跨域可定向的非对称群组密钥协商研究

There are some characteristics for mobile cloud, such as, resource distributed in multiple domains, information confidentiality with diversifications, resource-constrained for mobile terminals etc. For these reasons, the information exchange among groups in mobile cloud environmental, which urgent need to solve some problems, such as cross-domain information exchange, multi-level and three-dimensional information exchange, and asymmetric calculation etc. The current research can not meet the needs of complex information exchange in this environment. To solve these problems, the project will design a directed inter-domain asymmetric group key agreement protocol. Firstly, the project will propose an inter-domain structured alliance authentication and blind signature algorithm, and then combined with Non-interactive zero-knowledge proof theory to design an inter-domain structured hide alliance authentication protocol, which can provide modular security authentication and privacy protection for inter-domain group key agreement. Secondly, the project will propose a migration technology for key factors storage and combination computing, and a key pair mapping algorithm for the group’s public key and private key, also propose a batch certification algorithm. Then, the project designs an inter-domain certificateless alliance authentication asymmetric group key agreement protocol, which to achieve the information secure exchange among members in different domains and the lightweight computing for mobile terminals. On this basis, the project will propose key factors extraction, key factors distribution algorithm and multi-key factors combination technology, and then design an inter-domain directed asymmetric group key agreement protocol. To achieve cross-domain, multi-level, multidimensional information security exchange. The project will provide a certain theoretical basis and technical support for cross-platform cloud resource sharing, Multi-party information exchange among different domains in mobile cloud computing environmental.

移动云网络具有资源分布多域性、信息密级多等级化、终端资源受限等特点，该网络环境下群组密钥协商需解决成员分布跨域性、信息交换可定向性、计算不对等性等问题。当前研究方案不能满足该环境下复杂信息交换需求。本项目拟设计可定向的跨域非对称群组密钥协商协议，解决该环境下这些复杂信息交换问题。首先，拟提出域间结构化认证及隐藏签名算法，结合非交互式零知识证明理论，设计域间结构化联盟认证协议，为域间群组密钥协商提供模块化安全认证及终端隐私保护；其次，拟提出密钥因子存储及组合计算的迁移技术、批量认证及群公/私密钥对映射算法，设计域间无证书联盟认证的非对称群组密钥协商协议，解决群组信息交换的跨域性、可认证性及匿名性；在此基础上，拟提出群组贡献密钥因子提取、分发算法及组合技术，设计域间可定向的群组密钥协商协议，解决多层次信息安全交换。项目将为移动云中群组间跨平台资源共享、多方信息交换提供一定的理论基础和技术支持。

针对多域间复杂网络环境下的实体群组间的安全信息交换、数据安全共享及信息安全传输等亟待解决的安全问题，研究跨域可定向的非对称群组密钥协商协议，主要从以下几个方面展开研究：1）密钥协商的身份认证方面，研究了基于隐私保护的域间身份认证协议，主要优势：域间身份认证、属性隐藏、密钥自证实性等，解决了跨域身份认证的复杂性，保障个人身份、属性隐私问题，以及第三方密钥生成及密钥托管存在的安全隐患；2）密钥协商的密钥计算方面，研究非对称、多层次、跨域性的群组密钥协商技术，提高群组密钥协商的安全性、灵活性及实用性；3）密钥协商的数据共享方面，研究了隐藏属性的、细粒度的数据访问控制，使得数据资源存储更加安全、访问更加可靠、共享更加灵活；4）密钥协商与新技术的融合方面，研究了密钥协商与区块链的交叉技术，使得群组密钥协商具有可追踪性、不可否认性及易扩展性。将群组密钥协商的研究成果与实际应用场景进行了结合，研究群组密钥协商在远程医疗方面、物联网方面、工业物联网领域及边云协同场景中的应用，使得研究成果向实际应用的成果转化进一步靠近，为行业的发展提供一定的安全保障，为新型信息技术的发展提供安全理论基础和技术支持。