具有弹性的密钥分配协议的研究
|
摘要
网络通信环境的开放性和不可靠性容易引发通信故障和安全问题,甚至给网络通信带来灾难性的后果。怎样防止安全问题的发生,以及安全问题发生后,怎样保证系统继续提供正常的服务,是现在研究的热点问题。传统系统安全的目标在于构建具有防御机制的系统,以使得系统可以免遭攻击者的非法入侵。然而现实经验表明,大多数应用系统存在着相当数量的脆弱点,特别是对于网络化的分布式系统,由于其部件间可能的复杂交互,脆弱点的防止会变得尤其困难,使得入侵行为无法避免。具有弹性的密钥分配协议充分考虑了通信环境的安全脆弱性。具有弹性性质的密钥分配协议设计目标是使得系统在受到攻击时,即使某些部件和部分已受到破坏,或者被恶意攻击者操控时,系统能够触发相应的防护机制,对用户继续提供正常和关键的服务。
自愈密钥分配正是实现系统“弹性”的方式之一。自愈密钥分配特点是:当网络故障使得一些数据包(会话密钥)丢失时,群成员根据自身已有的信息能自行恢复出丢失的信息。时限等级密钥分配的特点是使密钥与时间相关。由于密钥随着时间的变化而变化,攻击者即使能掌握了某个时间点上密钥,也不能推出以后的密钥。
实现密钥分配的自愈性需要付出高昂的维护成本。降低网络通信量和成员的密钥存储量是自愈密钥分配研究的热点之一。Dutta设计的具有常数级存储量的自愈密钥分配方案,极大地降低了成员密钥存储量。但是经过本文的分析,Dutta的方案是不安全的。本文对Dutta的方案进行了改进,并对改进的方案进行性能分析。改进的方案弥补了Dutta方案的漏洞,并且保持了成员密钥存储量为常数级的特点。为了进一步优化通信量,本文设计了一个计算性安全的常数级存储量的自愈密钥分配方案。同时,本文还在相应的模型下证明了两种方案的安全性,并且利用C++语言实现了方案的一个具体实例,说明了方案的可行性。
时限等级密钥分配也是实现系统“弹性”的方式之一。该机制的特点是密钥能随着时间的变化而自行变化。这种特性使得攻击者即使获得某个时间点的密钥,也不能获得该时间点以后的密钥,极大提高了系统的安全性。Chien提出了一种基于防篡改装置和安全哈希函数的时限等级密钥分配方案,极大地减轻了运算负担。但是Chien的方案不能抵抗X.Yi三方攻击。本文提出了一个改进的时限等级密钥分配方案,该方案不仅能抵抗X.Yi三方攻击,而且与Chien的方案具有相同的执行效率。但是该方案只能适用于树形拓扑结构。为了满足一般偏序关系模型的要求,本文利用双性性对和中国剩余定理设计了两种种时限等级密钥分配方案,并且分析了方案的动态性和安全性。
The openness and uncertainty of network communication environments easily result in communication failures, and even bring disastrous consequences to network communications. Now how to prevent the occurrence of communication failures, as well as how to enable the system to provide normal services when failure occurred is a hot topic. The security goal of traditional system is building a defensive mechanism of the system, so that systems can not be attacked from the illegal invasions. However, the actual experience has shown that there are a considerable number of vulnerable points in the majority of applications, especially in the network-based distributed systems. Because of the complexity of interactions between system components, the weak points are particularly difficult to prevent and the invasion can not be avoided. Hence, resilient key distribution schemes have fully taken into account the vulnerability. The goal of resilient the key distribution schemes is that when system is attacked, even if some components have been damaged, or manipulated by a malicious attacker, the system can trigger the appropriate protective mechanisms to continue to provide normal and key services for users.
Self-healing key distribution and time-bound hierarchical key distribution are two ways to realize the resilience. The character of self-healing key distribution is that users who have missed up to a certain number of previous rekeying operations can recover the missing group keys without requesting additional transmissions from the group manager. The character of time-bound hierarchical key distribution is that key is related of the time. Since the keys change as time changes, an attacker even if gets hold on a key in one point of time, nor get the following keys.
Implementation of self-healing key distribution needs to pay high maintenance costs. How to reduce network traffic and storage of group members in self-healing key distribution is one of hot research area. Dutta has designed constant storage self-healing key distribution scheme, which greatly reduces the storage of keys of members. But Dutta scheme is not secure throught our analysis. Hence, this paper improves Dutta's scheme, and analyses its performance. Improved scheme makes up for the flaw of Dutta's scheme, and keeps the key storage of members with constant-level. In order to further optimize the traffic, this paper designes a computational secure constant storage self-healing key kistribution scheme. At the same time, this paper proves the security of ICSKD scheme and CCSKD scheme in the corresponding models. Finally, examples of the proposed schemes by C++ illustrate the feasibility of the proposed schemes.
Chien has proposed a time-bound hierarcal key distribution scheme based on tamper-resistant devices and hash function, which greatly reduces the burden of computation. However, Chien's scheme can not resist to tripartite attack proposed by X. Yi. This paper presents an improved time-bound hierarchical key distribution scheme, which can not only resist the tripartite attack proposed by X. Yi, but also has same efficiency in the implementation with Chien's scheme. In order to meet the requirements of the general partial order, based on Chinese Remainder Theorem and bilinear maps respectively, this paper designs a time-bound hierachical key distribution scheme, analyses the security of the proposed scheme, and gives examples of the proposed schemes.
自愈密钥分配正是实现系统“弹性”的方式之一。自愈密钥分配特点是:当网络故障使得一些数据包(会话密钥)丢失时,群成员根据自身已有的信息能自行恢复出丢失的信息。时限等级密钥分配的特点是使密钥与时间相关。由于密钥随着时间的变化而变化,攻击者即使能掌握了某个时间点上密钥,也不能推出以后的密钥。
实现密钥分配的自愈性需要付出高昂的维护成本。降低网络通信量和成员的密钥存储量是自愈密钥分配研究的热点之一。Dutta设计的具有常数级存储量的自愈密钥分配方案,极大地降低了成员密钥存储量。但是经过本文的分析,Dutta的方案是不安全的。本文对Dutta的方案进行了改进,并对改进的方案进行性能分析。改进的方案弥补了Dutta方案的漏洞,并且保持了成员密钥存储量为常数级的特点。为了进一步优化通信量,本文设计了一个计算性安全的常数级存储量的自愈密钥分配方案。同时,本文还在相应的模型下证明了两种方案的安全性,并且利用C++语言实现了方案的一个具体实例,说明了方案的可行性。
时限等级密钥分配也是实现系统“弹性”的方式之一。该机制的特点是密钥能随着时间的变化而自行变化。这种特性使得攻击者即使获得某个时间点的密钥,也不能获得该时间点以后的密钥,极大提高了系统的安全性。Chien提出了一种基于防篡改装置和安全哈希函数的时限等级密钥分配方案,极大地减轻了运算负担。但是Chien的方案不能抵抗X.Yi三方攻击。本文提出了一个改进的时限等级密钥分配方案,该方案不仅能抵抗X.Yi三方攻击,而且与Chien的方案具有相同的执行效率。但是该方案只能适用于树形拓扑结构。为了满足一般偏序关系模型的要求,本文利用双性性对和中国剩余定理设计了两种种时限等级密钥分配方案,并且分析了方案的动态性和安全性。
The openness and uncertainty of network communication environments easily result in communication failures, and even bring disastrous consequences to network communications. Now how to prevent the occurrence of communication failures, as well as how to enable the system to provide normal services when failure occurred is a hot topic. The security goal of traditional system is building a defensive mechanism of the system, so that systems can not be attacked from the illegal invasions. However, the actual experience has shown that there are a considerable number of vulnerable points in the majority of applications, especially in the network-based distributed systems. Because of the complexity of interactions between system components, the weak points are particularly difficult to prevent and the invasion can not be avoided. Hence, resilient key distribution schemes have fully taken into account the vulnerability. The goal of resilient the key distribution schemes is that when system is attacked, even if some components have been damaged, or manipulated by a malicious attacker, the system can trigger the appropriate protective mechanisms to continue to provide normal and key services for users.
Self-healing key distribution and time-bound hierarchical key distribution are two ways to realize the resilience. The character of self-healing key distribution is that users who have missed up to a certain number of previous rekeying operations can recover the missing group keys without requesting additional transmissions from the group manager. The character of time-bound hierarchical key distribution is that key is related of the time. Since the keys change as time changes, an attacker even if gets hold on a key in one point of time, nor get the following keys.
Implementation of self-healing key distribution needs to pay high maintenance costs. How to reduce network traffic and storage of group members in self-healing key distribution is one of hot research area. Dutta has designed constant storage self-healing key distribution scheme, which greatly reduces the storage of keys of members. But Dutta scheme is not secure throught our analysis. Hence, this paper improves Dutta's scheme, and analyses its performance. Improved scheme makes up for the flaw of Dutta's scheme, and keeps the key storage of members with constant-level. In order to further optimize the traffic, this paper designes a computational secure constant storage self-healing key kistribution scheme. At the same time, this paper proves the security of ICSKD scheme and CCSKD scheme in the corresponding models. Finally, examples of the proposed schemes by C++ illustrate the feasibility of the proposed schemes.
Chien has proposed a time-bound hierarcal key distribution scheme based on tamper-resistant devices and hash function, which greatly reduces the burden of computation. However, Chien's scheme can not resist to tripartite attack proposed by X. Yi. This paper presents an improved time-bound hierarchical key distribution scheme, which can not only resist the tripartite attack proposed by X. Yi, but also has same efficiency in the implementation with Chien's scheme. In order to meet the requirements of the general partial order, based on Chinese Remainder Theorem and bilinear maps respectively, this paper designs a time-bound hierachical key distribution scheme, analyses the security of the proposed scheme, and gives examples of the proposed schemes.
引文
[1] Staddon J., Miner S., Franklin M., Balfanz D., Malkinand M., Dean D.. Self-healing key distribution with Revocation[C], Proceedings of IEEE Symposium on Security an Privacy'02, pp. 224-240,2002
[2] Blundo C., Paolo D. and Listo M., A Flaw in a Self-Healing Key Distribution Scheme[C], ITW2003, 2003,163-166
[3] Blundo C., Paolo. D. and Santis A.D., and Listo M.., Design of self-healing key distribution schemes[J], Designs, Codes, Cryptogr, 2004,15-44
[4] Blundo C., Paolo. D. and Santis A.D., On Self-Healing Key Distribution Scheme[J], IEEE Transactions on Information Theory. Vol 52. NO. 12 Dec, 2006
[5] Blundo C., Randomness in Self-Healing Key Distribution Schemes[C], 2005 IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, 2005,80-84
[6] Liu D.G., Ning P., Sun K., Efficient Self-healing Group Key Distribution with Revocatio Capability[C], CCS 2003, 2003,231-240
[7] More S.M., Malkin M., Staddon J. and Balfanz D., Sliding-window self-healing distribution with revocation[C], 2003 ACM Workshop on Survivable and Self-Regenerative Systems, 2003,82-90
[8] Hong D. and Kang J.S, An Efficient Key Distribution Scheme with Self-healing property[J], IEEE Communication Letters, 2005,759-761
[9] Zou X.K. and Dai Y.S., A Robust and Stateless Self-Healing Group Key Management Scheme[C], ICCT '06,2006,455-459
[10] Sun H.B., Lin D.D and Xue R., An Improved Efficient Self-Healing Group Key Distribution[C], ISCIT 2005,2005,185-189
[11] Saez G., Self-healing Key Distribution Schemes with Sponsorization[C], v3677 LNCS, 2005, 22-31
[12] Dutta D., Chang E.C. and Mukhopadhyay S., Efficient Self-healing Key Distribution with Revocation for Wireless Sensor Networks Using One Way Key Chains[C], ACNS 2007, 2007, 385-400
[13] Dutta R. and Mukhopadhyay S., Improved Self-Healing Key Distribution with Revocation in Wireless Sensor Network[C], WCNC 2007,2007, 2965-2970
[14] Dutta R., Wu Y.D. and Mukhopadhyay S., Constant Storage Self-Healing Key Distribution with Revocation in Wireless Sensor Network[C], Communications, ICC '07, 2007, 1323 - 1328
[15] Tian B.M. and He M.X., A Self-healing Key Distribution Scheme with Novel PropertiesfJ], International Journal of Network Security, 2008,115-120
[16] Jiang Y.X., Lin C., Shi M.H. and Shen X.M., Self-healing Group Key Distribution with time-limited node revocation for wireless sensor networks[J], Security Issues in Sensor and Ad hoc Networks, 2007,14-23
[17] Zhu S.C., Setia S. and Jajodia S., Adding Reliable and Self-Healing Key Distribution to the Subset Difference Group Rekeying Method for Secure Multicast[J], v 2816, LNCS, 2003, 0302-9743
[18] Bohio, M., Miri A., Self-healing in Group Key Distribution Using Subset Difference Method[J], NCA 2004, 2004,405-408
[19] Yuan T., Ma J., Zhong Y. and Zhang S., Efficient self-healing key distribution with limited group membership for communication-constrained networks[C], Proceedings of The 5th International Conference on Embedded and Ubiquitous Computing, 2008,453-458
[20] Yuan T., Ma J., Zhong Y. and Zhang S., Self-healing key distribution with revocation and collusion resistance for wireless sensor networks[C], 3rd International Multi-Symposiums on Computer and Computational Sciences, IMSCCS'08,2008, 83-90
[21] Tian B.M., Han S. and Dillon T.S., An efficient self-healing key distribution scheme, Proceedings of New Technologies[C], Mobility and Security Conference and Workshops, NTMS 2008,2008
[22] Dutta R., Mukhopadhyay S. and Emmanuel S., Low bandwidth self-healing key distribution for broadcast encryption[C], Proceedings - 2nd Asia International Conference on Modelling and Simulation, AMS 2008,2008,867-872
[23] Tian B.M., Han S. and Dillon T.S. and Das, S., A self-healing key distribution scheme based on vector space secret sharing and one way hash chains[C], 2008 IEEE International Symposium on A World of Wireless, Mobile and Multimedia Networks, WoWMoM2008, 2008
[24] Tian B.M., Han S. and Dillon T.S., A self-healing and mutual-healing key distribution scheme using bilinear pairings for wireless networks[C], Proceedings of The 5th International Conference on Embedded and Ubiquitous Computing, EUC 2008,2008,208-215
[25] Daza V., Herranz J. and Saez G, Flaws in some self-healing key distribution schemes with revocation[J], Information Processing Letters, 2009,523-526
[26] Du W. and He M.X., Self-healing key distribution with revocation and resistance to the collusion attack in wireless sensor networks[C], Lecture Notes in Computer Science, 2008, 345-359
[27] Li H. and Wu C.K., Efficient long-lived self-healing key distribution scheme[J], Journal of Software, 2009,462-468
[28] Dutta R., Mukhopadhyay S. and Das A. and Emmanuel S., Generalized self-healing key distribution using vector space access structure[C], Lecture Notes in Computer Science, 2008, 612-623
[29] Yilmaz O.Z., Levi A. and Savas E., Multiphase deployment models for fast self healing in wireless sensor networks[C],SECRYPT 2008-International Conference on Security and Cryptography,2008,136-144
[30]Li H.,Chen K.F.,Wen M.and Zheng Y.F.,More efficient group key distribution scheme for wireless ad hoc networks[J],Journal of Shanghai Jiaotong University(Science),64-66,2008
[31]Hayes T.,Rustagi N.,Saia J.and Trehan A.,The forgiving tree:A self-healing distributed data structure[C],Proceedings of the Annual ACM Symposium on Principles of Distributed Computing,2008,203-212
[32]S.G.Akl and P.D.Taylor,Cryptographic Solution to a Problem of Access Control in a Hierarchical[J],TOCS 1983,1983,239-247
[33]He M.X.and Fan P.Z.,Multi-Level Secret Sharing Scheme Based on Semigroup Structures[J],Journal of Software,2002,168-175
[34]Wu T.C.,Wu T.S.and He W.H.,Dynamic access control scheme based on the Chinese remainder theorem[J],Computer Systems Science and Engineering,1995,92-99
[35]Sandhu R.S.,Role activation hierarchies[C],Proceedings of the 3rd ACM Workshop on Role-Based Access Control,1998,33-40
[36]谭凯军,诸鸿文,故尚杰,等级系统中的一种新型访问控制方案[J],小型微型计算机系统,1999,129-132
[37]Zou X.,Ramamurthy B.,Magliveras S.,Chinese remainder theorem based hierarchical access control for secure group communications[C],ICICS 2001,381-385
[38]Chen T.S.and Chung Y.F.,Hierarchical access control based on Chinese remainder Theorem and Symmetric algorithm[J],Computer and Security,2002,565-570
[39]He M.X.,Fan P.Z.,Kaderali F.,and Yuan D.,Access Key Distribution Scheme for Level-based Hierarch[J],PDCAT,2003,942-945
[40]Zhao J.,Zhang Z.and Xu M.,A Model of Hierarchical Key Assignment Scheme with CRT[J],CIS 2007,2007,815-818
[41]Tzeng W.G.,A Tune-Bound Cryptographic Key Assignment Sheme for Access Control in A Hierarchy[J],IEEE Transactions on Knowledge and Data Engineering,2002,182-188
[42]X.Yi and Y.Ye,Security of Tzeng's Time-Bound Cryptographic Key Assignment Sheme for Access Control in A Hierarchy[J],IEEE Transactions on Knowledge and Data Engineering,2003,1054-1055
[43]Chien H.Y.,Efficient Time-Bound Hierarchical Key Assignment Sheme[J],IEEE Transaction on Knowledge and Data Engineering.2004,1302-1309
[44]Yi X.,Security of Chien's Efficient Time-Bound Hierarchical Key Assignment Scheme[J],IEEE Transactions on Knowledge and Data Engineering,2005,1298-1299
[45]Yeh J.H.,An RSABased Time-Bound Hierarchical Key Assignment Scheme for Electronic Article Subscription[C],proceeding of the 14th ACM International Conference on Information and Knowledge Management,2005,285-286
[46]Yeh J.,A Secure Time-Bound Hierarchical Key Assignment Scheme Based on RSA Public Key Cryptosystem[J],Information Processing Letters,2008,117-120
[47]Ateniese G.,De S.A.,Ferrara A.L.and Masucci B.,Provably-Secure Time-Bound Hierarchical Key Assignment Schemes[C],CCS'06,2006
[48]De S.A.,Ferrara A.L.and Masucci B.,New Constructions for Provably-Secure Time-Bound Hierarchical Key Assignment Schemes[C],SACMAT'07,2007,133-138
[49]De S.A.,Ferrara A.L.and Masucci B.,New Constructions for Provably-Secure Time-Bound Hierarchical Key Assignment Schemes[J],Theoretical Computer Science,2008,213-230
[50]Wang S.Y.and Laih C.S.,Merging:An Efficient Solution for a Time-Bound Hierarchical Key Assignment Scheme[J],IEEE Transactions on Dependable and Secure Computing,2006,91-100
[51]Bertino E.,Shang N.,Wagstaff J.,Samuel S.,An Efficient Time-Bound Hierarchical Key Management Scheme for Secure Broadcasting[J],IEEE Transactions on Dependable and Secure Computing 2008,65-70
[52]Liu J.and Zhong S.,A Time-Bound Key Management Scheme for Hierarchical Tree[C],ISDPE 2007,2007,445-447
[53]Jeng F.G.,Hierarchical access control with time-bound constraints based upon Chinese remainder theorem[J],WSEAS Transactions on Information Science and Applications,2007,1251-1256
[54]Bertino E.,Shang N,Wagstaff J.,Samuel S.,An efficient time-bound hierarchical key management scheme for secure broadcasting[J],IEEE Transactions on Dependable and Secure Computing,2008,65-70
[55]Yeh J.H.,A time-bound hierarchical key assignment cryptosystem with no lifetime limit[C],Proceedings of the 2007 International Conference on Security and Management,SAM 2007,2007,131-137
[56]Lin I.C.,Chang C.C.,A countable and time-bound password-based user authentication scheme for the applications of electronic commerce[J],Information Sciences,2009,1269-1277
[57]Lin I.C.,Chang C.C.,A countable and time-bound password-based user authentication scheme for the applications of electronic commerce[J],Information Sciences,2009,1269-1277
[58]Zhao J.,Liu J.Q.,Hart Z.and Shen C.X.,Time-bound dynamic secret sharing scheme[J],Tongxin Xuebao/Journal on Communication,2008,1-6
[59]Cuzzocrea A.,Data transformation services over grids with real-time bound constraints[J],Lecture Notes in Computer Science,2008,852-869
[60]牛少彰,信息安全概论[M],北京:北京邮电大学出版社,2005
[61]Alfred J.,Paul C.,Scott A.(著),胡磊,王鹏(译),应用密码学手册[M],北京:电子工业出版社,2005
[62]William S.(著),孟庆树,王丽娜,傅建明(译),密码编码学与网络安全-原理与实践 [M],北京:电子工业出版社,2007
[63]Bruce.S.(著),吴世忠,祝世雄,张文政(译),应用密码学协议,算法与C源程序[M],北京:机械工业出版社,2006
[64]Smart NP.,An Identity Based Authenticated Key Agreement Protocol Based on The Well Pairing[J],Electronics Letters,2002,38(13),630-632
[65]韩心慧,龙勤,司端锋,诸葛建伟和叶志远,一个基于单向散列函数的实用等级密钥管理方案[J],北京大学学报,第44卷,第4期,2008,527-536
[66]Macq B.M.and Quisquater J.J.,Cryptology for Digital TV Broadcasting[J],Proceedings of the IEEE,1995,944-957
[67]姜泽渠,孙萍,邝锦堂,离散数学[M],重庆:重庆大学出版社,2001
[2] Blundo C., Paolo D. and Listo M., A Flaw in a Self-Healing Key Distribution Scheme[C], ITW2003, 2003,163-166
[3] Blundo C., Paolo. D. and Santis A.D., and Listo M.., Design of self-healing key distribution schemes[J], Designs, Codes, Cryptogr, 2004,15-44
[4] Blundo C., Paolo. D. and Santis A.D., On Self-Healing Key Distribution Scheme[J], IEEE Transactions on Information Theory. Vol 52. NO. 12 Dec, 2006
[5] Blundo C., Randomness in Self-Healing Key Distribution Schemes[C], 2005 IEEE Information Theory Workshop on Theory and Practice in Information-Theoretic Security, 2005,80-84
[6] Liu D.G., Ning P., Sun K., Efficient Self-healing Group Key Distribution with Revocatio Capability[C], CCS 2003, 2003,231-240
[7] More S.M., Malkin M., Staddon J. and Balfanz D., Sliding-window self-healing distribution with revocation[C], 2003 ACM Workshop on Survivable and Self-Regenerative Systems, 2003,82-90
[8] Hong D. and Kang J.S, An Efficient Key Distribution Scheme with Self-healing property[J], IEEE Communication Letters, 2005,759-761
[9] Zou X.K. and Dai Y.S., A Robust and Stateless Self-Healing Group Key Management Scheme[C], ICCT '06,2006,455-459
[10] Sun H.B., Lin D.D and Xue R., An Improved Efficient Self-Healing Group Key Distribution[C], ISCIT 2005,2005,185-189
[11] Saez G., Self-healing Key Distribution Schemes with Sponsorization[C], v3677 LNCS, 2005, 22-31
[12] Dutta D., Chang E.C. and Mukhopadhyay S., Efficient Self-healing Key Distribution with Revocation for Wireless Sensor Networks Using One Way Key Chains[C], ACNS 2007, 2007, 385-400
[13] Dutta R. and Mukhopadhyay S., Improved Self-Healing Key Distribution with Revocation in Wireless Sensor Network[C], WCNC 2007,2007, 2965-2970
[14] Dutta R., Wu Y.D. and Mukhopadhyay S., Constant Storage Self-Healing Key Distribution with Revocation in Wireless Sensor Network[C], Communications, ICC '07, 2007, 1323 - 1328
[15] Tian B.M. and He M.X., A Self-healing Key Distribution Scheme with Novel PropertiesfJ], International Journal of Network Security, 2008,115-120
[16] Jiang Y.X., Lin C., Shi M.H. and Shen X.M., Self-healing Group Key Distribution with time-limited node revocation for wireless sensor networks[J], Security Issues in Sensor and Ad hoc Networks, 2007,14-23
[17] Zhu S.C., Setia S. and Jajodia S., Adding Reliable and Self-Healing Key Distribution to the Subset Difference Group Rekeying Method for Secure Multicast[J], v 2816, LNCS, 2003, 0302-9743
[18] Bohio, M., Miri A., Self-healing in Group Key Distribution Using Subset Difference Method[J], NCA 2004, 2004,405-408
[19] Yuan T., Ma J., Zhong Y. and Zhang S., Efficient self-healing key distribution with limited group membership for communication-constrained networks[C], Proceedings of The 5th International Conference on Embedded and Ubiquitous Computing, 2008,453-458
[20] Yuan T., Ma J., Zhong Y. and Zhang S., Self-healing key distribution with revocation and collusion resistance for wireless sensor networks[C], 3rd International Multi-Symposiums on Computer and Computational Sciences, IMSCCS'08,2008, 83-90
[21] Tian B.M., Han S. and Dillon T.S., An efficient self-healing key distribution scheme, Proceedings of New Technologies[C], Mobility and Security Conference and Workshops, NTMS 2008,2008
[22] Dutta R., Mukhopadhyay S. and Emmanuel S., Low bandwidth self-healing key distribution for broadcast encryption[C], Proceedings - 2nd Asia International Conference on Modelling and Simulation, AMS 2008,2008,867-872
[23] Tian B.M., Han S. and Dillon T.S. and Das, S., A self-healing key distribution scheme based on vector space secret sharing and one way hash chains[C], 2008 IEEE International Symposium on A World of Wireless, Mobile and Multimedia Networks, WoWMoM2008, 2008
[24] Tian B.M., Han S. and Dillon T.S., A self-healing and mutual-healing key distribution scheme using bilinear pairings for wireless networks[C], Proceedings of The 5th International Conference on Embedded and Ubiquitous Computing, EUC 2008,2008,208-215
[25] Daza V., Herranz J. and Saez G, Flaws in some self-healing key distribution schemes with revocation[J], Information Processing Letters, 2009,523-526
[26] Du W. and He M.X., Self-healing key distribution with revocation and resistance to the collusion attack in wireless sensor networks[C], Lecture Notes in Computer Science, 2008, 345-359
[27] Li H. and Wu C.K., Efficient long-lived self-healing key distribution scheme[J], Journal of Software, 2009,462-468
[28] Dutta R., Mukhopadhyay S. and Das A. and Emmanuel S., Generalized self-healing key distribution using vector space access structure[C], Lecture Notes in Computer Science, 2008, 612-623
[29] Yilmaz O.Z., Levi A. and Savas E., Multiphase deployment models for fast self healing in wireless sensor networks[C],SECRYPT 2008-International Conference on Security and Cryptography,2008,136-144
[30]Li H.,Chen K.F.,Wen M.and Zheng Y.F.,More efficient group key distribution scheme for wireless ad hoc networks[J],Journal of Shanghai Jiaotong University(Science),64-66,2008
[31]Hayes T.,Rustagi N.,Saia J.and Trehan A.,The forgiving tree:A self-healing distributed data structure[C],Proceedings of the Annual ACM Symposium on Principles of Distributed Computing,2008,203-212
[32]S.G.Akl and P.D.Taylor,Cryptographic Solution to a Problem of Access Control in a Hierarchical[J],TOCS 1983,1983,239-247
[33]He M.X.and Fan P.Z.,Multi-Level Secret Sharing Scheme Based on Semigroup Structures[J],Journal of Software,2002,168-175
[34]Wu T.C.,Wu T.S.and He W.H.,Dynamic access control scheme based on the Chinese remainder theorem[J],Computer Systems Science and Engineering,1995,92-99
[35]Sandhu R.S.,Role activation hierarchies[C],Proceedings of the 3rd ACM Workshop on Role-Based Access Control,1998,33-40
[36]谭凯军,诸鸿文,故尚杰,等级系统中的一种新型访问控制方案[J],小型微型计算机系统,1999,129-132
[37]Zou X.,Ramamurthy B.,Magliveras S.,Chinese remainder theorem based hierarchical access control for secure group communications[C],ICICS 2001,381-385
[38]Chen T.S.and Chung Y.F.,Hierarchical access control based on Chinese remainder Theorem and Symmetric algorithm[J],Computer and Security,2002,565-570
[39]He M.X.,Fan P.Z.,Kaderali F.,and Yuan D.,Access Key Distribution Scheme for Level-based Hierarch[J],PDCAT,2003,942-945
[40]Zhao J.,Zhang Z.and Xu M.,A Model of Hierarchical Key Assignment Scheme with CRT[J],CIS 2007,2007,815-818
[41]Tzeng W.G.,A Tune-Bound Cryptographic Key Assignment Sheme for Access Control in A Hierarchy[J],IEEE Transactions on Knowledge and Data Engineering,2002,182-188
[42]X.Yi and Y.Ye,Security of Tzeng's Time-Bound Cryptographic Key Assignment Sheme for Access Control in A Hierarchy[J],IEEE Transactions on Knowledge and Data Engineering,2003,1054-1055
[43]Chien H.Y.,Efficient Time-Bound Hierarchical Key Assignment Sheme[J],IEEE Transaction on Knowledge and Data Engineering.2004,1302-1309
[44]Yi X.,Security of Chien's Efficient Time-Bound Hierarchical Key Assignment Scheme[J],IEEE Transactions on Knowledge and Data Engineering,2005,1298-1299
[45]Yeh J.H.,An RSABased Time-Bound Hierarchical Key Assignment Scheme for Electronic Article Subscription[C],proceeding of the 14th ACM International Conference on Information and Knowledge Management,2005,285-286
[46]Yeh J.,A Secure Time-Bound Hierarchical Key Assignment Scheme Based on RSA Public Key Cryptosystem[J],Information Processing Letters,2008,117-120
[47]Ateniese G.,De S.A.,Ferrara A.L.and Masucci B.,Provably-Secure Time-Bound Hierarchical Key Assignment Schemes[C],CCS'06,2006
[48]De S.A.,Ferrara A.L.and Masucci B.,New Constructions for Provably-Secure Time-Bound Hierarchical Key Assignment Schemes[C],SACMAT'07,2007,133-138
[49]De S.A.,Ferrara A.L.and Masucci B.,New Constructions for Provably-Secure Time-Bound Hierarchical Key Assignment Schemes[J],Theoretical Computer Science,2008,213-230
[50]Wang S.Y.and Laih C.S.,Merging:An Efficient Solution for a Time-Bound Hierarchical Key Assignment Scheme[J],IEEE Transactions on Dependable and Secure Computing,2006,91-100
[51]Bertino E.,Shang N.,Wagstaff J.,Samuel S.,An Efficient Time-Bound Hierarchical Key Management Scheme for Secure Broadcasting[J],IEEE Transactions on Dependable and Secure Computing 2008,65-70
[52]Liu J.and Zhong S.,A Time-Bound Key Management Scheme for Hierarchical Tree[C],ISDPE 2007,2007,445-447
[53]Jeng F.G.,Hierarchical access control with time-bound constraints based upon Chinese remainder theorem[J],WSEAS Transactions on Information Science and Applications,2007,1251-1256
[54]Bertino E.,Shang N,Wagstaff J.,Samuel S.,An efficient time-bound hierarchical key management scheme for secure broadcasting[J],IEEE Transactions on Dependable and Secure Computing,2008,65-70
[55]Yeh J.H.,A time-bound hierarchical key assignment cryptosystem with no lifetime limit[C],Proceedings of the 2007 International Conference on Security and Management,SAM 2007,2007,131-137
[56]Lin I.C.,Chang C.C.,A countable and time-bound password-based user authentication scheme for the applications of electronic commerce[J],Information Sciences,2009,1269-1277
[57]Lin I.C.,Chang C.C.,A countable and time-bound password-based user authentication scheme for the applications of electronic commerce[J],Information Sciences,2009,1269-1277
[58]Zhao J.,Liu J.Q.,Hart Z.and Shen C.X.,Time-bound dynamic secret sharing scheme[J],Tongxin Xuebao/Journal on Communication,2008,1-6
[59]Cuzzocrea A.,Data transformation services over grids with real-time bound constraints[J],Lecture Notes in Computer Science,2008,852-869
[60]牛少彰,信息安全概论[M],北京:北京邮电大学出版社,2005
[61]Alfred J.,Paul C.,Scott A.(著),胡磊,王鹏(译),应用密码学手册[M],北京:电子工业出版社,2005
[62]William S.(著),孟庆树,王丽娜,傅建明(译),密码编码学与网络安全-原理与实践 [M],北京:电子工业出版社,2007
[63]Bruce.S.(著),吴世忠,祝世雄,张文政(译),应用密码学协议,算法与C源程序[M],北京:机械工业出版社,2006
[64]Smart NP.,An Identity Based Authenticated Key Agreement Protocol Based on The Well Pairing[J],Electronics Letters,2002,38(13),630-632
[65]韩心慧,龙勤,司端锋,诸葛建伟和叶志远,一个基于单向散列函数的实用等级密钥管理方案[J],北京大学学报,第44卷,第4期,2008,527-536
[66]Macq B.M.and Quisquater J.J.,Cryptology for Digital TV Broadcasting[J],Proceedings of the IEEE,1995,944-957
[67]姜泽渠,孙萍,邝锦堂,离散数学[M],重庆:重庆大学出版社,2001