The Research On Control Of Secure Multicast Communication

Multicast is a new data transfer model. It has a very brilliant future. IGMP that used to maintain group membership doesn't provide ability of access control. Anyone that got specified multicast address can join the group communication without any authorization and receive data packets. Adversary will capture plaintext in data packets from multicast communication easily. All the data packets in those applications that require secure communication should be encrypted to prohibit non-authorized access. Because of the problems mentioned above, this paper analyses and summarizes some existed group key management schemes, proposes a new scheme for single data resource and a multi-privileged control scheme.This paper introduces concepts of multicast firstly, it analyses some typical group key management schemes that include LKH, TGDH and IOLUS and summarized the advantages, disadvantages of these schemes.Then, based on the logical key tree schemes, we propose a group key management scheme based on complete binary tree. This scheme combing the advantages of centralized and distributed key management schemes. It uses GC to generate and update group key, uses complete binary tree to stores group members and deliver group key. It implements forward and backward confidentiality and exploits computation ability of all group members efficiently, reduces load of server. At the same time, it reduces storage, computation loads of group members remarkably.Secondly, this paper proposes a multi-privileged access control scheme to solve the problem that most of multicast group key managements can only deal with single data stream, using these schemes to deal with multiple data steams will lead to overlap of data, which induces large waste of network resources. This scheme adapts service group to classify group members and uses complete binary tree scheme to update the key that encrypt single data stream in service group. This scheme will eliminate data overlap when apply it to multiple data streams, saves network bandwidth and computation resources. At the same time, it provides good adaptability.