多播安全中几个关键问题的研究
|
摘要
多播是当前Internet上许多应用的基础,因此多播成为当前研究的一个热点问题。安全是多播研究中急需解决的问题。本文对多播安全中认证和组密钥管理这两个关键问题进行了研究。
多播的安全需求主要有接入控制、认证、多播数据传输的保密性等。认证是多播应用的瓶颈问题。由于多播具有参与者多,使用UDP协议等特点,因此应用于单播通信中的许多成熟的认证方案不能直接应用于多播通信中。文章在对目前的多播认证方案分析的基础上,提出了两个多播数据包认证方案,分析表明,这两个方案在抗丢包能力,通信代价、计算代价等方面都获得较好的性能,适用于两种不同的多播环境。
多播数据传输的保密性是通过所有多播组成员共享一个组密钥,组内通信通过组密钥加密实现的。如何安全地分发、管理、更新这个组密钥是多播安全中最核心的问题。本文对目前的多播组密钥管理方案进行了介绍,分析了各个方案的优缺点。本文重点分析了OFT方案的安全性,指出了OFT方案在实现前向安全和后向安全上存在的漏洞,并提出了改进方案。
As the basis of many current Internet applications, multicast has become a hottest research topic now. Because of the importance and urgency of security to multicast, this thesis investigates two key issues, i.e. authentication and group key management, of multicast security.
Multicast security contains access control, authentication, confidence of multicast data transmission and etc. Among these, authentication is the bottleneck. Because of its inherent characteristics, such as multi-participant, using UDP as protocols, many efficient authentication schemes in unicast communication cannot be applied into multicast communications directly. Based on the analysis of available multicast authentication schemes, two multicast packet authentication schemes are presented. It is shown that these two schemes have advantages in resisting packet-loss, communication overhead, computation complexity etc, and thus they are suitable for multicast environment.
Multicast confidential is realized by sharing a group key and encrypting communication data by the group key. How to distribute, manage and update this key is key of multicast security. This thesis introduces available multicast group key management schemes and analyzes their advantages and disadvantages. The security of OFT scheme is the emphasis. The vulnerabilities of OFT scheme in forward and backward security are unveiled and some improvements are given.
多播的安全需求主要有接入控制、认证、多播数据传输的保密性等。认证是多播应用的瓶颈问题。由于多播具有参与者多,使用UDP协议等特点,因此应用于单播通信中的许多成熟的认证方案不能直接应用于多播通信中。文章在对目前的多播认证方案分析的基础上,提出了两个多播数据包认证方案,分析表明,这两个方案在抗丢包能力,通信代价、计算代价等方面都获得较好的性能,适用于两种不同的多播环境。
多播数据传输的保密性是通过所有多播组成员共享一个组密钥,组内通信通过组密钥加密实现的。如何安全地分发、管理、更新这个组密钥是多播安全中最核心的问题。本文对目前的多播组密钥管理方案进行了介绍,分析了各个方案的优缺点。本文重点分析了OFT方案的安全性,指出了OFT方案在实现前向安全和后向安全上存在的漏洞,并提出了改进方案。
As the basis of many current Internet applications, multicast has become a hottest research topic now. Because of the importance and urgency of security to multicast, this thesis investigates two key issues, i.e. authentication and group key management, of multicast security.
Multicast security contains access control, authentication, confidence of multicast data transmission and etc. Among these, authentication is the bottleneck. Because of its inherent characteristics, such as multi-participant, using UDP as protocols, many efficient authentication schemes in unicast communication cannot be applied into multicast communications directly. Based on the analysis of available multicast authentication schemes, two multicast packet authentication schemes are presented. It is shown that these two schemes have advantages in resisting packet-loss, communication overhead, computation complexity etc, and thus they are suitable for multicast environment.
Multicast confidential is realized by sharing a group key and encrypting communication data by the group key. How to distribute, manage and update this key is key of multicast security. This thesis introduces available multicast group key management schemes and analyzes their advantages and disadvantages. The security of OFT scheme is the emphasis. The vulnerabilities of OFT scheme in forward and backward security are unveiled and some improvements are given.
引文
[1]Deering S. Multicast Routing in Internetworks and Extended LANs. Proc.Sigcomm88, ACM Press, Aug, 1988.
[2]Thayer R, Doraswamy N, Glenn R. IP Security Document Road Map. RFC 2411, Nov, 1998
[3]Canetti R, Garay J, Itkis G, et al. Multicast Security: A Taxonomy and Some Efficient Constructions. http://www.ieee-infocom.org/1999/papers/05d_03.pdf, 1999.
[4]Perrig A, Canetti R, Tygar J D, et al. Efficient authentication and signing of multicast streams over lossy channels. IEEE Symposium on Security and Privacy. May 2000. pp 56-73.
[5]Boneh D, Durfee G, Franklin M. Lower bounds for multicast message authentication. Eurocrypt 2001. May 2001, pp 437-452.
[6]Wong C K, Lain S S. Digital Signatures for Flows and Multicasts. IEEE ICNP '98. 1998. Austin, Texas: October, 1998.1-5.
[7]Merkle R. A certified digital signature. Advances in Cryptology(CRYPTO '89), Aug. 1989, pp 218-238.
[8]Golle P, Modadugu N. Authenticating streamed data in the presence of random packet loss. Network and Distributed System Security Symposium(NDSS '01), Feb. 2001, pp 13-22.
[9]Miner S, Staddon J. Graph-based authentication of didital streams. IEEE Symposium on Security and Pricacy. May 2000, pp 56-73.
[10]Rabin M. Efficient dispersal of information for security, load balancing and fault tolerance. Journal of the ACM, Vol. 36, No. 2, Apr. 1989. pp 335-348.
[11]Park J M, Chong E K P, Siegel H J. Efficient Multicast Packet Authentication Using Signature Amortization. 2002 IEEE Symposium on Security and Privacy. Oakland CA: PrintHouse, 2002. 227-240.
[12]Harney H, Muckenhirn. Group Key Management Protocol(GKMP) Architecture. RFC 2094. July 1997.
[13]Harney H, Muckenhirn. Group Key Management Protocol(GKMP) Specification. RFC 2093. July 1997.
[14]Ballardie A. Scalable Multicast Key Distribution. RFC 1949, 1996.
[15]Mittra S. Iolus: A framework for Scalable Secure Multicasting. Proc. ACM SIGCOMM, 1997.
[16]Wallner D, Harder E, Agee R. Key management for multicast: issues and arthitectures. RFC2627, 1999.
[17]Wong CK, Gouda MG, Lain SS. Secure group communications using key graphs. Proceedings of the IEEE Symposium on Security and Privacy. Oakland, CA: IEEE Computer Society Press, 2000. 215-228.
[18]Balenson D, McGrew D,Sherman A. Key management for large dynamic groups:one-way function trees and amortized initialization. Internet Draft,http://www.watersprings.org/pub/id/draft-balenson-groupkeymgmt-oft-00.txt, 1999.
[19]McGrew D, Sherman A. Key Establishment in Large Dynamic Groups Using One-Way Function Trees. TIS Report no.0755, TIS Labs at Network Associates, Inc., Glenwood, MD, 1998.
[20]Deering S. Host extensions for IP multicasting. RFC 1112. http://www.isi.edu/in-notes/rfc1112.txt.
[21]Fenner W. Internet Group Management Protocol, Version 2. RFC 2236. http://www.isi.edu/in-notes/rfc2236.txt.
[22]Cain B, Deering S, Fenner B, et al. Internet Group Management Protocol, Version 3. IETF Internet-Draft.
[23]Esrin D, Farinacci D, Helmy A, et al. Protocol Independent Multicast-Sparse Mode(PIM-SM): Protocol Soecification. RFC 2362.
[24]Fenner B, Handley M, Holbrook H, et al. Protocol Independent Multicast-Sparse Mode (PIM-SM): Protocol Specification(Revised). IETF Internet Draft.
[25]Handley M, Kouvelas I, Speakman T, et al. Bi-directional Protocol Independent Multicast(BIDIR-PIM). IETF Internet Draft.
[26]Speakman T, Crowcroft J, Gemmell J, et al. PGM Reliable Transport Protocol Specification. RFC 3208.2001.
[27]Bates T, Chandra R, Katz D, et al. Multiprotocol Extensions for BGP-4. RFC2858.
[28]Cisco Systems公司(著),韦新(译).域间组播解决方案.北京:人民邮电出版社,2003.
[29]ANSI X9.9(Revised) American National Standard-Finanicial Institution Message Authentication(Wholesale) ASC X9 Secretariat-American Bankers Association, 1986(replace X9.9-1982).
[30]Gennaro R, Rohatgi P. How to Sign Digital Streams. Advances in Cryptology
(Crypto '97). 1997. pp 180-197.
[31]慕建君.低密度纠删码和网格图复杂度的研究.西安电子科技大学博士论文,2002.
[32]陈璟,杨波.基于纠删码的多播数据包认证方案.西安电子科技大学2003年研究生学术年会论文集.2003,pp 182-185.
[33]Hardjono T, Cain B, Doraswamy N. A Framework for Group Key Management for Multicast Security. Internet draft, 2000.
[34]Hardjono T, Cain B, Monga I. Intra-Domain Group Key Management for Multicast Security. Internet draft, 2000.
[35]Dondeti L, Mukherjee S, Samal A. Scalable secure one-to-many group communication using dual encryption. Computer Communications, 2000, 23, pp 1681-1701.
[36]Horng G. Cryptanalysis of a key management scheme for secure multicast communications. IEICE Trans. Commun., 2002, 85(5), pp 1050-1051.
[37]陈璟,杨波,田春岐.基于单向函数树的多播密钥管理方案安全性分析.西安电子科技大学学报.已录用.
[38]王育民,刘建伟.通信网的安全——理论与技术.西安:西安电子科技大学出版社,2000.
[39]Tanenbaum A S(著),熊桂喜,王小虎(译).计算机网络,第三版.北京:清华大学出版社,1998.
[2]Thayer R, Doraswamy N, Glenn R. IP Security Document Road Map. RFC 2411, Nov, 1998
[3]Canetti R, Garay J, Itkis G, et al. Multicast Security: A Taxonomy and Some Efficient Constructions. http://www.ieee-infocom.org/1999/papers/05d_03.pdf, 1999.
[4]Perrig A, Canetti R, Tygar J D, et al. Efficient authentication and signing of multicast streams over lossy channels. IEEE Symposium on Security and Privacy. May 2000. pp 56-73.
[5]Boneh D, Durfee G, Franklin M. Lower bounds for multicast message authentication. Eurocrypt 2001. May 2001, pp 437-452.
[6]Wong C K, Lain S S. Digital Signatures for Flows and Multicasts. IEEE ICNP '98. 1998. Austin, Texas: October, 1998.1-5.
[7]Merkle R. A certified digital signature. Advances in Cryptology(CRYPTO '89), Aug. 1989, pp 218-238.
[8]Golle P, Modadugu N. Authenticating streamed data in the presence of random packet loss. Network and Distributed System Security Symposium(NDSS '01), Feb. 2001, pp 13-22.
[9]Miner S, Staddon J. Graph-based authentication of didital streams. IEEE Symposium on Security and Pricacy. May 2000, pp 56-73.
[10]Rabin M. Efficient dispersal of information for security, load balancing and fault tolerance. Journal of the ACM, Vol. 36, No. 2, Apr. 1989. pp 335-348.
[11]Park J M, Chong E K P, Siegel H J. Efficient Multicast Packet Authentication Using Signature Amortization. 2002 IEEE Symposium on Security and Privacy. Oakland CA: PrintHouse, 2002. 227-240.
[12]Harney H, Muckenhirn. Group Key Management Protocol(GKMP) Architecture. RFC 2094. July 1997.
[13]Harney H, Muckenhirn. Group Key Management Protocol(GKMP) Specification. RFC 2093. July 1997.
[14]Ballardie A. Scalable Multicast Key Distribution. RFC 1949, 1996.
[15]Mittra S. Iolus: A framework for Scalable Secure Multicasting. Proc. ACM SIGCOMM, 1997.
[16]Wallner D, Harder E, Agee R. Key management for multicast: issues and arthitectures. RFC2627, 1999.
[17]Wong CK, Gouda MG, Lain SS. Secure group communications using key graphs. Proceedings of the IEEE Symposium on Security and Privacy. Oakland, CA: IEEE Computer Society Press, 2000. 215-228.
[18]Balenson D, McGrew D,Sherman A. Key management for large dynamic groups:one-way function trees and amortized initialization. Internet Draft,http://www.watersprings.org/pub/id/draft-balenson-groupkeymgmt-oft-00.txt, 1999.
[19]McGrew D, Sherman A. Key Establishment in Large Dynamic Groups Using One-Way Function Trees. TIS Report no.0755, TIS Labs at Network Associates, Inc., Glenwood, MD, 1998.
[20]Deering S. Host extensions for IP multicasting. RFC 1112. http://www.isi.edu/in-notes/rfc1112.txt.
[21]Fenner W. Internet Group Management Protocol, Version 2. RFC 2236. http://www.isi.edu/in-notes/rfc2236.txt.
[22]Cain B, Deering S, Fenner B, et al. Internet Group Management Protocol, Version 3. IETF Internet-Draft.
[23]Esrin D, Farinacci D, Helmy A, et al. Protocol Independent Multicast-Sparse Mode(PIM-SM): Protocol Soecification. RFC 2362.
[24]Fenner B, Handley M, Holbrook H, et al. Protocol Independent Multicast-Sparse Mode (PIM-SM): Protocol Specification(Revised). IETF Internet Draft.
[25]Handley M, Kouvelas I, Speakman T, et al. Bi-directional Protocol Independent Multicast(BIDIR-PIM). IETF Internet Draft.
[26]Speakman T, Crowcroft J, Gemmell J, et al. PGM Reliable Transport Protocol Specification. RFC 3208.2001.
[27]Bates T, Chandra R, Katz D, et al. Multiprotocol Extensions for BGP-4. RFC2858.
[28]Cisco Systems公司(著),韦新(译).域间组播解决方案.北京:人民邮电出版社,2003.
[29]ANSI X9.9(Revised) American National Standard-Finanicial Institution Message Authentication(Wholesale) ASC X9 Secretariat-American Bankers Association, 1986(replace X9.9-1982).
[30]Gennaro R, Rohatgi P. How to Sign Digital Streams. Advances in Cryptology
(Crypto '97). 1997. pp 180-197.
[31]慕建君.低密度纠删码和网格图复杂度的研究.西安电子科技大学博士论文,2002.
[32]陈璟,杨波.基于纠删码的多播数据包认证方案.西安电子科技大学2003年研究生学术年会论文集.2003,pp 182-185.
[33]Hardjono T, Cain B, Doraswamy N. A Framework for Group Key Management for Multicast Security. Internet draft, 2000.
[34]Hardjono T, Cain B, Monga I. Intra-Domain Group Key Management for Multicast Security. Internet draft, 2000.
[35]Dondeti L, Mukherjee S, Samal A. Scalable secure one-to-many group communication using dual encryption. Computer Communications, 2000, 23, pp 1681-1701.
[36]Horng G. Cryptanalysis of a key management scheme for secure multicast communications. IEICE Trans. Commun., 2002, 85(5), pp 1050-1051.
[37]陈璟,杨波,田春岐.基于单向函数树的多播密钥管理方案安全性分析.西安电子科技大学学报.已录用.
[38]王育民,刘建伟.通信网的安全——理论与技术.西安:西安电子科技大学出版社,2000.
[39]Tanenbaum A S(著),熊桂喜,王小虎(译).计算机网络,第三版.北京:清华大学出版社,1998.