基于应用层多播树的快速组群密钥更新

Efficient Group Rekeying Based on Application-Layer Multicast Tree

安全组通讯包含了密钥更新和数据传输。应用层多播可以支持实时的密钥更新和数据传输。密钥更新需要快速分发，具有突发性。同时，密钥更新会与数据传输抢占有限的带宽资源，因此必须尽可能的降低密钥更新的带宽开销。为此，本文中对多播方案进行了研究，提出了密钥更新消息分离方案，该方案能够有效降低密钥更新中的带宽开销。并对提出的方案进行模拟，结果表明，在一个有1024个用户组中，该方案确实能够使超过90％的用户降低密钥更新的带宽开销。

In secure group communications, there ave both rekey and transpont. We propose to use application-layer multicast to support concurrent rekey and data transport. Rekey traffic is bursty and requires fast delivery. It is desired to reduce rekey bandwidth overhead as much as possible since it competes for bandwidth with data traffic. Towards this goal, we propose a multicast scheme that exploits proximity in the underlying network,and We further a rekey message splitting scheme to significantly reduce rekey bandwidth overhead at each user access link and network link. We formulate and prove correct for the multicast scheme and rekey message splitting scheme. having conducted extensived simulations to evaluate our approach, Our simulation results show that our approach can reduce rekey bandwidth overhead from several thousand encrypted new keys （encryptions, in short） to less than ten encryptions for more than 90% of users in a group of 1024 users.