一种高效的动态组播密钥管理方案
|
摘要
组播是下一代Internet应用的重要支撑技术,而组播的安全性是成功进行组通信所必需解决的重要课题之一。
目前,人们已提出多种密钥管理方案,并采用不同的组密钥更新方案来处理组成员的动态变化。组密钥管理的基本结构主要有基于两层结构和多层结构。由于多层结构资源开销较大且系统时延较长,其不适合成员关系频繁变化的大型动态群组。因此,目前适合成员关系频繁变化的大型动态群组的组播密钥管理方案十分有限。
本文在分析基于两层结构的密钥管理以及安全哈希函数理论的基础上,提出了一种新的密钥管理方案GC-RH (Group Center-Random and Hash)。
文章通过对组播密钥管理及相关密钥算法技术研究,取得以下成果:
1.设计了一个组播密钥管理方案。该方案在IKAM结构的基本模型基础上加以改进。对IKAM结构中的子组进行改进,将原有的子组结构改成二叉平衡树结构。由于本文提出的RH密钥更新算法具有较高的密钥分配效率,因此在子组内采用该算法作为密钥更新算法。从而进一步提高了密钥更新的效率,减小了通信消息和计算开销及网络宽带的利用率。
2.引入一种新的密钥分配方案,RH (Random and Hash)密钥分配方案,并将此方案应用到Area[1]中作为密钥分配算法,其能够抵抗任意数目用户的共同攻击,其进行组密钥更新需要更少的通信消息和计算开销,可以减少对网络带宽资源的占用以及降低组控制中心GC和用户的计算开销。
最后,仿真结果表明RH密钥更新算法及密钥管理方案在密钥存储量、加密计算量、网络通信量等性能方面都优于其它同类方案,比较适用于大型动态组播环境,具备较好的理论研究与实际应用价值。
Multicast is an important support for next-generation Internet application technology, and security of the multicast is one of the most important subjects for group communication to resolve.
At present, people have proposed a variety of key management program, and use different group key update scheme to deal with the dynamics group. The basic structure of group key management includes two layers and multilayer structures. For the larger system resource overhead and longer system delay of multi-layer structure, it is not suitable for large dynamic group whose membership changes frequently. Therefore, now multicast key management scheme which is suitable for the membership changes frequently in a large dynamic multicast is limited.
This paper presents a new key management scheme which based on a two-tier structure key management, and the security hash function theory.
The article related to multicast key management and key algorithm technology, achieved the following results:
1. I design a Multicast Key Management Scheme. This scheme based on the structure of IKAM and improved it. Structure of the sub-group in IKAM will be improved, the original sub-group structure will be replaced by a binary balanced tree. Since the proposed key renew algorithm RH has higher efficiency of key distribution, i use RH algorithm as the key update algorithm in sub-group. And it will further improve the efficiency of key update, reduce the computational overhead of communication and the utilization of network bandwidth.
2. Introduce a new key distribution scheme, RH (Random and Hash) key distribution scheme, and applied as a key distribution algorithm in Area, it can resist any number of user attacks together. When the group key is updating, it requires less communication messages and computational overhead. It also can reduce the occupation of network bandwidth and reduce computing costs of the group control center GC and the users.
Finally, the simulation results show that the RH key update algorithm and key management solutions in the key storage, encryption computation, network traffic and other properties are better than other similar programs, then it is suitable comparatively to large dynamic multicast environment, with better theoretical research and practical application.
目前,人们已提出多种密钥管理方案,并采用不同的组密钥更新方案来处理组成员的动态变化。组密钥管理的基本结构主要有基于两层结构和多层结构。由于多层结构资源开销较大且系统时延较长,其不适合成员关系频繁变化的大型动态群组。因此,目前适合成员关系频繁变化的大型动态群组的组播密钥管理方案十分有限。
本文在分析基于两层结构的密钥管理以及安全哈希函数理论的基础上,提出了一种新的密钥管理方案GC-RH (Group Center-Random and Hash)。
文章通过对组播密钥管理及相关密钥算法技术研究,取得以下成果:
1.设计了一个组播密钥管理方案。该方案在IKAM结构的基本模型基础上加以改进。对IKAM结构中的子组进行改进,将原有的子组结构改成二叉平衡树结构。由于本文提出的RH密钥更新算法具有较高的密钥分配效率,因此在子组内采用该算法作为密钥更新算法。从而进一步提高了密钥更新的效率,减小了通信消息和计算开销及网络宽带的利用率。
2.引入一种新的密钥分配方案,RH (Random and Hash)密钥分配方案,并将此方案应用到Area[1]中作为密钥分配算法,其能够抵抗任意数目用户的共同攻击,其进行组密钥更新需要更少的通信消息和计算开销,可以减少对网络带宽资源的占用以及降低组控制中心GC和用户的计算开销。
最后,仿真结果表明RH密钥更新算法及密钥管理方案在密钥存储量、加密计算量、网络通信量等性能方面都优于其它同类方案,比较适用于大型动态组播环境,具备较好的理论研究与实际应用价值。
Multicast is an important support for next-generation Internet application technology, and security of the multicast is one of the most important subjects for group communication to resolve.
At present, people have proposed a variety of key management program, and use different group key update scheme to deal with the dynamics group. The basic structure of group key management includes two layers and multilayer structures. For the larger system resource overhead and longer system delay of multi-layer structure, it is not suitable for large dynamic group whose membership changes frequently. Therefore, now multicast key management scheme which is suitable for the membership changes frequently in a large dynamic multicast is limited.
This paper presents a new key management scheme which based on a two-tier structure key management, and the security hash function theory.
The article related to multicast key management and key algorithm technology, achieved the following results:
1. I design a Multicast Key Management Scheme. This scheme based on the structure of IKAM and improved it. Structure of the sub-group in IKAM will be improved, the original sub-group structure will be replaced by a binary balanced tree. Since the proposed key renew algorithm RH has higher efficiency of key distribution, i use RH algorithm as the key update algorithm in sub-group. And it will further improve the efficiency of key update, reduce the computational overhead of communication and the utilization of network bandwidth.
2. Introduce a new key distribution scheme, RH (Random and Hash) key distribution scheme, and applied as a key distribution algorithm in Area, it can resist any number of user attacks together. When the group key is updating, it requires less communication messages and computational overhead. It also can reduce the occupation of network bandwidth and reduce computing costs of the group control center GC and the users.
Finally, the simulation results show that the RH key update algorithm and key management solutions in the key storage, encryption computation, network traffic and other properties are better than other similar programs, then it is suitable comparatively to large dynamic multicast environment, with better theoretical research and practical application.
引文
[1]谢希仁.计算机网络(第四版)[M].北京:电子工业出版社, 2005.
[2] Quinn B, Almeroth K. IP multicast applications: Challenges and solutions. IETF RFC 3170, 2001.
[3] Tanaka S, Sato F. A key distribution and rekeying framework with totally ordered multicast protocols. In: Proceedings of the 15th International Conference on Information Networking. Beppu City, 2001. 831~838.
[4] Ghanem SM, Abdel-Wahab H. A simple XOR-based technique for distributing group key in secure multicasting. In: 5th IEEE Symposium on Computers and Communications. Antibes-Juan les Pins: IEEE Computer Society, 2000. 166~171.
[5]李肖坚. IP Multicast安全问题-Challenge & Solution.北京航空航天大学,2002.
[6]章淼,徐明伟,吴建平.应用层组播研究综述[J].电子学报, 2004, 32(12A): 22-25.
[7]廖海宁,朱培栋,赵金晶,王进文.面向分布式实时仿真的应用层多播系统[J].计算机工程与科学, 2007, 29(7): 23-26.
[8]屈劲,葛建华,蒋铭.安全组播的Huffman层次密钥管理.软件学报,2003 14(1):151 -156.
[9] Deering S. Host Extensions for IP Multicasting. http://www.ietf.org/rfc/rfcll 12.txt, 1989-08-01.
[10] http://www.javvin.com/protocol/rfc1112.pdf :IGMP version 1 specification.
[11] Adams A. Protocol Independent Multicast-Dense Mode (PIM-DM): Protocol Specification(Revised). http://www.iet#org/rfc/rfc3973.txt,2005-01-0.
[12] http://baike.baidu.com/view/876134.htm : MSDP.
[13] M.Castro, A.Kermarrec, A.Kermarrec. SCRIBE: a Large-scale and Decentralized Application-level Multicast Infrastructure [J]. IEEE Journal on Selected Areas in Communications (JSAC), 2002:1489-1499.
[14]朱文涛,熊继平,李津生等.安全组播中密钥分配问题的研究.软件学报,2004, 14(12):2052-2059.
[15]彭源.组播密钥管理协议的研究与实现.广西师范大学硕士论文.2005.
[16] Setiner M, Taudik G, Waidnet M. Cliques: A new approach to group key agreement.In:Proceedings of the 18th International Conference on Distributed Computing Systems. Amsterdam : IEEE Computer Society Press, 1998, 380-387.
[17]徐明伟,董晓虎,徐烙组播密钥管理的研究进展[J].软件学报,2004,15(1):141-150.
[18] C.Abad, I.Gupta and W.Yurcik. Adding Confidentiality to Application-Level Multicast by Leveraging the Multicast Overlay [A]. IEEE International Conference on Distributed Computing Systems Workshops [C], June 2005: 5-11.
[19]李远征.基于分级密钥管理的安全组播方案.电子与信息学报,2004, 26(7):1053一1056.
[20] Harney H, Muckenhirn C. Group key management protocol (GKMP) specification. http://www.ietf.org/rfc/rfc2093.txt, 1997-07-09.
[21] Burmester M and Desmedt Y.A Secure and Efficient Coference Key Distribution System[C], in proceedings of Eurocrypt 1994,LNCS950,Springer-Verlag.1995:275-296.
[22] Setiner M, Taudik G, and Waidnet M.Cliques: A new approach to group key agreement [R].Technical Report, RZ2984,IBM Research,1997.
[23] Diffie W, Hellman ME.New directions in cryptography[J].IEEE Trans.on Information Theory 1976,IT-22(6):644-654.
[24] S. Banerjee, B. Bhattacharjee. A comparative study of application layer multicast protocols. September 2002.
[25] Yunxi Sherlia Shi. Design of Overlay Networks for Internet Multicast [D]. Saint Louis, Missouri, Washington University, August 2002.
[26] John Jannotti, David K. Gifford, Kirk L. Johnson, M. Frans Kaashoek, Jr. James W. O’Toole. Overcast: Reliable Multicasting with an Overlay Network [C]. 4th USENIX Symposium on Operating Systems Design and Implementation. San Diego, California, USA, October 2000: 197-212.
[27] Paul Francis. Yoid : Extending the Internet Multicast Architecture. April 2000.
[28] S. Banerjee, C. Kommareddy, K. Kar, B. Bhattacharjee, S. Kuller. Construction of an Efficient Overlay Multicast Infrastructure for Real-time applications [C]. INFOCOM’03, April 2003: 1521-1531.
[29] D. A. Helder, S. Jamin. End-host multicast communication using switch-trees protocols [C]. CCCGrid’02, May 2002:419-424.
[30] L Mathy, R Canonico, D Hutchison. An Overlay Tree Building Control Protocol [C]. ThirdWorkshop on Networked Group Communication. London, UK, 2001:78-87.
[31] Wenjie Wang, D. Helder, S. Jamn, L. Zhang. Overlay optimizations for end-host multicast [C]. The Fourth International Workshop on Networked Group Communication Boston, USA, October 2002: 124-131.
[32] D. Kostic, A. Rodriguez, A. Vahdat. The Best of Both Wordls: Adaptivity in Two-metric Overlay Networks [R]. Duke University, 2002.
[33] BeichuanZhang, Sugih Jamin, Lixia Zhang. Host Multicast: A Framework for Delivering Multicast to End Users [C]. IEEE INFOCOM’02. NewYork, USA, June 2002: 1366-1375.
[34] Su-Wei Tan, Gill Waters, John Crawford. MeshTree: Reliable Low Delay Degree-bounded Multicast Overlays [C]. The 1st International Workshop on Distributed Parallel and Network Applications, Fukuoks, Japan, July 2005: 20-22.
[35] Su-Wei Tan. Constructing Efficent Self-Organising Application Layer Multicast Overlays [D]. The University of Kent, October 2005.
[36] Y.-H.Chu, S. G. Rao, H. Zhang. A Case for End system Multicast [C]. ACM SIGMETRICS’00, June 2000: 1-20.
[37] Dennis M. Moen, Dr J. Mark Pullen. Overlay Multicast for Real-Time Distributed Simulation [R]. C3I Center, George Mason University, 2005.
[38] Su-Wei Tan, Gill Waters, John Crawford. A Multiple Shared Trees Approach for Application Layer Multicasting [C]. ICC’04. Paris, France, June 2004: 20-24.
[39] S. Ratnasamy, P. Francis, M. Handley, R. Karp, S. Shenker. A scalable content-addressable network [C]. ACM Sigcomm’01, August 2001: 161-172.
[40] Liebeherr J, Nahas M, SI W. Application-layer multicasting with delaunay triangulation overlays [J]. IEEE Journal on selected Areas in Communications, 2002, vol. 20(8): 1472-1488.
[2] Quinn B, Almeroth K. IP multicast applications: Challenges and solutions. IETF RFC 3170, 2001.
[3] Tanaka S, Sato F. A key distribution and rekeying framework with totally ordered multicast protocols. In: Proceedings of the 15th International Conference on Information Networking. Beppu City, 2001. 831~838.
[4] Ghanem SM, Abdel-Wahab H. A simple XOR-based technique for distributing group key in secure multicasting. In: 5th IEEE Symposium on Computers and Communications. Antibes-Juan les Pins: IEEE Computer Society, 2000. 166~171.
[5]李肖坚. IP Multicast安全问题-Challenge & Solution.北京航空航天大学,2002.
[6]章淼,徐明伟,吴建平.应用层组播研究综述[J].电子学报, 2004, 32(12A): 22-25.
[7]廖海宁,朱培栋,赵金晶,王进文.面向分布式实时仿真的应用层多播系统[J].计算机工程与科学, 2007, 29(7): 23-26.
[8]屈劲,葛建华,蒋铭.安全组播的Huffman层次密钥管理.软件学报,2003 14(1):151 -156.
[9] Deering S. Host Extensions for IP Multicasting. http://www.ietf.org/rfc/rfcll 12.txt, 1989-08-01.
[10] http://www.javvin.com/protocol/rfc1112.pdf :IGMP version 1 specification.
[11] Adams A. Protocol Independent Multicast-Dense Mode (PIM-DM): Protocol Specification(Revised). http://www.iet#org/rfc/rfc3973.txt,2005-01-0.
[12] http://baike.baidu.com/view/876134.htm : MSDP.
[13] M.Castro, A.Kermarrec, A.Kermarrec. SCRIBE: a Large-scale and Decentralized Application-level Multicast Infrastructure [J]. IEEE Journal on Selected Areas in Communications (JSAC), 2002:1489-1499.
[14]朱文涛,熊继平,李津生等.安全组播中密钥分配问题的研究.软件学报,2004, 14(12):2052-2059.
[15]彭源.组播密钥管理协议的研究与实现.广西师范大学硕士论文.2005.
[16] Setiner M, Taudik G, Waidnet M. Cliques: A new approach to group key agreement.In:Proceedings of the 18th International Conference on Distributed Computing Systems. Amsterdam : IEEE Computer Society Press, 1998, 380-387.
[17]徐明伟,董晓虎,徐烙组播密钥管理的研究进展[J].软件学报,2004,15(1):141-150.
[18] C.Abad, I.Gupta and W.Yurcik. Adding Confidentiality to Application-Level Multicast by Leveraging the Multicast Overlay [A]. IEEE International Conference on Distributed Computing Systems Workshops [C], June 2005: 5-11.
[19]李远征.基于分级密钥管理的安全组播方案.电子与信息学报,2004, 26(7):1053一1056.
[20] Harney H, Muckenhirn C. Group key management protocol (GKMP) specification. http://www.ietf.org/rfc/rfc2093.txt, 1997-07-09.
[21] Burmester M and Desmedt Y.A Secure and Efficient Coference Key Distribution System[C], in proceedings of Eurocrypt 1994,LNCS950,Springer-Verlag.1995:275-296.
[22] Setiner M, Taudik G, and Waidnet M.Cliques: A new approach to group key agreement [R].Technical Report, RZ2984,IBM Research,1997.
[23] Diffie W, Hellman ME.New directions in cryptography[J].IEEE Trans.on Information Theory 1976,IT-22(6):644-654.
[24] S. Banerjee, B. Bhattacharjee. A comparative study of application layer multicast protocols. September 2002.
[25] Yunxi Sherlia Shi. Design of Overlay Networks for Internet Multicast [D]. Saint Louis, Missouri, Washington University, August 2002.
[26] John Jannotti, David K. Gifford, Kirk L. Johnson, M. Frans Kaashoek, Jr. James W. O’Toole. Overcast: Reliable Multicasting with an Overlay Network [C]. 4th USENIX Symposium on Operating Systems Design and Implementation. San Diego, California, USA, October 2000: 197-212.
[27] Paul Francis. Yoid : Extending the Internet Multicast Architecture. April 2000.
[28] S. Banerjee, C. Kommareddy, K. Kar, B. Bhattacharjee, S. Kuller. Construction of an Efficient Overlay Multicast Infrastructure for Real-time applications [C]. INFOCOM’03, April 2003: 1521-1531.
[29] D. A. Helder, S. Jamin. End-host multicast communication using switch-trees protocols [C]. CCCGrid’02, May 2002:419-424.
[30] L Mathy, R Canonico, D Hutchison. An Overlay Tree Building Control Protocol [C]. ThirdWorkshop on Networked Group Communication. London, UK, 2001:78-87.
[31] Wenjie Wang, D. Helder, S. Jamn, L. Zhang. Overlay optimizations for end-host multicast [C]. The Fourth International Workshop on Networked Group Communication Boston, USA, October 2002: 124-131.
[32] D. Kostic, A. Rodriguez, A. Vahdat. The Best of Both Wordls: Adaptivity in Two-metric Overlay Networks [R]. Duke University, 2002.
[33] BeichuanZhang, Sugih Jamin, Lixia Zhang. Host Multicast: A Framework for Delivering Multicast to End Users [C]. IEEE INFOCOM’02. NewYork, USA, June 2002: 1366-1375.
[34] Su-Wei Tan, Gill Waters, John Crawford. MeshTree: Reliable Low Delay Degree-bounded Multicast Overlays [C]. The 1st International Workshop on Distributed Parallel and Network Applications, Fukuoks, Japan, July 2005: 20-22.
[35] Su-Wei Tan. Constructing Efficent Self-Organising Application Layer Multicast Overlays [D]. The University of Kent, October 2005.
[36] Y.-H.Chu, S. G. Rao, H. Zhang. A Case for End system Multicast [C]. ACM SIGMETRICS’00, June 2000: 1-20.
[37] Dennis M. Moen, Dr J. Mark Pullen. Overlay Multicast for Real-Time Distributed Simulation [R]. C3I Center, George Mason University, 2005.
[38] Su-Wei Tan, Gill Waters, John Crawford. A Multiple Shared Trees Approach for Application Layer Multicasting [C]. ICC’04. Paris, France, June 2004: 20-24.
[39] S. Ratnasamy, P. Francis, M. Handley, R. Karp, S. Shenker. A scalable content-addressable network [C]. ACM Sigcomm’01, August 2001: 161-172.
[40] Liebeherr J, Nahas M, SI W. Application-layer multicasting with delaunay triangulation overlays [J]. IEEE Journal on selected Areas in Communications, 2002, vol. 20(8): 1472-1488.