一种基于混合策略的动态组播密钥管理方案

组播密钥管理是当前组播安全研究的热点问题。在分析现有方案的基础上，考虑一种混合策略：将基于组的层次结构机制Iolus与基于密钥层次结构机制LKH的优点结合起来，提出了一种适合大型动态组播的可扩展的分层分组方式的密钥管理方案。该方案有效地降低了密钥更新的代价，具有较高的效率与较好的可扩展性．适合于解决大型动态组播的密钥管理问题。     

一种改进的TLCH组播密钥管理方案

TLCH协议是一个适用于安全组播通信且可扩展性较好的组播密钥管理协议。它基于LKH的思想,采用双层的控制者的层次结构,并使用单向函数进行密钥更新,达到了较低的计算开销。使用hash函数对TLCH组播密钥管理方案中成员加入时的密钥更新算法进行改进。与原来的TLCH相比,改进后的TLCH可以进一步降低了通信开销。     

基于LKH的组播密钥分发改进方案R-LKH

随着Internet的发展，组播技术得到了广泛的应用，其中组密钥管理是组播安全的核心问题。分析了已有密钥管理方案的优缺点，特别是被广泛关注的LKH方案，提出了一个基于LKH的密钥管理新方案R—LKH．并给出相应的更新算法。通过对本方案和其他方案的通信开销、密钥存储开销和计算开销的分析表明．该方案可有效降低密钥开销，且具有可行的通信效率，适用于大型的动态群组。     

安全组播密钥更新机制的研究

组播密钥更新策略的分类有多种，文中从更新消息的依赖性方面总结分析了三种类型的组播密钥更新机制，讨论了各种类型机制的特点，探讨和总结了组播密钥管理的研究现状和发展趋势。     

基于中国剩余定理的秘密共享组播密钥管理方案

该文结合中国剩余定理和Shamir秘密共享方法,提出了一种新的组播密钥管理方案基于中国剩余定理的秘密共享(CRTSS)组播密钥管理方案,并把所提出的CRTSS方案与GKMP方案进行比较和分析。结果表明,CRTSS方案克服了传统集中式平面型管理方式更新开销大的通病,提升了整体性能,是一种可靠的、新型的集中式平面型组播密钥管理方案。     

基于LKH混合树模型的新型组播密钥更新方案

安全组播是组播技术走向实用化必须解决的问题。在组成员动态变化时,设计一个高效的密钥管理方案是安全组播研究的主要问题。提出了一种基于新型混合树模型的组播密钥更新方案。该方案将GC的存储开销减小为4,同时,在成员加入或离开组时,由密钥更新引起的通信开销与nm保持对数关系(n为组成员数,m为每一族包含的成员数)。     

基于LKH的组播密钥分发改进方案

文章在分析LKH算法的基础上,结合在小规模组播时PE算法性能较好的优势,设计了一种改进的组播密钥管理方案PE-RLKH方案,并给出相应的更新算法。通过对本方案和LKE方案的通信开销、密钥存储开销和计算开销的比较表明,该方案具有计算开销小,在保持一定的通信开销下能降低组密钥存储开销,具有较好的通信效率,可适用于较大规模的组播。     

一种安全组播传输策略

IP组播建立在一个非封闭的传输系统上,为了实现安全组播,除了密钥加密信息,还需要下层的通讯子网提供支持,这样才能彻底实现安全封闭的组播通讯。其中讨论了一些流行的密钥管理框架,密钥更新方案以及用户管理机制。通过这些方案可以防止信息泄漏、Dos攻击、组攻击、伪造信息,从而实现了组播的安全通讯。     

一种多播密钥管理方案

随着Internet的发展,多播通信技术得到了迅速发展.其中组密钥管理是我播安全的核心问题.文中在分析已有研究的基础上,对树型密钥管理方案进行了改进,经过与逻辑密钥分层LKH方案和单向函数OFT方案进行分析比较,它在密钥存储、密钥更新通信量以及管理者的计算量方面元气有较好的性能.     

主密钥在组播密钥管理中的应用

本文在改进的RSA体制基础上给出主密钥的生成算法,并在主密钥的基础上提出了主密钥管理方案,该方案将参与组播的成员分成若干子组,每个子组的密钥生成、分发和更新由一个主密钥控制器完成。当成员变化时,设计的密钥更新策略同时满足前向安全和后向安全,这就解决了组通信中的密钥管理问题,实现了安全的组播。同时该方案使得每个用户只需存储和管理一个密钥,就能与组内或组外的用户进行安全通信,降低了用户的负载。因此主密钥管理方案能适用于大规模的、在网络中广泛分布的和动态的组。     

Multicast-Kommunikation im Internet

The Internet supports group communications by its multicast concept. Several Internet protocol extensions and new protocols have been developed in order to realize multicast in the Internet. This paper focuses on the IP multicast architecture, in particular on the IP multicast extensions and the corresponding multicast routing protocols. The IP multicast model has significant impacts on the underlying network technologies and on the transport protocols and applications on top of IP. These impacts are also discussed in the paper.     

OMAC: A new access control architecture for overlay multicast communications

Multicast communications concern the transfer of data among multiple users. Multicast communications can be provided at the network layer—an example is IP multicast—or at the application layer, also called overlay multicast. An important issue in multicast communications is to control how different users—senders, receivers, and delivery nodes—access the transmitted data as well as the network resources. Many researchers have proposed solutions addressing access control in IP multicast. However, little attention has been paid to overlay multicast. In this paper, we investigate the access control issues in overlay multicast and present OMAC: a new solution to address these issues. OMAC provides access control for senders, receivers, and delivery nodes in overlay multicast. The proposed architecture, which is based on symmetric key cryptosystem, centralizes the authentication process in one server whereas it distributes the authorization process among the delivery nodes. Moreover, delivery nodes are utilized as a buffer zone between end systems and the authentication server, making it less exposed to malicious end systems. To evaluate our work, we have used simulation to compare the performance of OMAC against previous solutions. Results of the simulation show that OMAC outperforms previous multicast access control schemes. Copyright © 2010 John Wiley & Sons, Ltd.     

Multicast forwarding over ATM: Native approaches

Multicasting is growing in importance as new multimedia applications are devised. Throughout this article, multicasting is understood as the efficient multipoint-to-multipoint transmission of information (in terms of network resource consumption) between the members of a group. Most multicast services have been designed up to now to work over connectionless environments. The approach adopted by connection-oriented networks has been to try to imitate these connectionless multicast schemes with the aim of supporting IP multicast or network-layer broadcast. However, these solutions present drawbacks in terms of delay or signaling overhead. The goal of native ATM multicasting is to provide multicast communications support by taking into account the characteristics of ATM. Therefore, the design philosophy of multicast must be rethought by making it more suitable for connection-oriented networks. Native ATM multicasting is based on mechanisms implemented at the switches to allow the correct ATM-layer multicast forwarding of information. These mechanisms seek to avoid the delay and signaling problems of current solutions, e.g., LAN emulation and IP multicast over ATM. This article provides a survey of the literature on the strategies that offer multicast communications in ATM environments, with special stress on native ATM multicast forwarding mechanisms. Other aspects, such as signaling, quality of service, traffic control, and routing, are not addressed in detail in this article.     

IP组播密钥管理技术研究

为了在IP组播中实现用户身份认证等安全管理,避免IP组播中的不安全因素,提出了一种运用门限技术和椭圆曲线密钥体制相结合的方案,构建一个IP组播服务系统并在其上分层实现了组播密钥的分发与恢复。最后通过实验测试给出了此方案的管理代价,证明了此方案可以很好地实现IP组播应用中的密钥管理,有效地解决了用户身份认证和授权管理问题,实现了安全IP组播。     

流量工程在IP组播中的实现

随着IP网络的进一步发展,用户不仅要求Web等一般的数据传输,而且对实时数据流的需求也急剧上升.这些实时业务往往是以组播方式向用户提供服务.而传统的IP组播已经很难满足用户对业务的QoS的需求.对流量工程技术在IP组播中的实现进行讨论,并提出了一个基于QoS的IP组播流量工程模型.最后总结了将来的研究方向.     

可靠多播传输协议研究

战术通信网需要多播技术以支持多种组播应用,如情形感知、任务协作等。无线通信可为战术通信网组播通信提供支持,但其可靠性不高,不能直接应用,必须加以控制。为此,研究了一种利用IP多播路由和转发服务提供端到端可靠数据传输协议,即面向否定确认的可靠多播协议(NORM)。深入分析了NORM协议的反馈确认、拥塞控制、包级FEC等关键技术。在结论与展望中,提出了这一领域的难点和对今后工作的展望。     

Challenges and advances in using IP multicast for overlay data delivery - [consumer communications and networking]

IP multicast and overlay multicast have been proposed for one-to-many data delivery over the Internet. Compared to overlay multicast, IP multicast is less deployed but can achieve higher delivery efficiency. Researchers hence study how to combine IP multicast with overlay multicast in order to achieve both high deployability and high delivery efficiency. This combination is called island multicast. In this article we present a comprehensive survey of recent research on island multicast. We investigate the general architecture and key components of island multicast. We then discuss the core issue in island multicast: how to set up delivery connections across multiple multicast domains. We finally discuss open issues for future research.     

Modeling and optimization of maximum flow survivable overlay multicast with predefined routing trees

Overlay networks employ underlying network technologies in order to provide end-system related communication and over the years overlays have been getting more and more attention in research community and in business world as well. Since overlays tackle many drawbacks present in pure “link-router-network” engineering, they have become an excellent solution for multimedia-oriented applications. A good example comprises multicast communications, where an overlay system, in contrast to IP Multicast, eliminates many issues related to scalability or management control. This paper focuses on modeling and optimization of overlay multicast networks aimed at realizing maximum throughput with survivability constraints, where survivability defines the ability of a multicast system to limit potential throughput losses in case of a failure of single virtual link. We present linear formulation derived from fractional tree packing problems based on predefined topologies which may route multicast traffic. Linear model might be used for obtaining optimal multicast structures, however its applicability is limited by increasing sizes of networks. Hence, we also design and evaluate heuristic searches dedicated to optimization of maximum flow survivable overlay multicast networks.     

A case for end system multicast

The conventional wisdom has been that Internet protocol (IP) is the natural protocol layer for implementing multicast related functionality. However, more than a decade after its initial proposal, IP multicast is still plagued with concerns pertaining to scalability, network management, deployment, and support for higher layer functionality such as error, flow, and congestion control. We explore an alternative architecture that we term end system multicast, where end systems implement all multicast related functionality including membership management and packet replication. This shifting of multicast support from routers to end systems has the potential to address most problems associated with IP multicast. However, the key concern is the performance penalty associated with such a model. In particular, end system multicast introduces duplicate packets on physical links and incurs larger end-to-end delays than IP multicast. We study these performance concerns in the context of the Narada protocol. In Narada, end systems self-organize into an overlay structure using a fully distributed protocol. Further, end systems attempt to optimize the efficiency of the overlay by adapting to network dynamics and by considering application level performance. We present details of Narada and evaluate it using both simulation and Internet experiments. Our results indicate that the performance penalties are low both from the application and the network perspectives. We believe the potential benefits of transferring multicast functionality from end systems to routers significantly outweigh the performance penalty incurred.