【作者】 魏楚元；

【导师】 李陶深； 张增芳；

【作者基本信息】 广西大学 ， 计算机应用技术， 2005， 硕士

【摘要】 安全群组通信的研究是一个十分活跃的研究领域,群组密钥管理机制的研究是其中最具有挑战性的工作。本文重点研究面向组播通信和对等群组通信的密钥管理协议的研究。在充分研究现有群组密钥管理协议的优点和不足的基础上,本文对现有的主流方案进行了改进,既立足于现有方案公认的优点,又弥补它们在性能或者安全性方面的某些不足。本文的研究工作主要工作包括以下几个方面: (1) 面向组播通信的密钥管理协议的研究。现有的组播密钥管理协议基本可以分为集中式和分布式两类。集中式方法存在“1影响N”问题;分布式方案是一种分层分组的结构,存在解密与重新加密负载过重以及通信延迟等问题。本文采用一种折中的思路,在分布式方案Iolus协议提供的组播密钥管理安全框架的基础上,设计了一种新的分布式密钥管理体系结构。该结构将整个通信群组划分为若干个子组,每个子组设置一个组安全控制器的组安全代理,由它负责局部子组的密钥管理任务,并采用一种改进的逻辑密钥树方案实现子组内的密钥管理。本文还提出了一种基于代理的分布式的大型动态组播密钥管理协议,它通过增加签名标记改进了现有密钥管理协议对成员身份认证的不足。本文提出的组播密钥管理方案有效地减轻了“1影响N”问题,减少了组安全代理解密和重新加密的负载及其带来的通信延迟,适合于大型动态组播群组。 (2) 面向对等群组通信的密钥管理协议的研究。TGDH协议是一种较更多还原

【Abstract】 Secure Group Communication System has been an active research domain, in which the group key management scheme is the most challenging work. This paper focuses on research on key management protocols for multicast communication and dynamic peer group communication. On the basis of plentiful research on the merits and drawbacks of existing group key management protocols, this paper tries to improve the existing mainstream schemes. Our protocols are established retaining the merits of those existing schemes as well as making up some deficiencies in their performance or security. There are three main contributions in this paper:The first is about the research on key management protocols for multicast communications. The present existing key management protocols for multicast group are classified as centralized and distributed schemes, with the former suffering from "one affecting N(many)" while the latter suffering from upper overloads of decryption and re-encryption and communication delays. A compromising way of thinking is adopted in this paper. On the basis of secure multicast key management framework offered by Iolus, the representative one of the distributed protocols, a new distributed group key management architecture is designed. In this architecture, the whole multicast group is divided into some subgroups, each of which is equipped with a Group Security Controller Agent of group controller that implements the key management task. An improved logical key hierarchy is also adopted as the key management scheme inside the subgroup. A distributed key management protocol based on agent for large dynamic multicast group is also presented in this paper, through which the flaw of member authentication in the existing key management protocols has been improved through adding signed tokens. The protocol also effectively mitigates the problem of "one affecting N", the overload of GSCA decryption and re-encryption and the communication delay that results from it, suitable for large dynamic multicast groups.The second is about the research on key management protocols for dynamic peer group communications. The Tree-based Group Diffie-Hellman Protocol is a fairly good key management secheme for dynamic peer group communications. Through analyzing TGDH protocol, we have found out that a deficiency exists with its mode of communication. A lot of redundant messages are used to complete group re-keying so that more communication bandwidth will be consumed in TGDH. We aim to solve the deficiency and improve TGDH through designing a preparatory algorithm of finding a Key Association Set. A new re-keying protocol is also designed by using the algorithm. Theoretical analysis shows that our protocol effectively decreases the communication and storage overload of TGDH, with the communication bandwidth descending from O(nlogn) to O(n) and the key storage descending from O(n) to O(logn). The simulation result also shows the improved protocol has a better communication performance.The third is about the research on group key management architecture for the mobile Ad-hoc Network, in which the group key management protocol plays an important role. It is not only the key technique to implement secure group communication system, but its support is also needed by the secure routing technique in the mobile Ad-hoc Network. This paper discusses the group key management schemes for the context of the mobile Ad-hoc network, presenting a group key management architecture based on a hybrid strategy through integrating LKH and TGDH. Our scheme suits heterogeneous mobile Ad-hoc network and can effectively avoid single-point failure due to its high expandability.更多还原