The Improvement And Imolementation Of Encryption System Based On GDOI Protpcol

The GDOI(The Group Domain of Interpretation)protocol was presented in 2003 as a classic program specifically designed for security applications in cryptographic systems for multicast key management.However,with the increasingly complex network environment and network application security requirements continue to improve,the original GDOI protocol design deficiencies gradually exposed.This defect affects the further application of the protocol,and its common problems include: only support the international common encryption algorithm,not suitable for the use of domestic scenes;Can only guarantee the security of the key in the transmission process,the storage side of the device also exists a certain security vulnerabilities;there is no good backup mechanism to ensure that the encryption system to provide secure and reliable key update service.In order to solve the above-mentioned defects,improve the safety factor based on GDOI protocol encryption system to improve its original security flaws,first introduced the national secret algorithm standard to replace the original international algorithm,from the algorithm level to solve the system encryption vulnerabilities.Secondly,the introduction of the password module technology to improve the protection of the system.Finally,the use of multi-machine hot standby technology to make up for GDOI agreement in its handling mechanism deficiencies,so GDOI protocol program more complete.The research work mainly focuses on the following aspects:(1)To enable the GDOI protocol to support the secret algorithm,the private algorithm of the support algorithm is modified,and the attribute values of the three encryption algorithm attribute fields are modified to support SM2,SM3 and SM4 secret algorithm.(2)In order to improve the protection of the protocol,the GDOI protocol to increase the TKE attribute,used to protect the data transmission key,and the encryption key written to the hardware unit to ensure that the system will not be cracked in the face of attack;(3)Based on the analysis and research of the traditional multi-machine hot backup technology,a data synchronization strategy is proposed to solve the problem of data consistency in the case of communication between the host and the standby machine in the data synchronization between the key servers GDOI protocol protocol reliability.(4)Based on the above improvement program,complete the system design and development work,and in accordance with the improvement of content design a variety of experimental programs to ensure the normal operation of the system.Through the security improvement of GDOI protocol,make up for the defects of the original agreement,improve its survival in the face of network attacks and the face of abnormal recovery capacity.In addition,the results of this study for other future improvements and improvements proposed a feasible operational ideas.