群组密码的对等VPN系统及多播密钥分发协议
作者:
作者单位:

作者简介:

朱岩(1974-),男,博士,教授,博士生导师,CCF专业会员,主要研究领域为信息安全,密码学;王秋艳,女,主要研究领域为信息化技术,区块链与互联网;尹昊(1993-),男,硕士,主要研究领域为信息安全,密码学.

通讯作者:

朱岩,E-mail:zhuyan@ustb.edu.cn

中图分类号:

TP311

基金项目:

国家重点研发计划(2018YFB1402702);国家自然科学基金(61972032);NSFC-通用技术基础研究联合基金(U1636104);NFSC海外及港澳学者合作研究基金(61628201)


Group VPN System and Multicast Key Distribution Protocol Based on Group-oriented Cryptography
Author:
Affiliation:

Fund Project:

National Key Technologies R&D Programs of China (2018YFB1402702); National Natural Science Foundation of China (61972032); NSFC-Genertec Joint Fund For Basic Research(U1636104); NFSC-Joint Research Fund for Overseas Chinese Scholars and Scholars in Hong Kong and Macao(61628201)

  • 摘要
  • |
  • 图/表
  • |
  • 访问统计
  • |
  • 参考文献
  • |
  • 相似文献
  • |
  • 引证文献
  • |
  • 资源附件
  • |
  • 文章评论
    摘要:

    互联网经济的发展,使得企业在大范围内建立连接各种分支机构网络的需求日益强烈,原有采用集中式网关模式的VPN逐渐转向采用对等技术的VPN系统.现有采用两方密钥交换方法的对等VPN技术更适用于两两通信,而在多节点通信中,由于隧道密钥相互独立,不同隧道加密的累计延迟将增加消息同步接收的困难.针对这一问题,提出一种被称为GroupVPN的对等VPN框架,通过设计具有非中心化、高扩展性的多播密钥分发协议,提高对等VPN中的多播通信效率.该框架在安全隧道层的基础上新增了便于动态群组管理、高效密钥分发的群组管理层,结合公钥群组密码下的广播加密方案,实现具有选择和排除模式的高效密钥分发,保证协议在SDH假设下满足数据私密性、数据完整性、身份真实性这3方面安全性要求.实验分析结果表明:该协议的通信耗时和密钥存储开销与群组规模无关,可将通信延迟限制在会话密钥共享阶段,提高系统性能.

    Abstract:

    The rapid growth of the Internet economy has already led to increasing demand for enterprises in establishing network connections with multiple branches in large scale, even global scale. The original VPNs constructed on centralized gateway mode are gradually turning to the VPN system using peer-to-peer technology. The existing peer-to-peer VPN technology built on the two-party key exchange method is more suitable for pairwise communication. However, considering that the tunnel keys are mutually independent in a multi-node communication, the cumulative computation delays of encryption under different tunnels will raise the difficulty in synchronous message-passing. Aiming at this problem, in this study, a peer-to-peer VPN framework called GroupVPN is proposed, which improves the efficiency of multicast communication by designing a non-centralized and highly scalable multicast key distribution protocol. The proposed framework adds a group management layer over the security tunnel layer in order to facilitate dynamic group management and efficient key distribution. This new protocol is applicable for realizing the efficient key distribution for arbitrary group in two mechanisms:designation and revocation by combining broadcast encryption (BE) under public-key group-oriented cryptography infrastructure. In addition, security analysis indicates that this protocol could meet the security requirements of data privacy, data integrity, and identities' authenticity under the strong Deffie-Hellman (SDH) assumption. Experimental analysis also shows that the communication and key-storage overheads of this protocol are actually independent of group size, and the communication delay is more limited by the phase of session key distribution for improving the performance.

    参考文献
    相似文献
    引证文献
引用本文

朱岩,尹昊,王秋艳.群组密码的对等VPN系统及多播密钥分发协议.软件学报,2019,30(9):2815-2829

复制
分享
文章指标
  • 点击次数:
  • 下载次数:
  • HTML阅读次数:
  • 引用次数:
历史
  • 收稿日期:2018-01-05
  • 最后修改日期:2018-03-26
  • 录用日期:
  • 在线发布日期: 2019-09-06
  • 出版日期:
您是第位访问者
版权所有:中国科学院软件研究所 京ICP备05046678号-3
地址:北京市海淀区中关村南四街4号,邮政编码:100190
电话:010-62562563 传真:010-62562533 Email:jos@iscas.ac.cn
技术支持:北京勤云科技发展有限公司

京公网安备 11040202500063号