基于多播的身份认证技术研究

传统的身份认证技术对于多播身份认证并不适用,因为多播身份认证有它自身的特殊要求.主要阐述了几种针对多播身份认证独特特点的解决方案,并分别总结了这些方案的优点,并指出了他们的缺点,最后对这些方案进行了比较,并介绍了一种可能用于改进多播的身份认证的技术.     

一种基于时间结构树的多播密钥管理方案

随着Internet的发展,多播通信技术得到了广泛的应用.其中组密钥管理是多播安全的核心问题.文中在分析已有研究的基础上,提出了一种基于时间结构树的密钥管理方案,采用周期性的密钥更新机制,通过安全滤波器分配新的组密钥,大大减少了密钥更新时的传输消息,提高了密钥更新的效率,实现密钥更新的可靠性.     

一种多播密钥管理方案

随着Internet的发展,多播通信技术得到了迅速发展.其中组密钥管理是我播安全的核心问题.文中在分析已有研究的基础上,对树型密钥管理方案进行了改进,经过与逻辑密钥分层LKH方案和单向函数OFT方案进行分析比较,它在密钥存储、密钥更新通信量以及管理者的计算量方面元气有较好的性能.     

轻量级身份认证及安全通信技术研究

针对资源受限且通信不稳定的嵌入式设备网络信息安全传输问题,提出了一种基于国密算法的轻量级身份认证及基于认证技术的加密传输技术。首先,对嵌入式节点进行安全度量并生成SM2数字证书。然后,通信双方可以基于生成的数字证书进行身份认证,节点认证成功后协商出通信使用的会话密钥。最后,合法节点可以使用协商出的会话密钥,使用SM4-CTR模式完成信息传输,在保障信息安全传输的同时,也保障了通信过程的健壮性。实验结果表明,技术可以防止恶意节点的非法接入,在认证完成后能够生成可用的会话密钥,以密文形式进行信息安全交互,且能以较高速率实现加解密传输。     

一个高效的基于身份的群密钥协商协议

群密钥协商协议是在Ad Hoc网络群通信中建立会话密钥的一种有效解决方法.但由于Ad Hoc网络是一个拓扑结构变化频繁的网络,因而在群通信中,不仅要建立一致的会话密钥,还要考虑成员变化的情况.文中结合完全二又树结构,提出了一种新的基于身份的群密钥协商协议.新方案具有隐含密钥认证、已知会话密钥安全,前向安全、抗密钥泄露攻击.抗未知密钥共享攻击、密钥控制等安全特性,并且效率较高.     

移动通信系统中有效的身份认证方案和支付协议

文中给出了一个基于公钥密码的有效的身份认证和密钥交换协议，该协议可以实现通信双方的相互认证，产生的会话密钥对通信双方是公正的，且会话密钥的产生不需要其他第三方的参与，协议的结构简单，执行效率高：在此协议基础上设计了一个适用于移动通信系统的小额支付协议。     

基于椭圆曲线的隐私增强认证密钥协商协议

认证密钥协商协议能够为不安全网络中的通信双方提供安全的会话密钥,但是,大多数的认证密钥协商协议并没有考虑保护用户隐私.论文关注网络服务中用户的隐私属性,特别是匿名性和可否认性,规范了增强用户隐私的认证密钥协商协议应满足的安全需求,即双向认证、密钥控制、密钥确认、会话密钥保密、已知会话密钥安全、会话密钥前向安全、用户身份匿名、用户身份前向匿名、不可关联和可否认,并基于椭圆曲线密码系统设计了一个满足安全需求的隐私增强认证密钥协商协议.     

一种适用于安全多播的加密算法及密钥管理方案

为了避免安全多播中的密钥更新，强化密钥管理和提高安全多播的效率，在分析安全多播需求的基础上，提出一种适用于安全多播的加密算法和相应的安全多播密钥管理模型，实现了无需更新密钥就可满足前向和后向加密的抗同谋破解的安全多播。分析表明，给出的加密算法拥有良好的加密强度和加密速度。这种无需更新密钥的安全多播可以应用在各类多播环境中。     

基于无线网络IP多播密钥的管理协议

研究了无线网络IP多播密钥管理协议，通过对几个目前有影响的协议进行分析和讨论，提出它们的特点和不足，对研究移动网络IP多播密钥管理具有参考价值。     

异构无线网络中基于标识的匿名认证协议

针对异构无线网络中的认证协议的安全问题,提出一种基于CPK算法和改进的ECDH算法的双向认证和密钥协商协议,引入用户的临时认证身份和临时通信身份实现用户的身份匿名;提出采用临时通信身份有序对防止重认证过程中的重放攻击,并且在协议设计中规避了密钥泄漏带来的风险。分析表明该协议具有身份认证、会话密钥安全、匿名性等安全属性。     

MobiCast: A multicast scheme for wireless networks

In this paper, we propose a multicast scheme known as MobiCast that is suitable for mobile hosts in an internetwork environment with small wireless cells. Our scheme adopts a hierarchical mobility management approach to isolate the mobility of the mobile hosts from the main multicast delivery tree. Each foreign domain has a domain foreign agent. We have simulated our scheme using the Network Simulator and the measurements show that our multicast scheme is effective in minimizing disruptions to a multicast session due to the handoffs of the mobile group member, as well as reducing packet loss when a mobile host crosses cell boundaries during a multicast session.     

基于LKH混合树模型的新型组播密钥更新方案

安全组播是组播技术走向实用化必须解决的问题。在组成员动态变化时,设计一个高效的密钥管理方案是安全组播研究的主要问题。提出了一种基于新型混合树模型的组播密钥更新方案。该方案将GC的存储开销减小为4,同时,在成员加入或离开组时,由密钥更新引起的通信开销与nm保持对数关系(n为组成员数,m为每一族包含的成员数)。     

基于SimCT的多播路由及故障恢复研究

在数据交换网络中,颜色树是一种通过节点不相交的多路径路由数据报文的有效方法。这种方法中组建两棵以某一节点为根节点的颜色树,即Red树和Blue树,网络中各节点到根节点的路径是节点不相交的。本文在分析和研究SimCT算法的基础上,提出了一种基于颜色树的多播树生成方法及单节点/链路故障的多播通信恢复方案。该方法根据SimCT算法构造的颜色树来组建一棵多播转发树,在多播树中单节点或单链路故障后,故障检测节点本地执行故障恢复方案,将受影响的故障节点的下游子树重新连接到多播树。仿真实验表明,本文所提出的多播树生成方案相比现有方案可以减少网络资源的浪费,并且故障恢复后的代价与原多播通信树相当。     

Family ACK tree (FAT): supporting reliable multicast in mobile ad hoc networks

A new protocol, called family ACK tree (FAT), is proposed to support a reliable multicast service for mobile ad hoc networks. For each reliable multicast protocol, a recovery scheme is used to ensure end-to-end delivery of unreliable multicast packets for all group members. FAT employs a tree-based recovery mechanism that localizes ACKs and retransmissions to avoid feedback implosion. To cope with node movements, FAT constructs an ACK tree on which each node maintains reachability information to three generations of nodes on the ACK tree. When a tree is fragmented due to a departed node, the fragments are glued back to the tree using the underlying multicast routing protocol. FAT then adopts an adaptive scheme to recover missed packets that have been multicast to the group during fragmentation and are not repaired by the new reliability agent. We have conducted simulations to compare the performance of FAT with existing solutions. The results show that FAT achieves better performance for the provision of reliable service in ad hoc networks, in terms of reliability, scalability, and delivery efficiency.     

A scalable multicast key management scheme for heterogeneous wireless networks

Secure multicast applications require key management that provides access control. In wireless networks, where the error rate is high and the bandwidth is limited, the design of key management schemes should place emphasis on reducing the communication burden associated with key updating. A communication-efficient class of key management schemes is those that employ a tree hierarchy. However, these tree-based key management schemes do not exploit issues related to the delivery of keying information that provide opportunities to further reduce the communication burden of rekeying. In this paper, we propose a method for designing multicast key management trees that match the network topology. The proposed key management scheme localizes the transmission of keying information and significantly reduces the communication burden of rekeying. Further, in mobile wireless applications, the issue of user handoff between base stations may cause user relocation on the key management tree. We address the problem of user handoff by proposing an efficient handoff scheme for our topology-matching key management trees. The proposed scheme also addresses the heterogeneity of the network. For multicast applications containing several thousands of users, simulations indicate a 55%-80% reduction in the communication cost compared to key trees that are independent of the network topology. Analysis and simulations also show that the communication cost of the proposed topology-matching key management tree scales better than topology-independent trees as the size of multicast group grows.     

Pricing Multicast Communication: A Cost-Based Approach

Multicast and unicast traffic share and compete for network resources. A cost-based approach to multicast pricing, based on accurate characterization of multicast scalability, will facilitate the efficient and equitable resource allocation between traffic types. Through the quantification of link usage, this paper establishes a multicast scaling relationship: the cost of a multicast distribution tree varies at the 0.8 power of the multicast group size. This result is validated with both real and generated networks, and is robust across topological styles and network sizes. Since multicast cost can be accurately predicted given the membership size, there is strong motivation to price multicast according to membership size. Furthermore, a price ceiling should be set to account for the effect of tree saturation. This tariff structure is superior to either a purely membership-based or a flat-rate pricing scheme, since it reflects the actual tree cost at all group membership levels.     

Distributed formation of core-based forwarding multicast trees in mobile ad hoc networks

A core-based forwarding multicast tree is a shortest path tree rooted at core node that distributes multicast packets to all group members via the tree after the packets are sent to the core. Traditionally, the bandwidth cost consumed by transmitting a packet from the core via the tree is evaluated by the total weights of all the edges. And, the bandwidth cost is minimized by constructing the multicast tree that has minimum total weights of edges to span all group members. However, when the local broadcast operation is used to multicast a packet, we found that the bandwidth cost is supposed to be evaluated by the total weights of all senders that include the core and all non-leaves. Since the multicast tree with the number of nodes greater than or equal to three has minimum bandwidth cost only when the core is not a leaf, it leads us to find the multicast tree with the minimum number of non-leaves when each sender node has a unit weight. However, no polynomial time approximation scheme can be found for the minimum non-leaf multicast tree problem unless P = NP since the problem is not only NP-hard but also MAX-SNP hard. Thus, a heuristic is proposed to dynamically reduce the number of non-leaves in the multicast tree. Experimental results show that the multicast tree after the execution of our method has smaller number of non-leaves than others in the geometrically distributed network model.     

基于光森林的弹性光网络能效组播路由频谱分配策略

在弹性光网络中,光树传输组播可以节省链路代价,但较长的光树需要选择更低的调制等级,消耗更多的频谱资源和发射机功耗.提出一种基于遗传算法的光森林组播和光树重配置(GAMF-TR)优化组播的能效路由、调制格式和频谱分配(RMSA)策略.GAMF-TR策略设计染色体编码表示光森林的组播目的节点划分和光路径组合,通过染色体的基因位概率交叉和变异得到更多的光森林RMSA策略,设计了一个频谱分配效率和发射机功耗折中的适应度函数选择能效最高的光森林RMSA策略,并设计在网络资源充足时将组播从光森林重配置到光树传输,进一步减少发射机功耗的消耗.仿真结果表明:提出的GAMF-TR策略获得了组播的最低带宽阻塞率和最高能效性能.     

Restricted dynamic Steiner trees for scalable multicast in datagramnetworks

The paper addresses the issue of minimizing the number of nodes involved in routing over a multicast tree and in the maintenance of such a tree in a datagram network. It presents a scheme where the tree routing and maintenance burden is laid only upon the source node and the destination nodes associated with the multicast tree. The main concept behind this scheme is to view each multicast tree as a collection of unicast paths and to locate only the multicast source and destination nodes on the junctions of their multicast tree. The paper shows that despite this restriction, the cost of the created multicast trees is not necessarily higher than the cost of the trees created by other algorithms that do not impose the restriction and therefore require all nodes along the data path of a tree to participate in routing over the tree and in the maintenance of the tree     

适于低轨卫星IP网络的核心群合并共享树组播算法

为了解决低轨卫星IP网络中现有典型源组播算法的信道资源浪费问题,该文提出了一种低树代价的组播算法,即核心群合并共享树(CCST)算法,包括动态近似中心(DAC)选核方法和核心群合并组播路径构建方法。DAC方法基于逻辑位置形成的虚拟静态、结构规则的网络拓扑选择核节点。在核心群合并方法中,以核节点作为初始核心群,通过核心群和剩余组成员的最短路径方法逐步扩展直至整棵组播树构建完成,从而使得组播树的树代价最小,大大提高了网络的传输带宽利用率和组播传输效率。最后,与低轨卫星IP网络中的其他几种典型算法进行了性能对比,仿真结果说明,CCST算法的树代价性能比其它算法有较大改善,而端到端传播时延略高。