【作者】 徐守志；

【导师】 杨宗凯；

【作者基本信息】 华中科技大学 ， 通信与信息系统， 2006， 博士

【摘要】 目前,多服务组播业务正悄然兴起,如付费新闻、视频会议、电子会议等,并将扮演越来越重要的角色。出于商业利益或者是安全的考虑,组播内容需要经过加密,以确保只有被授权的用户才能阅读。针对单服务安全组播已进行了广泛的研究,但多服务安全组播与之有显著的区别:1)多服务安全组播提供多种组播服务;2)不同服务的组播流由不同的会话密钥加密;3)用户可以订购一种或多种组播服务。因此多服务安全组播对组密钥管理技术提出了新的压力和挑战,具体表现在以下几个方面:1.组密钥分发的复杂性:密钥分发技术决定组密钥更新的复杂性。传统技术的复杂性与用户加入或离开的请求量线性相关,组密钥分发的过程复杂,更新密钥量、时间开销和带宽开销与组密钥分发的复杂性线性相关;2.密钥存储开销:采用传统组密钥管理技术,需要对不同的组播服务分别建立组播服务组,订购多个服务组的用户需要加入多个服务组,造成系统的密钥存储开销成倍增长,也增加了组密钥管理的复杂性;3.组密钥更新的复杂性:采用传统的组密钥管理技术,在因为用户请求加入、离开或更换服务时,需要对用户所订购的所有服务组分别进行组密钥更新,密钥更新的相关开销(包括时间开销和带宽开销)较大,难以满足组规模较大、用户动态性较强的组播应用。针对上述问题,以研究用最小的组密钥分发的复杂性来保证组播系统的安全为目标,研究多服务安全组播的组密钥管理技术。本文的研究从两个方面展开:⑴基于最小准确覆盖的组密钥分发技术;⑵多服务组的综合管理技术,包括用户组的分类与集成。本文的工作得到国家自然科学基金“电子商务安全支付协议的研究”(90104033)的资助。论文取得的主要成果有以下三个方面:1.针对传统的组密钥分发技术复杂性较高的问题,研究基于最小准确覆盖的组密钥分发技术。论文研究了组密钥分发的最小准确覆盖问题,并提出两种基于最小准确覆盖的组密钥管理算法,实现对组密钥信息的快速分发。2.针对多服务安全组播的密钥存储开销和组密钥更新的复杂性较高的问题,提出一种多维层次树的组密钥管理模型。该模型包括三层:数据流安全层、层次接入控制层和用户组安全层,将所有服务子组集成在一个多维层次树上,降低了系统的密钥存储开销。3.结合基于上述两项技术,实现高效的多服务组播的组密钥管理算法,有效解决多服务安全组播的组密钥管理技术的复杂性问题,能适应安全组播系统可扩展性和健壮性的需要。更多还原

【Abstract】 A new multi-service multicast is springing up quickly. And it is to play a more and more important role in many areas such as HDTV, VoD and pay-per-viewed news broadcast service. For the sake of business and privacy, multicast content must be encrypted with a session key (SK), so as to assure that only legitimate ones can access it.It has been widely studied on single-service secure multicast. However there are quite difference between single-service secure multicast and multi-service one: a) multi-service secure multicast can provide several multicast service; b) multicast stream of each service is encrypted by different SK; c) each user can subscribe one or any services. This brings new challenges and pressures to group key management of multi-service secure multicast in the following issues:1. The complexity of group key distribution: the technology of key distribution affects the complexity of group rekeying, which is linear with size of addition or eviction of members, and all of number of rekeying, time cost and bandwidth cost are association with it.2. Cost of key storage: traditional technologies need to setup multicast groups for different services. A member who subscribes several services need join into different service group; as a result, the cost of key storage rises up doubly.3. Complexity of rekeying: former technologies need to renew different service groups respectively for applications of addition, eviction or service changing. They can’t meet command of big dynamic multicast groups for the high cost of group rekeying. Research on efficient group key management for multi-service secure multicast is an urgent problem we should solve. To solve the above problems through assuring multicast secrecy in lowest complexity of group key distribution, this thesis addresses on group key management of multi-service secure multicast. The content of this thesis includes three issues: (1) technology of group key distribution based on minimum exact covering; (2) classification and integration of member group; (3) integrated management of multiple service groups. The works in this thesis has been supported by the Natural Science Foundation of China“Study on secure payments of electronic commerce”(No. 90104033).The contributions of this thesis include as follows:1) In order to reduce the complexity of group key distribution, technology of group key distribution based on minimum exact covering (MEC) is studied on this thesis. The minimum exact covering problem for group key distribution is put forward and studied, and two algorithms based on it are proposed to achieve fast distribution.2) In order to reduce the complexity of key storage and rekeying, a model of group management based on multi-dimension hierarchical tree (MHT) is presented. The model consists of three levels, namely: data stream secure level, hierarchical access control level and user group secrecy level. It can group all sub-groups into a multi-dimensional hierarchical tree, so as to reduce key storage greatly.3) Integrating above two achievements, an efficient algorithm for multi-service multicast is presented to solve the problem of group key management, which can meet the comments of scalability and robust.更多还原