Font Size: a A A

Research On The Technology About Secure Group Communication In Grid

Posted on:2009-03-24Degree:DoctorType:Dissertation
Country:ChinaCandidate:Y F LiFull Text:PDF
GTID:1118360272472247Subject:Computer system architecture
Abstract/Summary:PDF Full Text Request
Group communication is usually used in grid. However, it is very difficult problem that how to ensure the security of group communication in grid. In grid, group members may lie in different domains. When group communication begins to be transmitted, group members need to exchange some strategy information with their administrator of domain and Virtual Organization (VO). Meanwhile, the members who do not attend group communication may also need to exchange some information with their domain administrators and VO when they are transmitting other information. Moreover, the members who join the group may access past group data and the members who have left the group may still steal current or future group data. All of these will endanger the forward security, the backward security, the source authention and the security of transmission of group communication. Howerver, the exisiting security technologies don't relate to the communication charactertic of group communication in grid. Therefore, it is very difficult that using these security technologies to ensure the security of group communication in grid. In grid, it is very necessary to have some strategies to enhance the security of group communication.In usually, the types of group communication are divided into two kinds in grid. One is one-to-multiple group communication and the other is multiple-to-multiple group communication. In one-to-multiple group communication, multicast is often used to delivery group communication. But, people often use the cooperative processing of multicast to delivery group communication in multiple-to-multiple group communication. Based on the application of group communication in grid, some mechnisams are presented for secure group communication. In one-to-multiple group communication, some mechanisms and strategies are presented in order to enhance the forward security, the backward security and the source authentication of group communication. These mechanisms and strategies include a group signature scheme with forward security, a group signature scheme with variable key and a key distribution strategy of security multicast in grid. In multiple-to-multiple group communication, some mechanisms are also presented in order to enhance the source authentication and the transmission security of group communication. These mechanisms include a key management mechanism and an authenticated encryption mechanism.The group signature scheme with forward security and the group signature scheme with variable key are two different schemes of group signatures. The former is based on the basic theories of RSA signature, GQ signature and IR forward secure signature. The latter is based on the discrete logarithm problem. In group signature scheme with forward security, key server only generates one public key for all members of group and all members share this public key. At the same time, key server also generates the secret key "seeds" for each member, thus, each member can only get one the secret key "seed". During each time period, each member of group can generate or update his own secret key by using the secret key generation algorithm or the secret key update algorithm. In the group signature scheme with variable key, the trust center only needs to issue the partial secret key one time for each group member; and each group member can generate his different secret key each time. Moreover, the size of the signature is independent of the number group members and the group public key is constant. Therefore, the former has the characteristic of forward security and the latter has the characteristic of backward security.In order to ensure the security of the transmission in one-to-multiple group communication (namely multicast), the key distribution strategy for security multicast is presented in grid, which is based on the basic principles of the centralized key distribution strategy and the distributed key distribution strategy. According to the multicast mechanism in grid, considering the dynamic factors of multicast members, some protocols and strategies are built in the key distribution strategy. These protocols and strategies include the member hierarchy method for key distribution, the member discovery protocol, the clustering protocol and the key distribution protocol. The results of simulation experiment show that the presented key distribution strategy is feasible and efficient to ensure the security multicast in grid.In order to ensure the security of the transmission in multiple-to-multiple group communication, a key management mechanism is presented, which is in accordance with the character of multiple-to-multiple group communication in grid. In the key management mechanism, the services that a group gets are logic divided into two hierarchical levels. One is provided by a virtual organization and the other is provided one or more administrative domains. In the key management mechanism, a complete binary tree is established at each administrative domain and a Huffman tree is established in the virtual organization. It allows the domain administrator with more registered group members to have more auxiliary keys, and the domain administrator with less registered group members to have less auxiliary keys. In addition, digital signature and data encryption are used to ensure the security of the exchange messages of domain administrator and its group members. Moreover, data encryption method is used to ensure the security of the transmission processes of group communication. Therefore, the key managemet mechanism not onlysupports the security of group traffic, but also enforces the join secrecy and leave secrecy.In multiple-to-multiple group communication, In order to implement the source authentication, integrity and confidentiality of the group traffic, an authenticated encryption mechanism is proposed. In the authenticated encryption mechanism, there is not a key distribution center. Each member in the signing group can verify the identity of the signer, and the verifying group keeps only a private key. Moreover, any signer can sign a message on behalf of the signing group and any verifier can verify the group signature on behalf of the verifying group. In addition, there is the function of data encryption in the authenticated encryption mechanism. Therefore, the mechanism not only supports the source authentication of group traffic, but also ensures the integrity and confidentiality of the group traffic.
Keywords/Search Tags:grid security, group communication, group signature, key management, source authentication, authenticated encryption
PDF Full Text Request
Related items