Internet-Draft Qiwu Wu Intended status: Experimental Hao Chen Expires: April 10, 2018 Lingzhi Jiang Fang Li Xinyuan Gen Wen Wen Engineering University of PAP Long Zhang Hebei University of Engineering October 10, 2017 Key Management Schemes Based on Key Hypergraph and Identity-based Cryptography in Multi-domain Optical Networks draft-wu-eupap-kms-mon-00 Status of this Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF), its areas, and its working groups. Note that other groups may also distribute working documents as Internet- Drafts. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." The list of current Internet-Drafts can be accessed at http://www.ietf.org/ietf/1id-abstracts.txt The list of Internet-Draft Shadow Directories can be accessed at http://www.ietf.org/shadow.html This Internet-Draft will expire on April 10, 2018. Copyright Notice Copyright (c) 2012 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (http://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must Wu et al. Expires April 10, 2018 [Page 1] Internet-Draft Key Management Schemes October 2017 include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Abstract In view of the characteristics of multi-domain optical networks under hierarchical PCE architecture and its key management needs, a novel key management scheme (KMS-KI) based on key hypergraph and in this paper identity-based cryptography was proposed. The key relationship of multi-domain optical networks was firstly modeled into key hypergraph with two layers, namely the vertices was represented by points and the key relation at all levels was described with hyperedge. And the master keys, the public keys and private keys, the session keys, the layer group keys and the inter-domain keys were generated respectively and were dynamic managed by using hierarchical identity-based cryptography and improved private key generation strategies. When the group members join or leave, the remaining group members autonomously used the key value of the pPCE or cPCE to calculate and update the group key. So the risk that the new group key was uncovered by adversary was greatly reduced. KMS-KI scheme possessed the security performance of forward and backward, confidentiality of private keys and the ability of resisting collusive attack. Meanwhile, it not only supported the using of hierarchical identity-based cryptography, but also had performed comprehensively well in terms of numbers of the key storage, numbers of cPCE communication, encryption and decryption times. Wu et al. Expires April 10, 2018 [Page 2] Internet-Draft Key Management Schemes October 2017 Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 4 2. Network Model and Assumptions . . . . . . . . . . . . . . . . 5 2.1. Hierarchical PCE Model . . . . . . . . . . . . . . . . . 5 2.2. Hypergraph Theory . . . . . . . . . . . . . . . . . . . . 6 2.3. Hierarchical Identity Cryptosystem . . . . . . . . . . . 6 3. Multi-domain Optical Network Key Hypergraph Model . . . . . . 7 4. Key Management Scheme KMS-KI . . . . . . . . . . . . . . . . 7 4.1. Parametera and Symbol Definition . . . . . . . . . . . . 8 4.2. The Design of the KMS-KI . . . . . . . . . . . . . . . 9 5. Conclusions and Future Work . . . . . . . . . . . . . . . . . 14 6. Security Considerations . . . . . . . . . . . . . . . . . . . 15 7. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 15 8. Acknowledgements . . . . . . . . . . . . . . . . . . . . . . . 15 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 15 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 17 Wu et al. Expires April 10, 2018 [Page 3] Internet-Draft Key Management Schemes October 2017 1. Introduction For the routing problem of multi-domain optical network, IETF proposes two different solutions based on PCE (Path Computation Element) architecture [1], flat PCE scheme [2] and hierarchical PCE scheme [3]. However, both types of PCE programmes need to address security threats such as high power signal crosstalk, privacy disclosure, denial of service, tampering, counterfeiting and replaying, identity counterfeiting, etc. [4,5]. Public PCE architecture specifically for security solutions are very few, but the RFC 5440 [6] and RFC 5920 [7] proposed safety countermeasures including authentication, encryption, digital signatures, attack detection, privacy protection, key management. Since all kinds of security strategies are inseparable from the use of keys, RFC 5440 proposes that the large-scale multi-domain optical network under PCE architecture should adopt dynamic key management. Although there is no public key management schemes for multi-domain optical network based on PCE architecture, the research on group key management in general network environment has made great progress. Generally speaking, the current group key management schemes can be divided into three categories [8]: centralized schemes, distributed schemes and distributed schemes. For example, the flat type centralized schemes represented by GKMP [9]; The logical hierarchical centralized schemes represented by LKH [10] and Pour07 [11]; Distributed schemes represented by GDH [12]; The decentralized schemes represented by Iolus [13] and Saroit [14]. According to the dependent degree for the Group Key update to GKC (Group Key Controller), we can divide these schemes into three categories: those that are completely dependent on GKC, such as GKMP, LKH schemes, etc. Partial reliance on GKC programmes, such as the Pour07 programmes, Saroit solutions; Completely independent of GKC schemes, such as GDH distributed solutions. Among them, the centralized schemes can easily come up with single point failure due to the need for continuous work of GKC alone. Distributed solutions solve the centralized better in a single point of failure and GKC trust issues, but they need more communications and computation to maintain group member key relationship between each node; Distributed solution is a compromise between the centralized and distributed solutions, it divides a big group into several smaller subgroups, each subgroups generate the key by their own GKC and distribute them to other group members, which is suitable for large dynamic group communication. According to the characteristics of layered PCE multi-domain optical network, the decentralized and partially dependent GKC key management schemes are relatively reasonable, which can effectively solve the problem of single point failure and "1 influence". For security and efficiency, the current distributed solutions need to be improved if applied to the layered PCE architecture optical network. On the one hand, the current decentralized solutions are mostly based on logical key tree, Wu et al. Expires April 10, 2018 [Page 4] Internet-Draft Key Management Schemes October 2017 in which an edge is used to describe the relationship between the two nodes, but the key relationships between the multiple nodes in the inter domain and the intra domain of the optical network can not be directly used to describe with the simple edge; On the other hand, the typical programmes need further improvement. Specifically, Iolus schemes adopt the flat structure based on group membership management and when the group members leave, the traffic of the subgroups GKC is -1 (the number of group members). Aiming at the shortcomings of the Iolus schemes, Saroit et al. proposes a distributed scheme based on members of the characteristic value (Saroit scheme), and set members' traffic down to 1 who leave subgroups GKC, but the dangers of the collusion attack enemy hidden exist. Du Xiaojiang in the PLA information engineering university put forward a kind of improved schemes based on members eigenvalues [15] (referred to as Du), the scheme can resist the collusion attack of child group whose performance is superior to the Iolus scheme,and make the traffic of the subgroup key manager decrease from 1 to log2 when the members of the child group leave. But the scheme is based on balance logical key tree for key management, when used in multi-domain optical networks, management efficiency is relatively low, and when the equilibrium conditions are not met, this method still need further design and improvement. Moreover, in the security research based on the hypergraph, literature [16] studies the technology of privacy anonymous protection based on hypergraph model, and proposes the related attack and anonymous model , literature [17] proposes a satellite network multicast key management scheme based on hypergraph which can be applied to large scale satellite network dynamic group communication and reduce the use of satellite bandwidth. However, since the scheme is implemented with the traditional encryption methods, the security costs are relatively high. Therefore, this article innovation land applies the hypergraph theory to multi-domain key management of intelligent optical network under multi-layer PCE architecture, and transform the traditional logical key tree to the new key hypergraph model. Then it adopts the identity password system based on hierarchy and the improved public and private key generation strategy, completes all kinds of key generation and dynamic management. With the the fusion feature value thought of members, the remaining group members can calculate and update the group key by theirselves when group members leave. 2. Network Model and Assumptions 2.1 Multi-domain Optical Network Model Based on Hierarchical PCE The sample of the multi-domain optical network based on layered PCE [3] includes three domains, each member of the domain numbers for m1 to m15. At the same time, each domain is equipped with a child path cell cPCE (child-PCE), the whole network is configured with a parent paths cell pPCE (parent-PCE). Wu et al. Expires April 10, 2018 [Page 5] Internet-Draft Key Management Schemes October 2017 Assume the source node is m1 and the destination node is m15. The specific calculation and construction path process are as follows: Step 1: The source node sends a inter-domain Path calculation request message to the child PCE (cPCE-1) in this domain as the PCC (Path Computation Client), and then cPCE-1 transponds the request to the parent PCE (pPCE). Step 2: After receiving the requests, firstly the father PCE confirms the domain where the destination node is, and then calculates a abstract routing from the source to destination node and sends the request to calculate paths to the relevant child PCE, which asks the child PCE combines to calculate the path segment from the source node to the boundary node, from boundary node to the boundary node, from the boundary node to thedestination node. Step 3: After receiving the calculation results from the path of the related child PCE, firstly the father PCE merges the path segments into several end-to-end inter-domain paths, and then selects the optimal path to satisfy the constraints as the final results. Finally the result is sent to the child PCE1. Step 4: The child PCE1 receives the calculation of the path information from the father PCE and sends the calculated path information to PCC, namely it completes the calculation of the inter-domain path. Step 5: The source node enable the RSVP - TE or CR - LDP signaling protocols to build routes , namely completes the collection and distribution of the resources like the available wavelength, so as to ensure the whole end-to-end optical path to establish successful. If it fails, the light connection request will be blocked. 2.2 Hypergraph Theory In 1973, the concept of hypergraphs was proposed by c.b. erge [18], and the undirected hypergraph theory was created for the first time. With the development of research, the hypergraph theory has a wide application in the field of the operations research and network communication [19]. The general mathematical definition of the supergraph is given below: Definition 1: Let H=(V,E) , where V is a set of all nodes, E is a hyperedge set of the node in V , where the edge connecting two vertices is a special case of the hyperedge set , namely H=(V,E) is called hypergraph. 2.3 Hierarchical Identity Cryptosystem The cryptosystem certificate management structure based on public key Infrastructure PKI (Public Key Infrastructure) is complex and costs too much, so Shamir proposed the thought of the IBC cryptosystem based on the Identity (Identity-Based Cryptosystem) [20] in 1984. Wu et al. Expires April 10, 2018 [Page 6] Internet-Draft Key Management Schemes October 2017 Since then, the Identity-Based Encryption schemes and the Identity-Based Signature schemes have been proposed with the bilinear pairs. Due to the problems of IBC schemes based on a single Private Key generation center PKG (Private Key Generator) that single point failure affects the overall situation exists, the layered IBC schemes has attracted the public attention [21], namely the introduction of sub-layer PKG to share the key management tasks for the root node PKG, each PKG only computes the private key for the user under its subnodes. To a certain extent,it reduces the risk of the system. The introduction to the definition of the bilinear pairings and its properties are as below. Definition 2: bilinear pair. G1 is the addition cycle group of q order, G2 is the multiplication cycle group of q order, where q is a large prime number, e:G1XG1->G2 is a bilinear pair mapping, and the following properties are satisfied below : * * (1) Double line: For random A,B belong to G1,a,b belong to Z , Z is q q the integer multiplication group model q , e(aA,bB)=e(A,B)^ab ; (2) Non-degeneracy: For the existence of A,B belong to G1,e(A,B)NEQ1; (3) Computability: For random A,B belong to G1, the computable algorithms for e(A,B) exist. 3. Multi-domain Optical Network Key Hypergraph Model This paper for the first time apply the hypergraph theory into multi-domain optical networks key management model, modeling the relationship between the keys into two layers of key hypergraph, namely the vertexes are expressed by the point, with super edge to describe the relationship between the key at each layers, to make the key hierarchical relationships in the network can be better reflected in the key hypergraph model. Definition 3: Multi-domain optical network key hypergraph. Multi-domain key light hypergraph model is defined as a hierarchical key hypergraph G=(M,E), where M=(mo,m2,...,m(n-1)), E=(E0(K0),...,Ed(Kd),eo(k0),...,et(K(t-1))) , while |Ei|>=1, |d| represents the total number of autonomous domain, |t| respresents the total number of edges connecting two different domains vertex, Kiorki respresents group keys of the nodes covered by Eiorei . The whole key supergraph is divided into two layers, namely PCE layer and autonomous domain layer. In PCE layer, pPCE is PKG or KGC of cPCE, cPCE is PKG or KGC of various autonomous domain. 4. Key Management Scheme KMS-KI Fusion of the improved private key generation strategy and the key update ideas based on the eigenvalue of members, this paper proposes a key management scheme for multi-domain optical network based on key hypergraph and identity key, that is KMS-KI(Key Management Scheme based on Key hypergraph and Identity cryptosystem in multi-domain optical Networks). Wu et al. Expires April 10, 2018 [Page 7] Internet-Draft Key Management Schemes October 2017 4.1 Parametera and Symbol Definition Refer to RFC 5440 the key management advice under the relevant PCE framework multi-domain optical networks, KMS-KI key management scheme involving the parameters and the symbol definition is as shown in table 1, and the types of interrelated layers key are as shown in table 2. ===================================================================== Parameters Symbol Definition ===================================================================== * q , Z big prime, the integer multiplication group model q q kq , A system security parameters, system open parameter ks , h0 master key, hash function {1,0}* , || the set of random lengths binary string, connector x=>w:y the node x sends multicast messages y to the set w x->z:y the node x sends unicast messages y to the node z ===================================================================== [y]k use the key k to encrypt the message y ===================================================================== TABLE 1 THE DEFINITION OF SYMBOLS AND PARAMETER ===================================================================== Layers The key types ===================================================================== PCE layer public key nodes Pi, private key nodes Ri i the session key between the pPCE and single cPCEi k p-c i-j the session key between the cPCEi and cPCEj k c-c group key of the PCE layer K0 ===================================================================== Autonomous domain layer public key nodes Pi, private key nodes Ri the session key between cPCE and member i nodes mi k c-m i-j the session key between mi and mj k m-m the session key among domain boundary nodes ki intra-domain group key Ki, i>=1 ===================================================================== TABLE 2 THE TYPE OF KEYS Wu et al. Expires April 10, 2018 [Page 8] Internet-Draft Key Management Schemes October 2017 4.2 The Design of the KMS-KI KMS-KI is divided into PCE layer and autonomous domain layer. This paper takes the two layers into uniform description centre on the main process of key management, including key establishment, group key update when members join, and group key update when members exit. 4.2.1 Key Establishment (1) The establishment of the public-private key a. The establishment of the public-private key of the pPCE As pPCE is the PKG of PCE layer, firstly, with the parameters generator, we input system big prime q and security parameters kq, output G1,G2ande, select a generated cell g and hash function h:{0,1}*->G1, randomly select ks belong to Z*q as master key of PKG system, set the private key of pPCE RpPCE=ks, the public key of pPCE PpPCE=ksg, generat the public parameters of the system cipher suite A=(G1,G2,q,g,PpPCE,h). b. The establishment of the public-private key of the cPCE Step 1: Initialization. The preset parameter A is opened Offline to cPCEi, then cPCEi generates identity label IDi=dig as its public key PcPCE(i), and calculates the session key agreement required parameters X=gdimodq, where disystem,Z*q, g as the generated cell and make IDi and corresponding user passphrase preseted in pPCE. Step 2: cPCEi->pPCE:[Request Key,IDi,W,X]PpPCE. Namely ask pPCE to generate some private key information for itself and encrypt this message with the public key of pPCE. Step 3: After decrypting the requested message with the private key and verifying the authenticity of the user cPCEi, pPCE calculates the partial private key information ksh(IDi) of cPCEi, and select the * random number p belong to Z , calculate the parameters for the q p session key negotiation Y=g mod q; Step4: pPCE->cPCEi:[ksh(IDi),[Y]PcPCE]RpPCE; Step5: After verifying the authenticity of its signature with the pPCE public key, then cPCEi calculates its complete private key RcPCE(i)=diksh(IDi) and decryptes [Y]PcPCE with the private key. c. The establishment of the public-private key of intra-doamin nodes In the autonomous domain layer, because pPCE needs to complete the path calculation unit of centralized management in the domain,so this paper selects pPCE as the PKG in this domain to complete key management.The public-private key establishment process in intra-domain nodes is the same as that of cPCE in the PCE layer. pPCE only needs to modify the system master key ks=RcPCE(i),and parameters A=(G1,G2,q,g,PcPCE(i),h). Wu et al. Expires April 10, 2018 [Page 9] Internet-Draft Key Management Schemes October 2017 (2) The establishment of the session key a. The establishment of the session key of the PCE layer Step 1: pPCE adopts the Diffie-Hellman algorithm for the session key i p negotiation with single cPCEi,namely pPCE calculates k =X mod q, p-c i di cPCEi calculates k =Y mod q. According to the Diffie-Hellman c-p i i algorithm principle, k =k . p-c c-p Step 2: The session key between cPCEi and cPCEj adopts the character of the identity cryptography bisexuality to generate, cPCEi i-j calculates k =e(R ,IDjh(IDj)), and cPCEj calculates c-c cPCE(i) j-i i-j j-i k =e(IDih(IDi),R ). According to the disexuality, k =k . c-c cPCE(j) c-c c-c b. The establishment of the session key in autonomous domain layer In autonomous domain layer, the process of session key agreement between the intra-domain nodes and cPCE is the same as the session key negotiation process between the cPCE and pPCE in the PCE layer. The session key negotiation process between nodes in intra-domain and inter-domain is the same as that between cPCE and cPCE. The key here only describes the session key negotiation process between the domain boundary nodes. Assuming that the nodes in the domain A and domain B have the key hyperedge, the steps of session key negotiation are as follows: Step 1: Initialization. The domain A node mi calculates X=g^x mod q, in which X belong to Z*q , g is the generating cell for the large prime. The domain B node mj calculates Y=g^y mod q, where Y belongs to Z*q. Step 2: mi->cPCE :[X,B-mj] A ,where B-mj means that the message A k m-c needs to be forwarded to the nodes mj in the domain B. Step 3: cPCE ->cPCE :[X,B-mj] A-B. After decrypting the message, A B k c-c A-B cPCE encrypts the session key k shared with cPCEB. A c-c Step 4: cPCE ->mj:[X,B-mj] j . After decrypting the message, B k c-m j cPCE encrypts the session key k shared with mj. B c-m Wu et al. Expires April 10, 2018 [Page 10] Internet-Draft Key Management Schemes October 2017 Step 5: After the nodes mj in the domain B decrypts this message and calculates the k(j-i)=X^y modq, the encryption Y is passed to the nodes mi in the domain A in the reverse order of step2-step4. Step 6: After the nodes mj in the domain A have received Y successfully , we calculate k(i-j)=Y^x modq. According to the Diffie-Hellman principle, k(i-j)=k(j-i). Step 7: cPCEA generate the key hyperedge of the inter-domain e (k ). i-j i-j (3) The establishment of the layer group key a. The establishment of the layer group key of the PCE layer Step 1: pPCE generates a group key of PCE layer * K0=h(r||cPCE1||...||cPCEd||pPCE), where r belongs to Z represents q random number, cPCEi represents the number of the domain that cPCE is in, d represents the total number of the autonomous domains, and then generates the hyperedge E0(K0) in the key hypergraph. Step 2: pPCE->cPCEi:[K0] i , where i belongs to [1,d]. k p-c i Step 3: cPCEi get the layer group key K0 with k decryption. c-p b. The establishment of the group key in autonomous domain layer Step 1: cPCEi generates the group key of autonomous domain layer * Ki=h(r||ms||...||me||cPCEi) , where r belongs to Z represents the q random number, ms and me represent respectively the starting and ending numbers of the nodes in the domain and then generates the hyperedge Ei(Ki) in the key hypergraph. Step 2: cPCE->{ms-me}:[Ki] i , where i belongs to [1,d]. k c-m i Step 3: ms-me get the group key Ki in its domain with k decryption. 4.2.2 Group Key Update When Members Join (1) The group key update when new cPCE joins When the new cPCE needs to be added, the public-private key of the new cPCE members is established, and the negotiation process of the session key between pPCE and cPCE is shown in section 4.2.1. However, the group keys for the PCE layer need to be updated for later security considerations.In order to simplify the update process, this paper adopts the basic idea of the characteristic value of [11, 15], namely when new PCE members join, according to the characteristic Wu et al. Expires April 10, 2018 [Page 11] Internet-Draft Key Management Schemes October 2017 values of key update transferred by pPCE , and the residual PCE group members can calculate and replace new keys. Specific process is as followed: Step 1: New member cPCEd->pPCE, applies for the hyperedge E0(K0). * Step 2: pPCE generates new random numbers r belongs to Z , and q calculaes K0'=h(K0||r||IDd) as the new group key and update hyperedge E0(K0) as E0(K0'). Step 3: pPCE=>{E(K0)-pPCE}:[r,IDd]K0 , where r,IDd are the key updates characteristic value for pPCE. Step 4: pPCE->PCEd:[K0'] d . k p-c Step 5: After each cPCEi(i NEQ d) decrypts the message with the group key, they calculate K0'=h(K0||r||IDd) as the new group key. Step 6: cPCEd gets new group key K0' with the decryption of the shared session key with pPCE. (2) The group key update when new node joins in autonomous domain In autonomous domain layer, when there is a need to add a new node, you need to update key hyperedge Ei(Ki), among them 1<=i<=d, d respresents the number of the autonomousdomains. The group key update process and the key updating process when new cPCE joins are the same, which is illustrated in Figure 1. when a new node requests to join the autonomous domain 3 where cPCE3 is in, its group key update process is as followed: E0(K0) | E1(K1) +------------------------+ E3(K3) | +---------------------+------+ pPCE +------+-----------------v--+ | m1 m2 m3 m4 | *m16 | *m0 | *m18 |m11 m13 m14 m15 m19 | | m5 |cPCE-1| |cPCE-3| m12 | +---------------------+------+ +------+--------------------+ Domain 1 | | PCE Layer | | Domain 3 | | +----------+ | | | | | *m17 | | | | | | cPCE-2 | | | | +------+----------+------+ | +-----------------+--m6 m10--+----------------+ e0(k0) | m9 m8 | e1(k1) | m7 | E2(K2) +----------+ Domain 2 Figure 1. Group key updating when new node joining Step 1: New node m19->cPCE3, applies to join hyperedgeE3(K3). Then, m19 using the method described in section 4.2.1 to generate the public-private key, and the session key is negotiated with the original nodes m11-m15 with cPCE3(m18). Wu et al. Expires April 10, 2018 [Page 12] Internet-Draft Key Management Schemes October 2017 * Step 2: cPCE3 generates new random numbers r belongs to Z , calculate q k3'=h(K3||r||ID19) as the new group key, and updates the hyperedge E3(K3) to E3(K3'). Step 3: cPCE3=>{m11-m15}:[r,ID19]k3. Step 4: cPCE3->m19:[K3'] 19 . k c-m Step 5: m11-m15, each calculates new group key separately K3'=h(K3||r||IDd). Step 6: m19 gets new group key K3' with the decryption of the shared session key with cPCE3. 4.2.3 Group Key Update When Members Join (1) The group key update when the cPCE exits When a cPCE member needs to exit, the group key of PCE layer needs to be updated for the security consideration. The specific process is as follows: Step 1: Member cPCEk->pPCE, applies to exit hyperedge E0(K0). Step 2: Update hyperedge E0(K0) to E0(K0'),and * pPCE->{E(K0)-cPCEk-pPCE}:[r,IDk] i ,where r belongs to Z . k q p-c Step 3: After each cPCEi(i NEQ k) degrypts the message with the session key shared with pPCE, calculates separately K0'=h(K0||r||IDk) as the new group key. (2) The group key update when the members in autonomous domain exits The group key update process of the members exit in the autonomous domain is basically similar to that of cPCE in PCE layer. But it also requires the destruction of session keys between domain boundaries. The specific process is as follows: Step 1: member mk->cPCEi, apply to exit the hyperedge Ei(Ki),firstly, cPCEi judges if the mk is the boundary nodes,execute step2,or step5. Step 2:cPCEi=>cPCEj:[mk]k, namely ask cPCEj to inform intra-domain nodes related to mk and to destroy the session key between the boundary nodes. Step 3: After decrypting the message, cPCEj=>{E(kj)-cPCEj}:[mk]k, namely ask ralated nodes in the domain to destroy the session key with mk. Step 4: After the related nodes in the domain where cPCEj is, destroy the session key relevant with mk. Step 5: cPCE->{E(Ki)-cPCEi-mk}:[r,IDk]ki, cPCEi updates the hyperedge * Ei(Ki) to Ei(Ki'), where r belongs to Z . q Wu et al. Expires April 10, 2018 [Page 13] Internet-Draft Key Management Schemes October 2017 Step 6: After the other member mi(i NEQ k) decrypting the session key shared with cPCEi, each calculates Ki'=h(Ki||r||IDk) as the group key. 5. Conclusions and Future Work In this research, because of the huge amount of network traffic, the security issue has attracted the attention of the industry.For the security threats such as high power signal crosstalk, privacy leaks, denial of service, message tampering, forgery and replay, identity of fake,all kinds of security solutions require the use of multiple security protection measures such as encryption, authentication, digital signature, attack detection and privacy protection and the security mechanisms can not do without the use of keys, so the effective key management is an important issue in optical networks. Aiming at this problem, based on the PCE framework of multi-domain optical network as the research object, this paper proposes a new key management scheme (KMS-KI) based on hypergraph theory and identity of cryptographic.The scheme with the ability of the forward security, the backward security and anti-collusion attack, and compared the typical distributed scheme based on the logical key tree, while supporting hierarchical identity-based cryptosystem, the key storage and cPCE traffic and the number of encryption has obtained a better comprehensive performance. Next, the research will focus on how to integrate key management and credit management to improve the security of multi-domain optical network. Wu et al. Expires April 10, 2018 [Page 14] Internet-Draft Key Management Schemes October 2017 6. Security Considerations Security is an integral concern for the design of the key management schemes in multi-domain optical networks, and the scheme considers the security performance of forward and backward, confidentiality of private keys and the ability of resisting collusive attack. 7. IANA Considerations This document has no IANA considerations. 8. Acknowledgments The authors gratefully acknowledge the financial support from the National Natural Science Foundation of China (NSFC) under Grants No. 61402529, No. 61402147 and No. 61402531, the Natural Science Foundation of Shanxi Province of China under Grant No. 2015JQ6266. 9. References [1] Lehman T, Xi Y, Guok C P, et al. Control Plane Architecture and Design Considerations for Multi-Service, Multi-Layer, Multi-Domain Hybrid Networks [J]. IEEE Communications Magazine, 2012, 11(11):67-71. [2] F Farrel A, Vasseur A, Ash J. RFC 4655, A Path Computation Element (PCE) Based Architecture [S]. New York: IETF, 2006. [3] King D, Farrel A. RFC 6805, The Application of the Path Computation Element Architecture to the Determination of a Sequence of Domains in MPLS and GMPLS Internet Engineering Task Force[S]. New York: IETF, 2012. [4] Fork M P, Wang Z X, Deng Y H. Optical Layer Security in Fiber-Optical Network [J]. IEEE Transaction on Information Forensics and Security, 2012, 6(3):725-736. [5] Lee Y, Bernstein G, Martensson J, et al. RFC 7449, Path Computation Element Communication Protocol (PCEP) Requirements for Wavelength Switched Optical Network (WSON) Routing and Wavelength Assignment [S]. New York: IETF, 2013. [6] Vasseur J P, Roux Le J L. RFC 5440, Path Computation Element (PCE) Communication Protocol [S]. New York: IETF, 2009. [7] Fang L, Behringer M, Callon R, et al. RFC 5920, Security Framework for MPLS and GMPLS Networks [S]. New York:IETF,2010. Wu et al. Expires April 10, 2018 [Page 15] Internet-Draft Key Management Schemes October 2017 [8] Hardjono T, Dondeti L. Multicast and group security [M]. London: Artech House, 2003. [9] Harney H, Muckenhirn C. RFC 2094, Group key management protocol (GKMP) architecture[S]. New York: IETF, 1997. [10] Wallner D, Harder E, Agee R. RFC2627, Key management for multicast: issues and architecture[S]. New York: IETF, 1998. [11] Pour A N, Kumekawa K, Kato T, et a1. A hierarchical group key management scheme for secure multicast increasing efficiency of key distribution in leave operations[J]. Computer Networks, 2007, 51(17):4727-4743. [12] Steiner M, Tsudik G, Waidner M. Diffie-Hellman key distribution extended to group communication [C]// The 3rd ACM Conference on Computer and Communications Security. New York: ACM Press, 1996:31-37. [13] Mittra S. Iolus: a framework for scalable secure multicast[J]. ACM computer Communication, 1997, 27(3): 277-288. [14] Saroit I A, El-Zoghdy S F, Matar M. A scalable and distributed security protocol for multicast communications [J]. International Journal of Network Security, 2011, 12(1): 50-64. [15] Du X Q, Bao W, Fu X Q. A Multicast Key Management Scheme Based on Characteristic Values of Members [J]. Journal of Electronics (China), 2012, 29(3):294-301. [16] Li Y C.A Study of Hypergraph Based Privacy Preserving Anonymization Techniques [D].Beijing:Bei Jing Jiao Tong University, 2016. [17] Ding Y,Zhou X W,Cheng Z M, et al.Key Management in Secure Satellite Multicast Using Key Hypergraphs [J]. 2014, 70(4):1859-1883. [18] BERGE C. Graphs and Hypergraphs [M]. Amsterdam: North holland,1973. [19] Jeong I R, Lee D H. Key Agreement for Key Hypergraph [J]. Computers and Security, 2007, 26(78):452-458. [20] Shamir A. Identity-based Cryptosystems and Signature Schemes [C] // Cryptology-Crypto'84. Berlin: Springer-Verlag, 1984: 47-53. [21] Horwitz J, Lynn B. Toward Hierarchical Identity-based Encryption [C] // Advances in Cryptology: Eurocrypt 2002. Berlin: Springer-Verlag, 2002: 466-481. Wu et al. Expires April 10, 2018 [Page 16] Internet-Draft Key Management Schemes October 2017 Author's Address: Qiwu Wu Department of Information Engineering Engineering University of PAP Wujing Street No.1 Xi'an 710086, P.R.China Email: wuqiwu700@163.com Hao Chen Department of Information Engineering Engineering University of PAP Wujing Street No.1 Xi'an 710086, P.R.China Email: chenhaoyan14@163.com Wu et al. Expires April 10, 2018 [Page 17] Internet-Draft Key Management Schemes October 2017