中国科学院软件研究所机构知识库
Advanced  
ISCAS OpenIR  > 信息安全国家重点实验室  > 学位论文
题名:
群组密钥协商协议的设计与分析
作者: 滕济凯
答辩日期: 2011-11-21
导师: 武传坤
专业: 信息安全
授予单位: 中国科学院研究生院
授予地点: 北京
学位: 博士
关键词: 群组密钥协商 ; 可证明安全 ; 前向安全性 ; KCI 可靠性
摘要:
随着计算机技术, 通信技术和网络技术的迅猛发展,在现实生活中出现了越来越多的像远程会议, 分布式计算和视频点播等分布式, 协同式和交互式应用系统. 在这些群组应用环境中, 保证通信安全是非常重要的,因为群组成员需要在公共的不安全的网络上相互通信. 为了保障通信安全,需要在群组成员之间建立一个共享的会话密钥用来在他们之间建立一个安全信道。
有两种机制可为群组成员提供共享的会话密钥:群组密钥分发和群组密钥协商. 在群组密钥分发中,有一个用户为整个群组选择共享的会话密钥然后把它安全的传送给群组中的其它用户。
但在群组密钥协商中, 会话密钥从群组中所有用户选择的秘密值中产生。群组密钥协商和群组密钥分发之间的一个重要的不同点是在群组密钥协商中,群组的任何成员不能代表整个群组来选择会话密钥。这样就不存在单点失效的问题, 因为它不需要中心密钥服务器。另外,它可以防止一些恶意用户在协议执行过程中试图去影响会话密钥的选择。因此, 更加提倡使用群组密钥协商机制来建立安全通道。
本文主要研究了可证明安全的群组密钥协商协议的设计及其安全性分析所依赖的安全模型。
在已有协议的基础上, 提出了效率更高安全性更强的群组密钥协商协议。群组通信的复杂度主要由通信的轮数和通信中传送消息的多少来决定。在一个多轮的协议中, 每个用户需要收到其它所有用户的消息后才能发送下一轮的消息,即使效率低的用户非常少也会影响到整个协议的效率。因此,我们尽可能去减少通信轮数。安全模型是用来刻画敌手能力的,是对协议进行安全性分析的基础。因此,应该选择能够反应现实环境的安全模型。
本文的工作主要包括如下几个方面:
提出了一个轮复杂度最优的基于身份的动态认证群组密钥协商协议. 该协议与已有协议相比的优势是当在建立算法和加入算法中只需要一轮通信就可以完成。当有用户退出时, 用户之间不需要发送任何消息就可以实现对会话密钥的更新, 提高了协议的可行性。协议的 AKE-安全性在 DBDH 假设下得到证明. 当群组用户变化时, 加入用户不能计算出以前的会话密钥, 退出用户不能计算出以后的会话密钥。
到目前为止, 对无证书的群组密钥协商协议的安全性分析都有局限性, 因为没有为无证书的群组密钥协商协议建立安全模型。我们首次为基于无证书公钥密码体制的群组密钥协商方案建立了安全模型用来分析协议的安全性。还提出了一个常数轮的基于无证书公钥密码系统的群组密钥协商方案, 并且在提出的安全模型下证明了该方案的安全性。该协议没有使用签名就达到了互认证的目的,从而提高了协议的可用性。
    
 定义了包含部分前向安全性和外部 KCI可靠性的 AKE- 安全性, 而且提出了一个在允许被腐化的用户个数达到n-2 个的条件下, 仍然具有KCI可靠性的一轮群组密钥协商协议。另外,还证明了不存在能抵抗内部 KCI 攻击的一轮群组密钥协商协议。
提出了在EGBN安全模型(在该模型下允许敌手做临时私钥查询)下可证明安全的群组密钥协商协议。该协议和已有协议相比的优势是该协议没有使用NAXOS技术,从而具有了更强的安全保障,因为NAXOS技术不能抵抗侧信道攻击。 该协议没有使用签名方案去实现互认证性, 从而提高了协议的效率。
英文摘要:
With the rapid development of computer technology, communication and network technology, more and more distributed, collaborative and interactive application systems such as conference call, distributed computation and video on demand appear in many real-life applications. In these group-oriented applications, it is of great importance to make group communications secure because group participants communicate with each other over an insecure public network. In order to guarantee the security of group communications, a shared secret session key is required to establish a secure channel among group members. There are two types of mechanisms to provide group members with a shared session key: group key distribution and group key agreement. In a group keydistribution protocol, one party creates a shared session key on behalf of the group members and secretly transfers it to others, while in a group key agreement protocol, a group session key is derived from the contributions of all users. An important difference to group key distribution protocols is that group key agreement protocols do not allow any party to choose the group session key on behalf of the whole group and thus it overcomes the difficulties of single point failure since no central key server is required In addition, it can prevent malicious members from influencing the value of group session key during the protocol execution.

This thesis mainly focuses on the design of group key agreement and the research of security model in which the security of group key agreement protocols is analyzed. Based on previous protocols, more efficient group key agreement protocols with stronger security guarantee are proposed. The communication cost consists of the number of communication rounds and the size of transmitted messages. In a protocol with multiple rounds, each user will have to wait for the messages from all other users before sending out his own messages in the next round, which may degrade the efficiency of the entire protocol even if the number of slow members is small. Therefore, it is desirable to minimize the number of communication rounds. Security models capture the capability of the adversary, which is the basis of security analysis of protocols. Therefore, the model which can reflect the environment in reality should be adopted.

The work in this thesis includes the following aspects:

An ID-based dynamic authenticated group key agreement protocol with optimal round is proposed. The advantage of the proposed protocol over previous ones is that it needs only one round of communication in Setup algorithm and Join algorithm. Furthermore, no message is required to be transmitted to refresh group session key when some members leave the group, which makes the protocol more practical. Its AKE-security is proved under DBDH assumption. When membership changes, previous session keys are protected from joining members and subsequent session keys are protected from leaving members.
Up to now, security analysis of certificateless group key agreement protocols is limited due to the lack of security model for certficatelsess group key agreement protocol. A formal security model for certificateless group key agreement protocol is firstly proposed to analyze its security. A constant-round group key agreement protocol under the employment of certificatless public key cryptosystem is proposed and its security is formally proved in the proposed security model. It achieves mutual authentication without applying signature scheme, which makes the protocol more practical.
AKE-security with partial forward security and key compromise impersonation resilience (KCIR) is formally defined. A group key agreement protocol which is proved to achieve AKE-security with outside KCIR allowing up to $n-2$ corruptions is proposed. In addition, it is proved that there does not exist one round group key agreement protocol resistant to inside KCI attack
 A group key agreement protocol which is proved secure in EGBN model (the adversary is allowed to reveal ephemeral secret key) is proposed. The advantage of the proposed protocol is that it does not adopt NAXOS technique and thus it provides stronger security guarantee since NAXOS technique does not resist side channel attack. No signature is involved to achieve mutual authentication, which improves the efficiency of the protocol.
语种: 中文
内容类型: 学位论文
URI标识: http://ir.iscas.ac.cn/handle/311060/14402
Appears in Collections:信息安全国家重点实验室_学位论文

Files in This Item:
File Name/ File Size Content Type Version Access License
thesis.pdf(739KB)----限制开放 联系获取全文

Recommended Citation:
滕济凯. 群组密钥协商协议的设计与分析[D]. 北京. 中国科学院研究生院. 2011-11-21.
Service
Recommend this item
Sava as my favorate item
Show this item's statistics
Export Endnote File
Google Scholar
Similar articles in Google Scholar
[滕济凯]'s Articles
CSDL cross search
Similar articles in CSDL Cross Search
[滕济凯]‘s Articles
Related Copyright Policies
Null
Social Bookmarking
Add to CiteULike Add to Connotea Add to Del.icio.us Add to Digg Add to Reddit
所有评论 (0)
暂无评论
 
评注功能仅针对注册用户开放,请您登录
您对该条目有什么异议,请填写以下表单,管理员会尽快联系您。
内 容:
Email:  *
单位:
验证码:   刷新
您在IR的使用过程中有什么好的想法或者建议可以反馈给我们。
标 题:
 *
内 容:
Email:  *
验证码:   刷新

Items in IR are protected by copyright, with all rights reserved, unless otherwise indicated.

 

 

Valid XHTML 1.0!
Copyright © 2007-2017  中国科学院软件研究所 - Feedback
Powered by CSpace