Please use this identifier to cite or link to this item:
標題: 安全的廣播金鑰管理機制之設計
The Design of Key Management Schemes for Secure Broadcasting
作者: 林仁宏
Lin, Ren-Hung
關鍵字: Broadcast;廣播;Encryption;Key management;Group communication;One-to-many;Many-to-many;加密;金鑰管理;群體通訊;一對多;多對多
出版社: 應用數學系所
引用: [1] Akhter, F., Hobbs, D., and Maamar, Z., “Determining the Factors which Engender Customer Trust in Business-to-Consumer (B2C) Electronic Commerce,” Proceedings of the IEEE International Conference on E-Commerce Technology, 2004, pp.291-294. [2] Baek, J., Safavi-Naini, R. and Susilo, W., “Efficient Multi-Receiver Identity-Based Encryption and Its Application to Broadcast Encryption Public-Key Encryption Schemes,” Proceedings of PKC 2005, LNCS 3386, 2005, pp.380-397. [3] Boldyreva, A., “Efficient Threshold Signature, Multisignature and Blind Signature Schemes Based on the Gap-Diffie-Hellman-Group Signature Scheme,” Proceedings of PKC 2003, LNCS 2139, 2003, pp.31-46. [4] Boneh, D. and Franklin, M., “Identity-Based Encryption from the Weil Pairing,” Proceedings of Advances in Cryptology – Crypto’01, LNCS 2139, 2001, pp. 213-229. [5] Boneh, D. and Franklin, M., “Identity based encryption from the Weil pairing,” SIAM Journal on Computing, Vol. 32, No. 3, 2003, pp.586-615. [6] Boneh, D., Gentry, C., Shacham, H. and Lynn, B., “Aggregate and Verifiably Encrypted Signatures from Bilinear Maps,” Proceedings of Advances in Cryptology – Eurocryp’03, LNCS 2656, pp.416-432, 2003. [7] Boneh, D., Shacham, H. and Lynn, B., “Short signatures from the Weil pairing,” Proceedings of Advances in Cryptology – Asiacrypt’01, LNCS 2248, 2001, pp.514-532. [8] Briscoe, B., “MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences,” Proceedings of 1st International Workshopon Networked Group Communication, 1999, pp.301-320. [9] Canetti, R., Garay, J., and Itkis, G., Micciancio, D., Naor, M., and Pinkas, B., “Multicast Security: a Taxonomy and Some Efficient Constructions,” Proceedings of the 18th Annual Joint Conference of the IEEE Computer and Communications Societies - INFOCOM 1999, Vol. 2, 1999, pp.708-716. [10] Canetti, R., Malkin, T. and Nissim, K. “Efficient communication-storage tradeoffs for group communication encryption,” Proceedings of Advances in Cryptology – Eurocrypt’99, 1999, pp.456-470. [11] Chan, K.C. and Chan, S.-H.G, “Distributed servers approach for large-scale secure group communication,” IEEE Journal on Selected Areas in Communications, Vol. 20, 2002, pp.1500-1510. [12] Chien, H.Y. and Jan, J.K., “Improved authenticated multiple-key agreement protocol without using conventional one-way function,” Applied Mathematics and Computation, Vol.147, No.2, 2004, pp.491-497. [13] Chien, H.Y. and Jan, J.K., “New Hierarchical Assignment without Public-Key Cryptography”, Computers & Security, Vol.22, No.6, 2003, pp.523-526. [14] Choie, Y.J. and Lee, E., “Implementation of Tate pairing on hyperelliptic curves of Genus 2,” Proceedings of the International Calendar of Information Science Conferences (ICISC) 2003, LNCS 2971, 2004, pp.97-111. [15] Chokhani, S. and Ford, W. “Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework,” IETF PKIX RFC 2527, March 1999. [16] Chor, B., Fiat, A., Naor, M. and Pinkas, B., “Tracing traitors,” IEEE Transactions on Information Theory, Vol.46, Iss. 3, 2000, pp.893-910. [17] Chu, H.H., Qiao, L., and Nahrstedt, K., “A secure group communication protocol with copyright protection,” ACM SIGCOMM Computer Communication Review, vol. 32, 2002, pp.42-60. [18] Dierks, T. and Allen, C. “The TLS Protocol Version 1.0,” IETF RFC 2246, January 1999. [19] Du, X.J., Wang, Y., Ge, J.H. and Wang, Y.M., “An ID-Based Broadcast Encryption Scheme for Key Distribution,” IEEE Transactions on Broadcasting, Vol.51, Iss.2, 2005, pp.264-266. [20] Dutta, R., Barua, R., and Sarkar, P., “Pairing-Based Cryptographic Protocols: A Survey,” Cryptology ePrint Archive, Report 2004/064, 2004. [21] Elgamal, T., “A public key cryptosystem and a signature scheme based on discrete logarithms.” IEEE Transactions on Information Theory, Vol. 31, Iss. 4, 1985, pp.473-481. [22] El-Sayed, A., Roca, V. and Mathy, L., “A survey of proposals for an alternative group communication service,” IEEE Network, Vol.17, Iss.1, 2003, pp.46-51. [23] Fan, C.I. and Lei, C.L., “Low-computation Partially Blind Signatures for Electronic Cash,” IEICE Transactions on Fundamentals of Electronics, Vol.E81-A, No.5, 1998, pp.818-824. [24] Freier, A. O., Karlton, P. and Kocher, P. C. “The SSL Protocol Version 3.0,” IETF Internet Draft, March 1996. [25] Galbraith, S.D., Paterson, K.G. and Smart, N.P., “Pairings for Cryptographers,” Cryptology ePrint Archive, Report 2006/165, 2006. [26] Galbraith, S.D., Harrison, K. and Soldera, D., “Implementing the Tate pairing,” Proceedings of ANTS 2002, LNCS 2369, 2002, pp.324-337. [27] Greveler, U., “How Pay-TV becomes E-Commerce,” Proceedings of the Seventh IEEE International Conference on E-Commerce Technology, 2005, pp.508-511. [28] Halevy, D. and Shamir, A., “The LSD broadcast encryption scheme,” Proceedings of Advances in Cryptology – Crypto’02, LNCS 2442, 2002, pp.47-60. [29] Herranz, J., and S?ez, G., “New Identity-Based Ring Signature Schemes,” Proceedings of Information and Communications Security (ICICS), 2004, LNCS 3269, 2004, pp.27-39. [30] Hirakawa, S., Sato, N. and Kikuchi, H., “Broadcasting Satellite services for mobile reception,” Proceedings of the IEEE, Vol.94, Iss.1, 2006, pp.327-332. [31] Hopwood, D., “PRF and KDF algorithms,” [32] Huang, D.J. and Medhi, D., “A Key-Chain-Based Keying Scheme For Many-to-Many Secure Group Communication,” ACM Transactions on Information and System Security, Vol.7, No.4, 2004, pp.523-552. [33] Huang, Y.L., Shieh, S.P., Ho, F.S. and Wang, J.C. “Efficient Key Distribution Schemes for Secure Media Delivery in Pay-TV Systems,” IEEE Transactions on Multimedia, Vol. 6, No. 5, 2004, pp.760-769. [34] Jan, J.K. and Chern, Y.Y., “A practical design for secure broadcasting using PKD concept,” Proceedings of IEEE International Carnahan Conference on Security Technology, 1993, pp.22-27. [35] Jin, H.X., Lotspiech, J. and Nusser, S., “Traitor Tracing for Prerecorded and Recordable Media,” Proceedings of the 4th ACM workshop on Digital rights management, 2004, pp.83-90. [36] Joux, A., “A one round protocol for tripartite Diffie–Helman,” Proceedings of Algorithmic Number Theory symposium, LNCS 1838, 2000, pp.385-394. [37] Jurisic, A. and Menezes, A., “Elliptic Curves and Cryptography,” Dr. Dobb’s Journal, 1997, pp.23-36. [38] Kent, S. and Seo, K. “Security Architecture for the Internet Protocol,” IETF RFC 4301, December 2005. [39] Koblitz, N., “Elliptic curve cryptosystems,” Mathematics of Computation, Vol. 48, 1987, pp.203-209. [40] Li, M., Poovendran, R. and Berenstein, C., “Design of secure group communication key management schemes with communication budget constraint,” IEEE Communications Letters, Vol.6, 2002, pp.108-110. [41] Lin, R.H. and Jan, J.K., “A Tree-Based Scheme for Security of Many-to-Many Communication,” Journal of High Speed Networks, Vol.16, No.1, 2007, pp.69-79. [42] Lin, R.H. and Jan, J.K., “An Innovative Revocation Scheme for One-to-many E-services,” Electronic Commerce Research and Applications, Vol.6, Iss.3, 2007, pp.358-363. [43] Lin, R.H. and Jan, J.K., “A Secure Session Key Distribution Scheme for Group Communications,” Journal of Shanghai Jiaotong University (Science), Vol.E-11, No.2, 2006, pp.192-196. [44] Liu, B.F., Zhang, W.J. and Jiang, T.P., “A Scalable Key Distribution Scheme for Conditional Access System in Digital Pay-TV System,” IEEE Transactions on Consumer Electronics, Vol. 50, No. 2, 2004, pp.632-637. [45] Menezes, A.J., Okamoto, T. and Vanstone, S.A., “Reducing elliptic curve logarithm to logarithm in a finite field,” IEEE Transactions on Information Theory, Vol. 39, 1993, pp.1639-1646. [46] Mihaljevic, M., “Key Management Schemes for Stateless Receivers Based on Time Varying Heterogeneous Logical Key Hierarchy,” Proceedings of Advances in Cryptology – Asiacrypt’03, 2003, pp.137-154. [47] Miller, V. S., “The Weil pairing and its efficient calculation,” Journal of Cryptology, Vol. 7, No.4, 2004, pp.235-261. [48] Miller, V., “Use of elliptic curves in cryptography,” Advances in Cryptology – Crypto’85, LNCS 218, 1985, pp.417-426. [49] Mittra, S., “Iolus: A framework for scalable secure multicasting,” Proceedings of the ACM SIGCOMM ''97 conference on Applications, technologies, architectures, and protocols for computer communication, 1997, pp.277-288. [50] Molva, R. and Pannetrat, A., “Scalable group communication security with dynamic recipient groups,” ACM Transactions on Information and System Security, Vol. 3 , 2000, pp.136-160. [51] Naor, D., Naor, M. and Lotspiech, J., “Revocation and Tracing Schemes for Stateless Receivers,” Advances in Cryptology – Crypto’01, LNCS 2139, 2001, pp.41-62. [52] Nishimoto, Y., Baba, A., Kurioka, T. and Namba, S. “A digital rights management system for digital broadcasting based on home servers,” IEEE Transactions on Broadcasting, Vol.52, Iss.2, 2006, pp.167-172. [53] Noubir, G., Zhu, F. and Chan, A.H., “Key management for simultaneous join/leave in secure group communication,” Proceedings of 2002 IEEE International Symposium on Information Theory, 2002, pp.325-325. [54] Park, J.M., Chong, E.K.P. and Siegel, H.J. “Efficient multicast packet authentication using signature amortization,” Porceedings of 2002 IEEE Symposium on Security and Privacy, 2002, pp.210-223. [55] Perrig, A., Canetti, R., Tygar, J.D. and Song, D., “Efficient authentication and signing of group communication streams over lossy channels,” Proceedings of 2000 IEEE Symposium on Security and Privacy, 2000, pp.56-73. [56] Rafaeli, S. and Hutchison, D., “A survey of key management for secure group communication,” ACM Computing Surveys, Vol.35, Iss.3, 2003, pp.309-329. [57] Rivest, R., Shamir, A. and Adleman, L., “A method for obtaining on digital signatures and public-key cryptosystems,” Communications of the ACM, Vol.21, No.2, 1978, pp.120-126. [58] Safavi-Naini, R. and Wang, Y.J., “Sequential Traitor Tracing,” IEEE Transactions on Information Theory, Vol.49, No.5, 2003, pp.1319-1326. [59] Shamir, A., “Identity-based cryptosystems and signature schemes,” Proceedings of Advances in Cryptology – Crypto’84, 1984, LNCS 196, pp.47-53. [60] Sherman, A.T. and McGrew, D.A., “Key Establishment in Large Dynamic Groups Using One-Way Function Trees,” IEEE Transactions on Software Engineering, Vol.29, No.5, 2003, pp.444-458. [61] Stallings, W. “Network security essentials: applications and standards,” 2nd Edition, Prentice Hall, 2003, pp.216. [62] Stallings, W., “Cryptography and Network Security: Principles and Practice,” Chapter 17, 3rd Edition, Prentice Hall, 2002. [63] Steiner, M., Tsudik, G., and Waidner, M., “Diffie-Hellman key distribution extended to group communication,” Proceedings of 3rd ACM conference on computer and communications security, 1996, pp.31-37. [64] Tran, M. and Tavanapong, W. “On the Design, Analysis, and Implementation of a Generalized Periodic Broadcast Server,” IEEE Transactions on Broadcasting, Vol.52, Iss.4, 2006, pp.515-528. [65] Tseng, Y.M., “A scalable key-management scheme with minimizing key storage for secure group communications,” International Journal of Network Management, Vol.13, No.6, 2003, pp.419-425. [66] Wallner, M., Harder, E.J. and Agee, R.C., “Key management for group communication : Issues and architectures,” RFC2627, 1999. [67] Wang, L. and Wu, C.K., “Efficient identity-based multicast scheme from bilinear pairing,” IEE Proceedings Communications, 2005, Vol. 152, No. 6, pp.877-882. [68] Wang, Y. and Li T.Y., “LITESET/A++: A New Agent-assisted Secure Payment Protocol.” Proceedings of the IEEE International Conference on E-Commerce Technology, 2004, pp.244-251. [69] Wong, C.K., Gouda, M. and Lam, S.S., “Secure group communications using key graphs,” IEEE/ACM Transactions on Networking, Vol.8, No.1, 2000, pp.16-30. [70] Xie, Q., Zeng, S.B., and Yu, X.J., “A Smart-Card-based Conditional Access Subsystem Separation Scheme for Digital TV Broadcasting,” IEEE Transactions on Consumer Electronics, Vol.51, Iss.3, 2005, pp.925-932. [71] Zhang, F. and Kim, K., “ID-Based Blind Signature and Ring Signature from Pairings,” Proceedings of Advances in Cryptology – Asiacrypt’02, LNCS 2510, 2002, pp.533-547. [72] Zhu, W.-T., “Optimizing the Tree Structure in Secure Multicast Key Management,” IEEE communications letters, vol. 9, no. 5, 2005, pp.477-479. [73] National Institute of Standards and Technology (NIST) “Announcing the ADVANCED ENCRYPTION STANDARD (AES)”, Federal Information Processing Standards Publication 197, November 26, 2001. [74] 林仁宏, 詹進科, “A Study on Secure Group Communications using Bilinear Pairing (雙線性配對在群體通訊之研究),” Communications of the CCISA (資訊安全通訊), Vol.12, No.4, 2006, pp.48-60. [75] 林仁宏, 詹進科, “安全的群播金匙管理,” Communications of the CCISA (資訊安全通訊), Vol.9, No.2, 2003, pp.39-48.
目前有幾個網路加密協定可以直接用來加密明文,達到通訊雙方的傳輸機密性的要求,例如IPsec (IP security), SSL (Secure Sockets Layer), 或者 TLS (Transport Layer Security)。但是在廣播通訊的環境中直接使用這些協定,可能導致計算量的迅速增加,不利於系統的擴充性(scalability)要求。由於應用這些協定加解密時,需要通訊雙方建立一條點對點的安全連線,才能使用加解密的傳輸功能。假設有n個合法的成員要接收訊息,伺服器就要各自建立兩兩的安全連線來做加解密運算,很明顯的通訊與計算複雜度是O(n)。當成員大量增加後,系統需要相當多的計算能力以及通訊頻寬,才有辦法處理人員擴充的問題。而且在通訊的過程中,往往每隔一段特定的時間,系統便會執行更換加密金鑰的動作,以確保傳輸的秘密資訊不容易受到離線攻擊的破解,如此一來,人員的大量增加會使得系統更加難以負荷,因為系統要針對每個使用者,單獨處理金鑰更換協商與安全地傳送新的加密金鑰給使用者。特別是在無線傳輸的環境中,頻寬資源相對於有線的環境更是受到限制,如果定期執行更新金鑰的相關運算,其通訊複雜度是隨著使用者呈線性成長,有限的頻寬將不易即時處理大量資料傳輸的問題。而且無線通訊環境當中,接收端擁有的設備可能是運算能力較薄弱的可攜性裝置,例如手機或是個人數位助理(PDA),也不利於執行複雜度是線性成長的頻繁運算。
本論文提出幾個安全廣播的金鑰管理協定。透過這些機制,不僅可以減少傳送端的金鑰儲存空間,而且可以明顯降低通訊所需的頻寬。系統管理者能夠快速處理每個使用者不同的內容需求,針對個人提供多樣化的廣播服務(service diversity)。如果使用者也想分享他的廣播訊息給別的成員,只要系統管理者將相關金鑰設定完成,每一位使用者就能夠在任何時候傳送廣播訊息,而且只有他指定的成員才能順利解密,廣播期間不須要系統管理者從旁協助,能減輕廣播系統計算上的負擔。應用本文所提出的廣播機制,使用者不需要一直在上線(on-line)狀態,也不會漏接加密金鑰更動的訊息,經由安全性分析,我們所提之這些協定可以達到一定程度的安全水準。

Due to the great improvement in speed and reliability of Internet technology, servers are able to provide many different services for end users. One popular application is broadcast service. Millions of broadcast messages are transmitted to end users every day. For examples, video transmissions, daily news feeds, live multi-party conferencing, and online video games are some of end users' favorite broadcast services. If some end users are not authorized to access the particular messages, senders should protect the confidentiality of what are broadcasting. Therefore, a major security challenge for broadcast communications is to provide efficient methods for controlling authorized accesses.
Encrypting the original messages (plain text) with secret information (secret key) is a popular way to keep the privacy of messages. The plain text will be transformed to a confused one (cipher text) after being processed with encryption techniques. Usually, when authorized end users register at a server, they are assigned their own secret keys and are able to recover (decrypt) the cipher text received later. On the other side, even though unauthorized end users may receive each broadcast message through public mediums used for transmission, they cannot read the confidential messages because they do not own the specific secret key.
Enabling the available protocols such as IPsec (IP security), SSL (Secure Sockets Layer), or TLS (Transport Layer Security) can encrypt the packets to achieve the secrecy requirements. However, the complexity of communications will be raised substantially. When using IPsec or SSL/TLS to ensure the secrecy, each of the two parties must establish a secure point-to-point link respectively for communications. In an n-members group, if one sender wants to transmit (broadcast) an identical message to the other members simultaneously, the system needs to establish distinct links for secure transmissions. The needed bandwidth goes up with the order of n, namely the communication complexity is O (n). When the size of group goes up, it needs much more computing power and communication bandwidth to handle the problem of scalability. Moreover, when the communicating has lasted for a period of time, the system has to be enabled with a negotiation for each link to produce a different secret key. If we use IPsec or SSL/TLS to secure the broadcast messages, the communication complexity of re-keying will increase with n, namely with respect to the size of group. The scalability of system will be degenerated by the increasing of end users. Particularly when communicating via wireless mediums, the available bandwidth in a wireless environment is much less than in a wired one. Therefore, an efficient scheme must be developed to solve the scalability problem of secure broadcasting.
We propose key management schemes for secure broadcasting to reduce the key storage requirement of senders and the order of communication complexity when re-keying the session keys used for secure broadcasting. A service provider can efficiently manage each member's content request and provide various services at the same time. When the initiation phase is completed, group members can freely communicate one another in security as long as they are the same network system with no need of a group controller. Moreover, with our schemes, group members are not required to be on-line constantly for saving the changes to the system.
其他識別: U0005-0408200810002200
Appears in Collections:應用數學系所

Show full item record

Google ScholarTM


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.