| Any host of multicast group can send a UDP packet to a given multicast address, and underlying multicast routing mechanism will do their best-effort to deliver the packet to all recipients who have explicitly joined the multicast group, while minimizing the number of copies of the packet that traverse the network, and reducing the burden of sender. Due to the lack of network-level access control in TCP/IP, enforcing message secrecy for a multicast group requires data encryption, multicast group key management become one of core problems of secure multicast. According to the analysis of research status of multicast group key management, the thesis points out the deficiencies of multicast group key management protocol: As the participants of multicast are uncertainty, we only concluded that the sender or receiver of message is a participant of multicast group. By using group key, all the members can share a secret communication channel, but the multi-channel can not be created for member's requirement, and the flexible sub-group communication can not be implemented. For the solution of the problem of group authentication, the group key conferring mechanism is proposed. The members confer with credible center on group key generation. The information of member is included in group key that indicate the participants of group communication. For the solution of the problem of access control in sub-group communication, the sub-group key generation mechanism is proposed. To satisfy the requirement of member, the sub-group can be created. The flexible sub-group communication can be implemented. For preventing malicious member from making use of the attack of known message to decrypt the keys that other members share with credible center, the group key distribution uses secret share mechanism. Basing the integration of these mechanism, a multicast group key management protocol ( Group Key Conferring Protocol ) is proposed in this thesis, The GKCP has six phases, as follows: bidirectional authentication, group key conferring, group key distribution, group key reversion, group vector reversion, sub-group key generation. The formalization analysis of bidirectional authentication and sub-group key generation are adopted by SVO logic, and the exemplification of group key generation, group key distribution , group key reversion, group vector reversion are adopted, the correctness of GKCP is proved. After the function requirements of GKCP is analyzed, and then, GKCP is implemented. The GKCP's function is validated by experimentation. The formalization analysis, exemplification and experimentation result prove that GKCP is correct and feasible. Comparing GKCP with GKMP, LKH and OFT, the GKCP has the following characteristics: small granularity of group authentication, flexible sub-group communication, prevention of deceit of group key update. In the end, the conclusion is deduced , and the future work is proposed.
|
PDF Full Text Request