CN101588235B - MIPv6 based security multicast method and steps - Google Patents

Abstract

The invention belongs to the field of communication network security, and relates to an MIPv6 based security multicast method applied to a mobile communication network, which is characterized in that: the method comprises an authentication center 1, a group member 2, a multicast source 3 and GCKS 4, wherein the authentication center is used for authenticating the group member, the multicast source and the GCSK and distributing certificates; the GCKS is used for authenticating access registration and distributing key update messages for the group member to forward an information list of the group member 2 to an access router, is used for performing security association negotiation with the multicast source, and is used for negotiating and constructing a group key among GCKS; the multicast source 3 is used for sending a multicast data packet to the group member 2 through an intermediate router; and the group member 2 is used for acquiring the multicast data packet. The method makes that the security multicast technology can be used for actual multicast application become possible, improves the security of multicast communication, separates functions of the GCKS and the router, and can well avoid the problem of single point of failure to improve the multicast management efficiency obviously.

Description

A kind of safe multicasting method and step based on MIPv6

Technical field

The invention belongs to field of communication network security, relate to a kind of safe multicasting method that is applied in the mobile communications network based on MIPv6.

Background technology

Multicasting technology is a kind of traffic model for multicast communication and multiparty collaboration application.Refer to that transmit leg only transmits a piece of data, by allowing networking element (such as multicast router and switch) copy the data of required umber to the recipient, then packet suitable be forwarded to all users.The advantage of multicast is to reduce the calculated load of transmit leg, also can reduce the umber of online data, thereby utilizes efficiently Internet resources.A lot of application has been arranged at present: satellite television is relayed, the online distribution of software and upgrading, quotations on the stock market stream, Web ultrahigh speed buffering storage, MFTP, Internet Protocol Television is long-range and video conference, multimedia conferencing, video request program, multi-party network game, collaborative computer work all need 1 to arrive how or to arrive many cast communication technology more.

Yet the safety problem of multicast has but hindered being widely used of multicasting technology.The SMuG of IRTF and the MSEC of IETF think: Secure multicast data handling, cryptographic cipher key material management and security of multicast strategy are three aspects of security of multicast.Present research mainly concentrates on the management of Secure multicast data handling and cryptographic cipher key material, and wherein Secure multicast data handling mainly is to use to encrypt and authentication techniques, and the cryptographic cipher key material management then mainly contains centralized, distributed and shares the method for formula.

Although the method that clear and definite multicast packet is processed, encryption and authentication techniques have just been paid close attention in present research, but do not specify how to finish in the network of reality to encrypt and authenticate.And three kinds of modes of cryptographic cipher key material management respectively have quality, be chosen according to the actual conditions of use, also have with top same problem to be exactly, no matter how which kind of key management mode of use is applied to real network with the administrative model of studying also also indefinite.

And IPv6 and mobile network's development is the inexorable trend of network service.The data processing and the multicast key management technology that how to design the safe multicasting that can satisfy the application requirements that meets mobile IP v 6 are one of the targets in security of multicast field.

Present research or only pay close attention to authentication and cryptographic algorithm itself perhaps from illustrating how to finish efficiently group key management in logic, or is only applicable under fixed network or the IPv4 environment.For multicasting technology can be used in the next generation network environment fully, in the urgent need to designing a kind of security of multicast technology that satisfies under the IPv 6 environment.

Summary of the invention

The objective of the invention is under mobile IP v 6, a kind of overall plan of feasible safe multicasting is provided, and from the feasibility of this scheme of communication mechanism explanation; Propose on this basis a kind of dynamic layered multicast key management technology, and a kind of multicast encryption method, GC/KS (group controller/key server), multicast group and the multicast source that have provided under this model form.

The object of the present invention is achieved like this, and a kind of safe multicasting method and step based on MIPv6 is characterized in that: it comprises CA (authentication center) 1, group membership 2, multicast source 3 and GCKS4;

Wherein, CA (authentication center) 1 is for authentication and distributing certificates to group membership and multicast source and GCKS;

GCKS4 is used for group membership 2 is carried out the distribution of access registration authentication, key updating message, is used for transmitting to couple in router group membership 2 information list; Being used for carrying out SA (security association) with multicast source consults; Be used for consulting between GCKS to make up group key;

Multicast source 3 is used for sending multicast packet by intermediate router to group membership 2;

Group membership 2 is used for obtaining multicast packet.

The CA dispositions method of PKI PKIX is adopted at described CA center; The form of distributing certificates adopts based on form X.509.

Be used among the described GCKS carrying out the cryptographic algorithm that SA (security association) consults to comprise use with multicast source, encryption key, and the parameter of SA is such as { source ip, purpose ip, spi} etc., and specify spi by GCKS.

Described GCKS finishes after the authentication of group membership's access registration, is to send group membership's tabulation to couple in router.

Described couple in router can be a plurality of.

A kind of safe multicasting step based on MIPv6, its step comprises:

A) at first the CA center authenticates and distributing certificates GCKS;

B) the CA center is to potential group membership and multicast source authentication and distributing certificates;

C) couple in router sends MLD (Multicast Routing is intercepted) message;

D) potential group membership sends login request message to GCKS, shows to add multicast group;

E) GCKS sends the registration request response message to potential group membership, makes potential group membership become the group membership;

F) GCKS is to group membership's multicast group key k _Group

G) GCKS applies for that to the group membership Router that adds sends believable member's tabulation;

H) couple in router transmission MLD replys and determines that potential group membership adds multicast group;

I) GCKS and multicast source consult to set up SA (security association);

J) multicast source k _GroupThe encrypted group broadcast data communication device is crossed couple in router to the multicast group multicast data forwarding.

Described step a), b) in, GCKS and member obtain to finish when certificate can be real time communication, also can finish in advance at one's leisure; Described step b) in, comprises the GCKS information of step in a); Described steps d) in, can be by b) in GCKS information determine that this files an application to those GCKS; Described steps d), e) be the mutual authentication of under GCKS and member obtain situation at the certificate at CA center, carrying out; Described step f), g) do not have obvious sequencing, even can finish simultaneously.

Described safe multicasting step comprises that also potential group membership's adding and the group membership through the CA center certification leaves.

Described potential group membership adds step and comprises:

A) the potential group membership who obtains certificate makes it become the group membership to multicast group of GCKS application requirement adding;

B) group membership sends m to GCKS _i, GCKS recomputates f(x)=(∏ (x-H (r _sm _i))+k _Group) modq, comprising the new group key of GCKS negotiation structure on upper strata;

C) GCKS and multicast source are consulted to set up new SA, and comprise new group key;

D) GCKS upgrades group membership's tabulation to couple in router;

E) multicast source sends multicast packet to the group membership.

Described member leaves step:

A) GCKS recomputates f (x)=(∏ (x-H (r _sm _i))+k _Group) modq, comprising the new group key of GCKS negotiation structure on upper strata;

B) GCKS and multicast source are consulted to set up new SA, and comprise new group key;

C) GCKS upgrades group membership's tabulation to couple in router;

D) multicast source sends multicast packet to the group membership.

Described group key k _GroupBy the following method management, at first determine by the situation of network whether GCKS is divided into GCKS and the virtual GCKS in upper strata of bottom reality, when the situation of network determined that GCKS is divided into the virtual GCKS in the GCKS of bottom reality and upper strata, the group cipher key negotiation between the virtual GCKS in upper strata and the negotiation of carrying out SA with multicast source were finished by the GCKS of bottom reality; The virtual GCKS in upper strata builds up complete binary tree; When the situation of network do not need to determine to make up the virtual GCKS in upper strata, then the GCKS by the bottom reality finished the negotiation of carrying out SA with multicast source.

The situation of described network is to stipulate according to the logical partitioning of region or multicast address or safe class or above-mentioned three's combination.

Described group key k _GroupConstruction method is:

A) group membership sends the key material m that makes up subgroup key to GCKS _i, corresponding GCKS makes up

F (x)=(∏ (x-H (r _sm _i))+k _Group) form of modq comprises group key k _Group

B) make up group key between GCKS;

C) GCKS of bottom is obtaining b) in behind the group key that builds, as the k in a) _Group, and with r _sAnd f (x)=(∏ (x-H (r _sm _i))+k _Group) modq issues the group membership.

In the described steps A, carry out as follows:

A1. the group membership by the GCKS authentication sends a random number m to GCKS _i, the GCKS m of all members in the group _iAnd selection random number r _sMake up f (x)=(∏ (x-H (r _sm _i))+k _Group) multinomial that comprises group key of modq form, wherein, r _sTo group membership's multicast (or broadcasting); And k _GroupFrom the group key that makes up among the step b;

A2. ought there be the member to add fashionable, such as M _I+1Add multicast group, then GCKS selects new r ' _sAnd rebuild f ' (x)=((x-H (r ' _sm _I+1)) ∏ (x-H (r ' _sm _i))+k ' _Group) modq, wherein, r ' _sAgain chosen by GCKS, and to new group member's multicast (or broadcasting), and k ' _GroupAgain negotiation from following step b makes up;

A3. ought there be the member to leave, such as M _kLeave, then GCKS makes up the new M that do not comprise _kInformation $f^{\′\′}\left(x\right)=(\underset{i\≠k}{\mathrm{\Π}}(x-H\left({r^{\′\′}}_s{m}_i\right))+{k^{\′\′}}_{\mathrm{group}})\mathrm{mod}q,$ Wherein, r " _sAgain chosen by GCKS, and to group member's multicast (or broadcasting), and k " _GroupThen come from following step b) in again consult to make up.

Carry out as follows among the step b that described key makes up:

GCKS when bottom _iWhen not having the brotgher of node, GCKS _iDirectly finish negotiation with the corresponding brotgher of node with own as the father node of oneself; When not having the brotgher of node and during as root node, selecting at random s _i(s _i∈ (1,2 ..., q-1)) and calculate k _Group=H (s _iP) as group key;

GCKS when bottom _iWhen having the brotgher of node, GCKS _iWith the own certificate that obtains from the CA center the other side is authenticated first, authentication is passed through, and then finishes: GCKS _iThe random s that selects _i∈ (1,2 .., q-1), and calculate s _iP, P are that exponent number is a certain elliptic curve module G on the finite field of q ₁In a bit, exchange s between the brotgher of node _iP also calculates shared key between the two, and account form adopts to advance based on the Bilinear Method of elliptic curve, namely $k_{i_1{i}_2}=h\left(\hat{e}(s_{i_1}P,s_{i_2}P)\right)=H\left(\hat{e}{(P,P)}^{s_{i_1}{s}_{l_2}}\right),$ Wherein H satisfies: $H:G_2\&RightArrow;Z_q^{*}$ A hash function that uses SHA-1 or MD5, Z _q ^*A finite field on the q, G ₂To satisfy mapping $\hat{e}:{\mathrm{<figure-callout\; id="1"\; label="G"\; filenames="23861DEST\_PATH\_H200910021030X01E00021.png"\; state="\{\{state\}\}">G</figure-callout>}}_1\&times;{\mathrm{<figure-callout\; id="1"\; label="G"\; filenames="23861DEST\_PATH\_H200910021030X01E00021.png"\; state="\{\{state\}\}">G</figure-callout>}}_1\&RightArrow;G_2$ The exponent number of bilinear map be a certain elliptic curve multiplicative group on the finite field of q; The GCKS on upper strata _Ij(expression GCKS _iBetween the upper strata GCKS that consults) between when consulting to make up the GCKS on its upper strata, select $s_{\mathrm{ij}}=k_{\mathrm{ij}}{\&Element;Z}_q^{*},$ Finish in the same way, until arrive the center GCKS of top layer, produce $k_{\mathrm{group}}=H\left(\hat{e}(s_{i}P,s_{j}P)\right)=H\left(\hat{e}{(P,P)}^{s_i{s}_j}\right).$

The step C that described key makes up is included in GCKS and sends when comprising the information of group key to the group membership, sends simultaneously the f (x) that GCKS makes up=(∏ (x-H (r _sm _i))+k _Group) employed current r during modq _s, the group membership is obtaining current r _sAfter calculate H (r _sm _i) could calculate the acquisition group key.

The present invention has following advantage:

1. the present invention has provided feasible safe multicasting deployment scheme owing to considering from the network design of reality, has provided the initial procedure that cast communication is set up, and making the safe multicasting technology can be used in actual multicast application becomes possibility.

2. the present invention is owing to the authentication mechanism that has used when initial based on the certificate at CA center, when adding concrete multicast group, used with GCKS the group membership has been carried out access authentication again one time, used the key that is fit to safely and efficiently the mobile device application to make up algorithm, the fail safe that has improved cast communication in cryptographic algorithm.

3. the present invention is owing to having limited the subgroup number of members, and select at random GCKS to finish upper strata GCKS function at the key management layer, the function of also having separated GCKS and router, can be good at avoiding the single point failure problem, and reduced to a certain extent the possibility that DoS (denial of service) attacks.

4. the present invention uses GCKS to hold consultation as agency and the multicast source of multicast group, determines SA parameter s pi by GCKS, has solved how about carry out the problem that SA consults in cast communication.

5. the present invention is owing to having used dynamic layered key management algorithm, the obvious raising that multicast management efficient is obtained.

6. the present invention sets up the group membership's who comprises in the process adding and the situation of leaving owing to having used a kind of new cryptographic algorithm in conjunction with cast communication, uses the encryption method based on the real-time change of polynomial hash function in subgroup; Used before this certificate of GCKS that the other side is authenticated at the GCKS layer, used afterwards based on the bilinear key schedule of elliptic curve and generated key and use Message Digest 5 group cipher key generating based on SHA-1 or MD5, make the fail safe of whole system very high, accomplished forward secrecy and backward maintain secrecy, or even key independence completely.And in amount of calculation and the traffic a well compromise is arranged, make this method be fit to the application of mobile multicast communication equipment.

For purpose of the present invention, feature and advantage can be become apparent, implement embodiment of the present invention is done to say in detail below in conjunction with accompanying drawing.

Description of drawings

Fig. 1 is embodiment of the invention principle schematic;

Fig. 2 is the procedure chart of setting up of cast communication of the present invention;

Fig. 3 is processing member adition process figure of the present invention;

Fig. 4 is processing member departure process figure of the present invention;

Fig. 5 is key management model figure of the present invention.

Among the figure: 1, CA (authentication center); 2, group membership; 3, multicast source; 4, GCKS.

Embodiment

With reference to Fig. 1, the present invention includes 4 parts, namely the CA center 1, GCKS 4 (group controller/key server), group membership's (multicast group) 2 and multicast source 3.Wherein, CA (authentication center) 1 is for authentication and distributing certificates to group membership and multicast source and GCKS; GCKS4 is used for group membership 2 is carried out the distribution of access registration authentication, key updating message, is used for transmitting to couple in router group membership 2 information list; Being used for carrying out SA (security association) with multicast source consults; Be used for consulting between GCKS to make up group key; Multicast source 3 is used for sending multicast packet by intermediate router to group membership 2; Group membership 2 is used for obtaining multicast packet.

As can be seen from Figure 1, the CA center authenticates the also CA dispositions method of distributing certificates employing PKI PKIX to multicast source, GCKS and group membership, the form of certificate adopts general in form X.509, comprises in signature algorithm and user's public key algorithm: the q rank module G on a certain large prime number q (being not less than 128), the elliptic curve ₁, the q rank multiplicative group G on the elliptic curve ₂, $\hat{e}:{\mathrm{<figure-callout\; id="1"\; label="G"\; filenames="23861DEST\_PATH\_H200910021030X01E00021.png"\; state="\{\{state\}\}">G</figure-callout>}}_1{\&times;\mathrm{<figure-callout\; id="1"\; label="G"\; filenames="23861DEST\_PATH\_H200910021030X01E00021.png"\; state="\{\{state\}\}">G</figure-callout>}}_1\&RightArrow;G_2$ Bilinear map, $H:G_2{\&RightArrow;Z}_q^{*}$ Use SHA-1 or the hash function of MD5; Out of Memory as ID etc. with X.509 the same.And multicast source is when sending data to the group membership, and the SA of use (security association) is and organizes corresponding GCKS and consult; GCKS is responsible for group membership's registration, sends key updating message and makes up group key to the group membership; Multicast source can be the outer member of group, also can be the group member.

The present invention also can be divided into three parts by the secure group communication mode, is respectively communication module, key management module and authentication module.Wherein I is IP multicast module, and heavy line represents the transmission path of multicast packet; II represents the group key management part.Fine line represents to organize GCKS and group membership's negotiation and to group membership's management, and chain-dotted line refers to the key agreement that may exist between GCKS.The corresponding a plurality of routers of possibility under the GCKS4; III is authentication module.

Wherein, the multicast module refers to IP cast communication part, and multicast source sends multicast packet, and by intermediate router (perhaps switch) forwarding data bag, until multicast packet is sent to the group membership (recipient) 2 of requirement; Key management module is finished by GCKS, is responsible for the access authentication to group membership 2, the more transmission of new key, and consult to make up group key (detailed content illustrates below); Authentication module (CA center) is responsible for providing certificate with the legitimacy of proof GCKS4 (group controller/key server), group membership's (multicast group) 2 and multicast source 3 to group membership 2.Mode about authentication adopts existing ca authentication mode to finish, and the present invention does not do too much explanation.

With reference to Fig. 2, a kind of safe multicasting step based on MIPv6 is divided into 10 steps, these 10 steps are not each step to represent an information, but the content that will finish, four-headed arrow wherein represents a two-way reciprocal process, and unidirectional arrow is a unidirectional information process of transmitting: 10 concrete steps are:

Represent that such as step 201 the mutual of GCKS and CA center: GCKS must obtain in the CA center certificate, so that proof oneself is legal GCKS in following step 205, to prevent the GCKS deception;

Shown in step 202, the group membership also must carry out alternately with the CA center before becoming the member of multicast group, to become potential group membership, namely, only finished the operation in this step, and arbitrary group membership just possesses the qualification that adds multicast group.Wherein, obtain in the certificate the group membership, comprise the information of GCKS, namely the member can determine at the CA center to be authenticated by the again adding that those GCKS can finish oneself;

Step 203 is that the multicast router in a scope sends MLD (Multicast Routing is intercepted) or relevant information, to allow potential group membership can join in the multicast group;

Step 204,205, the potential group membership of 206 expressions must and GCKS mutually authenticate the potential group membership of guarantee and become real group membership, and comprise the information of multicast key to group membership's transmission; When wherein step 205 represented that also GCKS confirms to the group membership, GCKS was used in certificate that the CA center obtains and proves the legitimacy of oneself;

Step 207,208 expression GCKS also need to be responsible for finishing the tabulation that sends the group membership to couple in router, with allow the clear and definite information of couple in router this be sent to those group memberships, couple in router sends an acknowledge message to the group membership receiving after the group membership tabulates, and requires to add multicast group to allow the group membership confirm to receive multicast packet and can not repeat to GCKS;

Step 209,210 expressions, GCKS and multicast source consult to set up multicast source to the SA of this multicast group, the negotiation of this SA and the SA of clean culture consult similar, just the destination address of this SA use is group address, after all security related informations consult, multicast source just can be finished to the multicast group forwarding data, and the encryption key of data is the group keys that use the GCKS layer to consult.

The safe multicasting step comprises that potential group membership's adding and the group membership through the CA center certification leaves.Fig. 3 has provided potential group membership and has added step:

Step 301 is finished the CA center to arbitrary member authentication and distributing certificates;

Step 302, step 303 are finished the potential group membership who obtains certificate and are added a multicast group to the GCKS application requirement, make it become the group membership; Finish group membership Mnew and send m to GCKS _i, GCKS recomputates f (x)=(∏ (x-H (r _sm _i))+k _Group) modq, comprising the new group key of GCKS negotiation structure on upper strata;

Step 304 is finished GCKS and is upgraded group membership's tabulation to couple in router;

Step 305 is finished couple in router and is sent multicast packet to the group membership;

Dotted line represents the current group membership under the GCKS.

With reference to Fig. 4, the member leaves step and is:

Step 401 is finished group membership Mleave and is left multicast group;

Step 402 is finished GCKS and is upgraded group membership's tabulation to couple in router, and GCKS recomputates f (x)=(∏ (x-H (r _sm _i))+k _Group) modq, comprising the new group key of GCKS negotiation structure on upper strata;

Step 403 is finished couple in router and is sent multicast packet to the group membership;

Dotted line represents the current group membership under the GCKS.

The dynamic layered multicast key management illustraton of model that the present invention uses as shown in Figure 5, solid line partly is group membership and the bottom GCKS that conscientiously exists, group membership such as M1, M2, Mn, bottom GCKS such as GCKS_1, GCKS_2.The GCKS on upper strata and dotted line refer to that virtual GCKS and possible negotiation make up center GCKS logic.The GCKS on upper strata such as GCKS12, GCKS12, GCKS12, GCKS34, GCKS14, GCKS58, GCKS18.SG1, SG2 represent subgroup.At first determine by the situation of network whether GCKS is divided into GCKS and the virtual GCKS in upper strata of bottom reality, when the situation of network determined that GCKS is divided into the virtual GCKS in the GCKS of bottom reality and upper strata, the group cipher key negotiation between the virtual GCKS in upper strata and the negotiation of carrying out SA with multicast source were finished by the GCKS of bottom reality; The virtual GCKS in upper strata builds up complete binary tree; When the situation of network do not need to determine to make up the virtual GCKS in upper strata, then the GCKS by the bottom reality finished the negotiation of carrying out SA with multicast source; The situation of network is to stipulate according to the logical partitioning of region or multicast address or safe class or above-mentioned three's combination.

On the upper strata be enough structures center GCKS we do following regulation: when in certain scope, such as one inside the province or in wireless network scope or within network segment, when level of security is identical, just use identical logical address (such as group ID), and make up the forwarding that center GCKS finishes multicast packet; Otherwise, do not make up the GCKS at center, and finished and the negotiation of multicast source and the tasks such as structure distribution of group key as root node by each GCKS.

The detailed process that the present invention makes up key is:

1, potential group membership must hold consultation when requiring to add a certain multicast group to GCKS.Consult complete after, potential group membership M _iBecome legal group membership.M _iThe random m that chooses _iAnd with m _iPass to corresponding GCKS.GCKS is obtaining m _iRear calculating H (r _sm _i) and make up f (x)=(∏ (x-H (r _sm _i))+k _Grop) modq.Wherein, r _sBe the random integer of selecting of GCKS, its implication is: (need new group key) when having the member to change, GCKS produces a random number r _sAnd with new r _sStructure comprises the multinomial of group key, and simultaneously, GCKS broadcasts r to its group membership _sAccordingly, the member broadcasts the r that comes at acquisition GCKS _sAfter, produce H (r _sm _i) could decipher the new polynomial f that comprises group key (x).H is a hash function hash function, and its form illustrates below.k _GroupMade up by the GCKS interlayer, detailed process is referring to 2, the 3 following steps.

2, the GCKS layer consults to make up group key

At the GCKS layer, according to the requirement of group key management, make up as much as possible complete binary tree according to network condition.The structure of key is divided into following two kinds of situations to be finished:

A. work as GCKS _iWhen not having the brotgher of node, GCKS _iDirectly finish negotiation with the corresponding brotgher of node with own as the father node of oneself; When not having the brotgher of node and during as root node, selecting at random s _i(s _i∈ (1,2 ..., q-1)) and calculate k _Group=H (s _iP) as group key;

B. work as GCKS _iWhen having the brotgher of node, GCKS _iWith the own certificate that obtains from the CA center the other side is authenticated first, authentication is passed through, and then finishes: GCKS _iThe random s that selects _i∈ (1,2 ..., q-1), and calculate s _iP, P are that exponent number is a certain elliptic curve module G on the finite field of q ₁In a bit, exchange s between the brotgher of node _iP also calculates shared key between the two, and account form adopts carries out [7] based on the Bilinear Method of elliptic curve, namely $k_{i_1{i}_2}=H\left(\hat{e}(s_{i_1}P,s_{i_2}P)\right)=H\left(\hat{e}{(P,P)}^{s_{i_1}{s}_{i_2}}\right),$ Wherein H satisfies: $H:G_2\&RightArrow;Z_q^{*}$ A hash function that uses SHA-1 or MD5, Z _q ^*A finite field on the q, G ₂To satisfy mapping $\hat{e}:G_1\&times;G_1\&RightArrow;G_2$ The exponent number of bilinear map be a certain elliptic curve multiplicative group on the finite field of q.The GCKS on upper strata _Ij(expression GCKS _iBetween the upper strata GCKS that consults) between when consulting to make up the GCKS on its upper strata, select $s_{\mathrm{ij}}=k_{\mathrm{ij}}\&Element;Z_q^{*},$ Finish in the same way, until arrive the center GCKS of top layer, produce $k_{\mathrm{group}}=H\left(\hat{e}(s_{i}P,s_{j}P)\right)\text{=H}\left(\hat{e}{(P,P)}^{s_i{s}_j}\right).$

3, the GCKS distribution function that makes up group key with function and the group key of first two steps,

GCKS _iObtain group key k _GroupAfter, k _GroupAs f (x)=(∏ (x-H (r _sm _i))+k _Group) k among the modq _GroupIssue the group membership, the H (r of group membership's substitution oneself _sm _i) just can obtain group key k _Group

Below, we give an example, and this key of brief description makes up and distribution thought: as shown in Figure 5, multicast group comprises 8 subgroups (i.e. 8 GCKS) and consults to have made up center GCKS ₁₈

As shown in Figure 5, bottom GCKS makes up the function that comprises group key with group membership's information, with GCKS ₁Be example.If the group member is M ₁, when new member M is arranged ₂When entering, GCKS makes up f (x)=((x-H (r _sm ₁)) (x-H (r _sm ₂))+k _Group) modq, fashionable whenever there being the newcomer to add, all finish similar operation; In a certain moment, functional form is f (x)=(∏ (x-H (r _sm _i))+k _Group) modq, member M _j1,2 leave (j can be: ... among the n any one), then GCKS makes up $f\left(x\right)=(\underset{i\&NotEqual;j}{\mathrm{\&Pi;}}(x-H\left(r_s^{\&prime;}{m}_i\right)+{k^{\&prime;}}_{\mathrm{group}})\mathrm{mod}q,$ And r ' _sIssue in the lump group membership, wherein k ' with above-mentioned function _GroupConsult to make up from the GCKS layer on upper strata.

Consulting to make up the group key district, according to above-mentioned steps 2, GCKS ₁And GCKS ₂Between, GCKS ₁To GCKS ₂Send s ₁P, GCKS ₂To GCKS ₁Send s ₂P, both sides all calculate $k_{12}=H\left(\hat{e}(s_{1}P,s_{2}P)\right)=H\left(\hat{e}{(P,P)}^{s_1{s}_2}\right),$ And virtual GCKS district, GCKS ₁₂Select $s_{12}=k_{12}\&Element;Z_q^{*},$ GCKS ₃₄Select $s_{34}=k_{34}{\&Element;Z}_q^{*},$ Then calculate respectively s ₁₂P and s ₃₄P also passes to its brotgher of node with result of calculation, and both sides all calculate $k_{34}=H\left(\hat{e}(s_{12}P,s_{34}P)\right)=H\left(\hat{e}{(P,P)}^{s_{12}{s}_{34}}\right).$ Finish in this manner, until the key that produces when arriving root node is group key always.Group key in the example as shown in Figure 5 then is

$k_{\mathrm{group}}=k_{18}=H\left(\hat{e}(s_{14}P,s_{58}P)\right)=H\left(\hat{e}{(P,P)}^{s_{14}{s}_{58}}\right).$

At last, GCKS _iThe information that comprises group key to group membership's multicast, whole key makes up and distribution is finished.

Claims (3)

1. safe multicasting method based on MIPv6, its step comprises:

A. at first authentication center authenticates and distributing certificates GCKS;

B. authentication center is to potential group membership and multicast source authentication and distributing certificates;

C. couple in router sends Multicast Routing and intercepts message;

D. potential group membership sends login request message to GCKS (4), shows to add multicast group;

E.GCKS (4) sends the registration request response message to potential group membership, makes potential group membership become the group membership;

F.GCKS makes up group key k _Group, and to all group membership's multicast group key k _Group

G.GCKS (4) applies for that to the group membership couple in router that adds sends believable member's tabulation;

H. couple in router receives that the credible member rear transmission MLD that tabulates replys and determines that potential group membership adds multicast group; Wherein, MLD is the abbreviation of multicast listener discovery;

I.GCKS (4) and multicast source negotiation to establish safety relation;

J. multicast source group key k _GroupThe encrypted group broadcast data and by couple in router to the multicast group multicast data forwarding;

Among described steps A, the B, GCKS (4) and member obtain to finish when certificate is real time communication, or finish in advance at one's leisure; Be distributed to the GCKS information that comprises in the certificate information of potential group membership and multicast source in the steps A among the described step B; Among the described step D, determine that by the GCKS among the B (4) information this files an application to those GCKS (4); Described step D, E are the mutual authentications of carrying out under GCKS (4) and member obtain situation at the certificate of authentication center; Described step F, G do not have sequencing, can finish simultaneously;

In the described step F, described group key k _GroupConstruction method is:

When only having a GCKS in the network, random number s of the random selection of this GCKS _i(s _i∈ (1,2 ..., q-1)), and calculate k _Group=H (s _iP) as group key, wherein P is that exponent number is a certain elliptic curve module G on the finite field of q ₁In a bit, H () is hash function;

When having a plurality of GCKS in the network, these GCKS consist of a pair of brotgher of node in twos, as a GCKS _iThere is brotgher of node GCKS _jThe time, GCKS _iAnd GCKS _jWith the own certificate that obtains from authentication center the other side is authenticated first, authentication is passed through, and then finishes: GCKS _iRandom number s of random selection _i∈ (1,2 ..., q-1), and calculate s _iP, P are that exponent number is a certain elliptic curve module G on the finite field of q ₁In a bit, exchange s between the brotgher of node _iP also calculates shared key k between the two _I1i2, account form adopts the Bilinear Method based on elliptic curve, namely $k_{i_1{i}_2}=H\left(\hat{e}(s_{i_1}P,s_{i_2}P)\right)=H\left(\hat{e}{(P,P)}^{s_{i_1}{s}_{i_2}}\right),$ Wherein H satisfies:

A hash function that uses SHA-1 or MD5, G ₂To satisfy mapping

The exponent number of bilinear map be a certain elliptic curve multiplicative group on the finite field of q; GCKS _iAnd GCKS _jSelect one of them as the GCKS on upper strata _Ij, GCKS _IjThe GCKS that selects with other brotghers of node makes respectively selection again

Generate in the same way shared key, and continue to select a GCKS to produce shared key as upper strata GCKS and other upper stratas GCKS, this process is continued until the center GCKS (4) that produces top layer, and group cipher key generating $k_{\mathrm{group}}=H\left(\hat{e}(s_{i}P,s_{j}P)\right)=H\left(\hat{e}{(P,P)}^{s_i{s}_j}\right);$ Wherein,

It is the multiplicative group of mould q.

2. a kind of safe multicasting method based on MIPv6 according to claim 1 is characterized in that: in the described step F, and group key k _GroupDistribution method be:

A. all group memberships send a random number m to GCKS (4) in the multicast group _i, GCKS (4) m of all members in the group _iAnd selection random number r _sMake up

F (x)=(∏ (x-H (r _sm _i))+k _Group) multinomial that comprises group key of mod q form; Wherein, q is large prime number, H (r _sm _i) be by parameter r _s, m _iThe hash function that consists of, k _GroupBe group key;

B.GCKS is to group membership's multicast or broadcasting r _sWith new polynomial f (x);

C. the group membership broadcasts the random number r that comes at acquisition GCKS _sAfter, produce H (r _sm _i) the new polynomial f that comprises group key (x) of deciphering, obtain group key k _GroupWherein, H (r _sm _i) be by parameter r _s, m _iThe hash function that consists of, m _iRandom number for group membership's generation.

3. a kind of safe multicasting method based on MIPv6 according to claim 1, described safe multicasting method comprise that also the potential group membership of authenticated center (1) authentication adds and the group membership leaves; Potential group membership adds step and comprises:

A) the potential group membership who obtains certificate makes it become the group membership to multicast group of GCKS (4) application requirement adding, is designated as Mi;

B) the new group membership Mi that adds sends a random number m to GCKS (4) _i, GCKS (4) selects new r ' _sRecomputate polynomial f ' (x)=((x-H (r ' _sm _I+1)) ∏ (x-H (r ' _sm _i))+k ' _Group) mod q, wherein f (x) refers to be used to the multinomial that rebuilds group key, r _sThe random number that GCKS (4) selects, m _I+1Be the random number that newly adds member's selection of multicast group, q is large prime number, H (r _s, m _i) be by parameter r _s, m _iThe hash function that consists of, group key k _GroupBe old group key;

C) GCKS (4) and multicast source are consulted to set up new security association again, comprise new group key in the security association messages;

D) GCKS is to all group membership's multicasts or broadcasting r ' _sAnd f (x);

E) GCKS (4) upgrades group membership's tabulation to couple in router;

F) multicast source sends multicast packet to the group membership;

The group membership leaves step:

A) GCKS (4) selects random number r " _sRecomputate multinomial

$f^{\&prime;\&prime;}\left(x\right)=(\underset{i\&NotEqual;k}{\mathrm{\&Pi;}}(x-H\left({r^{\&prime;\&prime;}}_s{m}_i\right))+{k^{\&prime;\&prime;}}_{\mathrm{group}})\mathrm{mod}q;$

B) GCKS (4) and multicast source are consulted to set up new security association again, comprise new group key in the security association messages;

C) GCKS is to all group membership's multicasts or broadcasting r ' _sAnd f (x);

D) GCKS (4) upgrades group membership's tabulation to couple in router;

E) multicast source sends multicast packet to the group membership.

Images