CN101588235A - MIPv6 based security multicast method and steps - Google Patents

Abstract

The invention belongs to the field of communication network security, and relates to an MIPv6 based security multicast method applied to a mobile communication network, which is characterized in that: the method comprises an authentication center 1, a group member 2, a multicast source 3 and GCKS 4, wherein the authentication center is used for authenticating the group member, the multicast source and the GCSK and distributing certificates; the GCKS is used for authenticating access registration and distributing key update messages for the group member to forward an information list of the group member 2 to an access router, is used for performing security association negotiation with the multicast source, and is used for negotiating and constructing a group key among GCKS; the multicast source 3 is used for sending a multicast data packet to the group member 2 through an intermediate router; and the group member 2 is used for acquiring the multicast data packet. The method makes that the security multicast technology can be used for actual multicast application become possible, improves the security of multicast communication, separates functions of the GCKS and the router, and can well avoid the problem of single point of failure to improve the multicast management efficiency obviously.

Description

A kind of safe multicasting method and step based on MIPv6

Technical field

The invention belongs to field of communication network security, relate to a kind of safe multicasting method that is applied in the mobile communications network based on MIPv6.

Background technology

Multicasting technology is a kind of traffic model at multicast communication and multiparty collaboration application.Be meant that transmit leg only transmits a piece of data, by the data that allow networking element (as multicast router and switch) duplicate required umber to the recipient, then packet suitable be forwarded to all users.The advantage of multicast is to reduce the calculated load of transmit leg, also can reduce the umber of online data, thereby utilizes Internet resources efficiently.A lot of application has been arranged at present: satellite television is relayed, the online distribution of software and upgrading, quotations on the stock market stream, Web ultrahigh speed buffer-stored, MFTP, Internet Protocol Television is long-range and video conference, multimedia conferencing, video request program, multi-party network game, collaborative computer work all need 1 to arrive how or to arrive many cast communication technology more.

Yet the safety problem of multicast has but hindered being extensive use of of multicasting technology.The SMuG of IRTF and the MSEC of IETF think: safe multicasting data processing, cryptographic cipher key material management and security of multicast strategy are three aspects of security of multicast.Present research mainly concentrates on the management of safe multicasting data processing and cryptographic cipher key material, and wherein the safe multicasting data processing mainly is to use and encrypts and authentication techniques, and the cryptographic cipher key material management then mainly contains centralized, distributed and shares the method for formula.

Though the method that clear and definite multicast packet is handled, encryption and authentication techniques have just been paid close attention in present research, but do not specify how to finish in the network of reality to encrypt and authenticate.And three kinds of modes of cryptographic cipher key material management respectively have quality, be chosen according to the actual conditions of use, also have with top same problem to be exactly, no matter which kind of key management mode of use, it is also also indeterminate how the administrative model of studying to be applied to real network.

And IPv6 and mobile network's development is the inexorable trend of network service.The data processing and the multicast key management technology that how to design the safe multicasting that can satisfy the application requirements that meets mobile IP v 6 are one of the targets in security of multicast field.

Present research or only pay close attention to authentication and cryptographic algorithm itself perhaps from illustrating how to finish group key management efficiently in logic, or only is applicable under fixed network or the IPv4 environment.Can in the next generation network environment, be used fully for multicasting technology, be pressed for a kind of security of multicast technology that satisfies under the mobile IP v 6 environment of design.

Summary of the invention

The objective of the invention is under mobile IP v 6, a kind of overall plan of feasible safe multicasting is provided, and from the feasibility of this scheme of communication mechanism explanation; Propose a kind of dynamic layered multicast key management technology on this basis, and a kind of multicast encryption method, GC/KS (group controller/key server), multicast group and the multicast source that have provided under this model are formed.

The object of the present invention is achieved like this, and a kind of safe multicasting method and step based on MIPv6 is characterized in that: it comprises CA (authentication center) 1, group membership 2, multicast source 3 and GCKS4;

Wherein, CA (authentication center) 1 is used for authentication and the distributing certificates to group membership and multicast source and GCKS;

GCKS4 is used for group membership 2 is carried out the distribution of access registration authentication, key updating message, is used for transmitting to couple in router group membership 2 information list; Being used for carrying out SA (security association) with multicast source consults; Be used for consulting between GCKS to make up group key;

Multicast source 3 is used for sending multicast packet by intermediate router to group membership 2;

Group membership 2 is used to obtain multicast packet.

The CA dispositions method of PKI PKIX is adopted at described CA center; The form of distributing certificates adopts based on form X.509.

Be used among the described GCKS carrying out the cryptographic algorithm that SA (security association) consults to comprise use with multicast source, encryption key, and the parameter of SA is as { source ip, purpose ip, spi} etc., and specify spi by GCKS.

Described GCKS finishes after the authentication of group membership's access registration, is to send group membership's tabulation to couple in router.

Described couple in router can be a plurality of.

A kind of safe multicasting step based on MIPv6, its step comprises:

A) at first the CA center authenticates and distributing certificates GCKS;

B) the CA center is to potential group membership and multicast source authentication and distributing certificates;

C) couple in router sends MLD (multicast path is by intercepting) message;

D) potential group membership sends login request message to GCKS, shows to add multicast group;

E) GCKS sends the register requirement response message to potential group membership, makes potential group membership become the group membership;

F) GCKS is to group membership's multicast group key k _Group

G) GCKS applies for that to the group membership Router that adds sends believable member's tabulation;

H) couple in router transmission MLD replys and determines that potential group membership adds multicast group;

I) GCKS and multicast source consult to set up SA (security association);

J) multicast source k _GroupThe encrypted group broadcast data by couple in router to the multicast group multicast data forwarding.

Described step a), b) in, GCKS and member obtain to finish when certificate can be real time communication, also can finish in advance at one's leisure; In the described step b), comprise the GCKS information in the step a); In the described step d), can be by b) in GCKS information determine that this files an application to those GCKS; Described step d), e) be the mutual authentication of under GCKS and member obtain situation at the certificate at CA center, carrying out; Described step f), g) there is not tangible sequencing, even can finish simultaneously.

Described safe multicasting step comprises that also potential group membership's adding and the group membership through the authentication of CA center leaves.

Described potential group membership adds step and comprises:

A) the potential group membership who obtains certificate makes it become the group membership to multicast group of GCKS application requirement adding;

B) group membership sends m to GCKS _i, GCKS recomputates f (x)=(∏ (x-H (r _sm _i))+k _Group) modq, comprising the new group key of GCKS negotiation structure on upper strata;

C) GCKS and multicast source are consulted to set up new SA, and comprise new group key;

D) GCKS tabulates to couple in router update group member;

E) multicast source sends multicast packet to the group membership.

Described member leaves step:

A) GCKS recomputates f (x)=(∏ (x-H (r _sm _i))+k _Group) modq, comprising the new group key of GCKS negotiation structure on upper strata;

B) GCKS and multicast source are consulted to set up new SA, and comprise new group key;

C) GCKS tabulates to couple in router update group member;

D) multicast source sends multicast packet to the group membership.

Described group key k _GroupManagement by the following method, at first determine by network conditions whether GCKS is divided into the GCKS and the virtual GCKS in upper strata of bottom reality, when network conditions determined that GCKS is divided into the virtual GCKS in the GCKS of bottom reality and upper strata, group cipher key negotiation between the virtual GCKS in upper strata and the negotiation of carrying out SA with multicast source were finished by the GCKS of bottom reality; The virtual GCKS in upper strata builds up complete binary tree; When network conditions not need to determine to make up the virtual GCKS in upper strata, then the GCKS by the bottom reality finished the negotiation of carrying out SA with multicast source.

Described network conditions is to stipulate according to the logical partitioning of region or multicast address or safe class or above-mentioned three's combination.

Described group key k _GroupConstruction method is:

A) group membership sends the key material m that makes up subgroup key to GCKS _i, corresponding GCKS makes up

F (x)=(∏ (x-H (r _sm _i))+k _Group) form of modq comprises group key k _Group

B) make up group key between GCKS;

C) GCKS of bottom is obtaining b) in behind the group key that builds, as the k in a) _Group, and with r _sWith

F (x)=(∏ (x-H (r _sm _i))+k _Group) modq issues the group membership.

In the described steps A, carry out as follows:

A1. the group membership by the GCKS authentication sends a random number m to GCKS _i, the GCKS m of all members in the group _iAnd selection random number r _sMake up f (x)=(∏ (x-H (r _sm _i))+k _Group) multinomial that comprises group key of modq form, wherein, r _sTo group membership's multicast (or broadcasting); And k _GroupFrom the group key that makes up among the step b;

A2. add as the member fashionable, as M _J+1Add multicast group, then GCKS selects new r ' _sAnd rebuild

F ' (x)=((x-H (r ' _sm _I+1)) ∏ (x-H (r ' _sm _i))+k ' _Group) modq, wherein, r ' _sAgain choose by GCKS, and to new group member's multicast (or broadcasting), and k ' _GroupNegotiation again from following step b makes up;

A3. leave as the member, as M _kLeave, then GCKS makes up the new M that do not comprise _kInformation

$f^{\′\′}\left(x\right)=(\underset{i\≠k}{\mathrm{\Π}}(x-H\left({r^{\′\′}}_s{m}_i\right))+{k^{\′\′}}_{\mathrm{group}})\mathrm{mod}q,$ Wherein, r " _sAgain choose by GCKS, and to group member's multicast (or broadcasting), and k " _GroupThen come from the following step b) and to consult again to make up.

Carry out as follows among the step b that described key makes up:

GCKS when bottom _iWhen not having the brotgher of node, GCKS _iDirectly finish negotiation with the corresponding brotgher of node as the father node of oneself with own; When not having the brotgher of node and during as root node, selecting s at random _i(s _i∈ (1,2 ..., q-1)) and calculate k _Group=H (s _iP) as group key;

GCKS when bottom _iWhen having the brotgher of node, GCKS _iWith the own certificate that obtains from the CA center the other side is authenticated earlier, authentication is passed through, and then finishes: GCKS _iSelect s at random _i∈ (1,2 ..., q-1), and calculate s _iP, P are that exponent number is a certain elliptic curve module G on the finite field of q ₁In a bit, exchange s between the brotgher of node _iP also calculates shared key between the two, and account form adopts to advance based on the Bilinear Method of elliptic curve, promptly $k_{i_1{i}_2}=H\left(\hat{e}(s_{i_1}P,s_{i_2}P)\right)=H\left(\hat{e}{(P,P)}^{s_{i_1}{s}_{i_2}}\right),$ Wherein H satisfies: $H:G_2\→Z_q^{*}$ Be a hash function that uses SHA-1 or MD5, Z _q ^*Be a finite field on the q, G ₂Be to satisfy mapping $\hat{e}:G_1\×G_1\→G_2$ The exponent number of bilinearity mapping be a certain elliptic curve multiplicative group on the finite field of q; The GCKS on upper strata _Ij(expression GCKS _iBetween the upper strata GCKS that consults) between when consulting to make up the GCKS on its upper strata, select $s_{\mathrm{ij}}=k_{\mathrm{ij}}\∈Z_q^{*},$ Finish in the same way,, produce up to the center GCKS that arrives top layer $k_{\mathrm{group}}=H\left(\hat{e}(s_{i}P,s_{j}P)\right)=H\left(\hat{e}{(P,P)}^{s_i{s}_j}\right).$

The step C that described key makes up is included in GCKS when group membership's transmission comprises the information of group key, sends f (x)=(∏ (x-H (r that GCKS makes up simultaneously _sm _i))+k _Group) employed current r during modq _s, the group membership is obtaining current r _sAfter calculate H (r _sm _i) could calculate the acquisition group key.

The present invention has following advantage:

1. the present invention has provided feasible safe multicasting deployment scheme owing to consider from the network design of reality, has provided the initial procedure that cast communication is set up, and making the safe multicasting technology can be used in actual multicast application becomes possibility.

2. the present invention is owing to the authentication mechanism that has used when initial based on the certificate at CA center, when adding concrete multicast group, used the group membership has been carried out access authentication again one time with GCKS, on cryptographic algorithm, used and be fit to the key structure algorithm that mobile device is used, the fail safe that has improved cast communication safely and efficiently.

3. the present invention is owing to limited sub-group membership's number, and select GCKS to finish upper strata GCKS function at random at the key management layer, the function of also having separated GCKS and router can be good at avoiding the single point failure problem, and has reduced the possibility that DoS (denial of service) attacks to a certain extent.

4. the present invention uses GCKS to hold consultation as the agency and the multicast source of multicast group, by GCKS decision SA parameter s pi, has solved how about carry out the problem that SA consults in cast communication.

5. the present invention is owing to used dynamic layered key management algorithm, the tangible raising that multicast management efficient is obtained.

6. the present invention sets up the group membership's who comprises in the process adding and the situation of leaving owing to used a kind of new cryptographic algorithm in conjunction with cast communication, uses the encryption method based on the real-time change of polynomial hash function in the child group; Be to use the certificate of GCKS that the other side is authenticated earlier at the GCKS layer, used afterwards based on the bilinear key schedule of elliptic curve and generated key and use Message Digest 5 to generate group key based on SHA-1 or MD5, make the fail safe of whole system very high, accomplished forward secrecy and back to maintaining secrecy, or even key independence completely.And a well compromise is arranged on the amount of calculation and the traffic, make this method be fit to the application of mobile multicast communication equipment.

For purpose of the present invention, feature and advantage can be become apparent, implement embodiment of the present invention is done to say in detail below in conjunction with accompanying drawing.

Description of drawings

Fig. 1 is an embodiment of the invention principle schematic;

Fig. 2 is the procedure chart of setting up of cast communication of the present invention;

Fig. 3 is processing member adition process figure of the present invention;

Fig. 4 is that processing member of the present invention leaves procedure chart;

Fig. 5 is a key management illustraton of model of the present invention.

Among the figure: 1, CA (authentication center); 2, group membership; 3, multicast source; 4, GCKS.

Embodiment

With reference to Fig. 1, the present invention includes 4 parts, promptly the CA center 1, GCKS 4 (group controller/key server), group membership's (multicast group) 2 and multicast source 3.Wherein, CA (authentication center) 1 is used for authentication and the distributing certificates to group membership and multicast source and GCKS; GCKS4 is used for group membership 2 is carried out the distribution of access registration authentication, key updating message, is used for transmitting to couple in router group membership 2 information list; Being used for carrying out SA (security association) with multicast source consults; Be used for consulting between GCKS to make up group key; Multicast source 3 is used for sending multicast packet by intermediate router to group membership 2; Group membership 2 is used to obtain multicast packet.

As can be seen from Figure 1, the CA center authenticates the also CA dispositions method of distributing certificates employing PKI PKIX to multicast source, GCKS and group membership, the form of certificate adopts general in form X.509, comprises in signature algorithm and user's public key algorithm: the q rank module G on a certain big prime number q (being not less than 128), the elliptic curve ₁, the q rank multiplicative group G on the elliptic curve ₂, $\hat{e}:G_1\×G_1\→G_2$ Bilinearity mapping, $H:G_2\→Z_q^{*}$ Use SHA-1 or the hash function of MD5; Out of Memory as ID etc. with X.509 the same.And multicast source is when the group membership sends data, and the SA of use (security association) is and organizes corresponding GCKS and consult; GCKS is responsible for group membership's registration, sends key updating message and makes up group key to the group membership; Multicast source can be the outer member of group, also can be the group member.

The present invention also can be divided into three parts by the safe multicasting communication mode, is respectively communication module, key management module and authentication module.Wherein I is an IP multicast module, and heavy line is represented the transmission path of multicast packet; II represents the group key management part.Fine line represents to organize GCKS and group membership's negotiation and to group membership's management, chain-dotted line is meant the key agreement that may exist between GCKS.The corresponding a plurality of routers of possibility under the GCKS4; III is an authentication module.

Wherein, the multicast module is meant IP cast communication part, and multicast source sends multicast packet, and transmits packet by intermediate router (perhaps switch), is sent to the group membership (recipient) 2 of requirement until multicast packet; Key management module is finished by GCKS, is responsible for the access authentication to group membership 2, the more transmission of new key, and consult to make up group key (detailed content illustrates below); Authentication module (CA center) is responsible for providing the legitimacy of certificate with proof GCKS4 (group controller/key server), group membership's (multicast group) 2 and multicast source 3 to group membership 2.Mode about authentication adopts existing C A authentication mode to finish, and the present invention does not do too much explanation.

With reference to Fig. 2, a kind of safe multicasting step based on MIPv6 is divided into 10 steps, these 10 steps are not each step to represent an information, but the content that will finish, four-headed arrow is wherein represented a two-way reciprocal process, and unidirectional arrow is a unidirectional information process of transmitting: 10 concrete steps are:

Represent that as step 201 the mutual of GCKS and CA center: GCKS must obtain certificate in the CA center, so that proof oneself is legal GCKS in following step 205, to prevent the GCKS deception;

Shown in step 202, the group membership also must carry out alternately with the CA center before becoming the member of multicast group, to become potential group membership, just, only finished the operation in this step, and arbitrary group membership just possesses the qualification that adds multicast group.Wherein, obtain in the certificate the group membership, comprise the information of GCKS, promptly the member can determine at the CA center to be authenticated by the adding once more that those GCKS can finish oneself;

Step 203 is that the multicast router in a scope sends MLD (multicast path is by intercepting) or relevant information, to allow potential group membership can join in the multicast group;

Step 204,205, the potential group membership of 206 expressions must and GCKS authenticate mutually and could guarantee that potential group membership becomes real group membership, and comprise the information of multicast key to group membership's transmission; Wherein step 205 is also represented GCKS when the group membership confirms, GCKS is used in certificate that the CA center obtains and proves the legitimacy of oneself;

Step 207,208 expression GCKS also need to be responsible for finishing the tabulation that sends the group membership to couple in router, with allow the clear and definite information of couple in router this be sent to those group memberships, couple in router is receiving that the group membership back of tabulating sends an acknowledge message to the group membership, require to add multicast group to allow the group membership confirm to receive multicast packet and can not repeat to GCKS;

Step 209,210 expressions, GCKS and multicast source consult to set up the SA of multicast source to this multicast group, the negotiation of this SA and the SA of clean culture consult similar, just the destination address of this SA use is a group address, after all security related informations consult, multicast source just can be finished to multicast group and transmit data, the group key that the encryption key of data is to use the GCKS layer to consult.

The safe multicasting step comprises that potential group membership's adding and the group membership through the authentication of CA center leaves.Fig. 3 has provided potential group membership and has added step:

Step 301 is finished the CA center to arbitrary member authentication and distributing certificates;

Step 302, step 303 are finished the potential group membership who obtains certificate and are required to add a multicast group to the GCKS application, make it become the group membership; Finish group membership Mnew and send m to GCKS _i, GCKS recomputates

F (x)=(∏ (x-H (r _sm _i))+k _Group) modq, comprising the new group key of GCKS negotiation structure on upper strata;

Step 304 is finished GCKS and is tabulated to couple in router update group member;

Step 305 is finished couple in router and is sent multicast packet to the group membership;

Dotted line is represented the current group membership under the GCKS.

With reference to Fig. 4, the member leaves step and is:

Step 401 is finished group membership Mleave and is left multicast group;

Step 402 is finished GCKS to couple in router update group member tabulation, and GCKS recomputates

F (x)=(∏ (x-H (r _sm _i))+k _Group) modq, comprising the new group key of GCKS negotiation structure on upper strata;

Step 403 is finished couple in router and is sent multicast packet to the group membership;

Dotted line is represented the current group membership under the GCKS.

The dynamic layered multicast key management illustraton of model that the present invention uses as shown in Figure 5, solid line partly is group membership and the bottom GCKS that exists conscientiously, group membership such as M1, M2, Mn, bottom GCKS such as GCKS_1, GCKS_2.The GCKS on upper strata and dotted line are meant that virtual GCKS and possible negotiation make up center GCKS logic.The GCKS on upper strata such as GCKS12, GCKS12, GCKS12, GCKS34, GCKS14, GCKS58, GCKS18.SG1, SG2 represent the son group.At first determine by network conditions whether GCKS is divided into the GCKS and the virtual GCKS in upper strata of bottom reality, when network conditions determined that GCKS is divided into the virtual GCKS in the GCKS of bottom reality and upper strata, group cipher key negotiation between the virtual GCKS in upper strata and the negotiation of carrying out SA with multicast source were finished by the GCKS of bottom reality; The virtual GCKS in upper strata builds up complete binary tree; When network conditions not need to determine to make up the virtual GCKS in upper strata, then the GCKS by the bottom reality finished the negotiation of carrying out SA with multicast source; Network conditions is to stipulate according to the logical partitioning of region or multicast address or safe class or above-mentioned three's combination.

On the upper strata be enough structures center GCKS we do following regulation: when in certain scope, such as one inside the province or in wireless network scope or within network segment, when level of security is identical, just use identical logical address (such as group ID), and make up the forwarding that center GCKS finishes multicast packet; Otherwise, do not make up the GCKS at center, and finish and the negotiation of multicast source and the tasks such as structure distribution of group key as root node by each GCKS.

The detailed process that the present invention makes up key is:

1, potential group membership must hold consultation when GCKS requires to add a certain multicast group.After negotiation finishes, potential group membership M _iBecome legal group membership.M _iAt random choose m _iAnd with m _iPass to corresponding GCKS.GCKS is obtaining m _iH (r is calculated in the back _sm _i) and make up f (x)=(∏ (x-H (r _sm _i))+k _Group) modq.Wherein, r _sBe the integer that GCKS selects at random, its implication is: (need new group key) when having the member to change, GCKS produces a random number r _sAnd with new r _sStructure comprises the multinomial of group key, and simultaneously, GCKS broadcasts r to its group membership _sAccordingly, the member is obtaining the r that GCKS broadcasting is come _sAfter, produce H (r _sm _i) could decipher the new polynomial f that comprises group key (x).H is a hash function hash function, and its form illustrates below.k _GroupMade up by the GCKS interlayer, detailed process is referring to 2, the 3 following steps.

2, the GCKS layer consults to make up group key

At the GCKS layer,, make up complete binary tree as much as possible according to network condition according to the requirement of group key management.The structure of key is divided into following two kinds of situations to be finished:

A. work as GCKS _iWhen not having the brotgher of node, GCKS _iDirectly finish negotiation with the corresponding brotgher of node as the father node of oneself with own; When not having the brotgher of node and during as root node, selecting s at random _i(s _i∈ (1,2 ..., q-1)) and calculate k _Group=H (s _iP) as group key;

B. work as GCKS _iWhen having the brotgher of node, GCKS _iWith the own certificate that obtains from the CA center the other side is authenticated earlier, authentication is passed through, and then finishes: GCKS _iSelect s at random _i∈ (1,2 ..., q-1), and calculate s _iP, P are that exponent number is a certain elliptic curve module G on the finite field of q ₁In a bit, exchange s between the brotgher of node _iP also calculates shared key between the two, and account form adopts carries out [7] based on the Bilinear Method of elliptic curve, promptly $k_{i_1{i}_2}=H\left(\hat{e}(s_{i_1}P,s_{i_2}P)\right)=H\left(\hat{e}{(P,P)}^{s_{i_1}{s}_{i_2}}\right),$ Wherein H satisfies: $H:G_2\→Z_q^{*}$ Be a hash function that uses SHA-1 or MD5, Z _q ^*Be a finite field on the q, G ₂Be to satisfy mapping $\hat{e}:G_1\×G_1\→G_2$ The exponent number of bilinearity mapping be a certain elliptic curve multiplicative group on the finite field of q.The GCKS on upper strata _Ij(expression GCKS _iBetween the upper strata GCKS that consults) between when consulting to make up the GCKS on its upper strata, select $s_{\mathrm{ij}}=k_{\mathrm{ij}}\∈Z_q^{*},$ Finish in the same way,, produce up to the center GCKS that arrives top layer $k_{\mathrm{group}}=H\left(\hat{e}(s_{i}P,s_{j}P)\right)=H\left(\hat{e}{(P,P)}^{s_i{s}_j}\right).$

3, the GCKS distribution function that makes up group key with the function and the group key of first two steps,

GCKS _iObtain group key k _GroupAfter, k _GroupAs f (x)=(∏ (x-H (r _sm _i))+k _Group) k among the modq _GroupIssue the group membership, the H (r of group membership's substitution oneself _sm _i) just can obtain group key k _Group

Below, we give an example, and this key of brief description makes up and distribution thought: as shown in Figure 5, multicast group comprises 8 son groups (i.e. 8 GCKS) and consults to have made up center GCKS ₁₈

As shown in Figure 5, bottom GCKS makes up the function that comprises group key with group membership's information, with GCKS ₁Be example.If the group member is M ₁, as new member M ₂When entering, GCKS makes up f (x)=((x-H (r _sm ₁)) (x-H (r _sm ₂))+k _Group) modq, fashionable whenever there being the newcomer to add, all finish similar operation; In a certain moment, functional form is f (x)=(∏ (x-H (r _sm _i))+k _Group) modq, member M _j1,2 leave (j can be: ... among the n any one), then GCKS makes up $f\left(x\right)=(\underset{i\≠j}{\mathrm{\Π}}(x-H\left(r_s^{\′}{m}_i\right)+{k^{\′}}_{\mathrm{group}})\mathrm{mofq},$ And r ' _sIssue group membership, wherein k ' in the lump with above-mentioned function _GroupConsult to make up from the GCKS layer on upper strata.

Consulting to make up the group key district, according to above-mentioned steps 2, GCKS ₁And GCKS ₂Between, GCKS ₁To GCKS ₂Send s ₁P, GCKS ₂To GCKS ₁Send s ₂P, both sides all calculate $k_{12}=H\left(\hat{e}(s_{1}P,s_{2}P)\right)=H\left(\hat{e}{(P,P)}^{s_1{s}_2}\right),$ And virtual GCKS district, GCKS ₁₂Select $s_{12}=k_{12}\∈Z_q^{*},$ GCKS ₃₄Select $s_{34}=k_{34}\∈Z_q^{*},$ Calculate s then respectively ₁₂P and s ₃₄P also passes to its brotgher of node with result of calculation, and both sides all calculate $k_{34}=H\left(\hat{e}(s_{12}P,s_{34}P)\right)=H\left(\hat{e}{(P,P)}^{s_{12}{s}_{34}}\right).$ Finish in this manner, the key that produces when arriving root node is group key always.Group key in the example as shown in Figure 5 then is $k_{\mathrm{group}}=k_{18}=H\left(\hat{e}(s_{14}P,s_{58}P)\right)=H\left(\hat{e}{(P,P)}^{s_{14}{s}_{58}}\right).$

At last, GCKS _iComprise the information of group key to group membership's multicast, whole key makes up and distribution is finished.

Claims (10)

1, a kind of safe multicasting method based on MIPv6 is characterized in that: it comprises authentication center 1, group membership 2, multicast source 3 and GCKS4;

Wherein, authentication center 1 is used for authentication and the distributing certificates to group membership and multicast source and GCKS;

GCKS4 is used for group membership 2 is carried out the distribution of access registration authentication, key updating message, is used for transmitting to couple in router group membership 2 information list; Being used for carrying out security association with multicast source consults; Be used for consulting between GCKS to make up group key;

Multicast source 3 is used for sending multicast packet by intermediate router to group membership 2;

Group membership 2 is used to obtain multicast packet.

2, a kind of safe multicasting method based on MIPv6 according to claim 1 is characterized in that: the CA dispositions method of PKI PKIX is adopted at described CA center; The form of distributing certificates adopts based on form X.509; Be used among the described GCKS carrying out the cryptographic algorithm that security association consults to comprise use with multicast source, encryption key, and the parameter of SA is as { source ip, purpose ip, spi}, and specify spi by GCKS.

3, a kind of safe multicasting method based on MIPv6 according to claim 1 is characterized in that: described GCKS finishes after the authentication of group membership's access registration, is to send group membership's tabulation to couple in router.

4, a kind of safe multicasting method based on MIPv6 according to claim 1, it is characterized in that: described couple in router can be a plurality of.

5, a kind of safe multicasting step based on MIPv6, its step comprises:

A. at first the CA center authenticates and distributing certificates GCKS;

The B.CA center is to potential group membership and multicast source authentication and distributing certificates;

C. couple in router sends multicast path by intercepting message;

D. potential group membership sends login request message to GCKS, shows to add multicast group;

E.GCKS sends the register requirement response message to potential group membership, makes potential group membership become the group membership;

F.GCKS is to group membership's multicast group key k _Group

G.GCKS applies for that to the group membership Router that adds sends believable member's tabulation;

H. couple in router transmission MLD replys and determines that potential group membership adds multicast group;

I.GCKS and multicast source negotiation to establish safety relation;

J. multicast source k _GroupThe encrypted group broadcast data by couple in router to the multicast group multicast data forwarding.

6, a kind of safe multicasting step based on MIPv6 according to claim 5 is characterized in that: among described steps A, the B, GCKS and member obtain to finish when certificate can be real time communication, also can finish in advance at one's leisure; Among the described step B, comprise the GCKS information in the steps A; Among the described step D, can determine that this files an application to those GCKS by the GCKS information among the B; Described step D, E are the mutual authentications of carrying out under GCKS and member obtain situation at the certificate at CA center; Described step F, G do not have tangible sequencing, even can finish simultaneously.

7, a kind of safe multicasting step based on MIPv6 according to claim 5 is characterized in that: described safe multicasting step comprises that also potential group membership's adding and the group membership through the authentication of CA center leaves; Potential group membership adds step and comprises:

A) the potential group membership who obtains certificate makes it become the group membership to multicast group of GCKS application requirement adding;

B) group membership sends m to GCKS _i, GCKS recomputates f (x)=(∏ (x-H (r _sm _i))+k _Group) modq, comprising the new group key of GCKS negotiation structure on upper strata;

C) GCKS and multicast source are consulted to set up new SA, and comprise new group key;

D) GCKS tabulates to couple in router update group member;

E) multicast source sends multicast packet to the group membership;

The group membership leaves step:

A) GCKS recomputates f (x)=(∏ (x-H (r _sm _i))+k _Group) modq, comprising the new group key of GCKS negotiation structure on upper strata;

B) GCKS and multicast source are consulted to set up new SA, and comprise new group key;

C) GCKS tabulates to couple in router update group member;

D) multicast source sends multicast packet to the group membership.

8, a kind of safe multicasting step based on MIPv6 according to claim 5 is characterized in that: described group key k _GroupManagement by the following method, at first determine by network conditions whether GCKS is divided into the GCKS and the virtual GCKS in upper strata of bottom reality, when network conditions determined that GCKS is divided into the virtual GCKS in the GCKS of bottom reality and upper strata, group cipher key negotiation between the virtual GCKS in upper strata and the negotiation of carrying out SA with multicast source were finished by the GCKS of bottom reality; The virtual GCKS in upper strata builds up complete binary tree; When network conditions not need to determine to make up the virtual GCKS in upper strata, then the GCKS by the bottom reality finished the negotiation of carrying out SA with multicast source; Network conditions is to stipulate according to the logical partitioning of region or multicast address or safe class or above-mentioned three's combination.

9, a kind of safe multicasting step based on MIPv6 according to claim 5 is characterized in that: described group key k _GroupConstruction method is:

A) group membership sends the key material m that makes up subgroup key to GCKS _i, corresponding GCKS makes up

F (x)=(∏ (x-H (r _sm _i))+k _Group) form of modq comprises group key k _Group

B) make up group key between GCKS;

C) GCKS of bottom is obtaining b) in behind the group key that builds, as the k in a) _Group, and with r _sWith

F (x)=(∏ (x-H (r _sm _i))+k _Group) modq issues the group membership.

10, a kind of safe multicasting step based on MIPv6 according to claim 5 is characterized in that: in the described steps A, carry out as follows:

A1. the group membership by the GCKS authentication sends a random number m to GCKS _i, the GCKS m of all members in the group _iAnd selection random number r _sMake up f (x)=(∏ (x-H (r _sm _i))+k _Group) multinomial that comprises group key of modq form, wherein, r _sTo group membership's multicast (or broadcasting); And k _GroupFrom the group key that makes up among the step b;

A2. add as the member fashionable, as M _I+1Add multicast group, then GCKS selects new r ' _sAnd rebuild

F ' (x)=((x-H (r ' _sm _I+1)) ∏ (x-H (r ' _sm _i))+k ' _Group) modq, wherein, r ' _sAgain choose by GCKS, and to new group member's multicast (or broadcasting), and k ' _GroupNegotiation again from following step b makes up;

A3. leave as the member, as M _kLeave, then GCKS makes up the new M that do not comprise _kInformation

$f^{\′\′}\left(x\right)=(\underset{i\≠k}{\mathrm{\Π}}(x-H\left({r^{\′\′}}_s{m}_i\right))+{k^{\′\′}}_{\mathrm{group}})\mathrm{mod}q,$ Wherein, r " _sAgain choose by GCKS, and

To group member's multicast (or broadcasting), and k " _GroupThen come among the following step b and to consult again to make up;

Carry out as follows in the step b) that described key makes up:

GCKS when bottom _iWhen not having the brotgher of node, GCKS _iDirectly finish negotiation with the corresponding brotgher of node as the father node of oneself with own; When not having the brotgher of node and during as root node, selecting s at random _i(s _i∈ (1,2 ..., q-1)) and calculate k _Group=H (s _iP) as group key;

GCKS when bottom _iWhen having the brotgher of node, GCKS _iWith the own certificate that obtains from the CA center the other side is authenticated earlier, authentication is passed through, and then finishes: GCKS _iSelect s at random _i∈ (1,2 ..., q-1), and calculate s _iP, P are that exponent number is a certain elliptic curve module G on the finite field of q ₁In a bit, exchange s between the brotgher of node _iP also calculates shared key between the two, and account form adopts to advance based on the Bilinear Method of elliptic curve, promptly $k_{i_1{i}_2}=H\left(\hat{e}(s_{i_1}P,s_{i_2}P)\right)=H\left(\hat{e}{(P,P)}^{s_{i_1}{s}_{i_2}}\right),$ Wherein H satisfies: $H:G_2\→Z_q^{*}$ Be a hash function that uses SHA-1 or MD5, G ₂Be to satisfy mapping $\hat{e}:G_1\×G_1\→G_2$ The exponent number of bilinearity mapping be a certain elliptic curve multiplicative group on the finite field of q; The GCKS on upper strata _Ij(expression GCKS _iBetween the upper strata GCKS that consults) between when consulting to make up the GCKS on its upper strata, select $s_{\mathrm{ij}}=k_{\mathrm{ij}}\∈Z_q^{*},$ Finish in the same way,, produce up to the center GCKS that arrives top layer $k_{\mathrm{group}}=H\left(\hat{e}(s_{i}P,s_{j}P)\right)=H\left(\hat{e}{(P,P)}^{s_i,s_j}\right);$

The step C that described key makes up is included in GCKS when group membership's transmission comprises the information of group key, sends f (x)=(∏ (x-H (r that GCKS makes up simultaneously _sm _i))+k _Group) employed current r during modq _s, the group membership is obtaining current r _sAfter calculate H (r _sm _i) could calculate the acquisition group key.

Images