Research And Implement On Secure Multicast Communication Technology

Along with rapid development on communication technology and society informationization, especially on fast internet popularization, more and more requirements of group communication are brought out. These application requirements need information to be exchanged among multiple computers, and multicast is a new and high efficiency network transportation solution aiming at it. The multicast can greatly reduce communication delay and save neteork bandwith resource.However, some problems of multicast restrict its application scene, security consideration is one of the most important influencing factors, and the research work in this paper is just carried out basing on it. Usually, the mainly security requirement of multicast include 2 points as below: key management and source authentication of multicast communication. In addition, how to construct a secure multicast architecture with characters of easy using and suitable for various environments is a question expecting to solve now. The research work in this paper is further on according to above areas and some improved algorithms and thoughts are put forward.The main innovations of the thesis are as follows:1. An optimized rekeying algorithm in secure multicast based on PRF and XOR operation was presented in this paper. According to algorithm design concept, all updated keys with relativity were generated by PRF operation, and rekeying messages in multicast were generated by PRF and XOR operation together instead of conventional encryption and decryption. The communication cost, computation cost and storage cost are obviously decreased besides the ensurence of security. The simulation results of prototype under Linux verify that the optimized algorithm improves key management performance to some extent in secure multicast.2. A re-keying solution using shared key tree among multicast sessions in same multicast group was presented in this paper to make re-keying cost be independent of multicast sessions amount, and solve the problem that group with multiple sessions had low efficiency when key was updated. In this solution, leaves and extended root nodes in shared key tree respectively contained private keys of group members and group keys of multicast sessions. According to the key update algorithm used in this solution, updated keys and re-keying data were generated by PRF and XOR operations together. The simulation results of prototype system under Linux show that this solution obviously improves re-keying performance to some extent under communication circumstance with multiple sessions in same group compared to conventional solution.3. A multicast source authentication method using authentication tree combined with TESLA was presented in this paper. The advantage of authentication tree and TESLA were adopted simultaneously, the former was utilized to construct datagram group and latter was utilized to ensure authenticity of MAC value of datagram group according to key disclosure delay. After analysising security, performance and comparing with typical algorithms, not only computation, communication and storage cost were proved to be low, but also datagram burst loss could be well resisted in various communication environments. Even if in application scene with high datagram loss probability, almost all datagrams could be achieved source authentication via theory deduction. This method obviously enhanced source authentication reliability in multicast communication.4. A secure multicast scheme based on TLS (DTLS) was presented in this paper. Group key management and multicast transportation security function module were extended and added on existing TLS (DTLS) protocol and facilities. According to this, confidentiality, integrality, anti-replay, group authentication, source authentication, etc for datagram could be conveniently realized by this integrated secure multicast mechanism. In addition, the API provided by this scheme could be called by application layer program to offer group key management and data security service. All functions of this scheme could be implemented in process space of application layer program and supported centralized and distributed pattern without depending on IP multicast.5. A group key management and distribution scheme based on tree structure was presented in this paper. The PTK value of the leave nodes on tree were generated through UWB 4-way handshake negotiation, the GTK value of the root node was generated by user who established multicast group, the ATK value of the other nodes were generated to change relationship between user who established multicast group and users who joined multicast group from star structure to tree structure and achieved the goal that security and efficiency were ensured in group key updating process. Further more, the rekeying algorithm was optimized using one-way function based on tree structure, replacing encryption (decryption) calculation to hash calculation and decreasing group key management cost of user who established multicast group once more. The application requirement of multicast communication is increasing day by day, the research work on seurity issues of it will be further on and make considerable progress with the extention of its application.