Research On Multicast Security Technology In IPv6 Networks

In the next generation network based on IPv6, the IP Multicast will be the key technology to achieve multicast application. However, the security of multicast has no perfect solution, which impeded it widespread. Internet Engineering Task Force (IETF) proposed the multicast security architecture and multicast security (MSEC) group key management architecture. But there is not a security multicast scheme, which is based the above architectures and the actual network deployment and key management algorithm. In view of the above question, this paper design an IPv6 security multicast scheme. It consists of the following four aspects.1. We proposed a multicast security system based on CA authentication. The multicast group members use CA certificate to access network. The Group Controller/key Server deploy in network to establish and manage the group key and negotiate SA with multicast source. This system is security, and has solved the problem of multicast deployment of components and the compatibility of IPsec applies to multicast. It can run various multicast protocols and group management protocols and has strong scalability.2. We proposed a dynamic layering group key management algorithm. GCKS can be defined two types, the under actual GCKS and the upper virtual GCKS. The upper GCKS exist depending on the current network status. This algorithm meets the requirement of the key management in implementing large and dynamic secure multicast. It avoids signal-point failure and improves the key management efficiency.3. We constructs group key based on Pairing and distributes the group key using Hash function polynomial. Hash function used to constructs subgroup key between GCKS and group members, and the Pairing algorithm used to negotiate group key. This algorithm is security and efficiency。It has no additional requirement of multicast elements, and lower in communication cost and computation cost。4. We simulate the multicast routing protocol PIM-SSM on NS-2 platform, which prove the process of multicast routing. It provided a foundation platform with researching and analyzing the multicast security.