组密钥在传感器网络安全组通信及虚假数据过滤等安全服务中起着重要作用.针对节点可能被大量俘获这一安全威胁研究组密钥管理问题,提出了一种基于随机混淆技术的组密钥管理机制GKRP(group key managementscheme based on random perturbation).首先,提出了一种基站与网络协同的组密钥管理框架;然后,结合秘密共享技术和随机混淆技术构造了组密钥广播函数和局部协作等功能函数,以实现组密钥更新信息的广播传输和多个被俘获节点的撤销;最后,基于上述管理框架和函数,提出了机制GKRP,使得节点间可以协作进行组密钥更新.理论分析及仿真结果表明,GKRP 在特定的参数设置下不受限于被俘获节点,且该参数易于满足.因此,GKRP 有效突破了门限值问题,提高了网络的抗毁性.同时,由于采取局部广播和全网络广播方式更新组密钥,GKRP 在通信上同样更为有效.GKRP 的存储和计算开销略高于已有同类机制,但仍然较低,适合于传感器网络.

In sensor networks, a group key plays an important role in both secure group communication and some security services such as false date filtering. Considering the security threat that there may be plenty of compromised nodes, a new group key management scheme based on random perturbation and secret sharing techniques is proposed (GKRP for short). In the GKRP, base station and local networks manage group keys cooperatively; additionally, some functions such as the broadcast rekeying function and local collaboration function are constructed. Thus, with GKRP, even if there are plenty of compromised nodes, these nodes can be revoked in real-time to ensure group key security. Extensive analyses and simulations show that GKRP can provide a higher level of security because GKRP is not limited to the compromised nodes under certain conditions, which can be satisfied easily. Moreover, GKRP is also more efficient on communication as taking local broadcast and network broadcast to rekey. The storage and computation overheads of GKRP are somewhat higher than some related works; however, they are still lightweight and thus are suitable to sensor networks.

国家自然科学基金(60973031, 61173038, 60903168); 国家教育部博士点基金(20100161110025); 湖南省教育厅资助科研项目(10B062); 湖南师范大学青年优秀人才培养计划(ET51102)