Internet DRAFT - draft-wu-eupap-kms-mon
draft-wu-eupap-kms-mon
Internet-Draft Qiwu Wu
Intended status: Experimental Hao Chen
Expires: April 10, 2018 Lingzhi Jiang
Fang Li
Xinyuan Gen
Wen Wen
Engineering University of PAP
Long Zhang
Hebei University of Engineering
October 10, 2017
Key Management Schemes Based on Key Hypergraph and Identity-based
Cryptography in Multi-domain Optical Networks
draft-wu-eupap-kms-mon-00
Status of this Memo
This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as Internet-
Drafts.
Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt
The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html
This Internet-Draft will expire on April 10, 2018.
Copyright Notice
Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must
Wu et al. Expires April 10, 2018 [Page 1]
Internet-Draft Key Management Schemes October 2017
include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License.
Abstract
In view of the characteristics of multi-domain optical networks under
hierarchical PCE architecture and its key management needs, a novel
key management scheme (KMS-KI) based on key hypergraph and in this
paper identity-based cryptography was proposed. The key relationship
of multi-domain optical networks was firstly modeled into key
hypergraph with two layers, namely the vertices was represented by
points and the key relation at all levels was described with
hyperedge. And the master keys, the public keys and private keys, the
session keys, the layer group keys and the inter-domain keys were
generated respectively and were dynamic managed by using hierarchical
identity-based cryptography and improved private key generation
strategies. When the group members join or leave, the remaining group
members autonomously used the key value of the pPCE or cPCE to
calculate and update the group key. So the risk that the new group
key was uncovered by adversary was greatly reduced. KMS-KI scheme
possessed the security performance of forward and backward,
confidentiality of private keys and the ability of resisting
collusive attack. Meanwhile, it not only supported the using of
hierarchical identity-based cryptography, but also had performed
comprehensively well in terms of numbers of the key storage, numbers
of cPCE communication, encryption and decryption times.
Wu et al. Expires April 10, 2018 [Page 2]
Internet-Draft Key Management Schemes October 2017
Table of Contents
1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4
2. Network Model and Assumptions . . . . . . . . . . . . . . . . 5
2.1. Hierarchical PCE Model . . . . . . . . . . . . . . . . . 5
2.2. Hypergraph Theory . . . . . . . . . . . . . . . . . . . . 6
2.3. Hierarchical Identity Cryptosystem . . . . . . . . . . . 6
3. Multi-domain Optical Network Key Hypergraph Model . . . . . . 7
4. Key Management Scheme KMS-KI . . . . . . . . . . . . . . . . 7
4.1. Parametera and Symbol Definition . . . . . . . . . . . . 8
4.2. The Design of the KMS-KI . . . . . . . . . . . . . . . 9
5. Conclusions and Future Work . . . . . . . . . . . . . . . . . 14
6. Security Considerations . . . . . . . . . . . . . . . . . . . 15
7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15
8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15
9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 17
Wu et al. Expires April 10, 2018 [Page 3]
Internet-Draft Key Management Schemes October 2017
1. Introduction
For the routing problem of multi-domain optical network, IETF
proposes two different solutions based on PCE (Path Computation
Element) architecture [1], flat PCE scheme [2] and hierarchical PCE
scheme [3]. However, both types of PCE programmes need to address
security threats such as high power signal crosstalk, privacy
disclosure, denial of service, tampering, counterfeiting and
replaying, identity counterfeiting, etc. [4,5]. Public PCE
architecture specifically for security solutions are very few, but
the RFC 5440 [6] and RFC 5920 [7] proposed safety countermeasures
including authentication, encryption, digital signatures, attack
detection, privacy protection, key management. Since all kinds of
security strategies are inseparable from the use of keys, RFC 5440
proposes that the large-scale multi-domain optical network under PCE
architecture should adopt dynamic key management. Although there is
no public key management schemes for multi-domain optical network
based on PCE architecture, the research on group key management in
general network environment has made great progress. Generally
speaking, the current group key management schemes can be divided
into three categories [8]: centralized schemes, distributed schemes
and distributed schemes. For example, the flat type centralized
schemes represented by GKMP [9]; The logical hierarchical centralized
schemes represented by LKH [10] and Pour07 [11]; Distributed schemes
represented by GDH [12]; The decentralized schemes represented by
Iolus [13] and Saroit [14]. According to the dependent degree for the
Group Key update to GKC (Group Key Controller), we can divide these
schemes into three categories: those that are completely dependent on
GKC, such as GKMP, LKH schemes, etc. Partial reliance on GKC
programmes, such as the Pour07 programmes, Saroit solutions;
Completely independent of GKC schemes, such as GDH distributed
solutions. Among them, the centralized schemes can easily come up
with single point failure due to the need for continuous work of GKC
alone. Distributed solutions solve the centralized better in a single
point of failure and GKC trust issues, but they need more
communications and computation to maintain group member key
relationship between each node; Distributed solution is a compromise
between the centralized and distributed solutions, it divides a big
group into several smaller subgroups, each subgroups generate the key
by their own GKC and distribute them to other group members, which is
suitable for large dynamic group communication. According to the
characteristics of layered PCE multi-domain optical network, the
decentralized and partially dependent GKC key management schemes are
relatively reasonable, which can effectively solve the problem of
single point failure and "1 influence". For security and efficiency,
the current distributed solutions need to be improved if applied to
the layered PCE architecture optical network. On the one hand, the
current decentralized solutions are mostly based on logical key tree,
Wu et al. Expires April 10, 2018 [Page 4]
Internet-Draft Key Management Schemes October 2017
in which an edge is used to describe the relationship between the two
nodes, but the key relationships between the multiple nodes in the
inter domain and the intra domain of the optical network can not be
directly used to describe with the simple edge; On the other hand,
the typical programmes need further improvement. Specifically, Iolus
schemes adopt the flat structure based on group membership management
and when the group members leave, the traffic of the subgroups GKC is
-1 (the number of group members). Aiming at the shortcomings of the
Iolus schemes, Saroit et al. proposes a distributed scheme based on
members of the characteristic value (Saroit scheme), and set members'
traffic down to 1 who leave subgroups GKC, but the dangers of the
collusion attack enemy hidden exist. Du Xiaojiang in the PLA
information engineering university put forward a kind of improved
schemes based on members eigenvalues [15] (referred to as Du), the
scheme can resist the collusion attack of child group whose
performance is superior to the Iolus scheme,and make the traffic of
the subgroup key manager decrease from 1 to log2 when the members of
the child group leave. But the scheme is based on balance logical key
tree for key management, when used in multi-domain optical networks,
management efficiency is relatively low, and when the equilibrium
conditions are not met, this method still need further design and
improvement. Moreover, in the security research based on the
hypergraph, literature [16] studies the technology of privacy
anonymous protection based on hypergraph model, and proposes the
related attack and anonymous model , literature [17] proposes a
satellite network multicast key management scheme based on hypergraph
which can be applied to large scale satellite network dynamic group
communication and reduce the use of satellite bandwidth. However,
since the scheme is implemented with the traditional encryption
methods, the security costs are relatively high. Therefore, this
article innovation land applies the hypergraph theory to multi-domain
key management of intelligent optical network under multi-layer PCE
architecture, and transform the traditional logical key tree to the
new key hypergraph model. Then it adopts the identity password system
based on hierarchy and the improved public and private key generation
strategy, completes all kinds of key generation and dynamic
management. With the the fusion feature value thought of members, the
remaining group members can calculate and update the group key by
theirselves when group members leave.
2. Network Model and Assumptions
2.1 Multi-domain Optical Network Model Based on Hierarchical PCE
The sample of the multi-domain optical network based on layered
PCE [3] includes three domains, each member of the domain numbers for
m1 to m15. At the same time, each domain is equipped with a child
path cell cPCE (child-PCE), the whole network is configured with a
parent paths cell pPCE (parent-PCE).
Wu et al. Expires April 10, 2018 [Page 5]
Internet-Draft Key Management Schemes October 2017
Assume the source node is m1 and the destination node is m15. The
specific calculation and construction path process are as follows:
Step 1: The source node sends a inter-domain Path calculation request
message to the child PCE (cPCE-1) in this domain as the PCC (Path
Computation Client), and then cPCE-1 transponds the request to the
parent PCE (pPCE).
Step 2: After receiving the requests, firstly the father PCE confirms
the domain where the destination node is, and then calculates a
abstract routing from the source to destination node and sends the
request to calculate paths to the relevant child PCE, which asks the
child PCE combines to calculate the path segment from the source node
to the boundary node, from boundary node to the boundary node, from
the boundary node to thedestination node.
Step 3: After receiving the calculation results from the path of the
related child PCE, firstly the father PCE merges the path segments
into several end-to-end inter-domain paths, and then selects the
optimal path to satisfy the constraints as the final results. Finally
the result is sent to the child PCE1.
Step 4: The child PCE1 receives the calculation of the path
information from the father PCE and sends the calculated path
information to PCC, namely it completes the calculation of the
inter-domain path.
Step 5: The source node enable the RSVP - TE or CR - LDP signaling
protocols to build routes , namely completes the collection and
distribution of the resources like the available wavelength, so as to
ensure the whole end-to-end optical path to establish successful. If
it fails, the light connection request will be blocked.
2.2 Hypergraph Theory
In 1973, the concept of hypergraphs was proposed by c.b. erge [18],
and the undirected hypergraph theory was created for the first time.
With the development of research, the hypergraph theory has a wide
application in the field of the operations research and network
communication [19]. The general mathematical definition of the
supergraph is given below:
Definition 1: Let H=(V,E) , where V is a set of all nodes, E is a
hyperedge set of the node in V , where the edge connecting two
vertices is a special case of the hyperedge set , namely H=(V,E)
is called hypergraph.
2.3 Hierarchical Identity Cryptosystem
The cryptosystem certificate management structure based on public key
Infrastructure PKI (Public Key Infrastructure) is complex and costs
too much, so Shamir proposed the thought of the IBC cryptosystem
based on the Identity (Identity-Based Cryptosystem) [20] in 1984.
Wu et al. Expires April 10, 2018 [Page 6]
Internet-Draft Key Management Schemes October 2017
Since then, the Identity-Based Encryption schemes and the
Identity-Based Signature schemes have been proposed with the bilinear
pairs. Due to the problems of IBC schemes based on a single Private
Key generation center PKG (Private Key Generator) that single point
failure affects the overall situation exists, the layered IBC schemes
has attracted the public attention [21], namely the introduction of
sub-layer PKG to share the key management tasks for the root node
PKG, each PKG only computes the private key for the user under its
subnodes. To a certain extent,it reduces the risk of the system. The
introduction to the definition of the bilinear pairings and its
properties are as below.
Definition 2: bilinear pair. G1 is the addition cycle group of q
order, G2 is the multiplication cycle group of q order, where q is a
large prime number, e:G1XG1->G2 is a bilinear pair mapping, and the
following properties are satisfied below :
* *
(1) Double line: For random A,B belong to G1,a,b belong to Z , Z is
q q
the integer multiplication group model q , e(aA,bB)=e(A,B)^ab ;
(2) Non-degeneracy: For the existence of A,B belong to G1,e(A,B)NEQ1;
(3) Computability: For random A,B belong to G1, the computable
algorithms for e(A,B) exist.
3. Multi-domain Optical Network Key Hypergraph Model
This paper for the first time apply the hypergraph theory into
multi-domain optical networks key management model, modeling the
relationship between the keys into two layers of key hypergraph,
namely the vertexes are expressed by the point, with super edge to
describe the relationship between the key at each layers, to make the
key hierarchical relationships in the network can be better reflected
in the key hypergraph model.
Definition 3: Multi-domain optical network key hypergraph.
Multi-domain key light hypergraph model is defined as a hierarchical
key hypergraph G=(M,E), where M=(mo,m2,...,m(n-1)),
E=(E0(K0),...,Ed(Kd),eo(k0),...,et(K(t-1))) , while |Ei|>=1, |d|
represents the total number of autonomous domain, |t| respresents the
total number of edges connecting two different domains vertex, Kiorki
respresents group keys of the nodes covered by Eiorei . The whole key
supergraph is divided into two layers, namely PCE layer and
autonomous domain layer. In PCE layer, pPCE is PKG or KGC of cPCE,
cPCE is PKG or KGC of various autonomous domain.
4. Key Management Scheme KMS-KI
Fusion of the improved private key generation strategy and the key
update ideas based on the eigenvalue of members, this paper proposes
a key management scheme for multi-domain optical network based on key
hypergraph and identity key, that is KMS-KI(Key Management Scheme
based on Key hypergraph and Identity cryptosystem in multi-domain
optical Networks).
Wu et al. Expires April 10, 2018 [Page 7]
Internet-Draft Key Management Schemes October 2017
4.1 Parametera and Symbol Definition
Refer to RFC 5440 the key management advice under the relevant PCE
framework multi-domain optical networks, KMS-KI key management scheme
involving the parameters and the symbol definition is as shown in
table 1, and the types of interrelated layers key are as shown in
table 2.
=====================================================================
Parameters Symbol Definition
=====================================================================
*
q , Z big prime, the integer multiplication group model q
q
kq , A system security parameters, system open parameter
ks , h0 master key, hash function
{1,0}* , || the set of random lengths binary string, connector
x=>w:y the node x sends multicast messages y to the set w
x->z:y the node x sends unicast messages y to the node z
=====================================================================
[y]k use the key k to encrypt the message y
=====================================================================
TABLE 1 THE DEFINITION OF SYMBOLS AND PARAMETER
=====================================================================
Layers The key types
=====================================================================
PCE layer public key nodes Pi, private key nodes Ri
i
the session key between the pPCE and single cPCEi k
p-c
i-j
the session key between the cPCEi and cPCEj k
c-c
group key of the PCE layer K0
=====================================================================
Autonomous domain layer public key nodes Pi, private key nodes Ri
the session key between cPCE and member
i
nodes mi k
c-m
i-j
the session key between mi and mj k
m-m
the session key among domain boundary
nodes ki
intra-domain group key Ki, i>=1
=====================================================================
TABLE 2 THE TYPE OF KEYS
Wu et al. Expires April 10, 2018 [Page 8]
Internet-Draft Key Management Schemes October 2017
4.2 The Design of the KMS-KI
KMS-KI is divided into PCE layer and autonomous domain layer. This
paper takes the two layers into uniform description centre on the
main process of key management, including key establishment, group
key update when members join, and group key update when members
exit.
4.2.1 Key Establishment
(1) The establishment of the public-private key
a. The establishment of the public-private key of the pPCE
As pPCE is the PKG of PCE layer, firstly, with the parameters
generator, we input system big prime q and security parameters kq,
output G1,G2ande, select a generated cell g and hash function
h:{0,1}*->G1, randomly select ks belong to Z*q as master key of PKG
system, set the private key of pPCE RpPCE=ks, the public key of pPCE
PpPCE=ksg, generat the public parameters of the system cipher suite
A=(G1,G2,q,g,PpPCE,h).
b. The establishment of the public-private key of the cPCE
Step 1: Initialization.
The preset parameter A is opened Offline to cPCEi, then cPCEi
generates identity label IDi=dig as its public key PcPCE(i), and
calculates the session key agreement required parameters X=gdimodq,
where disystem,Z*q, g as the generated cell and make IDi and
corresponding user passphrase preseted in pPCE.
Step 2: cPCEi->pPCE:[Request Key,IDi,W,X]PpPCE. Namely ask pPCE to
generate some private key information for itself and encrypt this
message with the public key of pPCE.
Step 3: After decrypting the requested message with the private key
and verifying the authenticity of the user cPCEi, pPCE calculates the
partial private key information ksh(IDi) of cPCEi, and select the
*
random number p belong to Z , calculate the parameters for the
q
p
session key negotiation Y=g mod q;
Step4: pPCE->cPCEi:[ksh(IDi),[Y]PcPCE]RpPCE;
Step5: After verifying the authenticity of its signature with the
pPCE public key, then cPCEi calculates its complete private key
RcPCE(i)=diksh(IDi) and decryptes [Y]PcPCE with the private key.
c. The establishment of the public-private key of intra-doamin nodes
In the autonomous domain layer, because pPCE needs to complete the
path calculation unit of centralized management in the domain,so this
paper selects pPCE as the PKG in this domain to complete key
management.The public-private key establishment process in
intra-domain nodes is the same as that of cPCE in the PCE layer. pPCE
only needs to modify the system master key ks=RcPCE(i),and parameters
A=(G1,G2,q,g,PcPCE(i),h).
Wu et al. Expires April 10, 2018 [Page 9]
Internet-Draft Key Management Schemes October 2017
(2) The establishment of the session key
a. The establishment of the session key of the PCE layer
Step 1: pPCE adopts the Diffie-Hellman algorithm for the session key
i p
negotiation with single cPCEi,namely pPCE calculates k =X mod q,
p-c
i di
cPCEi calculates k =Y mod q. According to the Diffie-Hellman
c-p
i i
algorithm principle, k =k .
p-c c-p
Step 2: The session key between cPCEi and cPCEj adopts the character
of the identity cryptography bisexuality to generate, cPCEi
i-j
calculates k =e(R ,IDjh(IDj)), and cPCEj calculates
c-c cPCE(i)
j-i i-j j-i
k =e(IDih(IDi),R ). According to the disexuality, k =k .
c-c cPCE(j) c-c c-c
b. The establishment of the session key in autonomous domain layer
In autonomous domain layer, the process of session key agreement
between the intra-domain nodes and cPCE is the same as the session
key negotiation process between the cPCE and pPCE in the PCE layer.
The session key negotiation process between nodes in intra-domain
and inter-domain is the same as that between cPCE and cPCE. The key
here only describes the session key negotiation process between the
domain boundary nodes. Assuming that the nodes in the domain A and
domain B have the key hyperedge, the steps of session key negotiation
are as follows:
Step 1: Initialization. The domain A node mi calculates X=g^x mod q,
in which X belong to Z*q , g is the generating cell for the large
prime. The domain B node mj calculates Y=g^y mod q, where Y belongs
to Z*q.
Step 2: mi->cPCE :[X,B-mj] A ,where B-mj means that the message
A k
m-c
needs to be forwarded to the nodes mj in the domain B.
Step 3: cPCE ->cPCE :[X,B-mj] A-B. After decrypting the message,
A B k
c-c
A-B
cPCE encrypts the session key k shared with cPCEB.
A c-c
Step 4: cPCE ->mj:[X,B-mj] j . After decrypting the message,
B k
c-m
j
cPCE encrypts the session key k shared with mj.
B c-m
Wu et al. Expires April 10, 2018 [Page 10]
Internet-Draft Key Management Schemes October 2017
Step 5: After the nodes mj in the domain B decrypts this message and
calculates the k(j-i)=X^y modq, the encryption Y is passed to the
nodes mi in the domain A in the reverse order of step2-step4.
Step 6: After the nodes mj in the domain A have received Y
successfully , we calculate k(i-j)=Y^x modq. According to
the Diffie-Hellman principle, k(i-j)=k(j-i).
Step 7: cPCEA generate the key hyperedge of the inter-domain
e (k ).
i-j i-j
(3) The establishment of the layer group key
a. The establishment of the layer group key of the PCE layer
Step 1: pPCE generates a group key of PCE layer
*
K0=h(r||cPCE1||...||cPCEd||pPCE), where r belongs to Z represents
q
random number, cPCEi represents the number of the domain that cPCE is
in, d represents the total number of the autonomous domains, and then
generates the hyperedge E0(K0) in the key hypergraph.
Step 2: pPCE->cPCEi:[K0] i , where i belongs to [1,d].
k
p-c
i
Step 3: cPCEi get the layer group key K0 with k decryption.
c-p
b. The establishment of the group key in autonomous domain layer
Step 1: cPCEi generates the group key of autonomous domain layer
*
Ki=h(r||ms||...||me||cPCEi) , where r belongs to Z represents the
q
random number, ms and me represent respectively the starting and
ending numbers of the nodes in the domain and then generates the
hyperedge Ei(Ki) in the key hypergraph.
Step 2: cPCE->{ms-me}:[Ki] i , where i belongs to [1,d].
k
c-m
i
Step 3: ms-me get the group key Ki in its domain with k decryption.
4.2.2 Group Key Update When Members Join
(1) The group key update when new cPCE joins
When the new cPCE needs to be added, the public-private key of the
new cPCE members is established, and the negotiation process of the
session key between pPCE and cPCE is shown in section 4.2.1. However,
the group keys for the PCE layer need to be updated for later
security considerations.In order to simplify the update process, this
paper adopts the basic idea of the characteristic value of [11, 15],
namely when new PCE members join, according to the characteristic
Wu et al. Expires April 10, 2018 [Page 11]
Internet-Draft Key Management Schemes October 2017
values of key update transferred by pPCE , and the residual PCE group
members can calculate and replace new keys. Specific process is as
followed:
Step 1: New member cPCEd->pPCE, applies for the hyperedge E0(K0).
*
Step 2: pPCE generates new random numbers r belongs to Z , and
q
calculaes K0'=h(K0||r||IDd) as the new group key and update hyperedge
E0(K0) as E0(K0').
Step 3: pPCE=>{E(K0)-pPCE}:[r,IDd]K0 , where r,IDd are the key
updates characteristic value for pPCE.
Step 4: pPCE->PCEd:[K0'] d .
k
p-c
Step 5: After each cPCEi(i NEQ d) decrypts the message with the group
key, they calculate K0'=h(K0||r||IDd) as the new group key.
Step 6: cPCEd gets new group key K0' with the decryption of the
shared session key with pPCE.
(2) The group key update when new node joins in autonomous domain
In autonomous domain layer, when there is a need to add a new node,
you need to update key hyperedge Ei(Ki), among them 1<=i<=d, d
respresents the number of the autonomousdomains. The group key update
process and the key updating process when new cPCE joins are the
same, which is illustrated in Figure 1. when a new node requests to
join the autonomous domain 3 where cPCE3 is in, its group key update
process is as followed:
E0(K0) |
E1(K1) +------------------------+ E3(K3) |
+---------------------+------+ pPCE +------+-----------------v--+
| m1 m2 m3 m4 | *m16 | *m0 | *m18 |m11 m13 m14 m15 m19 |
| m5 |cPCE-1| |cPCE-3| m12 |
+---------------------+------+ +------+--------------------+
Domain 1 | | PCE Layer | | Domain 3
| | +----------+ | |
| | | *m17 | | |
| | | cPCE-2 | | |
| +------+----------+------+ |
+-----------------+--m6 m10--+----------------+
e0(k0) | m9 m8 | e1(k1)
| m7 |
E2(K2) +----------+ Domain 2
Figure 1. Group key updating when new node joining
Step 1: New node m19->cPCE3, applies to join hyperedgeE3(K3). Then,
m19 using the method described in section 4.2.1 to generate the
public-private key, and the session key is negotiated with the
original nodes m11-m15 with cPCE3(m18).
Wu et al. Expires April 10, 2018 [Page 12]
Internet-Draft Key Management Schemes October 2017
*
Step 2: cPCE3 generates new random numbers r belongs to Z , calculate
q
k3'=h(K3||r||ID19) as the new group key, and updates the hyperedge
E3(K3) to E3(K3').
Step 3: cPCE3=>{m11-m15}:[r,ID19]k3.
Step 4: cPCE3->m19:[K3'] 19 .
k
c-m
Step 5: m11-m15, each calculates new group key separately
K3'=h(K3||r||IDd).
Step 6: m19 gets new group key K3' with the decryption of the
shared session key with cPCE3.
4.2.3 Group Key Update When Members Join
(1) The group key update when the cPCE exits
When a cPCE member needs to exit, the group key of PCE layer needs to
be updated for the security consideration. The specific process is as
follows:
Step 1: Member cPCEk->pPCE, applies to exit hyperedge E0(K0).
Step 2: Update hyperedge E0(K0) to E0(K0'),and
*
pPCE->{E(K0)-cPCEk-pPCE}:[r,IDk] i ,where r belongs to Z .
k q
p-c
Step 3: After each cPCEi(i NEQ k) degrypts the message with the
session key shared with pPCE, calculates separately K0'=h(K0||r||IDk)
as the new group key.
(2) The group key update when the members in autonomous domain exits
The group key update process of the members exit in the autonomous
domain is basically similar to that of cPCE in PCE layer. But it also
requires the destruction of session keys between domain boundaries.
The specific process is as follows:
Step 1: member mk->cPCEi, apply to exit the hyperedge Ei(Ki),firstly,
cPCEi judges if the mk is the boundary nodes,execute step2,or step5.
Step 2:cPCEi=>cPCEj:[mk]k, namely ask cPCEj to inform intra-domain
nodes related to mk and to destroy the session key between the
boundary nodes.
Step 3: After decrypting the message, cPCEj=>{E(kj)-cPCEj}:[mk]k,
namely ask ralated nodes in the domain to destroy the session key
with mk.
Step 4: After the related nodes in the domain where cPCEj is, destroy
the session key relevant with mk.
Step 5: cPCE->{E(Ki)-cPCEi-mk}:[r,IDk]ki, cPCEi updates the hyperedge
*
Ei(Ki) to Ei(Ki'), where r belongs to Z .
q
Wu et al. Expires April 10, 2018 [Page 13]
Internet-Draft Key Management Schemes October 2017
Step 6: After the other member mi(i NEQ k) decrypting the session key
shared with cPCEi, each calculates Ki'=h(Ki||r||IDk) as the group
key.
5. Conclusions and Future Work
In this research, because of the huge amount of network traffic, the
security issue has attracted the attention of the industry.For the
security threats such as high power signal crosstalk, privacy leaks,
denial of service, message tampering, forgery and replay, identity of
fake,all kinds of security solutions require the use of multiple
security protection measures such as encryption, authentication,
digital signature, attack detection and privacy protection and the
security mechanisms can not do without the use of keys, so the
effective key management is an important issue in optical networks.
Aiming at this problem, based on the PCE framework of multi-domain
optical network as the research object, this paper proposes a new key
management scheme (KMS-KI) based on hypergraph theory and identity
of cryptographic.The scheme with the ability of the forward security,
the backward security and anti-collusion attack, and compared the
typical distributed scheme based on the logical key tree, while
supporting hierarchical identity-based cryptosystem, the key storage
and cPCE traffic and the number of encryption has obtained a better
comprehensive performance. Next, the research will focus on how to
integrate key management and credit management to improve the
security of multi-domain optical network.
Wu et al. Expires April 10, 2018 [Page 14]
Internet-Draft Key Management Schemes October 2017
6. Security Considerations
Security is an integral concern for the design of the key management
schemes in multi-domain optical networks, and the scheme considers
the security performance of forward and backward, confidentiality of
private keys and the ability of resisting collusive attack.
7. IANA Considerations
This document has no IANA considerations.
8. Acknowledgments
The authors gratefully acknowledge the financial support from the
National Natural Science Foundation of China (NSFC) under Grants
No. 61402529, No. 61402147 and No. 61402531, the Natural Science
Foundation of Shanxi Province of China under Grant No. 2015JQ6266.
9. References
[1] Lehman T, Xi Y, Guok C P, et al. Control Plane Architecture and
Design Considerations for Multi-Service, Multi-Layer,
Multi-Domain Hybrid Networks [J]. IEEE Communications Magazine,
2012, 11(11):67-71.
[2] F Farrel A, Vasseur A, Ash J. RFC 4655, A Path Computation
Element (PCE) Based Architecture [S]. New York: IETF, 2006.
[3] King D, Farrel A. RFC 6805, The Application of the Path
Computation Element Architecture to the Determination of a
Sequence of Domains in MPLS and GMPLS Internet Engineering Task
Force[S]. New York: IETF, 2012.
[4] Fork M P, Wang Z X, Deng Y H. Optical Layer Security in
Fiber-Optical Network [J]. IEEE Transaction on Information
Forensics and Security, 2012, 6(3):725-736.
[5] Lee Y, Bernstein G, Martensson J, et al. RFC 7449, Path
Computation Element Communication Protocol (PCEP) Requirements
for Wavelength Switched Optical Network (WSON) Routing and
Wavelength Assignment [S]. New York: IETF, 2013.
[6] Vasseur J P, Roux Le J L. RFC 5440, Path Computation Element
(PCE) Communication Protocol [S]. New York: IETF, 2009.
[7] Fang L, Behringer M, Callon R, et al. RFC 5920, Security
Framework for MPLS and GMPLS Networks [S]. New York:IETF,2010.
Wu et al. Expires April 10, 2018 [Page 15]
Internet-Draft Key Management Schemes October 2017
[8] Hardjono T, Dondeti L. Multicast and group security [M].
London: Artech House, 2003.
[9] Harney H, Muckenhirn C. RFC 2094, Group key management protocol
(GKMP) architecture[S]. New York: IETF, 1997.
[10] Wallner D, Harder E, Agee R. RFC2627, Key management for
multicast: issues and architecture[S]. New York: IETF, 1998.
[11] Pour A N, Kumekawa K, Kato T, et a1. A hierarchical group key
management scheme for secure multicast increasing efficiency of
key distribution in leave operations[J]. Computer Networks,
2007, 51(17):4727-4743.
[12] Steiner M, Tsudik G, Waidner M. Diffie-Hellman key distribution
extended to group communication [C]// The 3rd ACM Conference on
Computer and Communications Security. New York: ACM Press,
1996:31-37.
[13] Mittra S. Iolus: a framework for scalable secure multicast[J].
ACM computer Communication, 1997, 27(3): 277-288.
[14] Saroit I A, El-Zoghdy S F, Matar M. A scalable and distributed
security protocol for multicast communications [J].
International Journal of Network Security, 2011, 12(1): 50-64.
[15] Du X Q, Bao W, Fu X Q. A Multicast Key Management Scheme Based
on Characteristic Values of Members [J]. Journal of Electronics
(China), 2012, 29(3):294-301.
[16] Li Y C.A Study of Hypergraph Based Privacy Preserving
Anonymization Techniques [D].Beijing:Bei Jing Jiao Tong
University, 2016.
[17] Ding Y,Zhou X W,Cheng Z M, et al.Key Management in Secure
Satellite Multicast Using Key Hypergraphs [J].
2014, 70(4):1859-1883.
[18] BERGE C. Graphs and Hypergraphs [M]. Amsterdam: North
holland,1973.
[19] Jeong I R, Lee D H. Key Agreement for Key Hypergraph [J].
Computers and Security, 2007, 26(78):452-458.
[20] Shamir A. Identity-based Cryptosystems and Signature
Schemes [C] // Cryptology-Crypto'84. Berlin: Springer-Verlag,
1984: 47-53.
[21] Horwitz J, Lynn B. Toward Hierarchical Identity-based
Encryption [C] // Advances in Cryptology: Eurocrypt 2002.
Berlin: Springer-Verlag, 2002: 466-481.
Wu et al. Expires April 10, 2018 [Page 16]
Internet-Draft Key Management Schemes October 2017
Author's Address:
Qiwu Wu
Department of Information Engineering
Engineering University of PAP
Wujing Street No.1
Xi'an 710086, P.R.China
Email: wuqiwu700@163.com
Hao Chen
Department of Information Engineering
Engineering University of PAP
Wujing Street No.1
Xi'an 710086, P.R.China
Email: chenhaoyan14@163.com
Wu et al. Expires April 10, 2018 [Page 17]
Internet-Draft Key Management Schemes October 2017