[Docs] [txt|pdf] [Tracker] [Email] [Nits]

Versions: 00

Internet-Draft                                                   Qiwu Wu
Intended status: Experimental                                   Hao Chen
Expires: April 10, 2018                                    Lingzhi Jiang
                                                                 Fang Li
                                                             Xinyuan Gen
                                                                 Wen Wen
                                           Engineering University of PAP
                                                              Long Zhang
                                         Hebei University of Engineering
                                                        October 10, 2017


 Key Management Schemes Based on Key Hypergraph and Identity-based
           Cryptography in Multi-domain Optical Networks
                    draft-wu-eupap-kms-mon-00

Status of this Memo

   This Internet-Draft is submitted in full conformance with the
   provisions of BCP 78 and BCP 79.

   Internet-Drafts are working documents of the Internet Engineering
   Task Force (IETF), its areas, and its working groups.  Note that
   other groups may also distribute working documents as Internet-
   Drafts.

   Internet-Drafts are draft documents valid for a maximum of six months
   and may be updated, replaced, or obsoleted by other documents at any
   time.  It is inappropriate to use Internet-Drafts as reference
   material or to cite them other than as "work in progress."

   The list of current Internet-Drafts can be accessed at
   http://www.ietf.org/ietf/1id-abstracts.txt

   The list of Internet-Draft Shadow Directories can be accessed at
   http://www.ietf.org/shadow.html

   This Internet-Draft will expire on April 10, 2018.

Copyright Notice

   Copyright (c) 2012 IETF Trust and the persons identified as the
   document authors.  All rights reserved.

   This document is subject to BCP 78 and the IETF Trust's Legal
   Provisions Relating to IETF Documents
   (http://trustee.ietf.org/license-info) in effect on the date of
   publication of this document.  Please review these documents
   carefully, as they describe your rights and restrictions with respect
   to this document.  Code Components extracted from this document must



Wu et al.               Expires April 10, 2018                  [Page 1]


Internet-Draft          Key Management Schemes              October 2017


   include Simplified BSD License text as described in Section 4.e of
   the Trust Legal Provisions and are provided without warranty as
   described in the Simplified BSD License.

Abstract

   In view of the characteristics of multi-domain optical networks under
   hierarchical PCE architecture and its key management needs, a novel
   key management scheme (KMS-KI) based on key hypergraph and in this
   paper identity-based cryptography was proposed. The key relationship
   of multi-domain optical networks was firstly modeled into key
   hypergraph with two layers, namely the vertices was represented by
   points and the key relation at all levels was described with
   hyperedge. And the master keys, the public keys and private keys, the
   session keys, the layer group keys and the inter-domain keys were
   generated respectively and were dynamic managed by using hierarchical
   identity-based cryptography and improved private key generation
   strategies. When the group members join or leave, the remaining group
   members autonomously used the key value of the pPCE or cPCE to
   calculate and update the group key. So the risk that the new group
   key was uncovered by adversary was greatly reduced. KMS-KI scheme
   possessed the security performance of forward and backward,
   confidentiality of private keys and the ability of resisting
   collusive attack. Meanwhile, it not only supported the using of
   hierarchical identity-based cryptography, but also had performed
   comprehensively well in terms of numbers of the key storage, numbers
   of cPCE communication, encryption and decryption times.
























Wu et al.                 Expires April 10, 2018                [Page 2]


Internet-Draft            Key Management Schemes            October 2017


Table of Contents

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  4
   2.  Network Model and Assumptions  . . . . . . . . . . . . . . . .  5
     2.1.  Hierarchical PCE Model   . . . . . . . . . . . . . . . . .  5
     2.2.  Hypergraph Theory  . . . . . . . . . . . . . . . . . . . .  6
     2.3.  Hierarchical Identity Cryptosystem  . . . . . . . .  . . .  6
   3.  Multi-domain Optical Network Key Hypergraph Model  . . . . . .  7
   4.  Key Management Scheme KMS-KI   . . . . . . . . . . . . . . . .  7
     4.1.  Parametera and Symbol Definition   . . . . . . . . . . . .  8
     4.2.  The Design of the KMS-KI  . . . . . . . .  . .  . .  . . .  9
   5.  Conclusions and Future Work  . . . . . . . . . . . . . . . . . 14
   6.  Security Considerations  . . . . . . . . . . . . . . . . . . . 15
   7.  IANA Considerations  . . . . . . . . . . . . . . . . . . . . . 15
   8.  Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15
   9.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 15
   Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 17


































Wu et al.            Expires April 10, 2018                     [Page 3]


Internet-Draft        Key Management Schemes                October 2017


1.  Introduction

   For the routing problem of multi-domain optical network, IETF
   proposes two different solutions based on PCE (Path Computation
   Element) architecture [1], flat PCE scheme [2] and hierarchical PCE
   scheme [3]. However, both types of PCE programmes need to address
   security threats such as high power signal crosstalk, privacy
   disclosure, denial of service, tampering, counterfeiting and
   replaying, identity counterfeiting, etc. [4,5]. Public PCE
   architecture specifically for security solutions are very few, but
   the RFC 5440 [6] and RFC 5920 [7] proposed safety countermeasures
   including authentication, encryption, digital signatures, attack
   detection, privacy protection, key management. Since all kinds of
   security strategies are inseparable from the use of keys, RFC 5440
   proposes that the large-scale multi-domain optical network under PCE
   architecture should adopt dynamic key management. Although there is
   no public key management schemes for multi-domain optical network
   based on PCE architecture, the research on group key management in
   general network environment has made great progress. Generally
   speaking, the current group key management schemes can be divided
   into three categories [8]: centralized schemes, distributed schemes
   and distributed schemes. For example, the flat type centralized
   schemes represented by GKMP [9]; The logical hierarchical centralized
   schemes represented by LKH [10] and Pour07 [11]; Distributed schemes
   represented by GDH [12]; The decentralized schemes represented by
   Iolus [13] and Saroit [14]. According to the dependent degree for the
   Group Key update to GKC (Group Key Controller), we can divide these
   schemes into three categories: those that are completely dependent on
   GKC, such as GKMP, LKH schemes, etc. Partial reliance on GKC
   programmes, such as the Pour07 programmes, Saroit solutions;
   Completely independent of GKC schemes, such as GDH distributed
   solutions. Among them, the centralized schemes can easily come up
   with single point failure due to the need for continuous work of GKC
   alone. Distributed solutions solve the centralized better in a single
   point of failure and GKC trust issues, but they need more
   communications and computation to maintain group member key
   relationship between each node; Distributed solution is a compromise
   between the centralized and distributed solutions, it divides a big
   group into several smaller subgroups, each subgroups generate the key
   by their own GKC and distribute them to other group members, which is
   suitable for large dynamic group communication. According to the
   characteristics of layered PCE multi-domain optical network, the
   decentralized and partially dependent GKC key management schemes are
   relatively reasonable, which can effectively solve the problem of
   single point failure and "1 influence". For security and efficiency,
   the current distributed solutions need to be improved if applied to
   the layered PCE architecture optical network. On the one hand, the
   current decentralized solutions are mostly based on logical key tree,



Wu et al.              Expires April 10, 2018                   [Page 4]


Internet-Draft         Key Management Schemes               October 2017


   in which an edge is used to describe the relationship between the two
   nodes, but the key relationships between the multiple nodes in the
   inter domain and the intra domain of the optical network can not be
   directly used to describe with the simple edge; On the other hand,
   the typical programmes need further improvement. Specifically, Iolus
   schemes adopt the flat structure based on group membership management
   and when the group members leave, the traffic of the subgroups GKC is
   -1 (the number of group members). Aiming at the shortcomings of the
   Iolus schemes, Saroit et al. proposes a distributed scheme based on
   members of the characteristic value (Saroit scheme), and set members'
   traffic down to 1 who leave subgroups GKC, but the dangers of the
   collusion attack enemy hidden exist. Du Xiaojiang in the PLA
   information engineering university put forward a kind of improved
   schemes based on members eigenvalues [15] (referred to as Du), the
   scheme can resist the collusion attack of child group whose
   performance is superior to the Iolus scheme,and make the traffic of
   the subgroup key manager decrease from 1 to log2 when the members of
   the child group leave. But the scheme is based on balance logical key
   tree for key management, when used in multi-domain optical networks,
   management efficiency is relatively low, and when the equilibrium
   conditions are not met, this method still need further design and
   improvement. Moreover, in the security research based on the
   hypergraph, literature [16] studies the technology of privacy
   anonymous protection based on hypergraph model, and proposes the
   related attack and anonymous model , literature [17] proposes a
   satellite network multicast key management scheme based on hypergraph
   which can be applied to large scale satellite network dynamic group
   communication and reduce the use of satellite bandwidth. However,
   since the scheme is implemented with the traditional encryption
   methods, the security costs are relatively high. Therefore, this
   article innovation land applies the hypergraph theory to multi-domain
   key management of intelligent optical network under multi-layer PCE
   architecture, and transform the traditional logical key tree to the
   new key hypergraph model. Then it adopts the identity password system
   based on hierarchy and the improved public and private key generation
   strategy, completes all kinds of key generation and dynamic
   management. With the the fusion feature value thought of members, the
   remaining group members can calculate and update the group key by
   theirselves when group members leave.

2.  Network Model and Assumptions

2.1  Multi-domain Optical Network Model Based on Hierarchical PCE

   The sample of the multi-domain optical network based on layered
   PCE [3] includes three domains, each member of the domain numbers for
   m1 to m15. At the same time, each domain is equipped with a child
   path cell cPCE (child-PCE), the whole network is configured with a
   parent paths cell pPCE (parent-PCE).


Wu et al.              Expires April 10, 2018                   [Page 5]


Internet-Draft         Key Management Schemes               October 2017


   Assume the source node is m1 and the destination node is m15. The
   specific calculation and construction path process are as follows:
   Step 1: The source node sends a inter-domain Path calculation request
   message to the child PCE (cPCE-1) in this domain as the PCC (Path
   Computation Client), and then cPCE-1 transponds the request to the
   parent PCE (pPCE).
   Step 2: After receiving the requests, firstly the father PCE confirms
   the domain where the destination node is, and then calculates a
   abstract routing from the source to destination node and sends the
   request to calculate paths to the relevant child PCE, which asks the
   child PCE combines to calculate the path segment from the source node
   to the boundary node, from boundary node to the boundary node, from
   the boundary node to thedestination node.
   Step 3: After receiving the calculation results from the path of the
   related child PCE, firstly the father PCE merges the path segments
   into several end-to-end inter-domain paths, and then selects the
   optimal path to satisfy the constraints as the final results. Finally
   the result is sent to the child PCE1.
   Step 4: The child PCE1 receives the calculation of the path
   information from the father PCE and sends the calculated path
   information to PCC, namely it completes the calculation of the
   inter-domain path.
   Step 5: The source node enable the RSVP - TE or CR - LDP signaling
   protocols to build routes , namely completes the collection and
   distribution of the resources like the available wavelength, so as to
   ensure the whole end-to-end optical path to establish successful. If
   it fails, the light connection request will be blocked.

2.2  Hypergraph Theory

   In 1973, the concept of hypergraphs was proposed by c.b. erge [18],
   and the undirected hypergraph theory was created for the first time.
   With the development of research, the hypergraph theory has a wide
   application in the field of the operations research and network
   communication [19]. The general mathematical definition of the
   supergraph is given below:
   Definition 1: Let H=(V,E) , where V is a set of all nodes, E is a
   hyperedge set of the node in V , where the edge connecting two
   vertices is a special case of the hyperedge set , namely H=(V,E)
   is called hypergraph.

2.3  Hierarchical Identity Cryptosystem

   The cryptosystem certificate management structure based on public key
   Infrastructure PKI (Public Key Infrastructure) is complex and costs
   too much, so Shamir proposed the thought of the IBC cryptosystem
   based on the Identity (Identity-Based Cryptosystem) [20] in 1984.




Wu et al.              Expires April 10, 2018                   [Page 6]


Internet-Draft         Key Management Schemes               October 2017


   Since then, the Identity-Based Encryption schemes and the
   Identity-Based Signature schemes have been proposed with the bilinear
   pairs. Due to the problems of IBC schemes based on a single Private
   Key generation center PKG (Private Key Generator) that single point
   failure affects the overall situation exists, the layered IBC schemes
   has attracted the public attention [21], namely the introduction of
   sub-layer PKG to share the key management tasks for the root node
   PKG, each PKG only computes the private key for the user under its
   subnodes. To a certain extent,it reduces the risk of the system. The
   introduction to the definition of the bilinear pairings and its
   properties are as below.
   Definition 2: bilinear pair. G1 is the addition cycle group of q
   order, G2 is the multiplication cycle group of q order, where q is a
   large prime number, e:G1XG1->G2 is a bilinear pair mapping, and the
   following properties are satisfied below :
                                                                *   *
   (1) Double line: For random A,B belong to G1,a,b belong to Z , Z  is
                                                                q   q
   the integer multiplication group model q , e(aA,bB)=e(A,B)^ab ;
   (2) Non-degeneracy: For the existence of A,B belong to G1,e(A,B)NEQ1;
   (3) Computability: For random A,B belong to G1, the computable
   algorithms for e(A,B) exist.

3.  Multi-domain Optical Network Key Hypergraph Model

   This paper for the first time apply the hypergraph theory into
   multi-domain optical networks key management model, modeling the
   relationship between the keys into two layers of key hypergraph,
   namely the vertexes are expressed by the point, with super edge to
   describe the relationship between the key at each layers, to make the
   key hierarchical relationships in the network can be better reflected
   in the key hypergraph model.
   Definition 3: Multi-domain optical network key hypergraph.
   Multi-domain key light hypergraph model is defined as a hierarchical
   key hypergraph G=(M,E), where M=(mo,m2,...,m(n-1)),
   E=(E0(K0),...,Ed(Kd),eo(k0),...,et(K(t-1))) , while |Ei|>=1, |d|
   represents the total number of autonomous domain, |t| respresents the
   total number of edges connecting two different domains vertex, Kiorki
   respresents group keys of the nodes covered by Eiorei . The whole key
   supergraph is divided into two layers, namely PCE layer and
   autonomous domain layer. In PCE layer, pPCE is PKG or KGC of cPCE,
   cPCE is PKG or KGC of various autonomous domain.

4.  Key Management Scheme KMS-KI

   Fusion of the improved private key generation strategy and the key
   update ideas based on the eigenvalue of members, this paper proposes
   a key management scheme for multi-domain optical network based on key
   hypergraph and identity key, that is KMS-KI(Key Management Scheme
   based on Key hypergraph and Identity cryptosystem in multi-domain
   optical Networks).
Wu et al.              Expires April 10, 2018                   [Page 7]


Internet-Draft         Key Management Schemes               October 2017


4.1  Parametera and Symbol Definition

   Refer to RFC 5440 the key management advice under the relevant PCE
   framework multi-domain optical networks, KMS-KI key management scheme
   involving the parameters and the symbol definition is as shown in
   table 1, and the types of interrelated layers key are as shown in
   table 2.

   =====================================================================
   Parameters                        Symbol Definition
   =====================================================================
        *
   q , Z             big prime, the integer multiplication group model q
        q
   kq , A            system security parameters, system open parameter
   ks , h0           master key, hash function
   {1,0}* , ||       the set of random lengths binary string, connector
   x=>w:y            the node x sends multicast messages y to the set w
   x->z:y             the node x sends unicast messages y to the node z
   =====================================================================
   [y]k              use the key k to encrypt the message y
   =====================================================================

       TABLE 1         THE DEFINITION OF SYMBOLS AND PARAMETER

   =====================================================================
   Layers                             The key types
   =====================================================================
   PCE layer      public key nodes Pi, private key nodes Ri
                                                                     i
                  the session key between the pPCE and single cPCEi k
                                                                     p-c
                                                               i-j
                  the session key between the cPCEi and cPCEj k
                                                               c-c
                  group key of the PCE layer K0
   =====================================================================
   Autonomous domain layer     public key nodes Pi, private key nodes Ri
                               the session key between cPCE and member
                                         i
                               nodes mi k
                                         c-m
                                                                  i-j
                               the session key between mi and mj k
                                                                  m-m
                               the session key among domain boundary
                               nodes ki
                               intra-domain group key Ki, i>=1
   =====================================================================

                   TABLE 2          THE TYPE OF KEYS

Wu et al.              Expires April 10, 2018                   [Page 8]


Internet-Draft         Key Management Schemes               October 2017


4.2  The Design of the KMS-KI

   KMS-KI is divided into PCE layer and autonomous domain layer. This
   paper takes the two layers into uniform description centre on the
   main process of key management, including key establishment, group
   key update when members join, and group key update when members
   exit.

4.2.1  Key Establishment

   (1) The establishment of the public-private key
   a. The establishment of the public-private key of the pPCE
   As pPCE is the PKG of PCE layer, firstly, with the parameters
   generator, we input system big prime q and security parameters kq,
   output G1,G2ande, select a generated cell g and hash function
   h:{0,1}*->G1, randomly select ks belong to Z*q as master key of PKG
   system, set the private key of pPCE RpPCE=ks, the public key of pPCE
   PpPCE=ksg, generat the public parameters of the system cipher suite
   A=(G1,G2,q,g,PpPCE,h).
   b. The establishment of the public-private key of the cPCE
   Step 1: Initialization.
   The preset parameter A is opened Offline to cPCEi, then cPCEi
   generates identity label IDi=dig as its public key PcPCE(i), and
   calculates the session key agreement required parameters X=gdimodq,
   where disystem,Z*q, g as the generated cell and make IDi and
   corresponding user passphrase preseted in pPCE.
   Step 2:  cPCEi->pPCE:[Request Key,IDi,W,X]PpPCE. Namely ask pPCE to
   generate some private key information for itself and encrypt this
   message with the public key of pPCE.
   Step 3: After decrypting the requested message with the private key
   and verifying the authenticity of the user cPCEi, pPCE calculates the
   partial private key information ksh(IDi) of cPCEi, and select the
                              *
   random number p belong to Z , calculate the parameters for the
                              q
                              p
   session key negotiation Y=g mod q;
   Step4: pPCE->cPCEi:[ksh(IDi),[Y]PcPCE]RpPCE;
   Step5: After verifying the authenticity of its signature with the
   pPCE public key, then cPCEi calculates its complete private key
   RcPCE(i)=diksh(IDi) and decryptes [Y]PcPCE  with the private key.
   c. The establishment of the public-private key of intra-doamin nodes
   In the autonomous domain layer, because pPCE needs to complete the
   path calculation unit of centralized management in the domain,so this
   paper selects pPCE as the PKG in this domain to complete key
   management.The public-private key establishment process in
   intra-domain nodes is the same as that of cPCE in the PCE layer. pPCE
   only needs to modify the system master key ks=RcPCE(i),and parameters
   A=(G1,G2,q,g,PcPCE(i),h).


Wu et al.              Expires April 10, 2018                   [Page 9]


Internet-Draft         Key Management Schemes               October 2017


   (2) The establishment of the session key
   a. The establishment of the session key of the PCE layer
   Step 1: pPCE adopts the Diffie-Hellman algorithm for the session key
                                                         i    p
   negotiation with single cPCEi,namely pPCE calculates k   =X mod q,
                                                         p-c
                     i    di
   cPCEi calculates k   =Y  mod q. According to the Diffie-Hellman
                     c-p
                         i    i
   algorithm principle, k   =k   .
                         p-c  c-p
   Step 2: The session key between cPCEi and cPCEj adopts the character
   of the identity cryptography bisexuality to generate, cPCEi
               i-j
   calculates k   =e(R       ,IDjh(IDj)), and cPCEj calculates
               c-c    cPCE(i)
    j-i                                                       i-j  j-i
   k   =e(IDih(IDi),R       ). According to the disexuality, k   =k   .
    c-c              cPCE(j)                                  c-c  c-c
   b. The establishment of the session key in autonomous domain layer
   In autonomous domain layer, the process of session key agreement
   between the intra-domain nodes and cPCE is the same as the session
   key negotiation process between the cPCE and pPCE in the PCE layer.
   The session key negotiation process between nodes in intra-domain
   and inter-domain is the same as that between cPCE and cPCE. The key
   here only describes the session key negotiation process between the
   domain boundary nodes. Assuming that the nodes in the domain A and
   domain B have the key hyperedge, the steps of session key negotiation
   are as follows:
   Step 1: Initialization. The domain A node mi calculates X=g^x mod q,
   in which X belong to Z*q , g is the generating cell for the large
   prime. The domain B node mj calculates Y=g^y mod q, where Y belongs
   to Z*q.
   Step 2: mi->cPCE :[X,B-mj] A  ,where B-mj means that the message
                  A          k
                              m-c
   needs to be forwarded to the nodes mj in the domain B.
   Step 3: cPCE ->cPCE :[X,B-mj] A-B. After decrypting the message,
              A      B         k
                                c-c
                                   A-B
   cPCE  encrypts the session key k   shared with cPCEB.
       A                           c-c
   Step 4: cPCE ->mj:[X,B-mj] j  . After decrypting the message,
              B             k
                             c-m
                                  j
   cPCE encrypts the session key k    shared with mj.
       B                          c-m

Wu et al.              Expires April 10, 2018                  [Page 10]


Internet-Draft         Key Management Schemes               October 2017


   Step 5: After the nodes mj in the domain B decrypts this message and
   calculates the k(j-i)=X^y modq, the encryption Y is passed to the
   nodes mi in the domain A in the reverse order of step2-step4.
   Step 6: After the nodes mj in the domain A have received Y
   successfully , we calculate k(i-j)=Y^x modq. According to
   the Diffie-Hellman principle, k(i-j)=k(j-i).
   Step 7: cPCEA generate the key hyperedge of the inter-domain
   e   (k   ).
    i-j  i-j
   (3) The establishment of the layer group key
   a. The establishment of the layer group key of the PCE layer
   Step 1: pPCE generates a group key of PCE layer
                                                       *
   K0=h(r||cPCE1||...||cPCEd||pPCE), where r belongs to Z  represents
                                                       q
   random number, cPCEi represents the number of the domain that cPCE is
   in, d represents the total number of the autonomous domains, and then
   generates the hyperedge E0(K0) in the key hypergraph.
   Step 2: pPCE->cPCEi:[K0] i  , where i belongs to [1,d].
                           k
                            p-c
                                                  i
   Step 3: cPCEi get the layer group key K0 with k    decryption.
                                                  c-p
   b. The establishment of the group key in autonomous domain layer
   Step 1: cPCEi generates the group key of autonomous domain layer
                                                   *
   Ki=h(r||ms||...||me||cPCEi) , where r belongs to Z  represents the
                                                   q
   random number, ms and me represent respectively the starting and
   ending numbers of the nodes in the domain and then generates the
   hyperedge Ei(Ki) in the key hypergraph.
   Step 2: cPCE->{ms-me}:[Ki] i  , where i belongs to [1,d].
                             k
                              c-m
                                                          i
   Step 3: ms-me get the group key Ki in its domain with k   decryption.

4.2.2  Group Key Update When Members Join

   (1) The group key update when new cPCE joins
   When the new cPCE needs to be added, the public-private key of the
   new cPCE members is established, and the negotiation process of the
   session key between pPCE and cPCE is shown in section 4.2.1. However,
   the group keys for the PCE layer need to be updated for later
   security considerations.In order to simplify the update process, this
   paper adopts the basic idea of the characteristic value of [11, 15],
   namely when new PCE members join, according to the characteristic



Wu et al.              Expires April 10, 2018                  [Page 11]


Internet-Draft         Key Management Schemes               October 2017


   values of key update transferred by pPCE , and the residual PCE group
   members can calculate and replace new keys. Specific process is as
   followed:

   Step 1: New member cPCEd->pPCE, applies for the hyperedge E0(K0).
                                                           *
   Step 2: pPCE generates new random numbers r belongs to Z , and
                                                           q
   calculaes K0'=h(K0||r||IDd) as the new group key and update hyperedge
   E0(K0) as E0(K0').
   Step 3: pPCE=>{E(K0)-pPCE}:[r,IDd]K0 , where r,IDd are the key
   updates characteristic value for pPCE.
   Step 4: pPCE->PCEd:[K0'] d  .
                           k
                            p-c
   Step 5: After each cPCEi(i NEQ d) decrypts the message with the group
   key, they calculate K0'=h(K0||r||IDd) as the new group key.
   Step 6: cPCEd gets new group key K0' with the decryption of the
   shared session key with pPCE.
   (2) The group key update when new node joins in autonomous domain
   In autonomous domain layer, when there is a need to add a new node,
   you need to update key hyperedge Ei(Ki), among them 1<=i<=d, d
   respresents the number of the autonomousdomains. The group key update
   process and the key updating process when new cPCE joins are the
   same, which is illustrated in Figure 1. when a new node requests to
   join the autonomous domain 3 where cPCE3 is in, its group key update
   process is as followed:

                                  E0(K0)                            |
           E1(K1)        +------------------------+       E3(K3)    |
   +---------------------+------+  pPCE    +------+-----------------v--+
   | m1 m2 m3 m4         | *m16 |   *m0    | *m18 |m11 m13 m14 m15 m19 |
   |         m5          |cPCE-1|          |cPCE-3|        m12         |
   +---------------------+------+          +------+--------------------+
    Domain 1  |          |       PCE Layer        |         | Domain 3
              |          |      +----------+      |         |
              |          |      |  *m17    |      |         |
              |          |      |  cPCE-2  |      |         |
              |          +------+----------+------+         |
              +-----------------+--m6 m10--+----------------+
                   e0(k0)       |  m9 m8   |        e1(k1)
                                |    m7    |
                       E2(K2)   +----------+ Domain 2

            Figure 1. Group key updating when new node joining

   Step 1:  New node m19->cPCE3, applies to join hyperedgeE3(K3). Then,
   m19 using the method described in section 4.2.1 to generate the
   public-private key, and the session key is negotiated with the
   original nodes m11-m15 with cPCE3(m18).

Wu et al.              Expires April 10, 2018                  [Page 12]


Internet-Draft         Key Management Schemes               October 2017


                                                            *
   Step 2: cPCE3 generates new random numbers r belongs to Z , calculate
                                                            q
   k3'=h(K3||r||ID19) as the new group key, and updates the hyperedge
   E3(K3) to E3(K3').
   Step 3: cPCE3=>{m11-m15}:[r,ID19]k3.
   Step 4: cPCE3->m19:[K3'] 19  .
                           k
                            c-m
   Step 5: m11-m15, each calculates new group key separately
   K3'=h(K3||r||IDd).
   Step 6: m19 gets new group key K3' with the decryption of the
   shared session key with cPCE3.

4.2.3  Group Key Update When Members Join

   (1) The group key update when the cPCE exits
   When a cPCE member needs to exit, the group key of PCE layer needs to
   be updated for the security consideration. The specific process is as
   follows:
   Step 1: Member cPCEk->pPCE, applies to exit hyperedge E0(K0).
   Step 2: Update hyperedge E0(K0) to E0(K0'),and
                                                             *
   pPCE->{E(K0)-cPCEk-pPCE}:[r,IDk] i   ,where r belongs to Z .
                                   k                         q
                                    p-c
   Step 3: After each cPCEi(i NEQ k) degrypts the message with the
   session key shared with pPCE, calculates separately K0'=h(K0||r||IDk)
   as the new group key.
   (2) The group key update when the members in autonomous domain exits
   The group key update process of the members exit in the autonomous
   domain is basically similar to that of cPCE in PCE layer. But it also
   requires the destruction of session keys between domain boundaries.
   The specific process is as follows:
   Step 1: member mk->cPCEi, apply to exit the hyperedge Ei(Ki),firstly,
   cPCEi judges if the mk is the boundary nodes,execute step2,or step5.
   Step 2:cPCEi=>cPCEj:[mk]k, namely ask cPCEj to inform intra-domain
   nodes related to mk and to destroy the session key between the
   boundary nodes.
   Step 3: After decrypting the message, cPCEj=>{E(kj)-cPCEj}:[mk]k,
   namely ask ralated nodes in the domain to destroy the session key
   with mk.
   Step 4: After the related nodes in the domain where cPCEj is, destroy
   the session key relevant with mk.
   Step 5: cPCE->{E(Ki)-cPCEi-mk}:[r,IDk]ki, cPCEi updates the hyperedge
                                          *
   Ei(Ki) to Ei(Ki'), where r belongs to Z  .
                                          q



Wu et al.              Expires April 10, 2018                  [Page 13]


Internet-Draft         Key Management Schemes               October 2017


   Step 6: After the other member mi(i NEQ k) decrypting the session key
   shared with cPCEi, each calculates Ki'=h(Ki||r||IDk) as the group
   key.

5.  Conclusions and Future Work

   In this research, because of the huge amount of network traffic, the
   security issue has attracted the attention of the industry.For the
   security threats such as high power signal crosstalk, privacy leaks,
   denial of service, message tampering, forgery and replay, identity of
   fake,all kinds of security solutions require the use of multiple
   security protection measures such as encryption, authentication,
   digital signature, attack detection and privacy protection and the
   security mechanisms can not do without the use of keys, so the
   effective key management is an important issue in optical networks.
   Aiming at this problem, based on the PCE framework of multi-domain
   optical network as the research object, this paper proposes a new key
   management scheme (KMS-KI) based on hypergraph theory and identity
   of cryptographic.The scheme with the ability of the forward security,
   the backward security and anti-collusion attack, and compared the
   typical distributed scheme based on the logical key tree, while
   supporting hierarchical identity-based cryptosystem, the key storage
   and cPCE traffic and the number of encryption has obtained a better
   comprehensive performance. Next, the research will focus on how to
   integrate key management and credit management to improve the
   security of multi-domain optical network.

























Wu et al.              Expires April 10, 2018                  [Page 14]


Internet-Draft         Key Management Schemes               October 2017


6.  Security Considerations

   Security is an integral concern for the design of the key management
   schemes in multi-domain optical networks, and the scheme considers
   the security performance of forward and backward, confidentiality of
   private keys and the ability of resisting collusive attack.

7.  IANA Considerations

   This document has no IANA considerations.

8.  Acknowledgments

   The authors gratefully acknowledge the financial support from the
   National Natural Science Foundation of China (NSFC) under Grants
   No. 61402529, No. 61402147 and No. 61402531, the Natural Science
   Foundation of Shanxi Province of China under Grant No. 2015JQ6266.

9.  References

   [1]  Lehman T, Xi Y, Guok C P, et al. Control Plane Architecture and
        Design Considerations for Multi-Service, Multi-Layer,
        Multi-Domain Hybrid Networks [J]. IEEE Communications Magazine,
        2012, 11(11):67-71.

   [2]  F Farrel A, Vasseur A, Ash J. RFC 4655, A Path Computation
        Element (PCE) Based Architecture [S]. New York: IETF, 2006.

   [3]  King D, Farrel A. RFC 6805, The Application of the Path
        Computation Element Architecture to the Determination of a
        Sequence of Domains in MPLS and GMPLS Internet Engineering Task
        Force[S]. New York: IETF, 2012.

   [4]  Fork M P, Wang Z X, Deng Y H. Optical Layer Security in
        Fiber-Optical Network [J]. IEEE Transaction on Information
        Forensics and Security, 2012, 6(3):725-736.

   [5]  Lee Y, Bernstein G, Martensson J, et al. RFC 7449, Path
        Computation Element Communication Protocol (PCEP) Requirements
        for Wavelength Switched Optical Network (WSON) Routing and
        Wavelength Assignment [S]. New York: IETF, 2013.

   [6]  Vasseur J P, Roux Le J L. RFC 5440, Path Computation Element
        (PCE) Communication Protocol [S]. New York: IETF, 2009.

   [7]  Fang L, Behringer M, Callon R, et al. RFC 5920, Security
        Framework for MPLS and GMPLS Networks [S]. New York:IETF,2010.


Wu et al.              Expires April 10, 2018                  [Page 15]


Internet-Draft         Key Management Schemes               October 2017


   [8]  Hardjono T, Dondeti L. Multicast and group security [M].
        London: Artech House, 2003.

   [9]  Harney H, Muckenhirn C. RFC 2094, Group key management protocol
        (GKMP) architecture[S]. New York: IETF, 1997.

   [10]  Wallner D, Harder E, Agee R. RFC2627, Key management for
         multicast: issues and architecture[S]. New York: IETF, 1998.

   [11]  Pour A N, Kumekawa K, Kato T, et a1. A hierarchical group key
         management scheme for secure multicast increasing efficiency of
         key distribution in leave operations[J]. Computer Networks,
         2007, 51(17):4727-4743.

   [12]  Steiner M, Tsudik G, Waidner M. Diffie-Hellman key distribution
         extended to group communication [C]// The 3rd ACM Conference on
         Computer and Communications Security. New York: ACM Press,
         1996:31-37.

   [13]  Mittra S. Iolus: a framework for scalable secure multicast[J].
         ACM computer Communication, 1997, 27(3): 277-288.

   [14]  Saroit I A, El-Zoghdy S F, Matar M. A scalable and distributed
         security protocol for multicast communications [J].
         International Journal of Network Security, 2011, 12(1): 50-64.

   [15]  Du X Q, Bao W, Fu X Q. A Multicast Key Management Scheme Based
         on Characteristic Values of Members [J]. Journal of Electronics
         (China), 2012, 29(3):294-301.

   [16]  Li Y C.A Study of Hypergraph Based Privacy Preserving
         Anonymization Techniques [D].Beijing:Bei Jing Jiao Tong
         University, 2016.

   [17]  Ding Y,Zhou X W,Cheng Z M, et al.Key Management in Secure
         Satellite Multicast Using Key Hypergraphs [J].
         2014, 70(4):1859-1883.

   [18]  BERGE C. Graphs and Hypergraphs [M]. Amsterdam: North
         holland,1973.

   [19]  Jeong I R, Lee D H. Key Agreement for Key Hypergraph [J].
         Computers and Security, 2007, 26(78):452-458.

   [20]  Shamir A.  Identity-based Cryptosystems and Signature
         Schemes [C] // Cryptology-Crypto'84. Berlin: Springer-Verlag,
         1984: 47-53.

   [21]  Horwitz J, Lynn B. Toward Hierarchical Identity-based
         Encryption [C] // Advances in Cryptology: Eurocrypt 2002.
         Berlin: Springer-Verlag, 2002: 466-481.

Wu et al.              Expires April 10, 2018                  [Page 16]


Internet-Draft         Key Management Schemes               October 2017


Author's Address:

   Qiwu Wu
   Department of Information Engineering
   Engineering University of PAP
   Wujing Street No.1
   Xi'an 710086, P.R.China
   Email: wuqiwu700@163.com


   Hao Chen
   Department of Information Engineering
   Engineering University of PAP
   Wujing Street No.1
   Xi'an 710086, P.R.China
   Email: chenhaoyan14@163.com









































Wu et al.              Expires April 10, 2018                  [Page 17]

Internet-Draft         Key Management Schemes               October 2017

Html markup produced by rfcmarkup 1.124, available from https://tools.ietf.org/tools/rfcmarkup/