基于M-IBE的异构传感网密钥管理协议  被引量：1

作　　者：马春光[1,2,3] 王九如[1] 武朋[1] 张华[2] 

机构地区：[1]哈尔滨工程大学计算机科学与技术学院,哈尔滨150001 [2]网络与交换技术国家重点实验室(北京邮电大学),北京100876 [3]哈尔滨工程大学国家保密学院,哈尔滨150001

出　　处：《计算机研究与发展》2013年第10期2109-2116,共8页Journal of Computer Research and Development

基　　金：国家自然科学基金项目(61073042;61170241);博士后科研人员落户黑龙江科研启动资助金项目(LBH-Q10141);网络与交换技术国家重点实验室(北京邮电大学)开放课题基金项目(SKLNST-2009-1-10);黑龙江省教育厅科学技术研究项目(12513049);黑龙江省自然科学基金项目(F201229)

摘　　要：为解决异构传感网(heterogeneous sensor networks,HSN)因功能异构而导致的组内通信和组间通信安全问题,研究了公钥密码体制尤其身份基密码体制(identity-based encryption,IBE)在异构传感网中的应用,提出了基于多域身份基加密(multi-domain identity-based encryption,M-IBE)的异构传感网密钥管理协议.从逻辑上把HSN中的一个组类比于M-IBE的一个域.部署前由可信第三方为HSN生成全局公共参数、选取各组公私钥、抽取组内各节点私钥;部署后同组内邻居节点通过交换身份标识建立共享密钥;不同组内邻居节点在获得簇头授权后协商建立共享密钥.协议由密钥预分配、组内共享密钥建立、组间共享密钥协商、新节点加入、节点移除5部分组成.实验分析表明:该协议具有较高的安全性,可以抵抗高端节点和低端节点俘获攻击,较低的存储需求和恒定的连通概率适用于安全需求较高的应用场景中.To address intra-group and inter-group communication issues arising from function heterogeneity in heterogeneous sensor networks （HSNs）, the applications of public-key cryptosystem, especially identity-based encryption （IBE）, is studied, and a key management protocol for HSNs based on multi-domain identity-based encryption （M-IBE） is proposed. In the protocol, one group of HSNs is analogized to one domain in M-IBE from a logical point of view. Before deployment, a trusted third party generates global public parameters for the HSN, selects public and private keys for each group, and extracts private key for each sensor within the group. After deployment, neighbor sensors within the same group set up shared-key through the exchange of sensor identity~ neighbor sensors in different groups establish shared-key after getting authorized from cluster heads. The proposed protocol is composed of four parts： key material pre-distribution, shared-key establishment within group, shared-key agreement between two groups, and adding new sensors and removing sensors. The security analysis and performance evaluation show that the protocol has high security, which can resist against high-end sensors and low-end sensors capture attacks. It also has low storage requirements and constant connectivity probability. It can satisfy the demand for higher security application scenarios.

关 键 词：异构传感网 密钥管理 公钥密码体制 多域身份基加密 安全 

分 类 号：TP393.08[自动化与计算机技术—计算机应用技术]