摘要
安全组通信多采用基于逻辑k叉树的方案,其时间开销和组播带宽开销决定着系统的可扩展性能,主要影响因素包括密钥更新量、组播包数和加密量,而中间节点更新量是最直接的原因.由于三者均与组规模、用户改变数和用户分布有关,已有的方案不能适应大规模组和用户频繁变动的环境.本文提出组密钥分发的最小准确覆盖问题,并证明一种启发式的解.以此为基础,提出密钥更新量趋于零的组批更新算法,简称GMEC,算法可以在确保前向安全和后向安全的前提下同时处理任意多用户变更请求.结果表明本算法的效率有明显提高.
Secure group communication always adopts K-ray logical tree based scheme. Its scalability is enslaved to costs of time and multicast bandwidth, which are restrained by the number of middle nodes updated, multicast packets and encryptions, where the first one is the key factor. Since these are related to the group size, number of changes and their distribution, all existing works doesn't meet the commands of applications with large group size and high dynamic members. In this paper, Minimum Exact Cover Problem (MECP) for key distribution is presented, and a heuristic solution is testified. Based on it, an algorithm named GMEC of batch rekeying with renewing cost tending to zero is illustrated, which can process any large number of change requests with best secrecy guaranteed. The result shows that the algorithm can improve efficiency more.
出处
《小型微型计算机系统》
CSCD
北大核心
2007年第2期247-250,共4页
Journal of Chinese Computer Systems
基金
国家自然科学基金项目(60572049
f010106)资助.
关键词
安全组通信
密钥管理
最小准确覆盖
批量更新
前向安全
后向安全
层次密钥树
secure group communication
key management
minimum exact cover problem
batch re-keying
forward secrecy
backward secrecy
logical hierarchical, tree