Research On Key Management Schemes Used In Secure Group Communication

Group communication is a new communication method organized by multiple entities involved in a common business session. With the rapid development of Internet, wireless networks and A/V technology, secure group communication with a wide range of applications can be applied in a variety of security-sensitive data services, such as commercial software distribution, secure multimedia content distribution, pay-TV PPV and security video conferencing and so on. In order to meet the requirements of data privacy, confidentiality and integrity in the above secure group communication systems, we can protect the group communication data by utilizing proper encryption and signature mechanism in the transfer process, in which the encryption key is a basic and critical condition for the secure data transmission in the encryption mechanism. How to effectively implement the mechanism of the data encryption key generation, distribution, injection, regular updates, event-driven updates (In many group communication systems the group membership always changes when the member joins or leaves the group, so we need to update the data encryption key) and to avoid the key eavesdropping and leaking is a critical issue to ensure the safety of the group communication systems, namely which is also a group key management issue.Group key management plays an important role in the group communication, in which the legitimate users can apply a secure and efficient key management scheme in order to effectively manage the secure operations of data encryption key generation, distribution or agreement and upgrade. Key management scheme has direct relationship to the stability, reliability and security of data transmission, such as forward security, backward security, collusive attack, etc., and thus it is also related to the success of the security group communication applications. In addition, in group communication systems the failure of some node members should not affect the continuous applications of the entire group communication, therefore how to research and provide efficient, adequately safe, robust group key management solution is essential to the applications for group communication. In addition, as far as the group key management goes, there exists an issue that the research of group key management is not relevant enough to some specific application of group communication, when we do security research on group communication in some specific applications, more consideration should be given to the characteristics of the current network environment, and based on these characteristics the proposed group key management scheme should be improved. And which can enhence the overall security of the group communication system in order to better adapt to the network environment. For this purpose, in this paper we proposed a password-based and centralized group key management scheme according to the characteristics of TC (trusted computing) environment, in which the identities of the two or more communicating parties should not be exposed each other while authenticating and communicating, it is necessary for privacy protection module to implement the function of mutual anonymity between TPMs (trusted platform module) in order to prevent tracking the activities of communicating parties. The security of this scheme is based on the computational Diffie-Hellman intractability assumption and the strong collision-resistant one-way hashing, this scheme can effectively resist dictionary attacks and resource depletion-denial of service attacks, and effectively preserves the user's privacy and server's privacy. Compared with the other schemes, the new scheme needs less computational cost and is more efficient. According to the characteristics of large-scale group communication in mobile ad hoc networks and considering the robustility and efficiency of the system, in this paper a distributed key management scheme based on group signature authentication was proposed. By adopting the threshold cryptography and the method of third-party signature authentication used in PKI system, this scheme enhanced the authentication reliability and reduced largely the authentication cost in key agreement process. The analysis shows this scheme is provably secure and robust against the active and passive attacks with fault-torrance, achieves the trust level3, has perfect forward and backward secrecy, and reduces largely the computational and communication overhead.