Distributed Key Management Research Articles

A New Scheme of Key Management in Trusted Mobile Internet

Nowadays, the mobile Internet brings along a lot of positive changes to our life, and at the same time it does lead to a lot of security concerns such as indiscriminate garbage information, stealing privacy information of threats to Internet security cases and so on. In order to better solve the security and privacy problems, we introduce the trusted computing into the current key management of the mobile internet. An effective distributed key management is presented in this paper, which is based on several technologies, such as TPM, RSA, (t, n) threshold cryptographic method, verifiable secret sharing and so on. Through security analyses, we can see that the proposed method gains several security attributions.

An efficient distributed key management scheme for group‐signature based anonymous authentication in VANET

ABSTRACTGroup signature is one of the well‐known cryptographic primitives for anonymous authentication which is the fundamental requirement for securing vehicular ad hoc networks (VANETs), but it is prone to cause huge revocation overhead in VANETs with millions of nodes and serious security risk. To solve this problem, we develop an efficient distributed key management scheme (DKM) where the whole domain of VANET is divided into several sub‐regions, and any vehicle has to update its group secret key periodically from the regional group manager who manages the region where the vehicle stays. Unlike the previously reported works, DKM prevents vehicles from leaking the value of the updated group secret key to the regional group manager during the group key updating process. Subsequently, it is capable of identifying either the compromised regional authorities or the malicious vehicles. Moreover, performance analysis demonstrates that DKM can reduce the revocation cost significantly while the communication cost for key updating is small. Copyright © 2011 John Wiley & Sons, Ltd.

A Distributed Key Management Framework with Cooperative Message Authentication in VANETs

In this paper, we propose a distributed key management framework based on group signature to provision privacy in vehicular ad hoc networks (VANETs). Distributed key management is expected to facilitate the revocation of malicious vehicles, maintenance of the system, and heterogeneous security policies, compared with the centralized key management assumed by the existing group signature schemes. In our framework, each road side unit (RSU) acts as the key distributor for the group, where a new issue incurred is that the semi-trust RSUs may be compromised. Thus, we develop security protocols for the scheme which are able to detect compromised RSUs and their colluding malicious vehicles. Moreover, we address the issue of large computation overhead due to the group signature implementation. A practical cooperative message authentication protocol is thus proposed to alleviate the verification burden, where each vehicle just needs to verify a small amount of messages. Details of possible attacks and the corresponding solutions are discussed. We further develop a medium access control (MAC) layer analytical model and carry out NS2 simulations to examine the key distribution delay and missed detection ratio of malicious messages, with the proposed key management framework being implemented over 802.11 based VANETs.

A Mobile Ad Hoc Network Public Key Encryption Algorithm Based on Hash-Chain

In this algorithm, we can choose different public key encryption algorithm, elliptic curve algorithm, different hash algorithm, such as MD5, SHA-1. Based on the public key management algorithm to Hash-chain mobile AD hoc network not only the solution to the problem of public key distribution management, also can be as a addible safety equipment connected in the current network terminal used in network environment is the need for security.

Research on Identity-based Distributed Key Management in Space Network

摘要: 为解决在空间网络中实施集中式密钥管理困难以及维护公钥证书开销过大等问题，论文设计了一种基于身份的分布式密钥管理方案。结合空间网络特点，给出了分布式私钥生成中心的构建方法。并利用Boneh和Franklin提出的基于身份的公钥加密体制，设计了私钥更新、主密钥分量更新和会话密钥协商等策略。分析和仿真验证，该方案能满足安全要求，具有较好的扩展性。 关键词: 空间网络; 基于身份的密码体制; 门限机制; 密钥管理

Council-based Distributed Key Management Scheme for MANETs

Mobile ad hoc networks (MANETs) have been proposed as an extremely flexible technology for establishing wireless communications. In comparison with fixed networks, some new security issues have arisen with the introduction of MANETs. Secure routing, in particular, is an important and complicated issue. Clustering is commonly used in order to limit the amount of secure routing information. In this work, we propose an enhanced solution for ad hoc key management based on a cauterized architecture. This solution uses clusters as a framework to manage cryptographic keys in a distributed way. This paper sheds light on the key management algorithm for the OLSR protocol standard. Our algorithm takes into account the node mobility and engenders major improvements regarding the number of elected cluster heads to create a PKI council. Our objective is to distribute the certification authority functions for a reduced and less mobile cluster heads that will serve for keys exchange.

Two Distributive Key Management Schemes In Mobile Ad Hoc Networks

Abstract Today’s ever smaller computing systems are increasingly spreading in our ubiquitous environrnent. Being available ubiquitously in the devices and appliances that we use everyday and everywhere, these embedded computing systems are accessible to mobile users via hand-held devices connected over wireless networks. A mobile ad hoc network (MANET) is one of the important wireless networks. In a MANET a reliable key management system is required to generate and distribute symmetric encryption/ decryption keys. The key management schemes proposed in MANETs so far have used trusted third parties (TTP) which have limitations because of the mobility of nodes. A Distributed Key Pre-distribution Scheme was proposed based on a probabilistic method without relying on any TTP but with results identical to TTP-based schemes. The scheme utilized cover-free family (CFF) properties. However, the precondition of the probabilistic method was claimed to be falsely deduced. In this paper, we propose two distributive k...

A Fully Distributed Proactively Secure Threshold-Multisignature Scheme

Threshold-multisignature schemes combine the properties of threshold group-oriented signature schemes and multisignature schemes to yield a signature scheme that allows a threshold (t) or more group members to collaboratively sign an arbitrary message. In contrast to threshold group signatures, the individual signers do not remain anonymous, but are publicly identifiable from the information contained in the valid threshold-multisignature. The main objective of this paper is to propose such a secure and efficient threshold-multisignature scheme. The paper uniquely defines the fundamental properties of threshold-multisignature schemes and shows that the proposed scheme satisfies these properties and eliminates the latest attacks to which other similar schemes are subject. The efficiency of the proposed scheme is analyzed and shown to be superior to its counterparts. The paper also proposes a discrete logarithm based distributed-key management infrastructure (DKMI), which consists of a round optimal, publicly verifiable, distributed-key generation (DKG) protocol and a one round, publicly verifiable, distributed-key redistribution/ updating (DKRU) protocol. The round optimal DKRU protocol solves a major problem with existing secret redistribution/updating schemes by giving group members a mechanism to identify malicious or faulty share holders in the first round, thus avoiding multiple protocol executions

DKMS: distributed hierarchical access control for multimedia networks

Hierarchical access control for group communication provides access control which can assure that group members can subscribe different data streams or possibly multiples of them in a multimedia network. In this paper, to efficiently and effectively achieve this goal, we propose a Distributed Key Management Scheme (DKMS) whereby each Service Group (SG) maintains a SG server and give detailed analysis. In the proposed scheme, the server for a SG is utilised to manage the key tree and provide the related session keys for all the users in this SG. Detailed analysis is provided and we show that the communication overhead can be greatly reduced by O(n0 logd n0), where n0 is the number of users in a SG, compared with employing an integrated key graph to the hierarchical access control problem. At the same time, the storage overhead for all users can be reduced by O(N), where N is the total number of users.

On the performance of group key agreement protocols

Group key agreement is a fundamental building block for secure peer group communication systems. Several group key management techniques were proposed in the last decade, all assuming the existence of an underlying group communication infrastructure to provide reliable and ordered message delivery as well as group membership information. Despite analysis, implementation, and deployment of some of these techniques, the actual costs associated with group key management have been poorly understood so far. This resulted in an undesirable tendency: on the one hand, adopting suboptimal security for reliable group communication, while, on the other hand, constructing excessively costly group key management protocols.This paper presents a thorough performance evaluation of five notable distributed key management techniques (for collaborative peer groups) integrated with a reliable group communication system. An in-depth comparison and analysis of the five techniques is presented based on experimental results obtained in actual local- and wide-area networks. The extensive performance measurement experiments conducted for all methods offer insights into their scalability and practicality. Furthermore, our analysis of the experimental results highlights several observations that are not obvious from the theoretical analysis.

On key distribution management for conditional access system on pay-TV system

A conditional access system (CAS) is essential in a pay-TV system to charge the subscriber the subscription fee, and key management is also important. Various levels of key hierarchy for a CAS are discussed and two methods of grouping the subscribers to reduce the complexity of key distributions are presented. Based on the proposed two grouping methods we proposed a simple and a complete scheme with four-levels of key hierarchy for the key distribution management CAS of the pay-TV system. We also analyze the performance of the proposed complete scheme. It is shown that our system is efficient and suitable for a pay-TV system which provides both pay per channel (PPC) and pay per view (PPV) services. Besides, the proposed complete scheme is also a flexible one for dynamic management. Finally, it should be noted that, though our discussion are focused on pay-TV only, our schemes are also suitable for a digital broadcasting system (DBS).