of the tree structure stores the updated group keys of all the nodes from the parent node to the root node after the update is received by the node of the tree structure.
In this embodiment, the node of the tree structure is configured to store the received group key after verification is passed, and expand the received group key by using the leaf node as an example. Verifying the received updated group keys of all nodes from the father node to the root node by the leaf node, and calling an encryption authentication function CE-Dec () to generate a plaintext M of the updated group keys of all nodes from the father node to the root node according to the personal key or the group key of the father node, the received encrypted ciphertext C and a commitment value T of the updated group keys of all nodes from the father node to the root node; according to the personal key of the user or the group key of the father node of the user and the commitment value T, calling an encryption authentication function CE-Ver () to verify the integrity and the authenticity of the received and updated group key of all nodes from the father node of the user to the root node; and after the verification is passed, the leaf node stores the received updated group keys of all the nodes from the father node to the root node, and if the verification is not passed, the leaf node generates a key error message and sends the key error message to the father node.
When the preset trigger item is the node leaving, the group key with the changed group relationship must be updated, and other group keys without the change may be updated or not, which is not limited in the present invention. The new group key can be generated by calling a key derivation function by the non-leaf nodes respectively, and the updated group key is sent to the leaf nodes by the parent node of the leaf node in the tree structure; the new group key can also be generated by calling a key derivation function by the non-leaf nodes respectively, and is distributed to the leaf nodes of the tree structure layer by the non-leaf nodes; or the two ways are combined to update the group key, which is not limited in the present invention.
According to the key management method provided by the invention, the security and confidentiality of the group key are improved by further disclosing the preset triggering item as a verification step of the generated group key when the node leaves.
To better illustrate the updating situation of the group key when the preset trigger is the node leaving. In this embodiment, fig. 3 is a schematic structural diagram of a tree structure provided by the present invention, and as shown in fig. 3, the height of the tree structure is taken as 4, and the same setting is taken at the same time, assuming that the group key initialization step is performed later. Now in this embodiment, node u 4,11 Request for leaving the group. Assume that at this time, the group key of a non-leaf node in the tree structure is
Figure BDA0003749070410000371
Figure BDA0003749070410000372
Now node u 4,11 The application leaves, and the key update mark t =1+1=2. Due to the node u 4,11 Leaving the group, the group key being secured
Figure BDA0003749070410000373
Figure BDA0003749070410000374
Must be updated. The overall process step of updating the group key specifically includes:
1. node u 1,1 ~u 3,4 And calculating the updated group key by itself.
By node u 1,1 For example, node u 1,1 Based on old group key
Figure BDA0003749070410000381
Initial state value r of random number 0 And calling KDF function to generate new group key by the key updating mark t =2
Figure BDA0003749070410000382
Figure BDA0003749070410000383
1) Node u 1,1 ~u 3,4 According to old group key
Figure BDA0003749070410000384
Random number r 0 And calling KDF function to generate new group key by the key updating mark t =2
Figure BDA0003749070410000385
2) Node u 2,2 、u 3,3 、u 3,4 Based on old group key
Figure BDA0003749070410000386
Random number r 0 And calling KDF function to generate new group key by the key updating mark t =2
Figure BDA0003749070410000387
Figure BDA0003749070410000388
3) Node u 3,4 Based on old group key
Figure BDA0003749070410000389
Random number r 0 And calling KDF function to generate new group key by the key updating mark t =2
Figure BDA00037490704100003810
2. Node u 3,1 ~u 3,4 To respective children's festivalThe point distributes the updated group key GK.
By node u 3,1 To own child node { u 4,1 、u 4,2 、u 4,3 Distribute updated
Figure BDA00037490704100003811
For example. Node u 3,1 According to the original group key
Figure BDA00037490704100003812
Updated group key
Figure BDA00037490704100003813
Calling encryption authentication function CE-Enc () to generate updated group key
Figure BDA00037490704100003814
C of children 3,1 And a commitment value T children 3,1 And updating the group key
Figure BDA00037490704100003815
Cipher text C of children 3,1 And a commitment value T children 3,1 Sending to own child node { u 4,1 、u 4,2 、u 4,3 },u 3,1 →{u 4,1 、u 4,2 、u 4,3 }:
Figure BDA00037490704100003816
Node u 3,2 ~u 3,4 The distribution of (a) is by analogy,
u 3,2 →{u 4,4 、u 4,5 、u 4,6 }:
Figure BDA00037490704100003817
Figure BDA00037490704100003818
u 3,3 →{u 4,7 、u 4,8 }:
Figure BDA00037490704100003819
u 3,4 →u 4,9
Figure BDA00037490704100003820
u 3,4 →u 4,10
Figure BDA00037490704100003821
3. node u 4,1 ~u 4,10 And carrying out integrity and authenticity verification on the updated group key GK.
With node { u 4,1 、u 4,2 、u 4,3 As an example, node { u } 4,1 、u 4,2 、u 4,3 According to the group key
Figure BDA00037490704100003822
And received in step 2
Figure BDA00037490704100003823
C of children3,1 And a commitment value T children 3,1 Calling encryption authentication function CE-Dec () generation
Figure BDA0003749070410000391
Clear text M of children 3,1 According to group keys
Figure BDA0003749070410000392
Plaintext M children 3,1 A commitment value T children 3,1 Calling encryption authentication function CE-Ver () to update group key
Figure BDA0003749070410000393
Integrity and authenticity verification is performed, and if verification is passed, { u 4,1 、u 4,2 、u 4,3 ProtectionStoring updated group keys
Figure BDA0003749070410000394
If not, { u } 4,1 、u 4,2 、u 4,3 The generated key error message is sent to the node u 3,1
Node u 4,4 ~u 4,10 The same operations are performed:
{u 4,1 、u 4,2 、u 4,3 }:
Figure BDA0003749070410000395
Figure BDA0003749070410000396
{u 4,1 、u 4,2 、u 4,3 }:
Figure BDA0003749070410000397
{u 4,4 、u 4,5 、u 4,6 }:
Figure BDA0003749070410000398
Figure BDA0003749070410000399
{u 4,4 、u 4,5 、u 4,6 }:
Figure BDA00037490704100003910
{u 4,7 、u 4,8 }:
Figure BDA00037490704100003911
{u 4,7 、u 4,8 }:
Figure BDA00037490704100003912
u 4,9 :M children 3,4 =CE-Dec(k 4,9 ,C 4,9 ,T children 3,4 )
u 4,9 :CE-Ver(k 4,9 ,M children 3,4 ,T children 3,4 )
u 4,10 :M children 3,4 =CE-Dec(k 4,10 ,C 4,10 ,T children 3,4 )
u 4,10 :CE-Ver(k 4,10 ,M children 3,4 ,T children 3,4 )。
in the key update procedure of the above example, the key update flag t participates in the new group key
Figure BDA00037490704100003913
And (4) generating. The key update flag t may not participate in the generation of the new group key,
Figure BDA00037490704100003914
the invention is not explicitly limited herein.
The above example only updates the associated group key
Figure BDA00037490704100003915
Group key of group with unchanged group relation when node leaves
Figure BDA00037490704100003916
Figure BDA00037490704100003917
The update may or may not be performed, and the present invention is not limited explicitly. New group key
Figure BDA00037490704100003918
Also referring to the method, a new group key is generated by a non-leaf node, and is distributed to leaf nodes of a tree structure by parent nodes of the leaf nodes; or generated by non-leaf nodesThe new group key is distributed to leaf nodes of the tree structure layer by layer; the group key may also be updated by combining the two ways, which is not limited in the present invention.
In a specific embodiment, according to the key management method provided by the present invention, when the preset trigger item is a preset time period, correspondingly, the generating a new group key according to the group key when the trigger item occurs, and the random number or the identity of the node newly added in the tree structure, and completing the updating of the group key when the trigger item occurs specifically includes:
based on the respective group key and the random number when the preset time period is reached, the non-leaf node calls a key derivation function to update the respective group key by itself, and the non-leaf node distributes the updated group keys of all nodes from the self node to the root node to the leaf node layer by layer;
or calling a key derivation function to update the respective stored group key by the non-leaf nodes in the tree structure according to the respective stored group key and random number when the preset time period is reached, and distributing the updated group keys of all nodes from the self node to the root node to the leaf node by the parent node of the leaf node.
In this embodiment, when the trigger is a preset time period, there are two update paths for the group key, including:
the group key updating path in the first time period calls a key derivation function to update the respective group key by the non-leaf node based on the respective group key, random number and/or key updating mark when the preset time period is reached, and the non-leaf node distributes the updated group keys of all nodes from the self node to the root node to the leaf node layer by layer;
in the group key updating path of the second time period, non-leaf nodes in the tree structure call a key derivation function KDF to calculate and update the group keys stored in the tree structure according to the original stored group keys, random numbers and/or key updating marks; and the parent node of the leaf node in the tree structure calls an encryption authentication function CE-Enc () to generate a ciphertext C and a commitment value T of each updated group key according to the individual key and the updated group key of each child node, and sends the ciphertext C and the commitment value T of each updated group key to each child node.
The key management method further discloses the updating step of the group key when the preset triggering item is the group key and the group key is updated at regular time, further explains the process that each node independently completes the updating of each group key, and improves the security and confidentiality of the group key.
In a specific embodiment, according to the key management method provided by the present invention, after the parent node of the leaf node sends the updated group keys of all nodes from its own node to the root node to the leaf node, the method further includes:
verifying the group keys of all the nodes from the father node to the root node after the updating received by the nodes of the tree structure;
and after verification is passed, the node of the tree structure stores the updated group keys of all the nodes from the parent node to the root node after the update is received by the node of the tree structure.
In this embodiment, the node of the tree structure is configured to store the received group key after verification is passed, and expand the received group key by using the leaf node as an example. And the leaf nodes in the tree structure call an encryption authentication function CE-Dec () to generate plaintext M of the updated group key of all nodes from the parent node to the root node according to the respective individual key, the received ciphertext C and the commitment value T of the updated group key of all nodes from the parent node to the root node, and call an encryption authentication function CE-Ver () to verify the integrity and the authenticity of the received updated group key of all nodes from the parent node to the root node according to the respective individual key, the updated plaintext M of the group key of all nodes from the parent node to the root node and the commitment value T. If the verification is passed, the leaf nodes store the updated group keys of all the nodes from the father node to the root node, and if the verification is not passed, the leaf nodes generate key error messages and send the key error messages to the father nodes.
The key management method provided by the invention has the advantages that the security and the confidentiality of the group key are improved by further disclosing the step of verifying the generated group key when the preset trigger item is used for updating the group key at regular time.
To better explain the updating situation of the group key when the preset trigger is a preset time period, i.e. the group key is updated regularly. In this embodiment, fig. 2 is a schematic structural diagram of the tree structure provided by the present invention, and as shown in fig. 2, the height of the tree structure is taken as 4, and the same setting is taken at the same time, so that the group key is updated at regular time. At this time, the group key of the non-leaf node in the tree structure is
Figure BDA0003749070410000421
If the key update flag t =2+1=3, the overall process step of group key update specifically includes:
1. node u 1,1 ~u 3,4 And calculating the updated group key by itself.
1) Node u 1,1 ~u 3,4 Based on old group key
Figure BDA0003749070410000422
Random number r 0 And calling KDF function to generate new group key by the key updating mark t =3
Figure BDA0003749070410000423
2) Node u 2,1 、u 3,1 、u 3,2 According to old group key
Figure BDA0003749070410000424
Random number r 0 And calling KDF function to generate new group key with key updating mark t =3
Figure BDA0003749070410000425
Figure BDA0003749070410000426
3) Node u 2,2 、u 3,3 、u 3,4 Based on old group key
Figure BDA0003749070410000427
Random number r 0 And calling KDF function to generate new group key with key updating mark t =3
Figure BDA0003749070410000428
Figure BDA0003749070410000429
4) Node u 3,1 Based on old group key
Figure BDA00037490704100004210
Random number r 0 And calling KDF function to generate new group key by the key updating mark t =3
Figure BDA00037490704100004211
5) Node u 3,2 Based on old group key
Figure BDA00037490704100004212
Random number r 0 And calling KDF function to generate new group key by the key updating mark t =3
Figure BDA00037490704100004213
6) Node u 3,3 According to old group key
Figure BDA00037490704100004214
Random number r 0 And calling KDF function to generate new group key by the key updating mark t =3
Figure BDA00037490704100004215
7) Node u 3,4 Based on old group key
Figure BDA00037490704100004216
Random number r 0 And calling KDF function to generate new group key by the key updating mark t =3
Figure BDA00037490704100004217
2. Node u 3,1 ~u 3,4 The updated group key GK is distributed to its child nodes.
With node u 3,1 To u 4,1 Distributing updated
Figure BDA00037490704100004218
For example, node u 3,1 According to u 4,1 Personal key k 4,1 After update
Figure BDA00037490704100004219
Calling encryption authentication function CE-Enc () to generate group key
Figure BDA00037490704100004220
C of 4,1 And a commitment value T 4,1 And combining the group key
Figure BDA0003749070410000431
C of 4,1 And a commitment value T 4,1 Send to child node u 4,1 ,u 3,1 →u 4,1
Figure BDA0003749070410000432
Node u 4,2 →u 4,10 Group key GK distribution of (a) and so on:
u 3,1 →u 4,2
Figure BDA0003749070410000433
u 3,1 →u 4,3
Figure BDA0003749070410000434
u 3,2 →u 4,4
Figure BDA0003749070410000435
u 3,2 →u 4,5
Figure BDA0003749070410000436
u 3,2 →u 4,6
Figure BDA0003749070410000437
u 3,3 →u 4,7
Figure BDA0003749070410000438
u 3,3 →u 4,8
Figure BDA0003749070410000439
u 3,4 →u 4,9
Figure BDA00037490704100004310
u 3,4 →u 4,10
Figure BDA00037490704100004311
3. node u 4,1 ~u 4,10 Based on the personal key k 4,1 ~k 4,10 And carrying out integrity and authenticity verification on the updated group key GK.
By node u 4,1 Based on the personal key k 4,1 For updated group key
Figure BDA00037490704100004312
For authenticity and integrity verification, node u 4,1 According to the personal key k 4,1 And the updated group key received in step 2
Figure BDA00037490704100004313
C of 4,1 And a commitment value T 4,1 Calling encryption authentication function CE-Dec () to generate updated group key
Figure BDA00037490704100004314
Clear text M of 4,1 ,u 4,1 :M 4,1 =CE-Dec(k 4,1 ,C 4,1 ,T 4,1 ),u 4,1 According to the personal key k 4,1 Updated group key
Figure BDA00037490704100004315
Clear text M of 4,1 Commitment value T 4,1 Calling encryption authentication function CE-Ver () to update group key
Figure BDA00037490704100004316
Carry out integrity and authenticity verification u 4,1 :CE-Ver(k 4,1 ,M 4,1 ,T 4,1 ) If the verification passes, u 4,1 Saving updated group keys
Figure BDA00037490704100004317
If not, u 4,1 Generating a key error message and sending the key error message to u 3,1 . Node u 4,2 ~u 4,10 The same operations are performed:
u 4,2 :M 4,2 =CE-Dec(k 4,2 ,C 4,2 ,T 4,2 );
u 4,2 :CE-Ver(k 4,2 ,M 4,2 ,T 4,2 );
u 4,3 :M 4,3 =CE-Dec(k 4,3 ,C 4,3 ,T 4,3 );
u 4,3 :CE-Ver(k 4,3 ,M 4,3 ,T 4,3 );
u 4,4 :M 4,4 =CE-Dec(k 4,4 ,C 4,4 ,T 4,4 );
u 4,4 :CE-Ver(k 4,4 ,M 4,4 ,T 4,4 );
u 4,5 :M 4,5 =CE-Dec(k 4,5 ,C 4,5 ,T 4,5 );
u 4,5 :CE-Ver(k 4,5 ,M 4,5 ,T 4,5 );
u 4,6 :M 4,6 =CE-Dec(k 4,6 ,C 4,6 ,T 4,6 );
u 4,6 :CE-Ver(k 4,6 ,M 4,6 ,T 4,6 );
u 4,7 :M 4,7 =CE-Dec(k 4,7 ,C 4,7 ,T 4,7 );
u 4,7 :CE-Ver(k 4,7 ,M 4,7 ,T 4,7 );
u 4,8 :M 4,8 =CE-Dec(k 4,8 ,C 4,8 ,T 4,8 );
u 4,8 :CE-Ver(k 4,8 ,M 4,8 ,T 4,4 );
u 4,9 :M 4,9 =CE-Dec(k 4,9 ,C 4,9 ,T 4,9 );
u 4,9 :CE-Ver(k 4,9 ,M 4,9 ,T 4,9 );
u 4,10 :M 4,10 =CE-Dec(k 4,10 ,C 4,10 ,T 4,10 );
u 4,10 :CE-Ver(k 4,10 ,M 4,10 ,T 4,10 )。
in the key update process of the above example, the key update flag t participates in the generation of a new group key. The key update flag t may not be involved in the generation of a new group key, and the new group key
Figure BDA0003749070410000441
The key update flag t is not involved in the calculation at the time of generation,
Figure BDA0003749070410000442
Figure BDA0003749070410000443
other group key generation is similar. The invention is not explicitly limited herein.
In a specific embodiment, according to the key management method provided by the present invention, the preset trigger item is a subgroup departure, and correspondingly, the generating a new group key according to the group key when the trigger item occurs, and the random number or the identity of the node newly added in the tree structure, and completing the updating of the group key when the trigger item occurs specifically includes:
calling a random number generating function by a root node of the tree structure to generate a new random number, and distributing the new random number to respective child nodes by all nodes including the root node except parent nodes of leaf nodes and leaf nodes in the tree structure;
based on the respective group key and the new random number when the subgroups leave, calling a key derivation function by the non-leaf node, and updating the respective group key by self;
and the non-leaf node distributes the updated group key layer by layer from the self node to all nodes of the root node to the leaf node.
In this embodiment, a root node of a tree structure calls a random number generation function PRF to generate a new random number to replace a previous random number, all nodes including the root node except parent nodes of leaf nodes and leaf nodes in the tree structure call an encryption authentication function CE-Enc () to encrypt and authenticate the new random number according to individual keys of respective child nodes to generate a ciphertext C and a commitment value T of the respective new random number, and send the ciphertext C and the commitment value T of the respective new random number to the respective child nodes; non-leaf nodes in the tree structure call a key derivation function KDF to generate respective new group keys according to respective old group keys, new random numbers and/or key update marks when subgroups leave; then, the non-leaf node distributes the updated group keys of all the nodes from the self node to the root node to the leaf node layer by layer, taking the distribution process from the parent node of the leaf node to the leaf node as an example, the non-leaf node expands, the parent node of the leaf node calls an encryption authentication function CE-Enc () to generate the ciphertext C and the commitment value T of the group key of all the nodes from the self node to the root node after updating according to the group key of the parent node and the received updated group key of all the nodes from the self node to the root node, and sends the ciphertext C and the commitment value T of the group key of all the nodes from the self node to the root node after updating to the child nodes, namely the corresponding leaf nodes.
The key management method further discloses the updating step of the group key when the preset triggering item is a subgroup leaving, further explains the process that each node independently completes the updating of each group key, and improves the security and confidentiality of the group key.
In a specific embodiment, according to the key management method provided in the present invention, after the distributing the new random number, the method further includes:
verifying the new random numbers received by all non-leaf nodes except the root node in the tree structure;
and after the verification is passed, storing the respectively received new random numbers by all the non-leaf nodes except the root node in the tree structure.
In the embodiment, the non-leaf nodes except the root node in the tree structure call the encryption authentication function CE-Dec () to generate a plaintext M of a new random number according to the personal key of the non-leaf nodes, the ciphertext C of the received new random number and the commitment value T, the plaintext M and the commitment value T are obtained according to the personal key of the non-leaf nodes and the new random number, and the encryption authentication function CE-Ver () is called to verify the integrity and the authenticity of the received new random number; if the verification is passed, the non-leaf node stores the received new random number, and if the verification is not passed, the non-leaf node generates a key error message and sends the key error message to the respective father node.
The key management method provided by the invention strongly supports the security and confidentiality of the subsequently generated group key by further disclosing the step of verifying the generated new random number when the preset trigger item is taken as the subgroup leaving.
In a specific embodiment, according to the key management method provided in the present invention, after the non-leaf node distributes layer by layer the updated group keys of all nodes from its own node to the root node to the leaf node, the method further includes:
verifying the group keys of all the nodes from the father node to the root node after the updating received by the nodes of the tree structure;
and after verification, the nodes of the tree structure store the updated group keys of all the nodes from the father node to the root node, which are received by the nodes of the tree structure.
In this embodiment, the node of the tree structure is configured to store the received group key after verification is passed, and expand the received group key by using the leaf node as an example. A leaf node calls an encryption authentication function CE-Dec () to generate a plaintext M of the updated group key of all nodes from the parent node to the root node according to the group key of the parent node, the received encrypted C of the updated group key of all nodes from the parent node to the root node and a commitment value T, and calls an encryption authentication function CE-Ver () to verify the received updated group key of all nodes from the parent node to the root node according to the group key of the parent node, the updated plaintext M of the group key of all nodes from the parent node to the root node and the commitment value T; if the verification is passed, the leaf node stores the updated group keys of all the nodes from the father node to the root node; if the verification fails, the leaf nodes generate key error messages and send the key error messages to respective father nodes.
According to the key management method provided by the invention, the security and confidentiality of the group key are improved by further disclosing the step of verifying the generated group key when the preset trigger item is taken as a subgroup to leave.
To better explain the updating situation of the group key when the preset trigger item is the departure of the subgroup. In this embodiment, fig. 2 is a first schematic structural diagram of the tree structure provided by the present invention, and as shown in fig. 2, the height of the tree structure is taken as 4, and the same setting is taken at the same time, assuming that the subgroup { u } is 3,4 、u 4,9 u 4,10 Apply for exiting group. At this time, the group key of the non-leaf node in the tree structure is
Figure BDA0003749070410000471
If the key update flag t =3+1=4, the overall flow steps of group key update specifically include:
1. highest management node u 1,1 Calling PRF function to generate a random number r 1 Initial state value r of random number before replacement 0
2. Highest management node u 1,1 To child node { u 2,1 、u 2,2 Distribute random number r 1
By node u 1,1 To node u 2,1 Distribution as an example, highest management node u 1,1 According to own child node u 2,1 Personal key k of 2,1 A random number r 1 Calling encryption authentication function CE-Enc () to generate random number r 1 Cipher text C of 2,1 And a commitment value T 2,1 And a random number r 1 Cipher text C of 2,1 And a commitment value T 2,1 Child node u sent to itself 2,1 . Highest management node u 1,1 For u is paired 2,2 The same operations are performed:
u 1,1 →u 2,1 :C 2,1 ||T 2,1 =CE-Enc(k 2,1 ,r 1 );
u 1,1 →u 2,2 :C 2,2 ||T 2,2 =CE-Enc(k 2,2 ,r 1 )。
3. node { u } 2,1 、u 2,2 To random number r 1 Integrity and authenticity verification is performed.
By node u 2,1 For random number r 1 For integrity and authenticity verification, u 2,1 According to the personal key k 2,1 Received random number r 1 Cipher text C of 2,1 And a commitment value T 2,1 Generating plaintext M by calling encryption authentication function CE-Dec () 2,1 Based on the individual key k 2,1 A random number r 1 Clear text M of 2,1 A commitment value T 2,1 Calling the encryption authentication function CE-Ver () to the random number r 1 Performing integrity and authenticity verification, if verification is passed, u 2,1 Saving random number r 1 If not, u 2,1 Generating random number error message and sending u 1,1 . Node u 2,2 The same operations are performed:
u 2,1 :M 2,1 =CE-Dec(k 2,1 ,C 2,1 ,T 2,1 );
u 2,1 :CE-Ver(k 2,1 ,M 2,1 ,T 2,1 );
u 2,2 :M 2,2 =CE-Dec(k 2,2 ,C 2,2 ,T 2,2 );
u 2,2 :CE-Ver(k 2,2 ,M 2,2 ,T 2,2 )。
4. node u 2,1 、u 2,2 Distributing random numbers r to respective child nodes 1
By u 2,1 To u 3,1 Distributing a random number r 1 For example, u 2,1 According to u 3,1 Personal key k of 3,1 A random number r 1 Invoking the encryption authentication function CE-Enc () to generateRandom number r 1 C of 3,1 And a commitment value T 3,1 And a random number r 1 Cipher text C of 3,1 And a commitment value T 3,1 Sent to child node u 3,1 ,u 2,1 →u 3,1 :C 3,1 ||T 3,1 =CE-Enc(k 3,1 ,r 1 ). Node u 2,1 、u 2,2 Repeating the operation direction u 3,2 、u 3,3 Distributing a random number r 1
u 2,1 →u 3,2 :C 3,2 ||T 3,2 =CE-Enc(k 3,2 ,r 1 );
u 2,2 →u 3,3 :C 3,3 ||T 3,3 =CE-Enc(k 3,3 ,r 1 )。
5. Node u 3,1 、u 3,2 、u 3,3 For random number r 1 Integrity and authenticity verification is performed.
With node u 3,1 For random number r 1 For integrity and authenticity verification, u 3,1 According to the personal key k 3,1 And the random number r received in step 4 1 Cipher text C of 3,1 And a commitment value T 3,1 Calling encryption authentication function CE-Dec () to generate random number r 1 Clear text M of 3,1 Based on the individual key k 3,1 A random number r 1 Clear text M of 3,1 A commitment value T 3,1 Calling the encryption authentication function CE-Ver () to the random number r 1 Carrying out integrity and authenticity verification, if the verification is passed, u 3,1 Saving random number r 1 If not, u 3,1 Generating random number error message and sending u 2,1 . Node u 3,2 、u 3,3 The same operations are performed:
u 3,1 :M 3,1 =CE-Dec(k 3,1 ,C 3,1 ,T 3,1 );
u 3,1 :CE-Ver(k 3,1 ,M 3,1 ,T 3,1 );
u 3,2 :M 3,2 =CE-Dec(k 3,2 ,C 3,2 ,T 3,2 );
u 3,2 :CE-Ver(k 3,2 ,M 3,2 ,T 3,2 );
u 3,3 :M 3,3 =CE-Dec(k 3,3 ,C 3,3 ,T 3,3 );
u 3,3 :CE-Ver(k 3,3 ,M 3,3 ,T 3,3 )。
6. node u 1,1 ~u 3,3 And calculating the updated group key by itself.
Node u 1,1 ~u 3,3 Based on old group key
Figure BDA0003749070410000491
Random number r 1 And/or the key update flag t =4 invokes a KDF function to generate a new group key
Figure BDA0003749070410000492
Node u 2,2 、u 3,3 Based on old group key
Figure BDA0003749070410000493
Random number r 1 And/or invoking the KDF function with the key update flag t =4 to generate a new group key
Figure BDA0003749070410000494
7. Node u 3,1 ~u 3,3 The updated group key GK is distributed to the respective child nodes.
By u 3,1 To { u } 4,1 、u 4,2 、u 4,3 Distribute updated group key
Figure BDA0003749070410000495
For example, u 3,1 According to group keys
Figure BDA0003749070410000496
Updated group key
Figure BDA0003749070410000497
Calling encryption authentication function CE-Enc () to generate updated group key
Figure BDA0003749070410000498
Cipher text C of children 3,1 And a commitment value T children 3,1 And updating the group key
Figure BDA0003749070410000499
Cipher text C of children 3,1 And a commitment value T children 3,1 Is sent to { u } 4,1 、u 4,2 、u 4,3 },u 3,1 →{u 4,1 、u 4,2 、u 4,3 }:
Figure BDA00037490704100004910
u 3,2 、u 3,3 The same operations are performed:
u 3,2 →{u 4,4 、u 4,5 、u 4,6 }:
Figure BDA00037490704100004911
u 3,3 →{u 4,7 、u 4,8 }:
Figure BDA00037490704100004912
Figure BDA00037490704100004913
8. node u 4,1 ~u 4,8 Based on group keys
Figure BDA00037490704100004914
And carrying out integrity and authenticity verification on the updated group key GK.
With node { u 4,1 、u 4,2 、u 4,3 Based on group key
Figure BDA00037490704100004915
For updated group key
Figure BDA00037490704100004916
For example, node { u } for integrity and authenticity verification 4,1 、u 4,2 、u 4,3 According to the group key
Figure BDA00037490704100004917
And the updated group key received in step 7
Figure BDA00037490704100004918
Cipher text C of children 3,1 And a commitment value T children 3,1 Calling encryption authentication function CE-Dec () to generate updated group key
Figure BDA00037490704100004919
Clear text M of children 3,1 According to the group key
Figure BDA00037490704100004920
For updated group key
Figure BDA00037490704100004921
Clear text M of children 3,1 A commitment value T children 3,1 Calling encryption authentication function CE-Ver () to update group key
Figure BDA00037490704100004922
Integrity and authenticity verification is performed, and if verification is passed, { u 4,1 、u 4,2 、u 4,3 Keep the updated group key
Figure BDA0003749070410000501
If not, { u } 4,1 、u 4,2 、u 4,3 The generated key error message is sent to u 3,1 。u 4,4 ~u 4,8 The same operations are performed:
{u 4,1 、u 4,2 、u 4,3 }:
Figure BDA0003749070410000502
{u 4,1 、u 4,2 、u 4,3 }:
Figure BDA0003749070410000503
{u 4,4 、u 4,5 、u 4,6 }:
Figure BDA0003749070410000504
{u 4,4 、u 4,5 、u 4,6 }:
Figure BDA0003749070410000505
{u 4,7 、u 4,8 }:
Figure BDA0003749070410000506
{u 4,7 、u 4,8 }:
Figure BDA0003749070410000507
in the key update process of the above embodiment, the key update flag t participates in the generation of a new group key. The key update flag t may not participate in the generation of the new group key,
Figure BDA0003749070410000508
other new group keys are generated similarly. The invention is not explicitly limited herein.
In a specific embodiment, according to the key management method provided by the present invention, the preset trigger item is a subgroup join, and correspondingly, the new group key is generated according to the group key when the trigger item occurs, and the random number or the identity of the node newly added to the tree structure, and the update of the group key when the trigger item occurs is completed, which specifically includes:
generating an individual key of the newly added subgroup highest management node by a parent node of the newly added subgroup highest management node, and sending the generated individual key of the newly added subgroup highest management node to the newly added subgroup highest management node;
based on the respective group key when the subgroups are added and the identity of the highest management node of the newly added subgroups, calling a key derivation function by a non-leaf node in the tree structure, updating the respective group key by itself, and distributing the updated group keys of all nodes from the self node to the root node to the leaf nodes of the tree structure layer by the non-leaf node;
or the nodes in the tree structure call a key derivation function to update the stored group keys according to the stored group keys when the subgroups are added and the identity of the highest management node newly added into the subgroups;
sending the updated group key and random number of all nodes from the node to the root node to the newly-added subgroup highest management node by the father node of the newly-added subgroup highest management node;
and the initialization of the individual key and the group key of the newly added subgroup is realized by the highest management node of the newly added subgroup.
In this embodiment, first, a parent node newly added to a subgroup highest management node generates an individual key of the newly added subgroup highest management node, and sends the generated individual key of the newly added subgroup highest management node to the newly added subgroup highest management node; then, updating the group key, and there are two kinds of tree-structured group key updating paths when the trigger item is added as a subgroup, including:
a first subgroup joining group key updating path, based on respective group keys when subgroups join, identity marks and/or key updating marks of the highest management node of the newly joined subgroups, a non-leaf node in the tree structure calls a key derivation function KDF to generate respective new group keys, namely, the respective group keys are updated by self, and the updated group keys of all nodes from the node to the root node are distributed to leaf nodes of the tree structure layer by the non-leaf node;
and the nodes in the tree structure call a key derivation function to update the respective stored group keys according to the respective stored group keys when the subgroups join and the identity of the highest management node newly join the subgroups, wherein the respective stored group keys comprise the respective group keys.
In this embodiment, in the first or second subgroup joining group key update path, the key update condition of the newly joining subgroup is consistent, including: a father node of the newly added subgroup highest management node calls an encryption authentication function CE-Enc () to generate a ciphertext C and a commitment value T according to the personal key of the newly added subgroup highest management node, the group keys of all nodes from the father node to the root node and a random number, and sends the ciphertext C and the commitment value T to the newly added subgroup highest management node, wherein the group key of the newly added subgroup highest management node is also generated by the father node and sent to the newly added subgroup highest management node; and finally, the highest management node of the newly added subgroup realizes the initialization of the individual key and the group key of the newly added subgroup.
The key management method further explains the process that each node independently finishes the updating of the respective group key by further disclosing the updating step of the group key when the preset triggering item is added as a subgroup, and improves the security and confidentiality of the group key.
In a specific embodiment, according to the key management method provided by the present invention, the generating, by the parent node of the newly added subgroup highest management node, the individual key of the newly added subgroup highest management node, and sending the generated individual key of the newly added subgroup highest management node to the newly added subgroup highest management node specifically includes:
the highest management node of the newly added subgroup and a parent node of the newly added subgroup carry out identity authentication and negotiate out a session key;
based on the identity of the highest management node of the newly added subgroup, calling a key derivation function by the parent node of the highest management node of the newly added subgroup to generate a personal key of the highest management node of the newly added subgroup;
and based on the session key, sending the generated personal key of the highest management node of the newly added subgroup to the highest management node of the newly added subgroup by the parent node of the highest management node of the newly added subgroup.
In this embodiment, the newly added highest management node of the subgroup performs identity authentication with its own parent node and negotiates a session key; the father node of the highest management node of the newly added subgroup calls a key derivation function according to the identity of the highest management node of the newly added subgroup and the seed key of the father node, and generates an individual key of the highest management node of the newly added subgroup; and the parent node of the highest management node of the newly added subgroup calls an encryption authentication function CE-Enc () to generate a ciphertext C and a commitment value T of the personal key of the highest management node of the newly added subgroup according to a session key negotiated with the child node of the parent node, namely the highest management node of the newly added subgroup and the personal key of the highest management node of the newly added subgroup, and sends the ciphertext C and the commitment value T of the personal key of the highest management node of the newly added subgroup to the highest management node of the newly added subgroup.
According to the key management method provided by the invention, through further disclosing the generation step of the individual key newly added to the highest management node of the subgroup in the group key update when the preset trigger item is added to the subgroup, support is provided for each subsequent node to independently complete the update of the respective group key, and the security and confidentiality of the group key are improved.
In a specific embodiment, according to the key management method provided by the present invention, after the parent node of the newly-added subgroup highest management node sends the generated individual key of the newly-added subgroup highest management node to the newly-added subgroup highest management node, the method further includes:
verifying, by a newly-joined subgroup highest management node, the personal key based on the session key;
and after the verification is passed, the newly added subgroup highest management node saves the received personal key.
In the embodiment, the newly added highest management node of the subgroup calls an encryption authentication function CE-Dec () to generate a plaintext M of the personal key according to a session key negotiated with a parent node of the newly added highest management node, a received ciphertext C of the personal key and a commitment value T, and calls an encryption authentication function CE-Ver () to verify the integrity and the authenticity of the personal key according to the session key, the plaintext M of the personal key and the commitment value T; if the verification is passed, the newly added subgroup highest management node saves the received personal key, and if the verification is not passed, the newly added subgroup highest management node generates a key error message and sends the key error message to the parent node of the newly added subgroup highest management node.
According to the key management method provided by the invention, through further disclosing the step of verifying the generated personal key of the highest management node newly added into the subgroup when the preset trigger item is added into the subgroup, the safety and confidentiality of the personal key are improved, and the generation of the subsequent group key is powerfully supported.
In a specific embodiment, according to the key management method provided by the present invention, after the non-leaf node distributes layer by layer the updated group keys of all nodes from its own node to the root node to the leaf nodes of the tree structure, the method further includes:
verifying the updated group keys of all nodes from the father node to the root node, which are received by the nodes of the tree structure;
and after verification is passed, the node of the tree structure stores the updated group keys of all the nodes from the parent node to the root node after the update is received by the node of the tree structure.
In this embodiment, the node in the tree structure may store the received group key after verification, and expand the received group key by taking the highest management node of the new subgroup as an example. The newly added highest management node of the subgroup calls an encryption authentication function CE-Dec () according to an individual key of the newly added highest management node, and the received updated group keys of all nodes from a father node of the newly added highest management node to a root node and ciphertexts C and commitment values T of random numbers to generate the updated group keys of all nodes from the father node of the newly added highest management node to the root node and plaintext M of the random numbers, and calls the encryption authentication function CE-Ver () according to the individual key of the newly added highest management node, the updated group keys of all nodes from the father node of the newly added highest management node to the root node and the updated plaintext M of the random numbers, and the updated plaintext M of the random numbers to perform integrity and authenticity verification on the updated group keys and random numbers of all nodes from the father node of the newly added highest management node to the root node; if the verification is passed, the newly added subgroup highest management node saves the received updated group keys and random numbers of all nodes from the father node to the root node; and if the verification fails, the newly added subgroup highest management node generates a key error message and sends the key error message to the parent node of the newly added subgroup highest management node.
According to the key management method provided by the invention, the security and confidentiality of the group key are improved by further disclosing the verification step of the generated group key when the preset trigger item is added as a subgroup.
In a specific embodiment, according to the key management method provided by the present invention, the initializing of the individual key and the group key of the newly added subgroup by the highest management node of the newly added subgroup specifically includes:
generating respective seed keys and individual keys of respective child nodes by the non-leaf nodes newly added into the subgroup;
and generating respective group keys by the non-leaf nodes in the newly added subgroup based on the respective seed keys generated by the non-leaf nodes in the newly added subgroup and the individual keys of the respective child nodes, and distributing the group keys of all the nodes from the self node to the root node to the leaf nodes of the newly added subgroup layer by the non-leaf nodes of the newly added subgroup.
In this embodiment, the non-leaf nodes newly added to the subgroup generate respective seed keys and individual keys of respective child nodes; based on respective seed keys generated by non-leaf nodes in the newly added subgroup and individual keys of respective child nodes, respective group keys are generated by the non-leaf nodes in the newly added subgroup, the generated group keys of all nodes from the self node to the root node are distributed to the leaf nodes of the newly added subgroup layer by the non-leaf nodes in the newly added subgroup, and random numbers are distributed to the respective child nodes by all nodes except the leaf nodes and parent nodes of the leaf nodes in the newly added subgroup. Corresponding to the above-mentioned individual key initialization step and group key initialization step, no further description is given here.
According to the key management method provided by the invention, the security and confidentiality of the group key are improved by further disclosing the step of verifying the generated group key in the newly added subgroup when the preset trigger item is added as the subgroup.
When the preset trigger item is added to a subgroup, the group key with the changed group relationship needs to be updated, and other group keys without the changed group relationship may or may not be updated, which is not limited in the present invention. The new group key can be generated by the nodes calling key derivation functions respectively; or generating a new group key by a non-leaf node and distributing the new group key to leaf nodes of a tree structure layer by layer; or generating a new group key by a non-leaf node, and distributing the new group key to leaf nodes of the tree structure by parent nodes of the leaf nodes; combinations of the above are also possible, as the invention is not limited in this regard.
To better explain the updating situation of the group key when the preset trigger item is added as the subgroup. In this embodiment, fig. 4 is a schematic structural diagram of a tree structure provided by the present invention, and as shown in fig. 4, the height of the tree structure is taken as 4, and the same setting is simultaneously taken, assuming that subgroup { u } is a subgroup in the group key initialization step 3,5 、u 4,12 、u 4,13 Apply for joining group, at this time, the group key is
Figure BDA0003749070410000551
If the key update flag t =4+1=5, the overall flow steps of group key update specifically include:
1. node u 3,5 With its own parent node u 2,2 Performs identity authentication and negotiates out a session key sk 3,5
2. Node u 3,5 Parent node u of 2,2 Calculate node u 3,5 Personal key k of 3,5
Node u 2,2 According to node u 3,5 ID of 3,5 Seed key s 2,2 Invoking a Key derivation function KDF generating node u 3,5 Personal key k of 3,5
k 3,5 =KDF(ID 3,5 ,s 2,2 )。
3. Node u 3,5 Parent node u of 2,2 To child node u 3,5 Distributing personal key k 3,5
Node u 3,5 Parent node u of 2,2 According to and child node u 3,5 Negotiated session key sk 3,5 Child node u 3,5 Personal key k of 3,5 Calling encryption authentication function CE-Enc () to generate individual key k 3,5 Cipher text C of 3,5 And a commitment value T 3,5 And the personal key k is combined 3,5 Cipher text C of 3,5 And a commitment value T 3,5 Sent to child node u 3,5 ,u 2,2 →u 3,5 :C 3,5 ||T 3,5 =CE-Enc(sk 3,5 ,k 3,5 )。
4. Node u 3,5 For individual key k 3,5 Integrity and authenticity verification is performed.
Node u 3,5 According to the session key sk 3,5 And the personal key k received in step 3 3,5 Cipher text C of 3,5 And a commitment value T 3,5 Calling encryption authentication function CE-Dec () to generate individual key k 3,5 Clear text M of 3,5 According to the session key sk 3,5 Personal key k 3,5 Clear text M of 3,5 A commitment value T 3,5 Calling encryption authentication function CE-Ver () to personal key k 3,5 Integrity and authenticity verification is performed. If it is usedVerification pass, u 3,5 Personal key k 3,5 Saving, if the verification fails, u 3,5 Generating personal key error message and sending to self father node u 2,2
u 3,5 :M3,5=CE-Dec(sk 3,5 ,C 3,5 ,T 3,5 );
u 3,5 :CE-Ver(sk 3,5 ,M 3,5 ,T 3,5 )。
5. Node { u 1,1 ~u 3,3 、u 4,1 ~u 4,8 Calculate the updated group key by itself.
Node { u 1,1 ~u 3,3 、u 4,1 ~u 4,8 According to the old group key
Figure BDA0003749070410000561
Node u 3,5 ID of (2) 3,5 And calling KDF function to generate new group key by the key updating mark t =5
Figure BDA0003749070410000562
Node { u 2,2 、u 3,3 、u 4,7 、u 4,8 According to the old group key
Figure BDA0003749070410000563
Node u 3,5 ID of 3,5 And calling KDF function to generate new group key by the key updating mark t =5
Figure BDA0003749070410000564
6. Node u 2,2 To u 3,5 Distribution group key GK and random number r 1
Node u 2,2 According to child node u 3,5 Personal key k of 3,5 、u 2,2 To u 1,1 Of all intermediate nodes
Figure BDA0003749070410000571
And a random number r 1 Calling encryption authentication function CE-Enc () to generate u 2,2 To u 1,1 Of all intermediate nodes
Figure BDA0003749070410000572
And a random number r 1 Cipher text C of 3,5 And a commitment value T 3,5 And the ciphertext C 3,5 And a commitment value T 3,5 Sent to child node u 3,5
u 2,2 →u 3,5
Figure BDA0003749070410000573
7. Node u 3,5 For u is paired 2,2 To u 1,1 Group key GK and random number r of all intermediate nodes of (1) 1 Integrity and authenticity verification is performed.
Node u 3,5 According to the personal key k 3,5 And u received in step 6 2,2 To u 1,1 Of all intermediate nodes
Figure BDA0003749070410000574
And a random number r 1 Cipher text C of 3,5 And a commitment value T 3,5 Calling encryption authentication function CE-Dec () to generate u 2,2 To u 1,1 Of all intermediate nodes
Figure BDA0003749070410000575
And a random number r 1 Clear text M of 3,5 Based on the individual key k 3,5 、u 2,2 To u 1,1 Of all intermediate nodes
Figure BDA0003749070410000576
And a random number r 1 Clear text M of 3,5 A commitment value T 3,5 Calling encryption authentication function CE-Ver () to u 2,2 To u 1,1 Of all intermediate nodes
Figure BDA0003749070410000577
And a random number r 1 Carrying out integrity and authenticity verification, if the verification is passed, u 3,5 Preservation of u 2,2 To u 1,1 Of all intermediate nodes
Figure BDA0003749070410000578
And a random number r 1 If not, u 3,5 Generating message error message and sending to self father node u 2,2
u 3,5 :M 3,5 =CE-Dec(k 3,5 ,C 3,5 ,T 3,5 );
u 3,5 :CE-Ver(k 3,5 ,M 3,5 ,T 3,5 )。
8. Node u 4,12 、u 4,13 And parent node u 3,5 Identity authentication is carried out and a session key sk is negotiated 4,12 、sk 4,13
9. Node u 3,5 Generating its own seed key s by calling PRF function 3,5 =PRF()。
10. Node u 3,5 Generating child node u 4,12 、u 4,13 Personal key k of 4,12 、k 4,13
Node u 3,5 According to node u 4,12 ID of (2) 4,12 Seed key s 3,5 Invoking a Key derivation function KDF generating node u 4,12 Personal key k 4,12 :k 4,12 =KDF(ID 4,12 ,s 3,5 )。
Node u 3,5 According to node u 4,13 ID of 4,13 Seed key s 3,5 Invoking a Key derivation function KDF generating node u 4,13 Personal key k of 4,13 :k 4,13 =KDF(ID 4,13 ,s 3,5 )。
11. Node u 3,5 To child node u 4,12 、u 4,13 Distributing personal key k 4,12 、k 4,13
By node u 3,5 To child node u 4,12 Distributing individual keys, e.g. node u 3,5 According to and child node u 4,12 Negotiated session key sk 4,12 Child node u 4,12 Personal key k of 4,12 Calling encryption authentication function CE-Enc () to generate individual key k 4,12 C of 4,12 And a commitment value T 4,12 And the personal key k is combined 4,12 Cipher text C of 4,12 And a commitment value T 4,12 Sent to child node u 4,12 ,u 3,5 →u 4,12 :C 4,12 ||T 4,12 =CE-Enc(sk 4,12 ,k 4,12 ). Node u 3,5 Perform the same operation towards child node u 4,13 Distributing personal key k 4,13 ,u 3,5 →u 4,13 :C 4,13 ||T 4,13 =CE-Enc(sk 4,13 ,k 4,13 )。
12. Node u 4,12 、u 4,13 For individual key k 4,12 、k 4,13 Integrity and authenticity verification is performed.
With node u 4,12 For individual key k 4,12 For integrity and authenticity verification, node u 4,12 From the session key sk 4,12 And the personal key k received in step 11 4,12 Cipher text C of 4,12 And a commitment value T 4,12 Calling encryption authentication function CE-Dec () to generate individual key k 4,12 Clear text M of 4,12 ,u 4,12 :M 4,12 =CE-Dec(sk 4,12 ,C 4,12 ,T 4,12 ) (ii) a According to the session key sk 4,12 Personal key k 4,12 Clear text M of 4,12 A commitment value T 4,12 Calling encryption authentication function CE-Ver () to personal key k 4,12 An integrity and authenticity verification is performed and,u 4,12 :CE-Ver(sk 4,12 ,M 4,12 ,T 4,12 ). If the verification passes, u 4,12 Personal key k 4,12 Saving, if the verification fails, u 4,12 Generating a key error message and sending the key error message to u 3,5 . Node u 4,13 The same operations are performed:
u 4,13 :M 4,13 =CE-Dec(sk 4,13 ,C 4,13 ,T 4,13 );
u 4,13 :CE-Ver(sk 4,13 ,M 4,13 ,T 4,13 )。
13. node u 3,5 Computing group keys
Figure BDA0003749070410000581
Node u 3,5 According to the seed key s 3,5 Child node u 4,12 、u 4,13 Personal key k of 4,12 、k 4,13 Invoking KDF function to generate group key
Figure BDA0003749070410000582
14. Node u 3,5 To child node u 4,12 、u 4,13 The group key GK is distributed.
To node u 4,12 Distributing group keys, e.g., node u 3,5 According to child node u 4,12 Personal key k of 4,12 、u 3,5 To u 1,1 Of all intermediate nodes
Figure BDA0003749070410000591
Calling encryption authentication function CE-Enc () to generate group key
Figure BDA0003749070410000592
Cipher text C of 4,12 And a commitment value T 4,12 And combining the group key
Figure BDA0003749070410000593
Cipher text C of 4,12 And a commitment value T 4,12 Sent to child node u 4,12 ,u 3,5 →u 4,12
Figure BDA0003749070410000594
Node u 3,5 To node u 4,13 Perform the same operation u 3,5 →u 4,13
Figure BDA0003749070410000595
15. Node u 4,12 、u 4,13 Based on a personal key k 4,12 、k 4,13 For u is paired 3,5 To u 1,1 The group key GK of all intermediate nodes of (1) performs integrity and authenticity verification.
By node u 4,12 As an example, u 4,12 According to the personal key k 4,12 And the group key received in step 14
Figure BDA0003749070410000596
Cipher text C of 4,12 And a commitment value T 4,12 Generating group key by calling encryption authentication function CE-Dec ()
Figure BDA0003749070410000597
Clear text M of 4,12 Based on the individual key k 4,12 Group key
Figure BDA0003749070410000598
Clear text M of 4,12 A commitment value T 4,12 Calling the encryption authentication function CE-Ver () to u 3,5 To u 1,1 Of all intermediate nodes
Figure BDA0003749070410000599
Carrying out integrity and authenticity verification, if the verification is passed, u 4,12 Preservation of u 3,5 To u 1,1 Of all intermediate nodes
Figure BDA00037490704100005910
If the verification fails, u 4,12 Generating a key error message and sending the key error message to u 3,5 . Node u 4,13 The same operations are performed:
u 4,12 :M 4,12 =CE-Dec(k 4,12 ,C 4,12 ,T 4,12 );
u 4,12 :CE-Ver(k 4,12 ,M 4,12 ,T 4,12 );
u 4,13 :M 4,13 =CE-Dec(k 4,13 ,C 4,13 ,T 4,13 );
u 4,13 :CE-Ver(k 4,13 ,M 4,13 ,T 4,13 )。
in a specific embodiment, according to the key management method provided by the present invention, the distribution of the individual key and the group key both use an authenticatable encryption scheme.
In the present embodiment, the individual keys and the group keys generated in the tree structure use a verifiable encryption authentication scheme CE in the distribution process.
The key management method provided by the invention further uses the encryption authentication scheme for the distribution of the individual key and the group key generated in the public tree structure, thereby avoiding man-in-the-middle attack in the key distribution process and ensuring the confidentiality, the integrity and the non-repudiation of the encryption key and the message.
It should be noted that, in the key updating process in the above-listed embodiment, the key updating flag t participates in the generation of the new group key. Alternatively, the key update flag t may not participate in the generation of the new group key,
Figure BDA0003749070410000601
the generation of the new group key is similar in other embodiments. The invention is not limited thereto explicitly.
In addition, it should be particularly emphasized that only the group key associated with the newly joining node is updated in some of the above-listed embodiments, for example, the group key of the node whose group relationship has not changed during the subgroup joining is not updated. Alternatively, the group key of the node whose group relationship has not changed may refer to updating the group key, which is not explicitly limited in the present invention. The nodes with unchanged group relation can update the group key by themselves; or generating a new group key by a non-leaf node, and distributing the new group key to leaf nodes of the tree structure by parent nodes of the leaf nodes; or generating a new group key by a non-leaf node and distributing the new group key to leaf nodes of a tree structure layer by layer; the group key may also be updated by combining the above manners, and the present invention is not limited thereto.
The key management device provided by the present invention is described below, and the key management device described below and the key management method described above may be referred to in correspondence with each other.
Fig. 5 is a schematic diagram of a key management device provided by the present invention, as shown in fig. 5, the key management device provided by the present invention is applied to group communication, and connections between group members adopt a tree structure, and the device includes:
a group key updating module 510, configured to generate a new group key according to a preset trigger item, a group key when the trigger item occurs, and a random number or an identity of a node newly added to the tree structure, and complete updating of the group key when the trigger item occurs;
the trigger items comprise node joining, node leaving, a preset time period, subgroup leaving and subgroup joining, and the random numbers are generated by root nodes in a tree structure.
The key management device provided by the invention is characterized in that a group key updating module is arranged, and based on a preset trigger item, non-leaf nodes in a tree structure complete the updating of respective group keys according to the respective group keys when the trigger item occurs; the invention independently completes the update of each group key by each node, avoids man-in-the-middle attack in key distribution, and simultaneously improves the freshness, confidentiality, integrity and non-repudiation of the group key.
In another aspect, the present invention further provides an electronic device, fig. 6 illustrates a schematic structural diagram of an electronic device, and as shown in fig. 6, the electronic device may include a processor 610, a communication bus 620, a memory 630, a communication interface 640, and a computer program stored on the memory 630 and operable on the processor 610, where the processor 610, the communication interface 610, and the memory 630 complete communication with each other through the communication bus 640, and the processor 610 may call a logic instruction in the memory 630 to execute a key management method, where the method includes:
generating a new group key according to a group key when the trigger item occurs and a random number or an identity of a newly added node in the tree structure based on a preset trigger item, and finishing updating the group key when the trigger item occurs;
the trigger items comprise node joining, node leaving, a preset time period, subgroup leaving and subgroup joining, and the random numbers are generated by root nodes in a tree structure.
Finally, the present invention also provides a non-transitory computer-readable storage medium having stored thereon a computer program which, when executed by a processor, can implement a key management method comprising:
generating a new group key according to a group key when the trigger item occurs and a random number or an identity of a newly added node in the tree structure based on a preset trigger item, and finishing updating the group key when the trigger item occurs;
the trigger items comprise node joining, node leaving, a preset time period, subgroup leaving and subgroup joining, and the random numbers are generated by root nodes in a tree structure.
The above-described embodiments of the apparatus are merely illustrative, and the units described as separate parts may or may not be physically separate, and parts displayed as units may or may not be physical units, may be located in one place, or may be distributed on a plurality of network units. Some or all of the modules may be selected according to actual needs to achieve the purpose of the solution of the present embodiment. One of ordinary skill in the art can understand and implement it without inventive effort.
Through the above description of the embodiments, those skilled in the art will clearly understand that each embodiment can be implemented by software plus a necessary general hardware platform, and certainly can also be implemented by hardware. With this understanding in mind, the above-described technical solutions may be embodied in the form of a software product, which can be stored in a computer-readable storage medium such as ROM/RAM, magnetic disk, optical disk, etc., and includes instructions for causing a computer device (which may be a personal computer, a server, or a network device, etc.) to execute the methods described in the embodiments or some parts of the embodiments.
Finally, it should be noted that: the above examples are only intended to illustrate the technical solution of the present invention, and not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (27)

1. A key management method applied to group communication, wherein connections between group members adopt a tree structure, the method comprising:
generating a new group key according to a group key when the trigger item occurs and a random number or an identity of a newly added node in the tree structure based on a preset trigger item, and finishing updating the group key when the trigger item occurs;
the trigger items comprise node joining, node leaving, a preset time period, subgroup leaving and subgroup joining, and the random numbers are generated by root nodes in a tree structure.
2. The key management method according to claim 1, wherein before the generating a new group key based on the preset trigger according to the group key when the trigger occurs and the random number or the identity of the newly added node in the tree structure, and completing the updating of the group key when the trigger occurs, the method further comprises:
an individual key initialization step, namely generating respective seed keys and individual keys of respective child nodes by non-leaf nodes in a tree structure, and distributing the individual keys of the respective child nodes to the respective child nodes;
and initializing a group key, namely generating respective group keys by the non-leaf nodes based on the respective seed keys generated by the non-leaf nodes and the individual keys of the respective child nodes, and distributing the respective group keys to the leaf nodes of the tree structure layer by layer.
3. The key management method of claim 2, wherein generating respective seed keys and respective individual keys of child nodes from non-leaf nodes in the tree structure and distributing the individual keys of the respective child nodes to the respective child nodes comprises:
all nodes except the root node in the tree structure perform identity authentication with respective father nodes and negotiate respective session keys;
calling a random number generation function by the non-leaf node to generate respective seed keys;
calling a key derivation function by the non-leaf node to generate individual keys of the respective child nodes based on the identities of the child nodes of the non-leaf node and the seed keys of the non-leaf node;
sending, by the non-leaf nodes, individual keys of respective child nodes to the respective child nodes based on the session key.
4. The key management method of claim 3, wherein after the sending, by the non-leaf node, the individual key of the respective child node to the respective child node based on the session key, the method further comprises:
verifying, by child nodes of the non-leaf nodes, respective personal keys based on respective session keys;
and after the verification is passed, the child nodes of the non-leaf nodes store the respective personal keys.
5. The key management method according to claim 2, wherein the generating respective group keys from the non-leaf nodes based on the respective seed keys generated by the non-leaf nodes and the individual keys of the respective child nodes, and distributing the respective group keys to the leaf nodes of the tree structure layer by layer comprises:
calling a random number generation function by the root node of the tree structure to generate a random number initial state value;
calling, by the non-leaf nodes, key derivation functions to generate respective group keys based on the respective seed keys generated by the non-leaf nodes and the individual keys of the respective child nodes;
distributing group keys and initial random number values of all nodes from the node to the root node to the child nodes of the nodes except for the leaf node and the parent node of the leaf node in the tree structure and including the root node;
the parent node of the leaf node in the tree structure distributes the group keys of all nodes from the self node to the root node to the respective child nodes.
6. The key management method according to claim 5, wherein after said distributing the group key and the initial random number value of all nodes from the self node to the root node, the method further comprises:
verifying the group key and the initial random number value of all nodes from the parent node to the root node of each child node except the parent node of the leaf node and the parent node of the leaf node in the tree structure based on each individual key;
and after verification is passed, the child nodes of all nodes including the root node except the parent nodes of the leaf nodes and the parent nodes of the leaf nodes in the tree structure store the group keys and the random number initial state values of all nodes from the parent nodes to the root node, which are received by the child nodes respectively.
7. The key management method of claim 5, wherein after said distributing the group keys of all nodes from the self node to the root node, the method further comprises:
verifying, by the leaf nodes in the tree structure, the received group keys of all nodes from the self node to the root node, which are sent by the respective parent nodes, based on the respective individual keys;
and after the verification is passed, the leaf child nodes in the tree structure store the received group keys of all the nodes from the self node to the root node, which are sent by the respective parent nodes.
8. The key management method according to claim 1, wherein the preset trigger item is a node join, and correspondingly, the generating of the new group key according to the group key when the trigger item occurs, and the random number or the identity of the node newly joined in the tree structure, and the completing of the updating of the group key when the trigger item occurs specifically includes:
generating a personal key of a newly added node by a father node of the newly added node, and sending the personal key of the newly added node to the newly added node;
based on the stored group keys and the identity identification of the newly added node when the node is added, calling a key derivation function by a non-leaf node of the tree structure, updating the stored group keys by itself, and sending the updated group keys of all nodes from the node to a root node to the leaf node by a parent node of the leaf node, wherein the updated group keys stored by the non-leaf node comprise the respective group keys;
or based on the respective group key when the node is added and the identity of the newly added node, calling a key derivation function by a non-leaf node of the tree structure, updating the respective group key by itself, and distributing the updated group keys of all nodes from the node to the root node layer by layer to the leaf nodes of the tree structure by the non-leaf node;
or the nodes in the tree structure call a key derivation function to update the respective stored group keys according to the respective stored group keys when the nodes are added and the identity of the newly added node, and the parent node of the newly added node sends the updated group keys of all nodes from the node to the root node to the newly added node.
9. The key management method according to claim 8, wherein the generating, by the parent node of the newly joining node, the individual key of the newly joining node, and sending the individual key of the newly joining node to the newly joining node, specifically comprises:
the newly added node and the father node of the newly added node carry out identity authentication and negotiate out a session key;
based on the identity of the newly added node and the seed key of the father node of the newly added node, calling a key derivation function by the father node of the newly added node to generate a personal key of the newly added node;
and sending the generated individual key of the newly-added node to the newly-added node by the parent node of the newly-added node based on the session key.
10. The key management method according to claim 9, wherein after the generated individual key of the newly joining node is transmitted to the newly joining node by the parent node of the newly joining node, the method further comprises:
verifying the personal key of the new joining node based on the session key;
and the newly added node stores the received personal key of the newly added node after passing the verification.
11. The key management method of claim 8, wherein after the updated group keys of all nodes from the self node to the root node are distributed layer by layer to the leaf nodes by the non-leaf nodes, the method further comprises:
verifying the group keys of all the nodes from the father node to the root node after the updating received by the nodes of the tree structure;
and after verification is passed, the node of the tree structure stores the updated group keys of all the nodes from the parent node to the root node after the update is received by the node of the tree structure.
12. The key management method according to claim 1, wherein the preset trigger is a node leaving, and correspondingly, the generating of a new group key according to the group key when the trigger occurs and the random number or the identity of a node newly added to the tree structure and the completing of updating the group key when the trigger occurs specifically includes:
based on the respective group key and the random number when the node leaves, the non-leaf node calls a key derivation function to update the respective group key by itself, and the non-leaf node distributes the updated group keys of all nodes from the self node to the root node to the leaf node layer by layer;
or calling a key derivation function to update the respective stored group key by the non-leaf nodes in the tree structure according to the respective stored group key and random number when the nodes leave, and sending the updated group keys of all nodes from the self node to the root node to the leaf node by the parent node of the leaf node.
13. The key management method of claim 12, wherein after the layer-by-layer distribution of the updated group keys from the self node to all nodes of the root node to the leaf node by the non-leaf node, the method further comprises:
verifying the group keys of all the nodes from the father node to the root node after the updating received by the nodes of the tree structure;
and after verification is passed, the node of the tree structure stores the updated group keys of all the nodes from the parent node to the root node after the update is received by the node of the tree structure.
14. The method according to claim 1, wherein when the preset trigger item is a preset time period, correspondingly, the generating a new group key according to the group key when the trigger item occurs, and the random number or the identity of the node newly added to the tree structure, and completing the updating of the group key when the trigger item occurs specifically includes:
based on the respective group key and the random number when the preset time period is reached, the non-leaf node calls a key derivation function to update the respective group key by itself, and the non-leaf node distributes the updated group keys of all nodes from the self node to the root node to the leaf node layer by layer;
or calling a key derivation function to update the respective stored group key by the non-leaf nodes in the tree structure according to the respective stored group key and random number when the preset time period is reached, and distributing the updated group keys of all nodes from the self node to the root node to the leaf node by the parent node of the leaf node.
15. The key management method of claim 14, wherein after the layer-by-layer distribution of the updated group keys from the self node to all nodes of the root node to the leaf node by the non-leaf node, the method further comprises:
verifying the group keys of all the nodes from the father node to the root node after the updating received by the nodes of the tree structure;
and after verification is passed, the node of the tree structure stores the updated group keys of all the nodes from the parent node to the root node after the update is received by the node of the tree structure.
16. The key management method according to claim 1, wherein the preset trigger item is a subgroup departure, and correspondingly, the generating a new group key according to the group key when the trigger item occurs and the random number or the identity of the newly added node in the tree structure, and completing the updating of the group key when the trigger item occurs specifically includes:
calling a random number generating function by a root node of the tree structure to generate a new random number, and distributing the new random number to respective child nodes by all nodes including the root node except leaf child nodes and father nodes of the leaf nodes in the tree structure;
based on the respective group key and the new random number when the subgroups leave, calling a key derivation function by the non-leaf node, and updating the respective group key by self;
and the non-leaf node distributes the updated group key layer by layer from the self node to all nodes of the root node to the leaf node.
17. The key management method of claim 16, wherein after said distributing the new random number, the method further comprises:
verifying the new random numbers received by all non-leaf nodes except the root node in the tree structure;
and after the verification is passed, storing the respectively received new random numbers by all the non-leaf nodes except the root node in the tree structure.
18. The key management method of claim 16, wherein after the layer-by-layer distribution of the updated group keys from the self node to all nodes of the root node to the leaf node by the non-leaf node, the method further comprises:
verifying the group keys of all the nodes from the father node to the root node after the updating received by the nodes of the tree structure;
and after verification is passed, the node of the tree structure stores the updated group keys of all the nodes from the parent node to the root node after the update is received by the node of the tree structure.
19. The key management method according to claim 1, wherein the preset trigger item is a subgroup join, and correspondingly, the generating a new group key according to the group key when the trigger item occurs, and the random number or the identity of the node newly added in the tree structure, and completing the updating of the group key when the trigger item occurs specifically includes:
generating a personal key of the highest management node of the newly added subgroup by a parent node of the highest management node of the newly added subgroup, and sending the generated personal key of the highest management node of the newly added subgroup to the highest management node of the newly added subgroup;
based on the respective group key when the subgroups join and the identity of the highest management node of the newly added subgroups, calling a key derivation function by a non-leaf node in the tree structure, updating the respective group key by self, and distributing the updated group keys of all nodes from the node of the non-leaf node to the root node layer by layer to the leaf nodes of the tree structure;
or the nodes in the tree structure call a key derivation function to update the stored group keys according to the stored group keys when the subgroups are added and the identity of the highest management node newly added into the subgroups;
sending the updated group key and random number of all nodes from the node to the root node to the newly-added subgroup highest management node by the father node of the newly-added subgroup highest management node;
and the initialization of the individual key and the group key of the newly added subgroup is realized by the highest management node of the newly added subgroup.
20. The key management method according to claim 19, wherein the generating, by the parent node of the newly-added subgroup highest management node, the individual key of the newly-added subgroup highest management node, and sending the generated individual key of the newly-added subgroup highest management node to the newly-added subgroup highest management node, specifically comprises:
the newly added highest management node of the subgroup and a father node of the newly added subgroup carry out identity authentication and negotiate out a session key;
based on the identity of the highest management node of the newly added subgroup, calling a key derivation function by the parent node of the highest management node of the newly added subgroup, and generating the personal key of the highest management node of the newly added subgroup;
and based on the session key, sending the generated individual key of the newly-added subgroup highest management node to the newly-added subgroup highest management node by the parent node of the newly-added subgroup highest management node.
21. The key management method of claim 20, wherein after the generated individual key of the newly-added subgroup highest management node is transmitted to the newly-added subgroup highest management node by the parent node of the newly-added subgroup highest management node, the method further comprises:
verifying, by a newly-joined subgroup highest management node, the personal key based on the session key;
and after the verification is passed, the newly added subgroup highest management node saves the received personal key.
22. The key management method of claim 19, wherein after said layer-by-layer distribution by the non-leaf nodes of the updated group keys from the self node to all nodes of the root node to the leaf nodes of the tree structure, the method further comprises:
verifying the group keys of all the nodes from the father node to the root node after the updating received by the nodes of the tree structure;
and after verification is passed, the node of the tree structure stores the updated group keys of all the nodes from the parent node to the root node after the update is received by the node of the tree structure.
23. The key management method according to claim 19, wherein the initializing of the individual key and the group key of the newly added subgroup by the highest management node of the newly added subgroup specifically comprises:
generating respective seed keys and individual keys of respective child nodes by non-leaf nodes newly added into the subgroups;
and generating respective group keys by the non-leaf nodes in the newly added subgroup based on the respective seed keys generated by the non-leaf nodes in the newly added subgroup and the individual keys of the respective child nodes, and distributing the group keys of all the nodes from the self node to the root node to the leaf nodes of the newly added subgroup layer by the non-leaf nodes of the newly added subgroup.
24. The key management method of any one of claims 1-23, wherein the distribution of the individual key and the group key both use an authenticatable encryption scheme.
25. A key management apparatus, for use in group communications, wherein connections between group members are in a tree structure, the apparatus comprising:
the group key updating module is used for generating a new group key according to a preset trigger item, the group key when the trigger item occurs and a random number or an identity of a newly added node in the tree structure, and updating the group key when the trigger item occurs;
the trigger items comprise node joining, node leaving, a preset time period, subgroup leaving and subgroup joining, and the random numbers are generated by root nodes in a tree structure.
26. An electronic device comprising a memory, a processor and a computer program stored on the memory and executable on the processor, wherein the processor implements all or part of the steps of the key management method according to any one of claims 1 to 23 when executing the program.
27. A non-transitory computer readable storage medium having stored thereon a computer program, wherein the computer program, when executed by a processor, implements all or part of the steps of the key management method according to any one of claims 1 to 23.
CN202210837262.8A 2022-07-15 2022-07-15 Key management method and device Pending CN115412288A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202210837262.8A CN115412288A (en) 2022-07-15 2022-07-15 Key management method and device

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202210837262.8A CN115412288A (en) 2022-07-15 2022-07-15 Key management method and device

Publications (1)

Publication Number Publication Date
CN115412288A true CN115412288A (en) 2022-11-29

Family

ID=84158083

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202210837262.8A Pending CN115412288A (en) 2022-07-15 2022-07-15 Key management method and device

Country Status (1)

Country Link
CN (1) CN115412288A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116633529A (en) * 2023-07-25 2023-08-22 中电信量子科技有限公司 Method and equipment for enhancing white-box SM4 cryptographic algorithm by adopting derivative key
CN118381611A (en) * 2024-06-25 2024-07-23 浙江之江数安量子科技有限公司 Efficient group key negotiation method

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN116633529A (en) * 2023-07-25 2023-08-22 中电信量子科技有限公司 Method and equipment for enhancing white-box SM4 cryptographic algorithm by adopting derivative key
CN116633529B (en) * 2023-07-25 2023-10-31 中电信量子科技有限公司 Method and equipment for enhancing white-box SM4 cryptographic algorithm by adopting derivative key
CN118381611A (en) * 2024-06-25 2024-07-23 浙江之江数安量子科技有限公司 Efficient group key negotiation method

Similar Documents

Publication Publication Date Title
CN109246098B (en) Method for supporting comparison of synchronous ciphertext of backup server
CN107800538B (en) Remote key distribution method for self-service equipment
CN115412288A (en) Key management method and device
CN109768863A (en) A kind of block chain key based on elliptic curve is shared and dynamic updating method
US11387999B2 (en) Access to secured information
JP2015505230A (en) System and method for securing a secret key issued from a distributed secret key generator (D-PKG) node
CN113037499B (en) Block chain encryption communication method and system
Ying et al. Adaptively secure ciphertext-policy attribute-based encryption with dynamic policy updating
CN112187450B (en) Method, device, equipment and storage medium for key management communication
US10411886B1 (en) Authenticating secure channel establishment messages based on shared-secret
CN114765543B (en) Encryption communication method and system of quantum cryptography network expansion equipment
CN113098681B (en) Port order enhanced and updatable blinded key management method in cloud storage
CN105915333B (en) A kind of efficient key distribution method based on encryption attribute
CN110581829A (en) Communication method and device
CN118540165A (en) Quantum security enhancement method for national security IPSec VPN protocol
CN111614462B (en) Key calculation method and system based on blockchain
US11153087B1 (en) Hub-based token generation and endpoint selection for secure channel establishment
WO2023116266A1 (en) Communication encryption method, system, and device
CN110247761A (en) The ciphertext policy ABE encryption method of attribute revocation is supported on a kind of lattice
CN114157424B (en) Attribute-based encryption system and method without key escrow and supporting user revocation
Kiefer et al. Universally composable two-server PAKE
CN114697039B (en) Identity authentication method and system for quantum cryptography network expansion network equipment
CN115333743A (en) Fine-grained secure communication method for MQTT protocol
CN113987546A (en) Alliance chain system based on identification password system
Rawat et al. PAS-TA-U: PASsword-based threshold authentication with password update

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination