工程科学与技术2017,Vol.49Issue(5):85-92,8.DOI:10.15961/j.jsuese.201600615
基于密钥超图和身份密码的多域光网络密钥管理方案
A Key Management Scheme Based on Key Hypergraph and Identity-based Cryptography in Multi-domain Optical Networks
摘要
Abstract
In view of the characteristics of multi-domain optical networks under hierarchical PCE architecture,a novel key management scheme (referred to as KMS-KI) based on key hypergraph and identity-based cryptography was proposed in this paper.Differing from the classic decentralized key managements based on logic key tree,the key relationship of multi-domain optical networks was firstly modeled into key hypergraph with two layers,namely the vertices represented by points and the key relation at all levels described with hyperedge.In this way,the key layered relation of network can be better reflected in the model of key hypergraph.And then,the master keys,the public keys and private keys,the session keys,the layer group keys and the inter-domain keys were generated respectively and dynamically managed by using hierarchical identity-based cryptography and improved private key generation strategies.By the way,the security protection of private keys and the problem of single point's failure of private key generation center were better solved.Meanwhile,by fusing the idea of member characteristic value,when the members join or leave the group,the remaining group members automatically used the key value of the pPCE or cPCE to calculate and update the group key.So,the risk that the new group key was uncovered by adversary was greatly reduced.The analytical results showed that,KMS-KI scheme has the forward and backward security,confidentiality of private keys and the ability of resisting collusive attack.Meanwhile,it not only supported hierarchical identity-based cryptography,but also had achieved better comprehensive performance than typical decentralized schemes in terms of numbers of the key storage,numbers of cPCE communication,encryption and decryption times.关键词
多域光网络/密钥管理/密钥超图/身份密码Key words
multi-domain optical networks/key management/key hypergraph/identity-based cryptography分类
信息技术与安全科学引用本文复制引用
吴启武,文闻..基于密钥超图和身份密码的多域光网络密钥管理方案[J].工程科学与技术,2017,49(5):85-92,8.基金项目
国家自然科学基金资助项目(61402529 ()
61402147 ()
61402531) ()
陕西省自然科学基金研究计划资助项目(2015JQ6266) (2015JQ6266)
