| Summary: | 博士 === 國立中正大學 === 電機工程所 === 95 === Our entry into the realm of security in a new digitalized century has been accompanied by the intense challenges of global information security. Most enterprises utilize various network techniques as well as some related information technologies, and actively promote new solutions or improve the security mechanisms already in use. They improve upon the advantageous solutions in response to the required mechanisms, with respect to session-time constraints in group communications, and simultaneously solve the extending problems due to the frequent changeability of the organizations or members. To provide the assurance of security during cryptographic information exchanges and adaptability of access privilege changes while dealing with the limitation of session time for the varying organizations and members in session group communications, an enterprise must establish a cryptographic infrastructure for information exchange during session group communications. This dissertation will consider the problems of cryptographic information exchange during session group communications, such as multi-session group-oriented communication, hierarchy key assignment with a time-constraint, hierarchy key assignment with key refreshment, frequent change of classes or users, and relative applications of subjects, etc., following the carefully observed results for the varying session times, to investigate and propose the corresponding solutions.
Along with the observed results for the varying session times, we have thoroughly investigated the potential security threats on cryptographic information exchange during session group communications, and have proposed four contributed schemes in this dissertation, which take into consideration both manipulation of session-time and adaptability of groups or members’ dynamic changes. The four schemes are given as follows:
First, due to the fact that the conventional group-oriented cryptography (GOC) scheme doesn’t address multi-session applications, we therefore propose a multi-session, generalized, group-oriented cryptography (MGGOC) scheme. In this scheme, the user keeps only one secret key, and the key will be used by the Central Authority (CA) agency to generate distinct session keys for joining distinct communicating sessions, which share distinct secret polices. This technique can provide a solution for the upcoming requirements of multi-session communication in mobile communications.
Second, in order to accomplish both the ability to work with a time-constraint and capability of adaptable privileges for a hierarchy key management scheme, we propose a hierarchy key assignment scheme with flexible key management upon a time-token constraint. Specially, this scheme will dynamically generate an adaptable time-token by way of the CA agency for every change of class (or called group) or user. This technique can apply to real-time and/or on-line user hierarchy access control (UHAC) schemes.
Next, in order to increase the security level and simplify the management of class keys in a UHAC scheme, we further propose a role-based proactive hierarchy access control (RBPHAC) scheme, with both a role-based concept and proactive security. This third contribution we specifically propose is a solution for constructing an adjustable UHAC scheme it can easily manage, while allowing for easy adjustments due to changes in classes or roles, and we also propose a mechanism for refreshing class keys.
Additionally, we investigate a mobile ad hoc network (MANET), which has the property of having huge changes in session groups or members. A MANET is a self-organized and adaptive wireless network, formed by the dynamic gathering of mobile nodes (members). Owing to the mobility of mobile nodes, the topology of an ad hoc network frequently changes and thus results in the unstable organization of session groups or members. In order to satisfy the requirements for maintaining a secure session group communication environment in a MANET, we therefore propose a fourth scheme, a packet construction mechanism, using an ID-based factorial number structure (ID-based FNS), which can be applied to the application of a secure multicast. We further apply it to the construction of a secure conference call scheme in MANETs.
Finally, we reflect on these four schemes which have been proposed, which are the techniques of cryptographic information exchange, and are applied to a session group communication system, and state our conclusions. The four contributed schemes are given as follows: MGGOC, Flexible Key Management with a Time-token Constraint, RBPHAC, and ID-based FNS Secure Conference Call scheme.
|
|---|
