| GDOI is a new key management protocol for IP multicast, which is developed by Internet Engineering Task Force in 2003. It is designed to provide appropriate multicast key management for the data security protocols such as IPSec and others. GDOI defines a concept of GSA (Group Secure Associations) which is managed through GROUPKEY-PULL exchange and GROUPKEY-PUSH exchange. GSA can protect the KEK (Key Encrypting Keys) and TEK (Traffic Encrypting Keys) for the group in order to create, update and destroy the group key. The set of security services offered by GDOI includes access control, connectionless integrity, data origin authentication based on group, and confidentiality.In this paper, the basic principle and process of the GDOI Protocol are discussed in detail. And the disadvantages of GDOI in origin authentication, anti-replay and the memory capability of Members' hosts, are pointed out when GDOI provides multicast key management for IPSec. On the basis of discussing above, a security multicast system model based on GDOI Protocol is proposed. The design idea is described and the main data structures and source programs are provided. The implementation of the module on Linux operating system platform is realized. Finally, by way of putting into the environment of LAN, the relevant test data are acquired. |
PDF Full Text Request