基于时钟同步的混合型安全组播密钥管理

为保护组播通信的机密性,安全组播使用不为组外成员所知的密钥来加密数据,并随组成员关系的变化而动态更新。提出一种将平坦型和分层型密钥管理相结合的、基于IGMPv3的混合型方案,它将群组划分为多个独立的小区,有效地解决了与安全组播相关的扩展性和可靠性问题。提出了一种新的基于时钟同步的密钥管理算法,各小区代理不进行信息交换而只通过定时来执行批次密钥更新,从而有效地降低了系统的通信开销。

Hybrid key management scheme based on time synchronization in secure multicast

To provide communication confidentiality in multicasting applications, traffic data in secure multicast is encrypted with a session key known only by certificated group members. Whenever there is a change in the group membership, the session key must be updated dynamically. Key management is thus indicated as the sticking point in secure multicast research, and the proposed schemes can be mainly classified as flat ones and hierarchical ones. By incorporating the flat scheme with the hierarchical scheme, a hybrid scheme based on the Internet Group Management Protocol Version 3 is presented. The multicast group is divided into a couple of separate areas and thus not only the scalability problem but also the reliability problem involved in secure multicast is effectively solved. Based on this hybrid scheme, a novel key management algorithm based on time synchronization among the agents of those separate areas is proposed. Without any message exchanges between agents after the algorithm initialization, the agents periodically update the session key in a batch style, thus the communication cost of the entire system is observably lowered.