基于LKH树的组播密钥管理方案设计
|
摘要
组播系统较传统的单播系统更为复杂,更难获得安全保障,在组规模较大的情况下实际应用有一定困难。研究组播通信的安全隐患及组播安全机制优劣的评价标准,对照分析几种典型组播源认证协议的特性、问题及适用场合;以基于LKH树的密钥管理方案和Iolus密钥管理方案为基础,提出一种针对大规模组播的密钥管理方案;指出该方案折中了分布式与层次式密钥管理的优劣,分析该方案的性能优势并验证其性能。
As a result of higher complexity of multicast system than that of conventional unicast system,it is more difficult to guarantee security in group communication,especially when multicast is applied to large scale groups.The potential safety hazard of multicast communication and evaluation criterion for multicast security mechanism were surveyed,and several typical multicast source authentication protocols were analyzed and compared for their characters,existing problems and application occasions.Based on LKH tree and Iolus key management scheme,a key management scheme for large scale multicast was proposed.The proposed scheme,of which pros in performance was analyzed,performance was verified,compromised distributed and hierarchical key management scheme.
As a result of higher complexity of multicast system than that of conventional unicast system,it is more difficult to guarantee security in group communication,especially when multicast is applied to large scale groups.The potential safety hazard of multicast communication and evaluation criterion for multicast security mechanism were surveyed,and several typical multicast source authentication protocols were analyzed and compared for their characters,existing problems and application occasions.Based on LKH tree and Iolus key management scheme,a key management scheme for large scale multicast was proposed.The proposed scheme,of which pros in performance was analyzed,performance was verified,compromised distributed and hierarchical key management scheme.
引文
[1]LI Huiqi.Research on IP multicast security technology——Design and implementation of a tree-chain hybrid multicast source authentication protocol[D].Chongqing:Chongqing University of Posts and Telecommunications,2010(in Chinese).[李慧奇.IP组播安全技术研究——一种树链混合的组播源认证协议的设计与实现[D].重庆:重庆邮电大学,2010.]
[2]WU Tao,ZHENG Xuefeng,BAI Lizhen.A novel dynamic source authentication scheme in multicast[J].Journal of Chinese Computer Systems,2013,34(6):1261-1265(in Chinese).[武涛,郑雪峰,白丽珍.一种新的动态组播源认证方案[J].小型微型计算机系统,2013,34(6):1261-1265.]
[3]LI Jianbing,LI Qing,DONG Qingkuan,et al.A chained multicast source authentication technology based on the threshold cryptography in a noisy channel[J].Journal of Electronics&Information Technology,2015,37(5):1227-1233(in Chinese).[黎剑兵,李庆,董庆宽,等.有扰信道下基于门限密码的链式组播源认证技术[J].电子与信息学报,2015,37(5):1227-1233.]
[4]YIN Pengpeng,CAO Zheng,LU Zhengjun.Improved multicast key management scheme[J].Computer Engineering,2011,37(5):140-142(in Chinese).[殷鹏鹏,曹争,陆正军.一种改进的组播密钥管理方案[J].计算机工程,2011,37(5):140-142.]
[5]TAN Xiaolin.Research on key management for secure group communication[D].Chongqing:Chonqing University,2014(in Chinese).[谈晓林.安全组播中密钥管理优化技术研究[D].重庆:重庆大学,2014.]
[6]LUO Weiya.Research on multicast group key management in wireless network[D].Hefei:Anhui University,2016(in Chinese).[罗威亚.无线组播中组密钥管理方案的研究[D].合肥:安徽大学,2016.]
[7]SUN Yanming,MA Hengtai,ZHENG Gang,et al.Multiple group shared key management for satellite multicast[J].Journal of Astronautics,2013,34(6):824-832(in Chinese).[孙雁鸣,马恒太,郑刚,等.卫星组播多组共享密钥管理方案[J].宇航学报,2013,34(6):824-832.]
[8]FAN Shuping,JIANG Lingsheng, YAO Nianmin,et al.FPB-LKH:A multicast key management scheme improved on LKH[J].Computer Engineering and Applications,2010,46(35):104-108(in Chinese).[范书平,江凌生,姚念民,等.一种改进LKH的组播密钥管理方案[J].计算机工程与应用,2010,46(35):104-108.]
[9]FAN Shuping,CHAI Baojie,TONG Lin,et al.Research on key management scheme for large-scale multicast communication[J].Journal of Mudanjiang Teachers’College(Natural Sciences Edition),2012(4):15-17(in Chinese).[范书平,柴宝杰,佟林,等.大规模组播通信密钥管理方案研究[J].牡丹江师范学院学报(自然科学版),2012(4):15-17.]
[10]HONG Xiaojing,WANG Bin.An efficient and secure multicast key management solution[J].Information Research,2014(5):36-40(in Chinese).[洪晓静,王斌.一种高效的安全组播密钥管理方案[J].信息化研究,2014(5):36-40.]
[11]LI Boyang,YUAN Jian. Manet multicast key management based on trusted platform module[J].Information Security and Communications Privacy,2014(9):181-185(in Chinese).[李博洋,袁坚.基于可信模块的MANET组播密钥管理方案[J].信息安全与通信保密,2014(9):181-185.]
[12]DU Xiaoqiang,BAO Wansu. Multicast key management scheme based on relationship of administrative subordination[J].Computer Engineering and Applications,2013,49(1):101-106(in Chinese).[杜晓强,鲍皖苏.基于成员隶属关系的组播密钥管理方案[J].计算机工程与应用,2013,49(1):101-106.]
[2]WU Tao,ZHENG Xuefeng,BAI Lizhen.A novel dynamic source authentication scheme in multicast[J].Journal of Chinese Computer Systems,2013,34(6):1261-1265(in Chinese).[武涛,郑雪峰,白丽珍.一种新的动态组播源认证方案[J].小型微型计算机系统,2013,34(6):1261-1265.]
[3]LI Jianbing,LI Qing,DONG Qingkuan,et al.A chained multicast source authentication technology based on the threshold cryptography in a noisy channel[J].Journal of Electronics&Information Technology,2015,37(5):1227-1233(in Chinese).[黎剑兵,李庆,董庆宽,等.有扰信道下基于门限密码的链式组播源认证技术[J].电子与信息学报,2015,37(5):1227-1233.]
[4]YIN Pengpeng,CAO Zheng,LU Zhengjun.Improved multicast key management scheme[J].Computer Engineering,2011,37(5):140-142(in Chinese).[殷鹏鹏,曹争,陆正军.一种改进的组播密钥管理方案[J].计算机工程,2011,37(5):140-142.]
[5]TAN Xiaolin.Research on key management for secure group communication[D].Chongqing:Chonqing University,2014(in Chinese).[谈晓林.安全组播中密钥管理优化技术研究[D].重庆:重庆大学,2014.]
[6]LUO Weiya.Research on multicast group key management in wireless network[D].Hefei:Anhui University,2016(in Chinese).[罗威亚.无线组播中组密钥管理方案的研究[D].合肥:安徽大学,2016.]
[7]SUN Yanming,MA Hengtai,ZHENG Gang,et al.Multiple group shared key management for satellite multicast[J].Journal of Astronautics,2013,34(6):824-832(in Chinese).[孙雁鸣,马恒太,郑刚,等.卫星组播多组共享密钥管理方案[J].宇航学报,2013,34(6):824-832.]
[8]FAN Shuping,JIANG Lingsheng, YAO Nianmin,et al.FPB-LKH:A multicast key management scheme improved on LKH[J].Computer Engineering and Applications,2010,46(35):104-108(in Chinese).[范书平,江凌生,姚念民,等.一种改进LKH的组播密钥管理方案[J].计算机工程与应用,2010,46(35):104-108.]
[9]FAN Shuping,CHAI Baojie,TONG Lin,et al.Research on key management scheme for large-scale multicast communication[J].Journal of Mudanjiang Teachers’College(Natural Sciences Edition),2012(4):15-17(in Chinese).[范书平,柴宝杰,佟林,等.大规模组播通信密钥管理方案研究[J].牡丹江师范学院学报(自然科学版),2012(4):15-17.]
[10]HONG Xiaojing,WANG Bin.An efficient and secure multicast key management solution[J].Information Research,2014(5):36-40(in Chinese).[洪晓静,王斌.一种高效的安全组播密钥管理方案[J].信息化研究,2014(5):36-40.]
[11]LI Boyang,YUAN Jian. Manet multicast key management based on trusted platform module[J].Information Security and Communications Privacy,2014(9):181-185(in Chinese).[李博洋,袁坚.基于可信模块的MANET组播密钥管理方案[J].信息安全与通信保密,2014(9):181-185.]
[12]DU Xiaoqiang,BAO Wansu. Multicast key management scheme based on relationship of administrative subordination[J].Computer Engineering and Applications,2013,49(1):101-106(in Chinese).[杜晓强,鲍皖苏.基于成员隶属关系的组播密钥管理方案[J].计算机工程与应用,2013,49(1):101-106.]