Qi Cheng,Zhuo Zhao,Chingfang Hsu,Maoyuan Zhang,Qing Yang,Di Wu

DOI: https://doi.org/10.1155/2021/7703466

IF: 1.43

2021-01-01

Mathematical Problems in Engineering

Abstract:Although nowadays lots of group key agreement schemes have been presented, most of these protocols generate a secret key for a single group. However, in the IoT HCS, more and more communications are involved in multiple groups and users can join multiple groups to communicate at the same time. Therefore, applying the conventional public-key-based one-at-a-time group key establishment protocols has heavy computational cost or suffer from security vulnerabilities. At the same time, in an IoT HCS, a trusted KGC is usually not available and so more flexible self-organized multigroup keys generation will be desired by all group members. In order to address this issue, a practical scheme for efficient and flexible KGC-free polynomial-based multigroup key establishments for IoT HCS is proposed. The proposed protocol can generate multiple group keys for all group members at once, instead of generating one key each time for a single group; more importantly, there is no need for a trusted KGC in the process of group keys establishment and each user can join multiple groups at the same time using only one reserved share. Meanwhile, the security of the proposed protocol is discussed in detail. Finally, we compare this protocol with the latest related group key distribution protocols in performance analysis. The results show that this efficient and flexible KGC-free polynomial-based multiple group keys establishment protocol is more suitable for practical group key agreement in IoT HCS.

Jiqiang Liu,Sheng Zhong

2009-01-01

Abstract:In a complex information system, users and data are usually organized in a hierarchy structure for access control. Users in superior classes should be allowed to derive the secret keys belonging to subordinate classes. In this Paper, We propose a new time bound hierarchy key assignment scheme to achieve this goal. Compared with the existing similar schemes, our scheme is more secure and needs less computational time. Furthermore, our scheme does not need tamper-resistant device, Which makes our scheme much more practical.

Massimo Cafaro,Roberto Civino,Barbara Masucci

DOI: https://doi.org/10.1109/tdsc.2014.2355841

2015-07-01

IEEE Transactions on Dependable and Secure Computing

Abstract:The access control problem in a hierarchy can be solved by using a hierarchical key assignment scheme, where each class is assigned an encryption key and some private information. A formal security analysis for hierarchical key assignment schemes has been traditionally considered in two different settings, i.e., the unconditionally secure and the computationally secure setting, and with respect to two different notions: security against key recovery (KR-security) and security with respect to key indistinguishability (KI-security), with the latter notion being cryptographically stronger. Recently, Freire, Paterson and Poettering proposed strong key indistinguishability (SKI-security) as a new security notion in the computationally secure setting, arguing that SKI-security is strictly stronger than KI-security in such a setting. In this paper we consider tthehe unconditionally secure setting for hierarchical key assignment schemes. In such a setting the security of the schemes is not based on specific unproven computational assumptions, i.e., it relies on the theoretical impossibility of breaking them, despite the computational power of an adversary coalition. We prove that, in this setting, SKI-security is not stronger than KI-security, i.e., the two notions are fully equivalent from an information-theoretic point of view.

computer science, information systems, software engineering, hardware & architecture

Hao Chen

DOI: https://doi.org/10.48550/arXiv.1007.3046

2010-07-19

Abstract:Key establishment is the basic necessary tool in the network security, by which pairs in the network can establish shared keys for protecting their pairwise communications. There have been some key agreement or predistribution schemes with the property that the key can be established without the interaction (\cite{Blom84,BSHKY92,S97}). Recently the hierarchical cryptography and the key management for hierarchical networks have been active topics(see \cite{BBG05,GHKRRW08,GS02,HNZI02,HL02,Matt04}. ). Key agreement schemes for hierarchical networks were presented in \cite{Matt04,GHKRRW08} which is based on the Blom key predistribution scheme(Blom KPS, [1]) and pairing. In this paper we introduce generalized Blom-Blundo et al key predistribution schemes. These generalized Blom-Blundo et al key predistribution schemes have the same security functionality as the Blom-Blundo et al KPS. However different and random these KPSs can be used for various parts of the networks for enhancing the resilience. We also presentkey predistribution schemes from a family hyperelliptic curves. These key predistribution schemes from different random curves can be used for various parts of hierarchical networks. Then the non-interactive, identity-based and dynamic key predistributon scheme based on this generalized Blom-Blundo et al KPSs and hyperelliptic curve KPSs for hierarchical networks with the following properties are constructed. 1)$O(A_KU)$ storage at each node in the network where $U$ is the expansion number and $A_K$ is the number of nodes at the $K$-th level of the hierarchical network; 2)Strongly resilience to the compromising of arbitrary many leaf and internal nodes; 3)Information theoretical security without random oracle.

Cryptography and Security

Bing-Zhe He,Chien-Ming Chen,Tsu-Yang Wu,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/569397

IF: 1.43

2014-01-01

Mathematical Problems in Engineering

Abstract:The time-bound hierarchical key assignment scheme provides a cryptographic solution for the access control problem in distributed systems (e.g., Pay-TV and cloud computing applications). Most time-bound hierarchical key assignment schemes can be divided into two types: adopting tamper-resistant devices and utilizing public values. Despite the fact that adopting tamper-resistant devices can easily resist to collusion attacks, utilizing public values is much cheaper and more suitable for cloud environment. In this paper, we proposed a new time-bound hierarchical key assignment scheme, which can effectively defeat the collusion attack. Besides, the proposed scheme utilizes public values instead of tamper-resistant devices, which will restrict user's convenience. Compared with the previous works, our scheme requires fewer public values and has better performance.

Fan Min,Yuan Chun,Zhang Yan

DOI: https://doi.org/10.1109/ICICISYS.2010.5658787

2010-01-01

Abstract:This paper proposes a novel scheme to efficiently manage multi-keys used for layered access control of H.264/scalable video coding. The approach is to transform this problem into hierarchical encryption, by accomplishing with cryptographic hash function and two-dimensional key derivation. The efficiency of the proposed scheme is summarized in the following three points. 1) It is secure to prevent various types of attackers. 2) It is flexible to update keys for adding/deleting a layer or a user. 3) It costs little storage for both key server and users to keep keys. ©2010 IEEE.

韩心慧,龙勤,司端锋,诸葛建伟,叶志远

DOI: https://doi.org/10.3321/j.issn:0479-8023.2008.04.006

2008-01-01

Abstract:A formal definition and analysis on the hierarchical key management is presented for permission management and access control problem in the role hierarchy.Based on one-way hash function,a practical hierarchical key management scheme is proposed.This scheme allows the role to select its master key by itself,and constructs the hierarchical permission relationship with secure hash function and public parameters.The process of key generation and derivation is simple and effective in this proposed scheme,which satisfies the security requirement of the hierarchical permission management.Compared with other present schemes,the new scheme optimizes the efficiency of key derivation and storage overhead.The dynamic access control of hierarchical role can be adapted in this new scheme.

王松,俞能海,郝卓

DOI: https://doi.org/10.3969/j.issn.1009-3443.2009.03.005

2009-01-01

Abstract:To reduce the processing delay for sub-key distribution and prevent attack from the compromised users and the leaking of the sub-keys to new users,based on the characteristics of ad hoc space network,a novel scheme DPSKC for key management in ad hoc space network was proposed.Based on elliptic curve cryptography,the parallel sub-key computing technology and packet transmission for distributed environment were designed.The former technology reduced the processing delay for sub-key distribution,and the latter prevented the attack from compromised users and the leaking of the sub-keys to new user.The new scheme is secure and performs well in the sub-key distribution delay,the computation and memory consumption.

Xin Sun,Jiajia Han,Bang Lv,Changhua Sun,Cheng Zeng

DOI: https://doi.org/10.1371/journal.pone.0312690

IF: 3.7

2024-10-31

PLoS ONE

Abstract:With the rise of the Internet of things, the limitations of traditional PKI certificate authentication technology have progressively emerged. Hence, identity-based public key algorithms have been proposed. In this paper, we propose a new approach to generate an identity key, named identity public key (IPK). IPK identity key generation protocol is based on SM2 elliptic curve cryptography and random matrix theory. It builds upon the concept of combined public key (CPK) and resolves the linear collusion issue of CPK as well as the authenticity verification problem of the declared public key of the simplified TF-CPK by enhancing the identity mapping approach. Another main aim of this paper is to prove the security of the IPK identity key generation protocol. Roughly speaking, we verify the security of each part of the private key and the security of the composite private key. We also increase the function and performance comparison with other schemes, such as IBC(SM9) and TF-CPK. Our scheme has the lowest computation cost, which demonstrates its rationality.

multidisciplinary sciences

Jiang Zhang,Xan-Guang Luo,Bin Li,Shi-Qiang Yang

DOI: https://doi.org/10.1109/icme.2006.262753

2006-01-01

Abstract:The increasing popularity of distributed and collaborative applications prompts the need for secure communication in collaborative groups. Some distributed collaborative key management protocols have been proposed to provide group communication privacy and data confidentiality for collaborative groups. However, most of them rekey on each member change, and the costs of group rekeying can be quite substantial for large groups with frequent membership changes. In this paper, we propose a scalable distributed key management scheme using a distributed one-way function tree named SIKAS which can significantly reduce the computation and communication costs of maintaining the group key based upon period-based group rekeying. A comparison with previous work has shown that SIKAS provides scalability and rekeying efficiency while preserving both distributed and collaborative properties.

Wang Lei,Junyi Li,J. M. Yang,Yaping Lin,Jiaguang Sun

DOI: https://doi.org/10.1007/11610496_24

2009-01-01

International Journal of Communications Network and System Sciences

Abstract:Security schemes of pairwise key establishment, which enable sensors to communicate with each other securely, play a fundamental role in research on security issue in wireless sensor networks. A general framework for key predistribution is presented, based on the idea of Key Distribution Center and polynomial pool schemes. By utilizing nice properties of Hierarchical Hypercube model, a new security mechanism for key predistribution based on such model is also proposed. Theoretic analysis and experimental figures show that the new algorithm has better performance and provides higher possibilities for sensors to establish pairwise key, compared with previous related works.

Yanli Ren,Shuozhong Wang,Xinpeng Zhang

DOI: https://doi.org/10.6138/jit.2011.12.4.13

2011-01-01

Abstract:The problem of key-exposure is an important issue in modern society due to the growing use of mobile devices. Weng et al. proposed an identity-based parallel key-insulated encryption (IBPKIE) scheme to solve the key-exposure problem in an identity-based cryptosystem. The scheme has long public parameters and a loose security reduction. Ren et al. presented a new IBPKIE scheme which had constant size public parameters and a tight reduction, and then extended it to a hierarchical IBPKIE (HIBPKIE) scheme. However, Wang et al. analyzed two schemes of Ren et al. and showed that they are not secure against chosen-plaintext attack. In this paper, we propose an improved IBPKIE scheme which achieves IND-ID-KI-CPA security without random oracles. Moreover, our scheme has short public parameters and a tight reduction. We then present an HIBPKIE scheme which achieves IND-sID-KI-CPA security without random oracles. In this scheme, the ciphertext size is independent of the level of the hierarchy in the HIBPKIE scheme.

Shiyu Shen,Feng He,Zhichuang Liang,Yang Wang,Yunlei Zhao

DOI: https://doi.org/10.48550/arXiv.2109.02893

2021-09-07

Abstract:In this work, we make \emph{systematic} optimizations of key encapsulation mechanisms (KEM) based on module learning-with-errors (MLWE), covering algorithmic design, fundamental operation of number-theoretic transform (NTT), approaches to expanding encapsulated key size, and optimized implementation coding. We focus on Kyber (now in the Round-3 finalist of NIST PQC standardization) and Aigis (a variant of Kyber proposed at PKC 2020). By careful analysis, we first observe that the algorithmic design of Kyber and Aigis can be optimized by the mechanism of asymmetric key consensus with noise (AKCN) proposed in \cite{JZ16,JZ19}. Specifically, the decryption process can be simplified with AKCN, leading to a both faster and less error-prone decryption process. Moreover, the AKCN-based optimized version has perfect compatibility with the deployment of Kyber/Aigis in reality, as they can run on the same parameters, the same public key, and the same encryption process. We make a systematic study of the variants of NTT proposed in recent years for extending its applicability scope, make concrete analysis of their exact computational complexity, and in particular show their equivalence. We then present a new variant named hybrid-NTT (H-NTT), combining the advantages of existing NTT methods, and derive its optimality in computational complexity. The H-NTT technique not only has larger applicability scope but also allows for modular and unified implementation codes of NTT operations even with varying module dimensions. We analyze and compare the different approaches to expand the size of key to be encapsulated (specifically, 512-bit key for dimension of 1024), and conclude with the most economic approach. To mitigate the compatibility issue in implementations we adopt the proposed H-NTT method.

Cryptography and Security

Cong Li,Qingni Shen,Zhikang Xie,Jisheng Dong,Xinyu Feng,Yuejian Fang,Zhonghai Wu

DOI: https://doi.org/10.1016/j.ins.2022.08.014

IF: 8.1

2022-01-01

Information Sciences

Abstract:Hierarchical-authority attribute-based encryption (HABE) can resolve the performance bottleneck of the key generation center in the traditional attribute-based encryption (ABE) system. HABE has numerous applications, such as cloud computing and smart grid systems. Nevertheless, almost all of the existing HABE schemes are in the ciphertext-policy setting and do not support non-monotonic access structures. In this work, we propose the first key-policy hierarchical-authority ABE with non-monotonic access structures, dubbed KP-HABE-NMaCS, which supports the authority key delegation, constant size ciphertexts and the large universe simultaneously. We further define the security model of KP-HABE-NMaCS and prove the selective security of it in the standard model. Then we optimize our scheme to realize the outsourced decryption. Subsequently, we present the detailed theoretical analysis of our constructions and the existing HABE constructions in computation and storage costs, and meanwhile implement ours and conduct a series of experiments. Both results indicate that our KP-HABE-NMaCS construction makes improvements in expressiveness and features, and achieves efficiency comparable to the previous HABE constructions. Furthermore, they also show that our extension construction is suitable for resource-limited applications. Eventually, we explore how to apply our KP-HABE-NMaCS to build an ABE with equality test and time-based authorization.

Chien-Ming Chen,Tsu-Yang Wu,Bing-Zhe He,Hung-Min Sun

DOI: https://doi.org/10.1109/cmcsn.2012.69

2012-01-01

Abstract:Time-bound hierarchical key management mechanisms are widely discussed in several environments and applications. Obviously, the collusion attacks are the serious problems in the time-bound hierarchical key management schemes. In the collusion attacks, two or more users assigned to some classes in distinct time periods collude to compute a key to which they are not entitled. Two kinds of countermeasures, such as adopting tamper-resistant devices and utilizing public parameters have been proposed to withstand the collusion attacks. In this paper, we proposed a new time-bound hierarchical key management scheme which can effectively defeat the collusion attacks without adopting a tamper-resistant device. Compared with the previous schemes, our design requires less public parameters.

Khushboo Jain,Akansha Singh

DOI: https://doi.org/10.1007/s11235-024-01182-x

2024-06-24

Telecommunication Systems

Abstract:Wireless sensor networks (WSNs) are widely acknowledged for their potential as a robust infrastructure for collecting, processing, and transmitting information. Rezaeipour & Barati proposed a hierarchical key management scheme that manages key creation, distribution, and maintenance to provide services like message confidentiality, integrity, and authenticity to wireless sensor networks. As per the assertions posited by the authors, their scheme purportedly exhibits resilience against a spectrum of potential threats. Nevertheless, upon subjecting their scheme to meticulous scrutiny, our analysis revealed vulnerabilities to manifold adversarial strategies, notably including man-in-the-middle attacks, replay attacks, impersonation attacks, and node capture attacks. This scheme fails to establish a secure session key agreement also. In response to these identified shortcomings, this research devised an "Improved Hierarchical Key Management" (IHKM) Scheme aimed at rectifying the deficiencies of Rezaeipour and Barati's scheme (RB scheme). This work proposed an enhanced key management scheme that utilizes a blend of symmetric and asymmetric key cryptography to enhance the security parameters of Hierarchical WSNs. A comprehensive security analysis of the proposed work shows that the IHKM scheme is secure against impersonation attacks, man-in-the-middle attacks, replay attacks node capture attacks, Denial-of-Service attacks, and base station bypassing attacks while establishing the mutual key agreement between the area managers and sensor nodes. Moreover, a comparative analysis of the IHKM scheme exhibits notable reductions in energy consumption (62.27% and 49.15%) and memory utilization (39.28%, 23.36%) when compared with the RB scheme and HISCOM schemes respectively. Simultaneously, IHKM contributes to the extension of the network's overall lifespan by 48.78% as compared to HISCOM scheme and 32.63% as compared to compared with the RB scheme, thereby enhancing the efficiency and longevity of the WSN infrastructure.

telecommunications

Jiang Zhang,Bin Li,Chunxiao Chen,Pin Tao,Shiqiang Yang

DOI: https://doi.org/10.1109/cesa.2006.4281826

2006-01-01

Abstract:The increasing popularity of distributed and collaborative applications prompts the need for secure communication in collaborative groups. Some distributed collaborative key management protocols have been proposed to provide group communication privacy and data confidentiality for collaborative groups. However, most of them rekey on each member change, and the costs of group rekeying can be quite substantial for large groups with frequent membership changes. In this paper, we propose a efficient distributed key agreement scheme using a distributed one-way function tree named EDKAS which can significantly reduce the computation and communication costs of maintaining the group key especially in a highly dynamical environment based upon period-based group rekeying. Performance of the period-based group rekeying algorithm is analyzed and evaluated under different settings. A comparison with previous work has shown that EDKAS provides high rekeying efficiency while preserving both distributed and collaborative properties.

H. Kato,K. Hamaya,Y. Kitamoto,T. Taniyama,H. Munekata

DOI: https://doi.org/10.1063/1.1844751

2004-10-01

Abstract:We report on the magnetic and magnetotransport properties of ferromagnetic semiconductor (Ga,Mn)As modified by Ga$^{+}$ ion irradiation using focused ion beam. A marked reduction in the conductivity and the Curie temperature is induced after the irradiation. Furthermore, an enhanced negative magnetoresistance (MR) and a change in the magnetization reversal process are also demonstrated at 4 K. Raman scattering spectra indicate a decrease in the concentration of hole carriers after the irradiation, and a possible origin of the change in the magnetic properties is discussed.

Materials Science

Xiaojiang Du,Yang Xiao,Song Ci,Mohsen Guizani,Hsiao-Hwa Chen

DOI: https://doi.org/10.1109/icc.2007.564

2007-01-01

Abstract:The many-to-one traffic pattern dominates in sensor networks, where a large number of sensor nodes send data to one sink. A sensor node may only communicate with a small portion of its neighbors. Most existing key management schemes for sensor networks are designed to establish shared keys for all pairs of neighbor sensors, no matter whether they communicate with each other or not, and this causes large overhead. To achieve better security and performance, we adopt a heterogeneous sensor network (HSN) model. In this paper, we propose a novel routing-driven key management scheme, which only establishes shared keys for neighbor sensors that may communicate with each other. Work has demonstrated the feasibility of implementing elliptic curve cryptography on small sensor nodes. We utilize elliptic curve cryptography to design an efficient key management scheme for HSN. The performance evaluation and security analysis show that our key management scheme can provide better security with significant saving on sensor storage space and energy consumption than some existing key management schemes.