Research Of Group Key Management Protocol In Secure Multicast

With the development of network technology, multicast technology has been applied widely, such as video conference, financial market data and distance learning. Multicast key management is the crux of solving the security problems in multicast. Thus it's very important for multicast security. So designing an efficient and secure key management protocol is a crucial question in secure multicast studying field.In general, group key management protocols can also be divided into two types, centralized and distributed according to key generation methods. This thesis makes an in-depth research on group key management protocol (centralized and distributed) in secure multicast. In the research of the centralized group key management protocols, the cost analysis model of the multicast logical key tree based hierarchical data processing (HDP), the completed tree key management algorithm based on subtree moving, and the TOFT key management protocol based on threshold-key-mechanism are proposed in this thesis. In the research of the distributed group key management protocols, by introducing the bilinear pairing cryptosystem, a distributed group key generation algorithm based on DSTR is proposed.The bilinear pairing-based STR (PSTR) is also given. In order to get authentication , this thesis introduces certificate mechanism and bilinear pairing function in elliptic curve, proposes a new distributed group key management protocol based on certificate mechanism and bilinear pairing.Finally, in the research of fault-tolerant of multicast key management protocol, by introducing the fault-tolerant algorithm and the password authentication mechanism, a fault-tolerant and secure multicast key management (FTS, for short) is also proposed in this thesis.There is some research production mainly in the following aspects:(1)Through the research and analysis of logical key tree of multicast, the concept and the systematic definition of the directed logical key tree in theory is given in this thesis. This thesis applies HDP to give a cost analysis model of the multicast key management based on the logical key tree, with which the m-ray logical key tree is also analyzed theoretically. Combined with the theoretical analysis results of HDP, a new multicast key management algorithm based on the completed quad tree is proposed. The algorithm take completed quad tree as the logical structure which manages and stores the keys of a logical key tree, and use the subtree moving method to rebuild the complete tree, so the external cost which caused by tree balancing can be reduced. Therefore the algorithm is applicable to the situation where the group size is enormous and the changing of group member is frequent.(2) In the thesis, the essential communication of threshold secret sharing theory and multicast key management is analyzed. A new threshold-based one-way function tree (TOFT) protocol based on threshold cryptography is protosed. The quad-tree structure and the threshold-key-mechanism are used in the TOFT protocol, which improves the performance of the key management system.The design principle of TOFT, the realization protocols including keys generation and distribution, dynamic membership management is given in the thesis. In addition, we evaluate TOFT compared with other proposed protocols from the following four aspects: computation cost, storage requirements, communication cost and security. Finally, we conclude that the TOFT protocol is more efficient than others.(3) Based on the bilinear pairing cryptosystem, a new group key generation algorithm based on DSTR and bilinear pairing-based STR multicast key agreement protocol are proposed. With using DSTR logical key tree to obtain efficient algorithm for computing the blinded keys of the relevant nodes of the group members, the DSTR group key generation algorithm has high efficiency. The security of DSTR is also proved. But on security property, STR cannot resist active attacks without providing key authentication. By introducing the bilinear pairing cryptosystem and the 3-ary key tree, the improved STR protocol which is called PSTR (Bilinear Pairing-based STR) is proposed. This protocol includes the key generation process and six basic sub-protocols. Through proving the bilinear form of PSTR key tree, the security of the PSTR in computation is proved. Finally we compare PSTR with STR through performance analysis, the results of which show that: PSTR is more efficient than STR in the communication cost and the computation cost as well as the storage requirement.(4) In the further research of the distributed group key management protocol, based on the STR and TGDH, this thesis introduces certificate mechanism and bilinear pairing function in elliptic curve with the ternary tree, propose a novel multicast key management scheme CBPSTR. The key generation process and six basic sub-protocols (Setup protocol, Join protocol, Leave protocol, Merge protocol, Partition protocol and Refresh protocol) were included in the protocol. Through the security analysis, it shows that the CBPSTR is secure in computation. Finally, CBPSTR were compared with STR and TGDH, the results of which show that: CBPSTR possesses low communication cost as STR and low computing cost as TGDH. Moreover, CBPSTR can effectively resist man-in-the-middle attack, key-compromise impersonation resilience and unknown key-share resilience. Therefore CBPSTR protocol is a novel, authentication and efficient distributed key management protocol.(5) In the research of the fault-tolerant of the multicast key management, this thesis proposes a fault-tolerant and secure multicast key management protocol (FTS, for short) with using the fault-tolerant algorithm and the password authentication mechanism. Failure detector is used to dynamically test the members, which ensures that FTS will be independent from the location and the status of group members. In addition, each member has a unique password with the server, which is used to encrypt or decrypt the massages in FTS and cryptology arithemtic updates the messages among members, which could effectively prevent insider attacks. Finally, to compare multicast key management protocols, communication cost, computation cost, memory cost and security are taken as the performance criteria. Through theoretical and instantiation analysis, we compare FTS protocol with the FTKM from the four aspects above.FTS slightly increases the computation cost, but greatly reduces the storage cost. In conclusion, FTS enhances the comprehensive performance, which is also a fault-tolerant and secure protocol without the single-point bottleneck.