摘要
针对大型动态组通信,提出一种基于Iolus+LKH+SKDC混合策略的组密钥管理方案。该方案中全局组控制器通过密钥树来管理各个子组控制器,每个子组内采用改进的LKH+SKDC方案管理子组成员;子组管理器根据成员ID值,利用单向散列函数计算成员所在路径上各节点密钥值。该方案具有分组管理和集中管理的优点以及良好的可伸缩性,它使LKH方案中的单点失效问题限制在子组范围内,不会对全局产生影响。理论分析和数值结果表明,该方案中子组管理器的密钥存储和动态更新开销大大减少,且用户在加入和退出子组时不会随机产生更新密钥,具有较好的综合性能。
A key management scheme based on hybrid strategy of Iolus+LKH+SKDC for dynamic multicast is proposed. Novel the group security controller (GSC) manages the various subgroup security controllers (SGSCs) using the key tree in this scheme, and every SGSC manages its users using the improved LKH+SKDC scheme. The node coordinates are introduced to mark the key tree so that the coordinates of the various nodes on the path of the user location can be easily obtained and the subgroup to which the user belongs is easily known according to the coordinate of the user. The keys on path of the user location are computed by the subgroup manager using one-way hash function according to the user ID. This scheme is provided with the characteristics of Both keys grouping management and keys delaminating management and expansibility as well. And the single invalidation in LKH scheme can be effectively restricted within each subgroup which avoids the influence on the overall situation. Simulation results show that the keys storage amount of the subgroup manager and the cost of rekeying are significantly reduced. The proposed scheme has better performance for large dynamic multicast.
出处
《系统工程与电子技术》
EI
CSCD
北大核心
2007年第8期1389-1393,共5页
Systems Engineering and Electronics
