Research On Identity-Based Key Management

The identity-based cryptography (IBC) can avoid complicated authentication and massive key management. Compared with traditional PKI, IBC has evident advantages in many aspects, for examples, key generation, key distribution, key management, etc. The computation and storage can be decreased by using IBC. IBC has the natural function of key escrow. In course of monitoring, the problem of "once monitor, monitor forever" can also be caused. If there does not exist reliable relationship among the nodes in ad hoc network, the system primary key and nodes private key may leak. How to achieve the secure key management and find an eclectic way between the user's privacy and the right of monitoring authorized by the government? This is a hot research topic in cryptography in recent years.By making a deep research to key escrow of IBC and analyzing the schems of key management during recent years, a new and robustic key management scheme is proposed. In the scheme, Key Generation Center (KGC) and Key Gene Combination Center (KGCC) collaborate for key management and generation. KGCC adopts public key of seed and private key mapping technology. The escrow agents only need to store database of key factor, do not need to store key with segment scheme, so to decrease the load of storage. KGC can't get user's private key even though collaborating with any escrow agents, so to improve the security of the system. It is analyzed that this scheme is more efficient, lightweighted, securer and stronger for anti-attacking.Aiming at the threat that exists in key management in wireless ad hoc network based on IBC, a frame of layered and distributed group key management is proposed after analyzing the need of security for group communication in wireless network. In this wireless network all nodes may be movable. In this scheme, all nodes are divided into two parts, server nodes and ordinary nodes. The server nodes share more information than ordinary nodes. The scheme can reduce the risk of distributing system key equivalentlt to all nodes which may lead the groug key to be renewed if any k nodes are attacked. The logical structure of the scheme is a grid. This scheme not only has the advantages of higher connectivity and lower load, but also has higher extensibility.