1. NCHU Institution Repository
  2. 電機資訊學院
  3. 資訊科學與工程學系所
Please use this identifier to cite or link to this item: http://hdl.handle.net/11455/19430
標題: 安全群播金鑰管理之研究
A Study on Secure Multicast Key Management
作者: 唐仕珊
Tang, Shih-Shan
關鍵字: Secure multicast;安全群播;group communication;rekeying;key management;群組通訊;金鑰更新;金鑰管理
出版社: 資訊科學系所
引用: [1] National Institute of Standards and Technology, Secure hash standard, Federal Information Processing Standards Publication 180-1, US Department of Commerce,Washington D.C., April 1995. [2] G. R. Blakley, "Safeguarding cryptographic keys," in Proceedings of the Natl. Computer Conf., vol. 48, pp. 313-317, Arlington, Va, June 1979. [3] B. Briscoe, "Marks: Zero side effect multicast key management using arbitrarily revealed key sequences," in Proceedings of Networked Group Communication, pp. 301-320, Pisa, Italy, November 1999. [4] R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas, "Multicast security: A taxonomy and some efficient constructions," in Proceedings of IEEE Conference on Computer Communications (INFOCOM''99), pp. 708-716, New York, NY, USA, March 1999. [5] R. Canetti, T. Malkin, and K. Nissim, "Efficient communication-storage tradeoffs for multicast encryption," in Advances in Cryptology - EUROCRYPT'' 99, vol. 1592, pp.459-474, 1999. [6] S. E. Deering, "Multicast routing in internetworks and extended LANs," in Proceedings of the ACM SIGCOMM''88, pp. 55-64, Stanford, CA, August 1988. [7] A. M. Eskicioglu, S. Dexter, and E. J. Delp, "Protection of multicast scalable video by secret sharing: Simulation results," in Proceedings of the IEEE MILCOM, vol. 5020, pp. 505-515, Santa Clara, CA, January 2003. [8] A. M. Eskicioglu and M. R. Eskicioglu, "Multicast security using key graphs and secret sharing," in Proceedings of the Joint International Conference on Wireless LANs and Home Networks and Networking, pp. 228-241, Atlanta, GA, August 2002. [9] J. Goshi and R. E. Ladner, "Algorithms for dynamic multicast key distribution trees," in Proceedings of the Twenty-second Annual Symposium on Principles of Distributed Computing (PODC 2003), pp. 243-251, New York, NY, USA, July 2003. [10] X. S. Li, Y. R. Yang, M. G. Gouda, and S. S. Lam, "Batch rekeying for secure group communications," in Proceedings of ACM SIGCOMM''01, pp. 525-534, San Diego, CA, August 2001. [11] H. Lu, "A novel high-order tree for secure multicast key management," IEEE Transactions on Computers, vol. 54, no. 2, pp. 214-224, 2005. [12] R. J. McEliece and D. V. Sarwate, "On sharing secrets and reed-solomon codes," Communications of the ACM, vol. 24, pp. 583-584, September 1981. [13] C. K. Miller, Multicast Networking and Applications, Reading, MA: Addison-Wesley, 1999. [14] S. Mittra, "Iolus: A framework for scalable secure multicasting," in Proceedings of ACM SIGCOMM''97, pp. 525-534, Cannes, France, October 1997. [15] M. Moyer, J. Rao, and P. Rohatgi, "Maintaining balanced key trees for secure multicast," Internet Engineering Task Force Internet-Draft, June 1999. [16] M. Moyer, J. Rao, and P. Rohatgi, "A survey of security issues in multicast communications," IEEE Network, vol. 13, pp. 214-224, November/December 1999. [17] D. Naor, M. Naor, and J. Lotspiech, "Revocation and tracing schemes for stateless receivers," in Advances in Cryptology - Crypto''01, vol. 2139, pp. 41-62, 2001. [18] T. P. Pedersen, "Non-interactive and nformation-theoretic secret sharing," in Advances in Cryptology - Crypto''91, vol. 576, pp. 129-140, 1992. [19] A. Perrig, D. Song, and D. Tygar, "ELK, a new protocol for efficient large-group key distribution," in Proceedings of the IEEE Symposium on Security and Privacy 2001, pp. 247-262, Oakland, CA, May 2001. [20] S. Rafaeli, L. Mathy, and D. Hutchison, "EHBT: An efficient protocol for group key management," in Proceedings of the Third International Workshop on Net-worked Group Comunications, pp. 159-171, London, UK, November 2001. [21] R. Rivest, The MD5 message-digest algorithm, RFC 1321, Internet Engineering Task Force, April 1992. [22] R. L. Rivest, A. Shamir, and L. M. Adleman, "A method for obtaining digital signatures and public-key cryptosystems," Communications of the ACM, vol. 21, pp. 120-126, February 1978. [23] O. Rodeh, K. P. Birman, and D. Dolev, "Using AVL trees for fault tolerant group key management," International Journal on Information Security, vol. 1, pp. 84-99,November 2001. [24] A. Shamir, "How to share a secret," Communications of the ACM, vol. 22, pp. 612-613, November 1979. [25] A. T. Sherman and D. A. McGrew, "Key establishment in large dynamic groups using one-way function trees," IEEE Transactions on Software Engineering, vol. 29, pp. 444-458, May 2003. [26] G. J. Simmons, "How to (really) share a secret," in Advances in Cryptology -Crypto''88, vol. 403, pp. 390-448, 1990. [27] G. J. Simmons, "Prepositioned shared secret and/or shared control schemes," in Advances in Cryptology - Crypto''89, vol. 434, pp. 436-467, 1990. [28] D. Wallner, E. Harder, and R. Agee, Key management for multicast: issues and architectures, RFC 2627, Internet Engineering Task Force, June 1999. [29] C. K. Wong, M. Gouda, and S. S. Lam, "Secure group communications using key graphs," in Proceedings of the ACM SIGCOMM''98, pp. 68-79, September 1998. [30] C. K. Wong, M. Gouda, and S. S. Lam, "Secure group communication using key graphs," IEEE/ACM Transactions on Networking, vol. 8, pp. 16-30, February 2000.
摘要: 
隨著網際網路的蓬勃發展,使得許多整合性的安全群組通訊(group communication)應用陸續透過網路來完成。安全群播(secure multicast)透過一有效率的方法將一相同通訊內容分送給所有的群組成員。然而為了達到通訊內容之機密性,一簡單的做法則是利用一對稱式金鑰來對通訊內容做加密。但是這可能會造成在金鑰更新(rekeying)時的負擔,尤其是面對一個龐大且動態的群組。過去一邏輯樹結構(tree-based)金鑰管理機制被廣泛地用來將金鑰更新時所產生的儲存、傳輸及計算成本降低至對數的群組成員人數。但要達到對數的金鑰更新成本的前題是要保持邏輯樹的平衡狀態。另一方面,邏輯樹結構金鑰管理機制可能會導致難以維持之同步性(synchronization)的問題。本論文提出了兩個應用於具延展性群播之金鑰管理機制來解決邏輯樹結構金鑰管理機制的問題並且獲得更佳的效能。首先,我們提出了一植基於機密分享之金鑰管理機制,利用一輕量化之前置式機密分享邏輯樹來解決金鑰邏輯樹所產生的問題。此外,我們消除了成員變動時所需之加解密過程,且金鑰可有效率地定期或是動態的更改。第二,我們提出了一以RSA為概念之群播金鑰管理機制來解決金鑰更新的問題。本研究提出了一星狀結構(star-based)來移除金鑰更新程序並且在群組成員變動時獲得比樹狀結構更好的效能。然而,我們亦將提供一延伸性的安全群播協定,在此我們將公開金鑰密碼系統和私密金鑰密碼系統結合起來達到更佳的執行效能。

The continuously growth of the Internet emerges many applications based on secure group communication. Secure multicast provides efficient delivery which includes an identical data from a source to multiple receivers. A common solution is to apply a symmetric key which is used to encrypt the transmitted data. However, the heavy cost of rekeying process is the main problem in large and dynamic multicast groups. The key tree-based architecture is widely used to reduce the rekeying cost of storage, transmission, and computation in the logarithm with the number of multicast group members. However, it usually requires extra overhead to keep key tree balance which is in order to achieve logarithmic rekeying cost. On the other hand, the key tree-based scheme may result in difficult problem to maintain synchronization due to the interdependencies among rekeying messages. Furthermore, we propose two key management schemes for scalable multicasting to solve the problem in the key tree-based schemes. First, we shall propose a key management scheme based on the secret sharing, in which we apply a new lightweight prepositioned secret sharing tree-based scheme to solve the problem in the key tree-based scheme. Furthermore, we eliminate the encryption/decryption processes during every membership and periodic key changes and can dynamically change the secret key frequently. Second, we shall propose a novel RSA-like multicast key management scheme to solve the rekeying problem. Our protocol applies a star-based architecture to eliminate the rekeying processes and provide the good performance in terms of membership changes in a multicast group. Furthermore, we also provide an extended secure multicast communication protocol, in which we combine public-key and symmetric-key cryptosystems to enhance the performance of multicast encryption.
URI: http://hdl.handle.net/11455/19430
其他識別: U0005-1206200717370200
Appears in Collections:資訊科學與工程學系所

Show full item record
 
TAIR Related Article

Google ScholarTM

Check


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.