共查询到16条相似文献,搜索用时 968 毫秒
1.
一种基于混合策略的动态组播密钥管理方案 总被引:3,自引:2,他引:1
组播密钥管理是当前组播安全研究的热点问题。在分析现有方案的基础上,考虑一种混合策略:将基于组的层次结构机制Iolus与基于密钥层次结构机制LKH的优点结合起来,提出了一种适合大型动态组播的可扩展的分层分组方式的密钥管理方案。该方案有效地降低了密钥更新的代价,具有较高的效率与较好的可扩展性.适合于解决大型动态组播的密钥管理问题。 相似文献
2.
基于LKH混合树的组播密钥更新方案 总被引:4,自引:0,他引:4
IP组播通信越来越得到广泛的应用,其密钥动态管理是一个值得关注的问题。本文主要对组播密钥更新方案进行分析,并对基于LKH密钥树的更新方案进行了改进。 相似文献
3.
基于LKH的组播密钥分发改进方案R-LKH 总被引:1,自引:1,他引:1
随着Internet的发展,组播技术得到了广泛的应用,其中组密钥管理是组播安全的核心问题。分析了已有密钥管理方案的优缺点,特别是被广泛关注的LKH方案,提出了一个基于LKH的密钥管理新方案R—LKH.并给出相应的更新算法。通过对本方案和其他方案的通信开销、密钥存储开销和计算开销的分析表明.该方案可有效降低密钥开销,且具有可行的通信效率,适用于大型的动态群组。 相似文献
4.
5.
论文基于入侵容忍的组播协议所采用的秘密共享机制,对组播的结构进行了一定的改进,使得在组播成员的变动过程中,安全性得到了提高,降低了密钥更新的次数,节约了网络资源和系统资源。 相似文献
6.
7.
8.
IP组播建立在一个非封闭的传输系统上,为了实现安全组播,除了密钥加密信息,还需要下层的通讯子网提供支持,这样才能彻底实现安全封闭的组播通讯。其中讨论了一些流行的密钥管理框架,密钥更新方案以及用户管理机制。通过这些方案可以防止信息泄漏、Dos攻击、组攻击、伪造信息,从而实现了组播的安全通讯。 相似文献
9.
TLCH协议是一个适用于安全组播通信且可扩展性较好的组播密钥管理协议。它基于LKH的思想,采用双层的控制者的层次结构,并使用单向函数进行密钥更新,达到了较低的计算开销。使用hash函数对TLCH组播密钥管理方案中成员加入时的密钥更新算法进行改进。与原来的TLCH相比,改进后的TLCH可以进一步降低了通信开销。 相似文献
10.
11.
Secure multicast applications require key management that provides access control. In wireless networks, where the error rate is high and the bandwidth is limited, the design of key management schemes should place emphasis on reducing the communication burden associated with key updating. A communication-efficient class of key management schemes is those that employ a tree hierarchy. However, these tree-based key management schemes do not exploit issues related to the delivery of keying information that provide opportunities to further reduce the communication burden of rekeying. In this paper, we propose a method for designing multicast key management trees that match the network topology. The proposed key management scheme localizes the transmission of keying information and significantly reduces the communication burden of rekeying. Further, in mobile wireless applications, the issue of user handoff between base stations may cause user relocation on the key management tree. We address the problem of user handoff by proposing an efficient handoff scheme for our topology-matching key management trees. The proposed scheme also addresses the heterogeneity of the network. For multicast applications containing several thousands of users, simulations indicate a 55%-80% reduction in the communication cost compared to key trees that are independent of the network topology. Analysis and simulations also show that the communication cost of the proposed topology-matching key management tree scales better than topology-independent trees as the size of multicast group grows. 相似文献
12.
一种基于时间结构树的多播密钥管理方案 总被引:3,自引:0,他引:3
随着Internet的发展,多播通信技术得到了广泛的应用.其中组密钥管理是多播安全的核心问题.文中在分析已有研究的基础上,提出了一种基于时间结构树的密钥管理方案,采用周期性的密钥更新机制,通过安全滤波器分配新的组密钥,大大减少了密钥更新时的传输消息,提高了密钥更新的效率,实现密钥更新的可靠性. 相似文献
13.
Topological Key Hierarchy for Energy-Efficient Group Key Management in Wireless Sensor Networks 总被引:3,自引:0,他引:3
A sensor network operating in open environments requires a network-wide group key for confidentiality of exchanged messages
between sensor nodes. When a node behaves abnormally due to its malfunction or a compromise attack by adversaries, the central
sink node should update the group key of other nodes. The major concern of this group key update procedure will be the multi-hop
communication overheads of the rekeying messages due to the energy constraints of sensor nodes. Many researchers have tried
to reduce the number of rekeying messages by using the logical key tree. In this paper, we propose an energy-efficient group
key management scheme called Topological Key Hierarchy (TKH). TKH generates a key tree by using the underlying sensor network
topology with consideration of subtree-based key tree separation and wireless multicast advantage. Based on our detailed analysis
and simulation study, we compare the total rekeying costs of our scheme with the previous logical key tree schemes and demonstrate
its energy efficiency. 相似文献
14.
Scalable secure group communication over IP multicast 总被引:3,自引:0,他引:3
Banerjee S. Bhattacharjee B. 《Selected Areas in Communications, IEEE Journal on》2002,20(8):1511-1527
We introduce and analyze a scalable rekeying scheme for implementing secure group communications Internet protocol multicast. We show that our scheme incurs constant processing, message, and storage overhead for a rekey operation when a single member joins or leaves the group, and logarithmic overhead for bulk simultaneous changes to the group membership. These bounds hold even when group dynamics are not known a priori. Our rekeying algorithm requires a particular clustering of the members of the secure multicast group. We describe a protocol to achieve such clustering and show that it is feasible to efficiently cluster members over realistic Internet-like topologies. We evaluate the overhead of our own rekeying scheme and also of previously published schemes via simulation over an Internet topology map containing over 280 000 routers. Through analysis and detailed simulations, we show that this rekeying scheme performs better than previous schemes for a single change to group membership. Further, for bulk group changes, our algorithm outperforms all previously known schemes by several orders of magnitude in terms of actual bandwidth usage, processing costs, and storage requirements. 相似文献
15.
The group merging/splitting event is different to the joining/leaving events in which only a member joins or leaves group, but in the group merging/splitting event two small groups merge together into a group or a group is divided into two independent parts. Rekeying is an importance issue for key management whose target is to guarantee forward security and backward security in case of membership changes, however rekeying efficiency is related to group scale in most existing group key management schemes, so as to those schemes are not suitable to the applications whose rekeying time delay is limited strictly. In particular, multiple members are involved in the group merging/splitting event, thus the rekeying performance becomes a worried problem. In this paper, a high performance group merging/splitting group key management scheme is proposed based on an one-encryption-key multi-decryption-key key protocol, in the proposed scheme each member has an unique decryption key that is corresponding to a common encryption key so as to only the common encryption key is updated when the group merging/splitting event happens, however the secret decryption key still keeps unchanged. In efficiency aspect, since no more than a message on merging/splitting event is sent, at time the network load is reduced since only a group member’s key material is enough for other group members to agree a fresh common encryption key. In security aspect, our proposed scheme achieves the key management security requirements including passive security, forward security, backward security and key independence. Therefore, our proposed scheme is suitable to the dynamitic networks that the rekeying time delay is limited strictly such as tolerate delay networks. 相似文献
16.
Hubenko V.P. Raines R.A. Baldwin R.O. Mullins B.E. Mills R.F. Grimaila M.R. 《IEEE network》2007,21(4):51-56
As multicasting technologies grow in popularity, so does the need for scalable security architectures to support the user base. Significant research efforts are ongoing in the areas of group-key distribution and management. However, little research has addressed the security of very large, distributed groups communicating via low-earth orbit satellite networks. In this article, we review the requirements common to most secure, multicast networking environments; discuss existing scalable multicast security architectures; and present a novel modular scalable architecture for secure multicast, adapted to a low-earth orbit satellite system. Simulated results reveal a twelve-fold reduction in average user rekeying and an order of magnitude reduction in required key distribution versus the baseline architecture. 相似文献