高级检索
    张启坤, 王锐芳, 谭毓安. 基于身份的可认证非对称群组密钥协商协议[J]. 计算机研究与发展, 2014, 51(8): 1727-1738. DOI: 10.7544/issn1000-1239.2014.20121165
    引用本文: 张启坤, 王锐芳, 谭毓安. 基于身份的可认证非对称群组密钥协商协议[J]. 计算机研究与发展, 2014, 51(8): 1727-1738. DOI: 10.7544/issn1000-1239.2014.20121165
    Zhang Qikun, Wang Ruifang, Tan Yu'an. Identity-Based Authenticated Asymmetric Group Key Agreement[J]. Journal of Computer Research and Development, 2014, 51(8): 1727-1738. DOI: 10.7544/issn1000-1239.2014.20121165
    Citation: Zhang Qikun, Wang Ruifang, Tan Yu'an. Identity-Based Authenticated Asymmetric Group Key Agreement[J]. Journal of Computer Research and Development, 2014, 51(8): 1727-1738. DOI: 10.7544/issn1000-1239.2014.20121165

    基于身份的可认证非对称群组密钥协商协议

    Identity-Based Authenticated Asymmetric Group Key Agreement

    • 摘要: 非对称群组密钥协商协议(asymmetric group key agreement, AGKA)能使群组内部成员安全地传递信息.随着大规模分布式网络协同计算的发展,参加安全协同计算的成员可能来自于不同领域、不同时区、不同云端及不同类型的网络.现有的AGKA不能满足来自于跨域及异构网络之间群组成员的安全信息交换,且安全性仅局限于抗被动攻击.提出一种基于身份的可认证非对称群组密钥协商协议(identity-based authenticated asymmetric group key agreement, IB-AAGKA),该协议实现一轮非对称群组密钥协商,解决群组成员因时区差异而不能保持多轮在线密钥协商的问题;可实现匿名性与可认证性;支持节点的动态群组密钥更新,实现了群组密钥向前保密与向后保密安全性.在decisional bilinear Diffie-Hellman(DBDH)困难假设下,证明了协议的安全性,并分析了协议的性能.

       

      Abstract: The asymmetric group key agreement (AGKA) protocol enables external users to securely send messages to group members. With the development of large-scale collaborative computing in distributed network, the members who participate in collaborative computing may come from different domains, different time zones and different cloud ends networks. Existing AGKA can not meet the security of information exchange among group members that come from cross-domain or heterogeneous network, and it is only secure against passive attacks which are too weak to capture the attacks in the real world. In this paper, we formalize an active security model for identity-based authentication asymmetric group key agreement (IB-AAGKA) protocol. Our protocol achieves an asymmetric group key agreement only one round, to resolve the problem that is hard to find a trusted party to serve as a dealer in a regular broadcast scheme, and is inconvenient to require all the parties in differences time zones to stay online concurrently to implement a (two-round or multi-round) regular GKA protocol. Our protocol can also achieve anonymous authentication. It supports the dynamic group key update of nodes for forward secrecy and backward secrecy of group key. Our protocol is proven secure under the decisional bilinear Diffie-Hellman (DBDH) problem assumption, and the performance analysis show that the proposed scheme is highly efficient.

       

    /

    返回文章
    返回