【作者】 宣文霞；

【导师】 窦万峰；

【作者基本信息】 南京师范大学 ， 计算数学， 2006， 硕士

【摘要】 随着Internet的普及和广泛应用，组播通信技术也得到了迅速的发展。组播技术适用于多点到多点、一点到多点的数据传输业务。与单播相比，组播的主要优点是允许发送者对每个报文只发送一次，由路由器自动转发报文到每个目的接收者，从而大大节省网络带宽、发送者资源以及减少网络流量。但是，可靠性和安全性问题变得比单播更为复杂。在组播通信中，所有成员共享一个组密钥，用于加密群组数据。组成员是动态变化的，为了确保成员不能在加入群组之前或离开群组以后解密群组数据，必须及时更新组密钥。在组播安全问题中组密钥的安全管理是一个重要的研究课题，已成为目前研究的热点。 本文首先介绍了组播技术和组播的安全性要求，对现有的组播密钥管理方案进行分类，并对几种典型的组播密钥管理方案进行了比较和分析，指出了现有方案存在的问题。然后介绍了群组安全协同多会话交谈系统的设计和开发过程，在原有方案的基础上进行了改进：采用了组播技术来提高通信效率，满足协同系统的实时性要求；系统结构采用分布式从而避免了单一失效点的问题。 本文还提出了二种新的组播密钥管理方案：GC-PE和R-LKH。分别介绍其原理、结构和密钥更新算法。以密钥的存储量、加密计算量、网络通信量和抗冲击性四个方面作为衡量组播密钥管理方案性能优劣的指标，对相关的几种方案进行了分析和比较，给出了数据结果。分析结果表明：GC-PE方案在各方面的性能都比较理想，适合于大型动态组播环境；R-LKH方案采取一种改进的方法来缩减LKH算法的密钥存储量，使得LKH效率更高。更多还原

【Abstract】 With the extensive application and popularization of Internet, multicast also remains rapid development,and is broadly applied to many-to-many or one-to-many data communication. The main advantage of multicast is that the sender only needs to send the message once and the routers will forward the message to every receiver automatically. Compared with unicast, multicast can save network bandwidth and reduce sender’s overhead and network flow. However, as multicast involves multiple receivers, the reliability and security problems in multicast also become more complex than unicast. To ensure secure communication, every multicast member shares a common group key for encrypting data. Since multicast membership is dynamic, the group key should be updated in order that the member after who has left or before who adds in the group can not decrypt the encrypted data. Among all the problems in multicast security, multicast key management is a vital topic, which has attracted many researcher’s interests.This thesis begins with an introduction of multicast techniques and the security requirements. We also classified existing multicast key management schemes, among which, several typical schemes are compared and analyzed, and the problems in existing schemes is also given. Then, this thesis introduced the design and development of a group secure collaboration and multi-sessions talk system. We made some improvements on the system: first, multicast mechanism is applied to the system to improve communication efficiency and meet the real time requirement; second, a distributed architecture is designed to avoid single point of failure problem.In addition, this thesis proposed two novel multicast key management schemes: GC-PE and R-LKH. Their design principles, architecture and key updating algorithms are also given. These two schemes are compared with several related works. The schemes are evaluated using the following four metrics: key storage, encryption complexity, communication costs, and protection against attacks. The analysis and experimental results show that GC-PE has good performances in all metrics, which is suitable for larges-scale dynamic multicast groups and R-LKH is more efficient because it reduced LKH’s key storage using a improved method.更多还原