CN102255724B - Hypergraph-model-based multicast key management method - Google Patents

Abstract

The invention relates to the field of security related application of key management in an information security technology, in particular to a centralized key management method, which comprises (1) an establishment stage, (2) the addition of a member to key hypergraph updating and (3) the quitting of the member from the key hypergraph updating. When the member is added, three key updating messages are required by a hypergraph-based key management scheme and are given by formulae shown in the description. In the scheme, a hypergraph theory is utilized to effectively reduce a key storage space of a key server, the key storage space of the group member and server encryption overhead in the addition of the group member, ensure the forward security and backward security of a security group and achieve high extensibility.

Description

A kind of key management method for multicast based on hypergraph model

Technical field

The present invention relates to the safety-relevant applications field of key management in information security technology, relate in particular to a kind of centralized key Managed Solution.

Background technology

Effectively multicast key management scheme is the basis of safe multicasting.Cast communication must guarantee that legal person can receive multicast packet, guarantees that illegal entity can not receive multicast packet simultaneously.Meanwhile, cast communication should provide the security services such as the confidentiality of authentication, integrity check and data.These security mechanisms rely on the encryption of one or more keys to realize conventionally.Managing these keys is challenging difficult problems, adds continually or exits especially group membership.

Researcher has proposed the multicast key management scheme of some at present, mainly be divided three classes: 1. centralized key Managed Solution (Centralized group key management protocols), as document [1] (C.K.Wang, S.Lam, Secure group communication using key graph, IEEE/ACMTransaction on networking, 8 (1), pp16-30, 2000.). 2. distributing key managing project (Decentralized group key management protocols), as document [2] (Mittra.S, Iolus:A framework for scalable secure multicasting, ACMSIGCOMM, 27 (4), PP.227-288). 3. distributed key management scheme (Distributed group keymanagement protocols).As document [3] (Boyd.C, On key agreement and conferencekey agreement, In proceedings of the information security and privacy:Australasian conference.Lecture notes in computer science, vol.1270.Springer-Verlag, New York, pp.294-302,1997).

The present invention proposes a kind of centralized key managing project that is suitable for.The present invention utilizes Hypergraph Theory to set up safe multicasting key management model.Hypergraph H=(V, E) comprises vertex set V={v ₁, v ₂..., v _tand super limit set E={E ₁, E ₂..., E _m, every super limit E _ja nonvoid subset of V, and all super limit E _junion be V.E _jit is a finite aggregate and its radix k>=1.

In the present invention, member's cipher key relation can be regarded as a hypergraph H=(U, E), and U is member's set of a secure group, and a group membership regards a summit of hypergraph, E as _i(K ⁱ) be group membership's subclass (super limit), have identical subgroup key (or group key) K ⁱ∈ K.

Summary of the invention

Main purpose of the present invention is to provide a kind of centralized multicast key management scheme, and key server is responsible for generation, distribution, renewal of key etc.

Technical scheme of the present invention is as follows:

Suppose that the current whole network system is that safe and all members and key server are trusty.In the cipher key management procedures of carrying out, key server plays a part very important.

In order to simplify agreement below, use following symbol:

In agreement below, need to use following symbol: 1) if it is the member of that x → y:z represents 1. y, the transmission message z from x to y; If 2. y is that member gathers, the transmission of message z is exactly the each member in from x to y; 2) { m} _krepresent with key k encrypting messages m; 3) if A, B is two set, $A-B=\mathrm{A\∩}\stackrel{\‾}{B}.$

Based on a key managing project for hypergraph, comprising:

(1) establishment stage

Be provided with the believable group of GC of control centre of a responsible group access control and key management, and this GC is group membership's distributed key and maintains the relation between member's key.First, GC sets up key hypergraph.The member of secure group is corresponding to the summit of key hypergraph, super limit E _i(K ⁱ) representing member's set, and these member's shared Sub group keys K ⁱ.A given key hypergraph H, super limit set (safe subgroup) intersects at summit GC between two.Key K of selection that GC is random ⁰, as the master key of secure group, and master key is distributed to all members safely.Group membership is certified and join in secure group, and each member and GC share a key u _i, be called member's individual key.

2) member adds key hypergraph to upgrade

Suppose that member u sends and joins request to GC.The permission if joined request, GC is the individual key k to member u by safe channel distribution _u.After this member adds secure group, a new secure group has just formed.GC must upgrade group key by the channel of safety, subgroup key carrys out more new key hypergraph, and member u joins in a subgroup and in this subgroup and adds summit u.

Agreeing to that u adds subgroup E _i(K ⁱ) after, GC is new key hypergraph more.GC adds u-summit to super limit E _i(K ⁱ), and by individual key k _ube distributed to safely u, in order to realize backward fail safe, the group key K of hypergraph ⁰with super limit E _i(K ⁱ) subgroup key K ⁱmust upgrade.Super limit comprises the super limit that adds member u, is referred to as to add excess of imports limit.

For backward fail safe, the group key and the subgroup key that add excess of imports limit must upgrade.GC generates at random new group key, adds after the subgroup key on excess of imports limit, and GC needs safely to legal group membership's distributed key updating message.

Key updating message is constructed in the following way.For member u, join a safe subgroup E _i(K ⁱ), add excess of imports limit E _i(K ⁱ) subgroup key K ⁱmust upgrade group key K ⁰must upgrade and be sent to safely all legal group memberships.In addition the lastest imformation of key,

send to and add member u.

When a member adds fashionablely, based on the key managing project of hypergraph, need three key updating message, by lower formula, provided:

$1)\mathrm{GC}\→\{U-E_i\left(K^i\right)\}:{\left\{K^{0\′}\right\}}_{K^0}$

$2)\mathrm{GC}\→\{E_i\left(K^i\right)\}:{\{K^{0\′},K^{i\′}\}}_{K^i}$

$3)\mathrm{GC}\→\{u\}:{\{K^{0\′},K^{i\′}\}}_{k_u}$

For a member, join a key hypergraph, IKMP is:

1) u → GC: join super limit E _i(K ⁱ) request;

2) GC → u: certified member u, the generation individual key k that GC is random _uand distributed key k safely _ugive member u;

3) GC: new key K is organized in random generation ⁰' and subgroup key K ⁱ' and carry out following steps;

$4)\mathrm{GC}\→\{U-E_i\left(K^i\right)\}:{\left\{K^{0\′}\right\}}_{K^0}$

$5)\mathrm{GC}\→\{E_i\left(K^i\right)\}:{\{K^{0\′},K^{i\′}\}}_{K^i}$

$6)\mathrm{GC}\→\{u\}:{\{K^{0\′},K^{i\′}\}}_{k_u}$

(3) member exits the renewal of key hypergraph

Agree to the request of leaving of a member u, GC leaves by deleting u summit the super limit E that comprises member u _i(K ⁱ) carry out more new key hypergraph.For forward security, group key and the subgroup key that leaves super limit need renewal, comprise the super limit of leaving member u and be called and leave super limit, GC and key updating message safety be distributed to corresponding group membership.

For the super limit E of leaving of member u _i(K ⁱ), for forward security, leave the subgroup key K on super limit ⁱneed to upgrade, simultaneously group key K ⁰also need to upgrade.For leaving super limit E ₃(K ³), the each member who leaves in super limit, must upgrade two keys, i.e. a subgroup key K ⁱwith a group key K ⁰.GC is by encrypting new key K with suitable key-encrypting key ⁰' and K ⁱ'.As for other the super limit except leaving super limit, GC is by carrying out encrypted set key K with their subgroup key ⁰' build key updating message.These key updating message are multicasted to corresponding subgroup subsequently respectively.

The key hypergraph of key updating protocol leave to(for) a member u is represented by step below:

1) u → GC: super limit E is left in request _i(K ⁱ)

2) GC → u: agree to leave;

3) GC: generate at random new group key K ⁰' and leave the subgroup key K on super limit ⁱ';

4) for the super limit E of key hypergraph _j, j ≠ i,

5) for leaving super limit E _i(K ⁱ) each member u _j, have u _j≠ u,

If n=m × l, wherein n is the group membership's of secure group number.L is an integer and n is divided into l subgroup.This process need (l-1)+(m-1)=l+m-2 bar key updating message.The encryption overhead of GC is (l-1)+(m-1)=l+m-2, and wherein (l-1) expression (l-1) individual subgroup need to be upgraded their subgroup key; (m-1) represent (m-1) individual subgroup Ei member, need to utilize independently their individual key to upgrade their group key and subgroup key.

Beneficial effect of the present invention is as follows:

By n=m × l, $l+m\≥\sqrt{\mathrm{lm}}=\sqrt{n},$ Now $l=m=\sqrt{n}.$ So, when $l=m=\sqrt{n},$ The number of keys of key server storage is

wherein n individual key,

individual subgroup key and 1 group key.Document [1] (C.K.Wang, S.Lam, Secure group communication using keygraph, IEEE/ACM Transaction on networking, 8 (1), pp16-30,2000.) in scheme, the key of key server storage is [d/ (d-1)] × n, the degree that wherein d is key tree.The number of keys that each group membership need to store is 3, i.e. 1 group key, 1 subgroup key and one by one body key.Scheme in document [1], the number of keys that each group membership need to store is log _d ⁿ+ 1.When a member adds key hypergraph, the encryption overhead of key server is 3, sees that member adds key updating part.Scheme in document [1], when a member adds key tree, the encryption overhead of key server is 2log _d ⁿ-1.When a member exits key hypergraph, the encryption overhead of key server is

labor is shown in that member exits key updating part.Scheme in document [1], when a member exits key tree, the encryption overhead of key server is (d+2) (1og ₂ ⁿ-1)/2.

So, the present invention and document [1] (C.K.Wang, S.Lam, Secure group communicationusing key graph, IEEE/ACM Transaction on networking, 8 (1), pp16-30,2000.) key tree is compared, and has reduced significantly the key storage expense of key server, (as when document [1] and the ratio of the key managing project storage overhead based on hypergraph model of our suggestion being

so the storage overhead of the key server of the key managing project based on hypergraph model is few); The storage overhead that has reduced group membership (is (log as worked as document [1] with the ratio of the key managing project storage overhead based on hypergraph model of our suggestion _d ⁿ+ 1): 3, as n → ∞, ratio trends towards infinity, so member's key storage expense of the key managing project based on hypergraph model is few) and reduced the encryption overhead that member adds fashionable key server (as the key managing project based on hypergraph model when document [1] and our suggestion when the ratio that a member adds the encryption overhead of fashionable key server be (2log _d ⁿ-1): 3, as n → ∞, ratio trends towards infinity, so that the member of the key managing project based on hypergraph model adds fashionable encryption overhead is few).

This scheme is utilized Hypergraph Theory, has effectively reduced the key storage space of key server, group membership's key storage space and group membership adds fashionable server for encrypting expense, has guaranteed safe group's forward and backward fail safe, is with good expansibility.The weak point of this scheme: cipher key service center is perfectly safe.

Accompanying drawing explanation

Fig. 1 is member u ₁₀add the variation of rear key hypergraph.

Fig. 2 is member u ₉the variation of the key hypergraph before and after leaving.

Embodiment

Below in conjunction with example, the present invention is described further.

(1) establishment stage

Be provided with the believable group of GC of control centre of a responsible group access control and key management, and this GC is group membership's distributed key and maintains the relation between member's key.First, GC sets up key hypergraph.The member of secure group has GC, u ₁, u ₂, u ₃, u ₄, u ₅, u ₆, u ₇, u ₈, u ₉correspond respectively to the summit of key hypergraph, super limit E ₁(K ¹)={ u ₁, u ₂, u ₃, u ₄, E ₂(K ²)={ u ₅, u ₆, E ₃(K ³)={ u ₇, u ₈, u ₉representing group membership's set, and these members shared Sub group key K respectively ¹, K ², K ³.A given key hypergraph H, super limit set (safe subgroup) intersects at summit GC between two.Key K of selection that GC is random ⁰, as the master key of secure group, and all being distributed to of master key safety members.Group membership is certified and enter into secure group, and each member and GC share a key k _i, (i=1,2 ..., 9), be called member's individual key.

(1) member adds key hypergraph to upgrade

As shown in Figure 1, suppose member u ₁₀be agreed and join safe subgroup E ₃(K ³).This adds excess of imports limit is E ₃(K ³).Subgroup key is from K ³change to K ³', group key is from K ⁰change to K ⁰'.Member u ₁, u ₂, u ₃, u ₄, u ₅, u ₆need to upgrade group key K ⁰for K ⁰', member u ₇, u ₈, u ₉and u ₁₀need to upgrade respectively group key and subgroup key K ⁰, K ³for K ⁰', K ³'.

As shown in Figure 1, to member u ₁₀join secure group, GC need to send key updating information below.

$1)\mathrm{GC}\→\{u_1,u_2,u_3,u_4,u_5,u_6\}:{\left\{K^{0\′}\right\}}_{K^0}$

$2)\mathrm{GC}\→\{u_7,u_8,u_9\}:{\{K^{0\′},K^{3\′}\}}_{K^3}$

$3)\mathrm{GC}\→\{u_{10}\}:{\{K^{0\′},K^{3\′}\}}_{k_{10}}$

(2) member leaves the renewal of key hypergraph

As shown in Figure 2, suppose member u ₉agree to leave secure group.In key hypergraph, leaving super limit is E ₃(K ³).For forward security, group key is from K ⁰be updated to K ⁰', leave super limit E ₃(K ³) subgroup key from K ³be updated to K ³'.Member u ₁, u ₂, u ₃, u ₄, u ₅, u ₆only need to upgrade group key from K ⁰to K ⁰', leave the member u on super limit ₇and u ₈need to upgrade respectively group key and subgroup key from K ⁰, K ³for K ⁰', K ³'.

After a member leaves, for distributed key updating message is safely given corresponding member.As shown in Figure 2, for member u ₉leave key hypergraph, GC need to send following key updating message:

$1)\mathrm{GC}\→\{u_1,u_2,u_3,u_4\}:{\left\{K^{0\′}\right\}}_{K^1}$

$2)\mathrm{GC}\→\{u_5,u_6\}:{\left\{K^{0\′}\right\}}_{K^2}$

$3)\mathrm{GC}\→\{u_7\}:{\{K^{0\′},K^{3\′}\}}_{k_7}$

$4)\mathrm{GC}\→\{u_8\}:{\{K^{0\′},K^{3\′}\}}_{k_8}$

Claims (1)

1. the key management method for multicast based on hypergraph model, is characterized in that, described method is as follows:

Suppose that the current whole network system is that safe and all members and key server are trusty;

In agreement below, need to use following symbol: 1) if x → y:z represents that 1. y is a member, the transmission message z from x to y; If 2. y is that member gathers, the transmission of message z is exactly the each member in from x to y; 2) { m} _krepresent with key k encrypting messages m; 3) if A, B is two set, $A-B=A\∩\stackrel{\‾}{B};$

This method comprises:

(1) establishment stage:

Be provided with the believable group of GC of control centre of a responsible group access control and key management, and this GC is group membership's distributed key and maintains the relation between member's key; First, GC sets up key hypergraph; The member of secure group is corresponding to the summit of key hypergraph, super limit E _i(K ⁱ) representing member's set, and these member's shared Sub group keys K ⁱ; A given key hypergraph H, super limit aggregation security subgroup intersects at summit GC between two; GC selects the master key K of secure group randomly ⁰, and master key is distributed to all members safely; Group membership is certified and join in secure group, and each member and GC share a key u _i, be called member's individual key;

(2) member adds key hypergraph to upgrade

Suppose that member u sends and joins request to GC; The permission if joined request, GC sends individual key k by safe channel _u; After member u adds secure group, a new secure group has just formed; GC must upgrade group key by the channel of safety, subgroup key carrys out more new key hypergraph, and member u joins in a subgroup and in this subgroup and adds summit u; Agreeing to that u adds subgroup E _i(K ⁱ) after, GC is new key hypergraph more; GC adds u-summit to super limit E _i(K ⁱ), and by individual key k _ube distributed to safely u, in order to realize backward fail safe, the group key K of hypergraph ⁰with super limit E _i(K ⁱ) subgroup key K ⁱneed to upgrade; In the present invention, in super limit, comprise the super limit that adds member u, be referred to as to add excess of imports limit;

For a member, join key hypergraph, IKMP is as follows:

1) u → GC: join super limit E _i(K ⁱ) request;

2) GC → u: certified member u, the generation individual key k that GC is random _uand distributed key k safely _ugive member u;

3) GC: produce at random new group key K ⁰' and subgroup key K ⁱ' and carry out following steps;

$4)\mathrm{GC}\→\{U-E_i\left(K^i\right)\}:{\left\{K^{0^{\′}}\right\}}_{K^0}$

$5)\mathrm{GC}\→\{E_i\left(K^i\right)\}:{\{K^{0^{\′}},K^{i^{\′}}\}}_{K^i}$

6）GC→{u}:{K ⁰',K ⁱ'} _k

(3) member exits the renewal of key hypergraph

Agree to the request of leaving of a member u, GC comprises the super limit E that leaves member u by deletion _i(K ⁱ) the summit u of u carrys out more new key hypergraph; Comprise the super limit of leaving member u and be called and leave super limit, simultaneously GC by key updating message safety be distributed to corresponding group membership;

For the super limit E of leaving of member u _i(K ⁱ), for forward security, leave the subgroup key K on super limit ⁱneed to upgrade, simultaneously group key K ⁰also need to upgrade; For leaving super limit E _i(K ⁱ), the each member who leaves in super limit, must upgrade two keys, i.e. a subgroup key K ⁱwith a group key K ⁰; GC is by encrypting new key K with suitable key-encrypting key ⁰' and K ⁱ'; As for other the super limit except leaving super limit, GC is by carrying out encrypted set key K with their subgroup key ⁰' build key updating message; These key updating message are multicasted to corresponding subgroup subsequently respectively;

The key hypergraph of key updating protocol leave to(for) a member u is represented by step below:

1) u → GC: super limit E is left in request _i(K ⁱ)

2) GC → u: agree to leave;

3) GC: generate at random new group key K ⁰' and leave the subgroup key K on super limit ⁱ';

4) for the super limit E of key hypergraph _j, j ≠ i,

5) for leaving super limit E _i(K ⁱ) each member u _j, have u _j≠ u,

if n=m × s, wherein n is the group membership's of secure group number; S is an integer and n is divided into s subgroup; This process need (s-1)+(m-1)=s+m-2 bar key updating message; The encryption overhead of GC is (s-1)+(m-1)=s+m-2, and wherein (s-1) expression (s-1) individual subgroup need to be upgraded their subgroup key; (m-1) represent (m-1) individual subgroup E _imember, need to utilize their individual key to upgrade their group key and subgroup key independently.

Images