RU2716207C1 - Method for decentralized distribution of key information - Google Patents

Abstract

FIELD: data processing.

SUBSTANCE: invention relates to decentralized distribution of key information. Method of decentralized distribution of key information using an attribute-based encryption policy reduces the delay time owing to using the same group key with all group members, so there is no delay in transmitting data. Use of keys storage resources is minimized by using a flat table method using an attribute-based encryption policy. That requires storing only 2logn for n participants in a subgroup controller.

EFFECT: technical result is wider range of means.

1 cl, 3 dwg

Description

FIELD OF THE INVENTION

The invention relates to the field of decentralized distribution of key information, and in particular to systems and methods for distributing and managing group keys to protect a broadcast message.

State of the art

a) Description of analogues

The known method "Effective management of cryptographic key generations" according to the patent of the Russian Federation No. 2351078 IPC H04L 9/32 (2006.01), G06F 12/14 (2006.01), G06F 21/22 (2006.01), publ. 03/27/2009, the Method consists in the following actions: ensuring data protection during recording. Using the specified one-way key derivation function, a relationship between key generations is determined such that earlier key generation can be effectively derived from later ones, but not vice versa. Whenever necessary, a key-consuming party iteratively applies a predetermined one-way key derivation function to derive key information of at least one previous key generation from key information of a new key generation. Thus, the memory requirements on the key-consuming side can be significantly reduced.

The disadvantage of this method is the frequent update of the key, which can overload the capacity of the node and lead to a failure in the distribution of key information; the inefficiency of computing and distributing keys requires a certain level of computing power; the inability to constantly have an up-to-date key, since nodes can be turned off during an update or have other difficulties in distributing an up-to-date key.

The known method "Management of synchronized symmetric keys to protect data exchanged by communication nodes" according to the patent of the Russian Federation RU No. 2584504 IPC H04L 9/12 (2006.01), H04L 9/08 (2006.01), publ. 05/20/2016, the Method consists in using keys for setting / unprotecting data exchanged between communication nodes, comprising: protecting, by means of a first communication node, data to be sent to one or more two communication nodes, based on a predetermined security key, and removing protection by of each of the second secure data communication nodes received from the first communication node, based on said predetermined security key, synchronization by each communication node of the respective internal time reference with global time binding change in such a way as to obtain a corresponding binding to synchronous time, and extracting, by each communication node, the specified security key based on the corresponding binding to synchronous time from the same ordered sequence of security keys, each of which should be used in the corresponding confidence interval .

The disadvantages of this method is the confidentiality of key information in symmetric systems since a secure connection between participants is needed to distribute key information; keys can be updated only after a specific period of time, and participants may not be available since geographically distributed or moving from one place to another (on wireless networks); system performance during key information management depends on the size of the group.

The known method of "Mutual mobile authentication using the key management center" according to the patent of the Russian Federation RU No. 2663334 IPC H04L 29/06, (2006.01), publ. 08/03/2018 the Method consists in increasing the security of communication, namely authentication, comprising: sending a call message from a mobile gateway to a consumer device, the call message being sent in response to a communication request message, while the consumer device is configured to be used as a payment device ; receiving a call answering message from a consumer device in a mobile gateway in response to a call message; verification by the mobile gateway of the call response message using the key management center, wherein the key management center is configured to manage session keys to communicate with the consumer device, and the key management center allows a communication operation between the first object and the consumer device if the call response message is acceptable; and sending, by the mobile gateway, a secure channel response message including a session key from the managed session keys to the consumer device, the session key allowing communication between the first object and the consumer device, wherein the session key is obtained from the master key associated with the first object and stored in key management center.

The disadvantage of this method is the use of the architecture of the key distribution center, this method includes the main problems: lack of scalability, group size in the known method will affect system performance during key management; inefficiency of communication and computing, requires a certain level of computing power; the inability to process changes with many participants, in large and highly dynamic wireless group applications, the use of frequent key updates can overload the capacity of one central node and lead to a failure in the distribution of key information, in other words, this is the problem of a single point of failure.

b) Description of the prototype

The closest in technical essence to the claimed invention (prototype) is the method "Systems and methods for the distribution and management of group keys for wireless communication systems" according to the patent of the Russian Federation RU No. 2480935 IPC H04L 29/06 (2006.01); H04W 12/04, publ. 04/27/2013, This method relates to wireless communications, and in particular to systems and methods for distributing and managing group keys to protect a broadcast message. The method consists in transmitting data operating in access terminals. These access terminals support the following steps: enter a list of the active set of access nodes; receive a temporary unicast key for each access node in the active set; form a group key for the active set; encrypt the group key using a temporary unicast key for any access node from the active set; and send the encrypted group key to the corresponding access node using a temporary unicast key.

The reasons that impede the achievement of the distribution of key information in decentralized networks when using the known method (prototype) include the fact that the known method (prototype) uses the creation of a unique temporary unicast key with each node in the active set, this requires resource-intensive storage of the active set of nodes access and high computing power. The method does not provide direct secrecy in real time, since this method is repeated every time one of the nodes is turned off, this in turn increases the network delay time, which is undoubtedly a disadvantage of this method.

Disclosure of the invention (its essence)

a) technical result, the achievement of which the invention is directed

The aim of the present invention is to comply with safety requirements, such as forward secrecy and reverse secrecy; quality of service requirements, namely minimum delays and service availability. It is also necessary to solve the main tasks of group key management (identification, authentication, confidentiality, scalability, reliability).

b) the Set of essential features

This goal is achieved by the fact that in the known method of decentralized key management, group members are divided into subgroups, and each subgroup is controlled by the controller (manager) of the subgroup (CP), by determining the lifetime of the network packet, all keys are created by encryption based on the attributes of the encryption policy, moreover, the “group creation” system (SG) distributes certificates among all members of the group, is responsible for setting up group policies and choosing encryption parameters if a change occurs in a subgroup If the membership is to be generated and a new key is to be generated, the subgroup controller can generate a new group key and send this key to other KPs, when the membership is changed, key update operations are performed to ensure direct and reverse secrecy, the unique public key verification infrastructure is used to authenticate all parties in the system , the root certification center is the “group creator” system, providing direct and reverse secrecy using the main functions of the KP, using the key of the subgroup, ensuring reverse secrecy is created, and attributes are used to ensure direct secrecy, also direct secrecy in the proposed method is provided by the method of a flat table using attributes, undoubtedly, the number of attributes required by n participants is only 2logn, and reverse secrecy is provided by updating the subgroup key and group key.

A comparative analysis of the proposed solution with the prototype shows that the proposed method differs from the known one in the following: group members are divided into subgroups, and each subgroup is controlled by the controller (manager) of the subgroup (CP), by determining the lifetime of the network packet; all keys are created by encryption based on the attributes of the encryption policy; the “group creation” system (SG) manages the subgroup and all members of the subgroup, distributes certificates, is responsible for setting up group policies and choosing encryption parameters; the subgroup controller (KP) relays the group key to the corresponding members of the subgroup using the group key management protocol, and also helps to solve the inverse privacy problem; uses technology of a unique infrastructure for checking public keys; direct secrecy is ensured by the method of a flat table using attributes.

c) The causal relationship between the signs

Thanks to the new set of essential features in the method of decentralized distribution of key information, which includes the following stages of work: group members are divided into subgroups, and each subgroup is controlled by the controller (manager) of the subgroup, by determining the lifetime of the network packet, this separation contributes to scalability in a dynamically distributed network; all keys are created by encryption based on the attributes of the encryption policy, which allows you to achieve the required level of confidentiality; the system of "creating a group" (SG) allows you to ensure the availability of services, identification, authentication of network participants and increases the reliability of the method. She manages the subgroup and all members of the subgroup, distributes certificates among all members of the group, is responsible for setting up group policies and choosing encryption parameters; the subgroup controller (KP) relays the group key to the corresponding members of the subgroup using the group key management protocol, which helps minimize network latency; in the proposed method, the key information distribution center is not used to generate a new group key, if participants change in the subgroup and a new key is to be generated, then the subgroup controller can generate a new group key and send this key to other KPs participating in this session. This reduces network latency and increases network privacy and scalability; the technology of a unique infrastructure for checking public keys is used to authenticate all parties in the system; direct secrecy is ensured by the flat table method using the attributes defined in the broadcast group key management scheme; reverse secrecy is ensured by updating the subgroup key and the group key; Due to the attribute-based encryption policy, the delay time is reduced due to the use of the same group key with all members of the group, therefore there is no delay in data transmission. The use of resources for storing keys is reduced by using a flat table method using an attribute-based encryption policy. Which requires storing only 2logn for n members in a subgroup controller. For example, for a 1024 participant, you only need to store 20 keys in a subgroup controller. The scalability of the network and the availability of services are increased due to the lack of a key information distribution center, and the “group creation” system appears only during setup. If the subgroup controller has become unavailable, its participants can find the nearest subgroup controller and join the group session. Evidence of compliance of the claimed invention with the conditions of patentability "novelty" and "inventive step".

The analysis of the prior art made it possible to establish that analogues that are characterized by a combination of features identical to all the features of the claimed technical solution are absent, which indicates the compliance of the claimed method with the condition of patentability "novelty"

Search results for known solutions in this and related fields of technology in order to identify features that match the distinctive features of the claimed object from the prototype showed that they do not follow explicitly from the prior art. The prior art also did not reveal the fame of the distinctive essential features that determine the same technical result, which was achieved in the claimed method. Therefore, the claimed invention meets the condition of patentability "inventive step".

Brief Description of the Drawings

The claimed method is illustrated by drawings, which show:

FIG. 1 - structure of the claimed method;

FIG. 2 - components of the claimed method;

FIG. 3 is a flat table for eight participants.

The implementation of the invention

The possibility of implementing the inventive method is explained as follows. In a decentralized key management scheme, group members are divided into subgroups, and each subgroup is controlled by the controller (manager) of the subgroup. There are two groups: the first includes subgroup controllers (KP), called the group of subgroup controllers (HKP); the second group with participants and with controllers (managers), divided into subgroups called GUK. The structure of the claimed method is presented in FIG. 1. The GUK group is divided between the managing directors by determining the lifetime of the network packet. There is a group key that protects group communication with participants. Note the following, all keys are created by encryption based on the attributes of the encryption policy. The group key is negotiated by the subgroup controllers for the common group key. In the GUK, KPs are used to distribute the agreed key among the members of the subgroup. The key that protects communication in the GUK is called the GUK key. It is common to all CPs in a session. The subgroup key protects the group key in the GUK. Each subgroup has its own subgroup key. This key is used in conjunction with the “group creation” system (SG), which manages the subgroup and all members of the subgroup. When a new group key is distributed among the KP controlling the group, the KP encrypts the new group key with its own subgroup key, then sends it. The SG system distributes certificates among all members of the group, is responsible for setting up group policies and choosing encryption parameters, this system is located on all control rooms. It must be emphasized that the SG system is involved in setting up the group, but does not take any actions during group management or key distribution. The SG system announces a group session using a session announcement protocol and a session description protocol. The components of the claimed method are presented in FIG. 2. KP listen to the known address of the session announcement protocol for declaring a subgroup in the GUK. When a new subgroup is discovered in the GUK, the KP interacts with the “group creation” system, requesting permission to manage it. The request is performed using the permission request protocol. This protocol is the main certificate request protocol, where the KP determines the group to which it wants to join. GUC participants also listen to the address of the session announcement protocol, when they are interested in the session, they contact the nearest KP to get the group key. GUK participants use the extended search ring protocol to search for the closest KP. The subgroup controller relays the group key to the appropriate members of the subgroup using the group key management protocol.

In the proposed method, the central node is not used to generate a new group key, if participants change in the subgroup of the GUK and a new key is to be generated, then the KP can generate a new group key and send this key to other KP participating in this session. Membership changes trigger rekey operations (key updates) to provide forward and reverse privacy. The KP then relays the new group key to the appropriate members of the subgroup. Participants associated with a disabled KP can join a group session by simply following the extended search ring protocol and connecting to another KP.

A unique public key verification infrastructure is used to authenticate all parties in the system. The root certification authority is the "group creator" system. The SG system certificate is the root of the hierarchy. The SG system supports three certificates. The first one is used to identify the KP for the SG system, called the certificates of the subgroup controllers. The second, session authorization, is used to identify the KP for other KP and group members. Third, they contain certificates of participants, are used to authenticate participants in the KP and authorize them to participate in a safe group.

KP is a trusted body that governs the members of a subgroup. The main function of the KP is to ensure direct and reverse secrecy. In a subgroup, each member has a group key, a subgroup key, and a set of attributes associated with them. The subgroup key is used to provide reverse secrecy, and the attributes are used to provide direct secrecy. The group key is used to securely connect the entire group.

1) Direct secrecy: direct secrecy in the proposed method is provided by the method of a flat table using the attributes defined in the key management scheme of the broadcast group. In the flat table method, each participant is assigned a unique bit identifier and a set of attributes associated with the bit identifier. An example of a 3-bit ID and its attribute set is given below. Let A1, A2, A3 and B1, B2, B3 be the six attributes defined in the system, shown in FIG. 3.

Attributes are set based on bits and bits. If the bit value is 0, then the attribute from set A is assigned, and if the bit value is 1, then the attribute from set B is assigned.

Thus, the participant with bit ID 001 has attributes A1, A2 and B3. When a member of a subgroup leaves the group, it is necessary to update the group key, subgroup key and private key based on the attributes of all current users. This is done by taking the inverse bit identifier of the leaving participant, and then taking the attributes corresponding to the inverse bit identifier, it will give attributes that do not belong to the leaving user. Then encrypt the new key of the subgroup and the private key based on the attributes, with which the attributes are interconnected by the logical function "OR". Through the use of the logical function "OR", all participants satisfying any of the specified attributes can decrypt the message. Then the group key is distributed among the participants by encrypting it with the new subgroup key. An example is given below:

• Consider the outgoing participant with ID 001.

• The return bit of the leaving party ID will be 110.

• Attributes belong to the reverse bit ID-B1 B2 A3.

• Then the access policy for encryption will be “B1 or B2 or A3”.

• Data (subgroup key and private key update) is encrypted in attribute encryption as

• Encrypted data is available to all participants, except for the participant with ID 001.

• Then the group key from the key generator is distributed using the new subgroup key.

что путем биллинейного отображения с ключом даст

Отзыв нескольких участников группы за один раз можно выполнить, взяв битовый идентификатор исключенного участника и создав логическое выражение с помощью метода простых импликантов. Затем используйте логическое выражение в качестве политики доступа в распределении ключей подгрупп. Числовые атрибуты, необходимые n участникам, являются только 2logn в этой схеме т.е. 1024 участников могут быть обработаны, используя только 20 атрибутов/ключей.The attribute based on the member’s private key has the value g ^{a + r / β} , here α and β are random numbers unique to the CP-ABE system and r is unique to the participant. Thus, an attribute-based key update is performed by sending

that by bilinear display with the key will give

You can recall several members of a group at a time by taking the bit identifier of the excluded member and creating a logical expression using the simple implicant method. Then use the boolean expression as the access policy in the subgroup key distribution. The numerical attributes required by n participants are only 2logn in this scheme i.e. 1024 participants can be processed using only 20 attributes / keys.

2) Inverse secrecy: Inverse secrecy means that new members of the group should not have access to previous information in the group. Here you need to update the subgroup key and group key. The new subgroup key generated by the subgroup controller and the new group key are distributed with the old member using the old subgroup key. Then, the new group key, subgroup key, and attribute associated with the new group member are transmitted to the new member via a secure channel.

Claims (1)

The method of decentralized distribution of key information, namely, that a secure communication channel is established in networks with a dynamic group of network participants, using certain actions, the method differs in that the group members are divided into subgroups, and each subgroup is controlled by the controller (manager) of the subgroup ( KP), by determining the lifetime of a network packet, all keys are created by encryption based on the attributes of the encryption policy, and the "group creation" (SG) system distributes certificates among all members of the group, he is responsible for setting up group policies and choosing encryption parameters, if members change and a new key is to be generated in the subgroup, then the subgroup controller can generate a new group key and send this key to other KPs; when changing membership, key renewal operations are called To ensure direct and reverse secrecy, the unique public key verification infrastructure is used to authenticate all parties in the system; the root certification authority is the system of the “group creator”, providing direct and reverse secrecy using the main functions of the CP, using the key of the subgroup provides reverse secrecy, and the attributes are used to ensure direct secrecy, also direct secrecy in the proposed method is provided by the method of a flat table using attributes, of course, the number of attributes required by n participants is only 2logn, and the reverse secrecy is ensured by updating the subgroup key and group key.

Images