计算机科学与探索
計算機科學與探索
계산궤과학여탐색
JOURNAL OF FRONTIERS OF COMPUTER SCIENCE & TECHNOLOGY
2015年
1期
80-93
,共14页
张平娟%刘志宏%张腾%田森平
張平娟%劉誌宏%張騰%田森平
장평연%류지굉%장등%전삼평
动态密钥%密钥进化%物理层安全%信息安全
動態密鑰%密鑰進化%物理層安全%信息安全
동태밀약%밀약진화%물리층안전%신식안전
dynamic keys%key evolution%physical-layer security%information security
无线网络可以利用物理层的信道噪声来增强系统的安全性能。通常物理层安全协议针对特定无线信道的噪声特性进行设计,并假设窃听者的信道特性已知,但在实际中该假设是不可行的。针对无线信道的安全通信问题,提出了密钥进化协议,设计了基于动态秘密的加密机制,使合法用户的密钥随传输数据流不断进化,而不用假设敌手的信道特征已知。如果合法用户之间存在认证信道,即使敌手的信道相比合法用户的信道具有优势,合法用户之间也能建立安全的会话密钥。最后,提出了k容忍加密机制(k-resistance encryption scheme,k-RES),该机制能够容忍加密密钥和解密密钥之间最多k比特的差异。
無線網絡可以利用物理層的信道譟聲來增彊繫統的安全性能。通常物理層安全協議針對特定無線信道的譟聲特性進行設計,併假設竊聽者的信道特性已知,但在實際中該假設是不可行的。針對無線信道的安全通信問題,提齣瞭密鑰進化協議,設計瞭基于動態祕密的加密機製,使閤法用戶的密鑰隨傳輸數據流不斷進化,而不用假設敵手的信道特徵已知。如果閤法用戶之間存在認證信道,即使敵手的信道相比閤法用戶的信道具有優勢,閤法用戶之間也能建立安全的會話密鑰。最後,提齣瞭k容忍加密機製(k-resistance encryption scheme,k-RES),該機製能夠容忍加密密鑰和解密密鑰之間最多k比特的差異。
무선망락가이이용물리층적신도조성래증강계통적안전성능。통상물리층안전협의침대특정무선신도적조성특성진행설계,병가설절은자적신도특성이지,단재실제중해가설시불가행적。침대무선신도적안전통신문제,제출료밀약진화협의,설계료기우동태비밀적가밀궤제,사합법용호적밀약수전수수거류불단진화,이불용가설활수적신도특정이지。여과합법용호지간존재인증신도,즉사활수적신도상비합법용호적신도구유우세,합법용호지간야능건립안전적회화밀약。최후,제출료k용인가밀궤제(k-resistance encryption scheme,k-RES),해궤제능구용인가밀밀약화해밀밀약지간최다k비특적차이。
Physical-layer channel noise can be used to enhance the security performance of the system in wireless networks. In general, a physical-layer security protocol is tailored to the channels and relies on the assumption that knowledge on the eavesdropper’s channel is available. However, this assumption is not practical. This paper focuses on the problem of developing key agreement schemes for secure communication across wireless channel, and pro-poses a key evolution scheme and designs an encryption mechanism based on dynamic secrets, allowing the legiti-mate users’keys to evolve continuously based on the transmitted messages over the noisy wireless channel with-out assuming that the channel characteristics of the enemy are known. Even if the eavesdropper’s channel is superior to the legitimate receiver, the legitimate parties can establish secret keys. Finally, this paper proposes a novel k-resistance encryption scheme (k-RES) that can use different keys to encrypt and decrypt messages if there are no more than k bits difference between the encryption and decryption keys.