计算机工程与应用 ›› 2012, Vol. 48 ›› Issue (1): 116-119.

• 网络、通信、安全 • 上一篇    下一篇

一种IBE机制下的端到端密钥管理方案

闫海成,李 晖,张 文   

  1. 北京邮电大学 计算机学院,北京 100876
  • 收稿日期:1900-01-01 修回日期:1900-01-01 出版日期:2012-01-01 发布日期:2012-01-01

End-to-end key management based on IBE

YAN Haicheng, LI Hui, ZHANG Wen   

  1. School of Computer Science, Beijing University of Posts and Telecommunications, Beijing 100876, China
  • Received:1900-01-01 Revised:1900-01-01 Online:2012-01-01 Published:2012-01-01

摘要: 密钥管理是基于移动通信系统进行端到端加密的核心问题,现有方案大多依赖于密钥管理中心,并存在不在同一加密组内的终端要进行端到端加密通信时通信消耗大、效率低等问题。为解决这些问题,提出一种基于IBE(Identity Based Encryption)的三级密钥管理方案。该方案适于在资源有限的移动终端上使用,采用IBE机制生成和管理主密钥,简化了密钥协商过程,降低了对密钥管理中心的依赖,使用对称加密算法加密通信信息,确保通信的高效性。通信双方可进行双向认证,具有前向安全性,可抵抗选择密文攻击。

关键词: 端到端加密, 基于身份信息加密算法(IBE), 密钥管理

Abstract:

Key management is the core problem in the end-to-end encryption based on mobile communication system. Most existing schemes depend on KMC(Key Management Center), and have problems of high cost in communication, low efficiency. A three-layer key management scheme is provided based on IBE(Identity Based Encryption), which suits to mobile terminals. The master keys are produced and managed under the IBE mechanism, so the flow of key exchange is simplified and the dependency on the KMC is reduced. Communication data are encrypted in symmetric encryption algorithm to ensure the high efficiency. The two sides in the communication can do bidirectional authentication, have forward-security and defence of choose cipher attack.

Key words: end-to-end encryption, Identity Based Encryption(IBE), key management