| With the extensive application and popularization of Internet, multicast also remains rapid development, and is broadly applied to many-to-many or one-to-many data communication. The main advantage of multicast is that the sender only needs to send the message once and the routers will forward the message to every receiver automatically. Compared with unicast, multicast can save network bandwidth and reduce sender's overhead and network flow. However, as multicast involves multiple receivers, the reliability and security problems in multicast also become more complex than unicast. To ensure secure communication, every multicast member shares a common group key for encrypting data. Since multicast membership is dynamic, the group key should be updated in order that the member after who has left or before who adds in the group can not decrypt the encrypted data. Among all the problems in multicast security, multicast key management is a vital topic, which has attracted many researchers'interests.This thesis begins with an introduction of multicast techniques and the security requirements. We classified existing multicast key management schemes, among which, several typical schemes are compared and analyzed, and the problems in existing schemes is also given. Then, by the analysis of the logical key hierarchy (LKH) scheme and focus on a group key distribution scheme utilizing a polynomial expansion which features is that it performs well in small scale multicast. We proposed a new key management scheme PE-RLKH. Analyses show that it lowers the key storage costs and decreases computation complexity, possesses a good communication efficiency, thus is scalable to large dynamic groups, through the comparison of communication costs, key storage and computation complexity between the scheme presented in this paper and other schemes.In addition, this thesis is about the research on key management framework for multicast communications. The present existing key management protocols for multicast group are classified as centralized and distributed schemes, with the former suffering from "one affecting N(many)" while the latter suffering from upper overloads of decryption and re-encryption and communication delays. A compromising way of thinking is adopted in this paper. On the basis of secure multicast key management framework offered by Iolus, the representative one of the distributed protocols, a new distributed group key management architecture is designed. In this architecture, the whole multicast group is divided into some subgroups, each of which is equipped with a Group Security Management Agent of group manager that implements the key management task. A logical key hierarchy is adopted as the key management scheme inside the subgroup. through which the flaw of member authentication in the existing key management protocols has been improved through adding signed tokens. The protocol also effectively mitigates the problem of "one affecting N", the overload of GSMA decryption and re-encryption and the communication delay that result from it, suitable for large dynamic multicast groups. |
PDF Full Text Request