A Certificate-Less Distributed Key Management Scheme for Space Networks
Abstract
:1. Introduction
- (1)
- Designing a DPKG construction strategy that is practically compatible with space networks;
- (2)
- Designing an update mechanism for DPKG node master key shares;
- (3)
- Designing a node private key phased update strategy to avoid the network congestion problem generated by centralized updates.
- (1)
- The concept of a secure field of view is proposed, and the construction method of the DPKG of space networks is given;
- (2)
- The problem of updating the master key shares of DPKG nodes is solved by introducing a 0-constant term polynomial of the same order as the master key share polynomial, and a specific update algorithm is designed;
- (3)
- A batchwise private key update mechanism is employed. The mapping function is used to distribute the update requests of the nodes evenly throughout the update time period, avoiding the problem of the over-concentration of update requests.
2. Preparatory Knowledge
2.1. Threshold Secret Sharing Mechanism
2.2. Security Basis for Elliptic Curve Cryptosystems
- (a)
- The elliptic curve discrete logarithm problem (ECDLP) is used as follows: is the group defining the group over ; if , compute the smallest nonnegative integer such that .
- (b)
- The elliptic curve computational Diffie–Hellman problem (ECCDH) is used as follows: is the group defining the group over ; if , compute without mastering .
- (c)
- The elliptic curve decisional Diffie-Hellman problem (ECDDH) is used as follows: is the group defining the group over ; if , without mastering distinguish between and .
2.3. Bilinear Pairings
- (a)
- Bilinear: For any and , we have: or holds.
- (b)
- Non-degenerative: .
- (c)
- Computability: for any , there exists an efficient algorithm to compute .
2.4. Adversary Model
3. Certificate-Less Distributed Key Management Scheme
- (1)
- A centralized private key generation center PKG with the system master key is set up at the ground control center. The PKG generates the distribution of the initial portion of the private key for the node when it enters the network via the ground center.
- (2)
- A number of satellite nodes that can appear at least once in the PKG’s secure field of view within a specified time interval is selected to form distributed private key generation center distributed private key generators (DPKGs). A master key component is assigned to the DPKGs node by the PKG using the threshold secret sharing mechanism when it enters the network via the ground center. Threshold individual DPKGs nodes are federated to provide private key update service to the network nodes.
- (3)
- During the network operation phase, the PKG is responsible for providing the master key component update service to the DPKGs nodes when they are operating within the security horizon of the ground center.
3.1. Initialization
- (1)
- System parameter selection: The PKG chooses a finite field of upper order , a cyclic additive group generated by , and a cyclic multiplicative group with the same order , as well as the bilinear mapping . Define two secure hash functions: , and ; randomly select as the system master key and compute as the system public key.
- (2)
- DPKGs setup: The PKG selects satellite nodes to form the set of DPKGs nodes and generates the initial master key sharing polynomial
- (3)
- In a spatial network with distributed key generation centers, a node updating its private key once needs to broadcast a request message to at least number of DPKGs nodes. Since the space network uses wireless channels as communication links, a large number of nodes requesting key updates too centrally will inevitably cause network congestion and will greatly increase the computational delay of the DPKGs nodes. To avoid this, a batch update strategy is introduced: define the security usage period of a node’s private key as , set a discrete set of time points , where is the number of batches, and construct a mapping function from to update :
3.2. Node Private Key Generation
- ①
- PKG generates a partial private key for node , where denotes a string concatenation operation;
- ②
- Node picks a secret value that makes up its full private key, ;
3.3. Node Public Key Generation
3.4. Node Public-Private Key Update
3.5. DPKGs Master Key Component Update
3.6. Session Key Negotiation
4. Security Analysis
4.1. Master Key Security
4.2. Private and Master Key Component Update Security
4.3. Session Key Negotiation Security
- (1)
- Known session key security: During each negotiation of the session key, the interacting parties temporarily choose different random numbers to participate in generating the key for this session. If a session key between node and node is compromised, the attacker can only impersonate to communicate with or to communicate with in this session, but this will not affect the security of the other sessions between and ;
- (2)
- Perfect forward security: The long-term private key leakage of one of the parties in the scheme will not affect the confidentiality of the old session key. For an attacker who knows the private key of node , he is able to compute , but since he does not know with the private key of node , as well as , the attacker is not able to compute . For an attacker who knows the system’s master key , and can be computed, but without knowing and , the attacker cannot compute with . If the attacker knows the long-term private keys , of both parties, but cannot get any information about and , he cannot compute . Therefore, the negotiation mechanism provides perfect forward security.
- (3)
- Key disclosure plays security: For the known long-term private key of node attacker, although he can intercept by using and calculate by sending to , he cannot impersonate because he cannot calculate . For an attacker who knows the system master key s, although he can compute and , he is similarly unable to impersonate because he cannot compute .
- (4)
- Key control security: the session key is jointly generated by random numbers selected by each party; there is no question of one party controlling the result of generating the session key.
- (5)
- Unknown key sharing security: Even though the attacker obtains the private key of node or and can intercept the key negotiation parameters and , the attacker cannot obtain the information about and from node or and thus, cannot launch a man-in-the-middle attack.
4.4. Security Proof
- Stage 1: Interrogation Stage
- Stage 2: Challenge Stage
5. Simulation Verification
6. Conclusions
Author Contributions
Funding
Data Availability Statement
Conflicts of Interest
References
- Rinaldi, F.; Maattanen, H.-L.; Torsner, J.; Pizzi, S.; Andreev, S.; Iera, A.; Koucheryavy, Y.; Araniti, G. Non-terrestrial networks in 5G and beyond: A survey. IEEE Access 2020, 8, 165178–165200. [Google Scholar] [CrossRef]
- Wang, Y.; Zhou, D.; Song, N.; Sheng, M.; Li, J.; Liu, J. Concurrent reconfiguration of resource-oriented emergency TT and C mission planning for space information networks. J. Commun. Inf. Netw. 2021, 6, 142–152. [Google Scholar] [CrossRef]
- Li, J.; Wang, P.; Li, H.; Shi, K. Enhanced time-expanded graph for space information network modeling. Sci. China Inf. Sci. 2022, 65, 235–248. [Google Scholar] [CrossRef]
- Yu, Q.; Wang, J.; Shi, Y. Review of major research plan on “The Fundamental Theory and Key Technologies of The Space Information Networks”. Bull. Natl. Nat. Sci. Found. China 2023, 37, 831–839. [Google Scholar]
- Niu, Z.; Shen, X.S.; Zhang, Q.; Tang, Y. Space-air-ground integrated vehicular network for connected and automated vehicles: Challenges and solutions. Intell. Converg. Netw. 2020, 1, 142–169. [Google Scholar] [CrossRef]
- Bai, L.; De Cola, T.; Yu, Q.; Zhang, W. Space Information Networks. IEEE Wireless Commun. 2019, 26, 8–9. [Google Scholar] [CrossRef]
- Guo, H.; Zhou, X.; Liu, J.; Zhang, Y. Vehicular intelligence in 6G: Networking, communications, and computing. Veh. Commun. 2021, 33, 100399. [Google Scholar] [CrossRef]
- Yu, Q.; Wang, J.; Bai, L. Architecture and critical technologies of space information networks. J. Commun. Inf. Netw. 2016, 1, 1–9. [Google Scholar] [CrossRef]
- Li, G.D.; Zhao, Z.W.; Di, L. Research on survivability of spatial information network. In Proceedings of the 2022 2nd International Conference on Computer Science, Electronic Information Engineering and Intelligent Control Technology (CEI), Nanjing, China, 23–25 September 2022; pp. 171–175. [Google Scholar]
- Bhasin, K.; Hayden, J.L. Space Internet Architectures and Technologies for NASA Enterprises. Int. J. Satell. Commun. 2002, 20, 311–332. [Google Scholar] [CrossRef]
- Ji, S.; Sheng, M.; Zhou, D.; Bai, W.; Cao, Q.; Li, J. Flexible and Distributed Mobility Management for Integrated Terrestrial-Satellite Networks: Challenges, Architectures, and Approaches. IEEE Network 2021, 35, 73–81. [Google Scholar] [CrossRef]
- Yan, J.; Lu, Y.; Liu, Y.; Chen, L. Research on Beidou-based inter-domain identity authentication for mobile object. In Proceedings of the 2014 IEEE Workshop on Advanced Research and Technology in Industry Applications (WARTIA), Ottawa, ON, Canada, 29–30 September 2014; pp. 923–926. [Google Scholar]
- Wang, H.; Li, J.; Chengzhe, L.A.I. Identity Based Dynamic Key Management of Airborne Ad Hoc Network. J. Electron. Inf. Technol. 2018, 40, 1985–1991. [Google Scholar]
- Zhou, D.; Sheng, M.; Li, J.; Han, Z. Aerospace Integrated Networks Innovation for Empowering 6G: A Survey and Future Challenges. IEEE Commun. Surv. Tutor. 2023, 25, 975–1019. [Google Scholar] [CrossRef]
- Jiang, S.; Zhu, X.; Wang, L. An efficient anonymous batch authentication scheme based on HMAC for VANETs. IEEE Trans. Intell. Transp. Syst. 2016, 17, 2193–2204. [Google Scholar] [CrossRef]
- Shamir, A. Identity Based Cryptosystems and Signature Schemes. In Advances in Cryptology—CRYPTO 1984; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 1984; Volume 196, pp. 47–53. [Google Scholar]
- Boneh, D.; Franklin, M. Identity-based encryption forms the Weil pairing. In Advances in Cryptology CRYPTO 2001; Lecture Notes in Computer Science 2139; Kilian, J., Ed.; Springer: Berlin/Heidelberg, Germany, 2001; pp. 213–229. [Google Scholar]
- Saxena, N.; Tsudik, G.; Yi, J.H. Identity-based Access Control for Ad Hoc Groups. In Information Security and Cryptology—ICISC 2004; Springer: Berlin/Heidelberg, Germany, 2004; pp. 362–379. [Google Scholar]
- Deng, H.; Mukherjee, A.; Agrawal, D. Threshold and Identity-based Key Management and Authentication for Wireless Ad Hoc Networks. In Proceedings of the International Conference on Information Technology: Coding and Computing, 2004, Las Vegas, NV, USA, 5–7 April 2004; pp. 107–111. [Google Scholar]
- Bao, Q.; Hou, M.; Choo, K.K.R. A one-pass identity-based authentication and key agreement protocol for wireless roaming. In Proceedings of the the Sixth International Conference on Information Science and Technology, Dalian, China, 6–8 May 2016; IEEE: Piscataway, NJ, USA, 2016; pp. 443–447. [Google Scholar]
- Huo, S.W.; Luo, C.Y.; Xin, H.Z. Identity-Based Inter-domain Authentication Scheme in Pervasive Computing Environments. In Intelligent Computing and Information Science—ICICIS 2011—Communications in Computer and Information Science; Chen, R., Ed.; Springer: Berlin/Heidelberg, Germany, 2011; Volume 135, pp. 314–320. [Google Scholar] [CrossRef]
- Luo, C.-y.; Li, W.; Xing, H.-z.; Chu, X. Research on Identity-based Distributed Key Management in Space Network. J. Electron. Inf. Technol. 2010, 32, 183–188. [Google Scholar] [CrossRef]
- Al-Riyami, S.S.; Paterson, K.G. Certificateless Public Key Cryptography. In Advances in Cryptology ASIA CRYPT 2003; LNCS 2894; Springer: Berlin/Heidelberg, Germany, 2003; pp. 452–473. [Google Scholar]
- Chen, X.; Zhang, E.; Kim, K. A New ID-based Group Signature Scheme from Bilinear Pairings—WISA’03; Springer: Berlin/Heidelberg, Germany, 2003; pp. 585–592. [Google Scholar]
- Gorantla, M.C.; Saxena, A. An Eficient Certificateless Signature Scheme. In Computational Intelligence and Security; CIS 2005; Springer: Berlin/Heidelberg, Germany, 2005; pp. 110–116. [Google Scholar]
- Al-Riyami, S.S.; Paterson, K.G. CBE from CL-PKE: A Generic Construction and Efficient Schemes. Public Key Cryptography PKC 2005. In Proceedings of the 8th International Workshop on Theory and Practicein Public Key Cryptography, Les Diablerets, Switzerland, 23–26 January 2005; pp. 398–415. [Google Scholar]
- Baek, J.; Safavi-Naini, R.; Susilo, W. Certificateless pubic key encryption without pairing. In Proceedings of the Information Security: 8th International Conference, Singapore, 20–23 September 2005; pp. 134–148. [Google Scholar]
- Wu, C.; Chen, Z. A New Efficient Certificateless Signcryption Scheme. In Proceedings of the 2008 International Symposium on Information Science and Engineering, Shanghai, China, 20–22 December 2008; pp. 661–664. [Google Scholar] [CrossRef]
- Yuan, Y.M.; Li, D.; Tian, L.W.; Zhu, H.S. Certificateless signature scheme without random oracles. In Advances in Information Security and Assurance—ISA 2009; Lecture Notes in Computer Science; Springer: Berlin/Heidelberg, Germany, 2009; Volume 5576, pp. 31–40. [Google Scholar]
- Liu, T.; Wang, X.F.; Xiao, G.Z. Security Analysis and Improvement of a Strongly Secure Certificateless Key Agreement Protocol. Comput. Sci. 2012, 39, 73–75. [Google Scholar]
- Chen, T.H.; Lee, W.B.; Chen, H.B. A self-verification authentication mechanism for mobile satellite communication systems. Comput. Electr. Eng. 2009, 35, 41–48. [Google Scholar] [CrossRef]
- Ming, Y.; Cheng, H.L. Efficient certificateless conditional privacy preserving authentication scheme in VANETs. Mob. Inf. Syst. 2019, 2019, 1–19. [Google Scholar] [CrossRef]
- Li, C.; Zhang, X.; Wang, H.; Li, D. An Enhanced Secure Identity-Based Certificateless Public Key Authentication Scheme for Vehicular Sensor Networks. Sensors 2018, 18, 194. [Google Scholar] [CrossRef] [PubMed]
- Zhang, W.B.; Huang, W.H.; Feng, J.Y. Secure communication mechanism for VSN based on certificateless signcryption. J. Commun. 2021, 42, 128–136. [Google Scholar]
Analog Parameter | Description | Default Value |
---|---|---|
NODE_NUM | Number of mobile nodes (network size) | 50 |
DPKGs_NUM | Number of DPKGs nodes | 20 |
t | Threshold value | 5 |
MAX_TIME | Analog maximum time | 1500 s |
MAX_SPEED | Maximum movement speed | 15 m/s |
LENGTH | Area length | 1000 |
WIDTH | Area width | 1000 |
FAILURE RATIO | Link Reliability | 90% |
Disclaimer/Publisher’s Note: The statements, opinions and data contained in all publications are solely those of the individual author(s) and contributor(s) and not of MDPI and/or the editor(s). MDPI and/or the editor(s) disclaim responsibility for any injury to people or property resulting from any ideas, methods, instructions or products referred to in the content. |
© 2024 by the authors. Licensee MDPI, Basel, Switzerland. This article is an open access article distributed under the terms and conditions of the Creative Commons Attribution (CC BY) license (https://creativecommons.org/licenses/by/4.0/).
Share and Cite
Luo, C.; Sun, L. A Certificate-Less Distributed Key Management Scheme for Space Networks. Mathematics 2024, 12, 3126. https://doi.org/10.3390/math12193126
Luo C, Sun L. A Certificate-Less Distributed Key Management Scheme for Space Networks. Mathematics. 2024; 12(19):3126. https://doi.org/10.3390/math12193126
Chicago/Turabian StyleLuo, Changyuan, and Ling Sun. 2024. "A Certificate-Less Distributed Key Management Scheme for Space Networks" Mathematics 12, no. 19: 3126. https://doi.org/10.3390/math12193126
APA StyleLuo, C., & Sun, L. (2024). A Certificate-Less Distributed Key Management Scheme for Space Networks. Mathematics, 12(19), 3126. https://doi.org/10.3390/math12193126