Research On Group Key Management System And It's Application On IPSec VPN

In recent years, the research on group communication has focused on the security and reliability of group communication. In particular, the fields of the application and cooperation based on group, the secure group communication has become more and more important. The confidentiality of communications is the key to design the secure group communication in unreliable networking environment. Data encryption is a practical means of achieving security group communications. Only authenticated user can be ensured to decrypt the multicast data, even if the data could be received by other users connected the multicast network.In the security group communication, data was encrypted by the group key. Each group member shared the same key for decrypting data. To ensure forward and backward security, the group key has to be updated whenever members joining or leaving the group. This process is known as rekeying. It guarantees that the new joining members can not decrypt the data which encrypted the earlier group key. It also guarantees the leaved members can not decrypt the group data received after it leaved the group. This is major challenge to design a secure and effective key agreement protocol. The difficulty lies in the dynamic group that the members can join or leave a group at any time.The structure of group key management system and dynamics group key agreement protocol was studied in this thesis. And this group key management system was implemented and it is applied to IPSec VPN. The group security association was implemented among VPN gateway. Specifically, this study includes the following contents:According to the differences among key control models, the group key management could be divided into three categories: centralized model, distributed model and combined model. The dynamic distributed key management system has the following features. (1) Each member of the group is equal. So there is no performance and security bottleneck, no single point of failure with high availability. (2)The group Key is produced by the random numbers which were shared by all members. So the randomicity of the group key in this model was stronger than other models. Therefore, such group key management system is the focus of this thesis.