| One of the major objects of grid research is to implement collaborations that span multiple organizations and domains. Group communication is the key technology to implement this object. Group communication technology organizes all participants into a virtual group, thereby group membership management, access control and efficient data transmission can be achieved. People have attached more and more importance to security issues. How to guarantee integrity and privacy of communication data is a very important problem. Compared with point-to-point communication, group communication comprises more participants and more data copies. So both the participants and data will face more security threats. Therefore, research on secure group communication under grid environment has great academic value and practical significance.The main contributions of the dissertation are as follows:1) A secure group communication architecture named DGSGCA which applies for grid environment. There are several elements in DGSGCA,such as domain, domain member, domain manager, group etc. In DGSGCA, a group is composed of grid entities of several domains. A Domain consists of grid entities which are geographically adjacent and belong to a same organization. A domain includes a domain manager and several domain members. Domain manager authenticates and authorizes domain members by their certificates. In DGSGCA, the communication model between group members is multiple-to-multiple. Furthermore, a domain can participates more than one group. DGSGCA is very suitable to the character of grid environment, because most grid applications will span several organizations distributed in different places and these organizations are usually highly autonomous. This dissertation describes DGSGCA and elaborates on the initialization process, data transmission process, member join process and member leave process.2) Two key management schemes for DGSGCA - GKMS-I and GKMS-II. The two schemes are both decentralized. For a group under DGSGCA,in GKMS-I, all group members share a group session key, while all members of a domain share a domain session key; in GKMS-II, all domain managers share a inter-domain session key, while all members of one domain share an intra-domain session key. We respectively introduce key hierarchies, data transmission, key initialization protocols, key refresh protocols for member join and key refresh protocols for member leave of these two schemes. We also analyze computation overhead and communication overhead of each protocol. Finally we analyze their security and compare their overhead and point out scenarios applicable for each scheme.
|
PDF Full Text Request