CN103997463B - A kind of nerve of a covering safe multicasting method of low overhead - Google Patents
A kind of nerve of a covering safe multicasting method of low overhead Download PDFInfo
- Publication number
- CN103997463B CN103997463B CN201410223572.6A CN201410223572A CN103997463B CN 103997463 B CN103997463 B CN 103997463B CN 201410223572 A CN201410223572 A CN 201410223572A CN 103997463 B CN103997463 B CN 103997463B
- Authority
- CN
- China
- Prior art keywords
- node
- multicast
- data
- key
- module
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Landscapes
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention discloses a kind of nerve of a covering safe multicasting methods of low overhead, it is related to data communication technology field, is especially used for the data safety high efficiency of transmission of nerve of a covering.Multicast tree is constructed using bottom-up layering clustering algorithm, by cutting the son node number of cluster head, so that the control algolithm complexity of all node maintenance topological relations is constant, guarantees that node overheads do not increase with group scale and aggravated;Self-balancing binary tree algorithm is used in cluster, constructs multicast distribution path, guarantees to reduce data delay while system stability;Using key strategy is distinguished when data distribution, the 0th node layer and 0 node layer of Fei use different key strategies, carry out encrypted transmission to data, provide Information Security.
Description
Technical field
The invention discloses a kind of nerve of a covering safe multicasting methods of low overhead, it is related to data communication technology field, special
It is not the data safe transmission method for nerve of a covering.By the addition again of child node, reduces node and forward expense, using differentiation
Key strategy improves the safety of data under the premise of guaranteed efficiency.
Background technique
The multicast application in Internet nerve of a covering requires the reliable transmission of data, such as video council to some extent at present
View, online game, interactive simulation.Reliable multicast is exactly to be directed to different applications to realize different degrees of, different desired data
Reliable transmission, the cast communication of guaranteed reliability not will be unable to the popularization and application in Internet.Previous reliable multicast is ground
Study carefully both for IP multicast, and IP multicast itself, since technology and non-technique factors can not still be popularized at present, this results in being based on
There are many limitations for the application of IP layers of reliable multicast.
Application layer multicast does not need the features such as the support of router, architecture without changing legacy network because of it
The flexibility that is shown and be widely used.However node can freely exit multicast tree, in node failure or after exiting, it is sub
The multicast connects of node are forced to interrupt.Therefore, how to reduce node and exit rear bring Transmission, be that application layer multicast tree is steady
Qualitative main problem.
NICE agreement most widely used at present mainly takes the node cluster thought of stratification.It can be supported largely not
Same data transfer tree, there is stronger scalability.In NICE agreement, it is assumed that k is cluster size, and N is node number, node control
Topological complexity processed is kO (logkN), increase with the increase of N, when N is bigger, node control topological complexity is very big,
Very big burden is caused to node capacity, be may cause node exception, is influenced entire multicast performance.
Secondly, NICE agreement does not account for the safe transmission of data, in charging video, industry internal data is shared, protects
On privacy of user, there are major defects.
Summary of the invention
Technical problem to be solved by the invention is to provide a kind of nerve of a covering safe multicasting methods of low node overheads.
The technical scheme adopted by the invention is that: a kind of nerve of a covering safe multicasting method of low overhead, based on by multicast
Management server end, the network architecture of multicast key server end and multiple nodes composition, comprising the following steps:
Step 1: when system starts, multicast management server end detects the node letter of all survivals present in current network
Breath, and construct a global control network topology structure.Multicast management server end uses bottom-up layering clustering algorithm
Multicast tree is constructed, by cutting the son node number of cluster head, so that the control topological complexity of all nodes is constant, to guarantee
Node overheads do not increase with group scale and are aggravated.Multicast management server end is responsible for the addition of control node and is exited, and node adds
Enter the behavior before rear and node exits to be responsible for by the client of node by its father node, to mitigate multicast management server end
Expense;The client of node completes the reliable transmission of data by Unified Data Transport interface.
Step 2: multicast is added in node.Ingress to be added sends to be added and ask by its client to multicast management server end
It asks, top mode address is fed back to the client of ingress to be added by multicast management server end;Ingress to be added is to top layer section
Point, which is sent, is added request, and calculating and the round-trip delay between top mode and the child node of top mode;Ingress to be added after
Continue to send to the smallest node of round-trip delay and request is added, until the smallest node of round-trip delay is exactly that node sheet is added in request
Body or the smallest node of round-trip delay are leaf nodes, and at this moment the node is just used as the father node of ingress to be added.
Step 3: node exits multicast.Node, which exits multicast and is divided into, actively to be exited and abnormal exits.When node actively exits,
The client of node exits multicast request, the Multicast Routing reconstruct of multicast management server end to the transmission of multicast management server end
Module reconfigures Multicast Routing, and updated Multicast Routing is distributed to each node.It is in node when node exits extremely
Occur when exception or communication failure, the heartbeat respond module of multicast management server end does not all receive in 3 heart beat cycles
To the heartbeat message of node, then judge that the node exits extremely, the Multicast Routing reconstructed module of multicast management server end is again
Multicast Routing is constructed, and updated Multicast Routing is distributed to each node.
Step 4: building multicast distribution path.A node is chosen in all nodes for participating in multicast as multicast distribution
Source, using multicast distribution source as root node, according to set membership between cluster head node and bunch member node, between cluster interior nodes according to from
Balanced binary tree algorithm constructs multicast distribution path.
Step 5: multicast key server end generates and issues global key.Using differentiation key plan when data distribution
Slightly, the 0th node layer and 0 node layer of Fei use different key strategies, carry out encrypted transmission to data, provide data safety
Property.Point-to-point key mode is used between 0th node layer, non-0th node layer uses global secret mode.On multicast distribution path
Belong to the 0th node layer of set membership, point-to-point key is determined by handshake method between each other;Non- 0th node layer, using group
Broadcast the global unified key of key server end broadcast.
Step 6: the data distribution between non-0th node layer.The data reception module of multicast distribution source node client, monitoring
To needing to distribute data, data encryption module is called the unified key of the overall situation in key management module, is added to distribution data
Close, data forwarding module searches the next-hop node in local routing management module, by encrypted data distribution to next-hop
Node.
Step 7: the data distribution between non-0th node layer and the 0th node layer.The multicast of the cluster head node of 0th node layer connects
Module is received, the distribution data that upper hop is sent are received, data decryption module calls the overall situation in key management module unified close
Key is decrypted distribution data, and the data after decryption is stored in local.Data forwarding module searches local routing management
Next-hop node in module, data encryption module are point-to-point close between next-hop node from obtaining in key management module
Key encrypts distribution data, by encrypted data distribution to next-hop node.
Step 8: the data distribution between the 0th node layer.The multicast reception module of cluster interior nodes, receives from upper hop
Distribute data, data decryption module is from the point-to-point key obtained between upper hop node in key management module, to distribution
Data are decrypted, and the data after decryption are stored in local.Data forwarding module is searched in local routing management module
Next-hop node, data encryption module from key management module obtain and next-hop node between point-to-point key, to point
Hair data are encrypted, by encrypted data distribution to next-hop node.
Compared with prior art, the present invention having its following distinguishing feature:
(1) it proposes to reduce node control topological complexity method: the rudimentary child node by redistributing cluster head node, from
And guarantee that the control topological complexity of cluster head node is a constant.
(2) when cluster internal data is distributed, distribution path is constructed using self-balancing binary tree algorithm, improves data distribution effect
Rate.
(3) security mechanism is added in data distribution, data safety is greatly improved: using global unified close between cluster head node
Key mechanism, non-cluster head node inside use point-to-point key mechanism, under the premise of ensureing safety, improve system stability.
The invention is suitble to extensive multicast application, is reduced using layering sub-clustering management strategy by the addition again of child node
The data forwarding of node loads, and improves Stability of Multicast Trees in Cumulative;Using self-balancing binary search tree --- red-black tree algorithm improves cluster
The data distribution efficiency of interior nodes;Using the encipherment scheme of differentiation, under the premise of not influencing efficiency as far as possible, improve data transfer
Safety.
As file distributing in industry field and streaming media demand are increasingly enhanced, using without changing network structure
Coating multicasting technology, which carries out safe and reliable data transmission, urgent need, and the present invention is with a wide range of applications.
Detailed description of the invention
Fig. 1 is multicast management server end function structure chart of the invention.
Fig. 2 is multicast key server end function structure chart of the invention.
Fig. 3 is multicast client function structure chart of the invention.
Fig. 4 is one of the control Topology g eneration procedure chart of nerve of a covering nodal hierarchy sub-clustering of the invention.
Fig. 5 is the two of the control Topology g eneration procedure chart of nerve of a covering nodal hierarchy sub-clustering of the invention.
Fig. 6 is the three of the control Topology g eneration procedure chart of nerve of a covering nodal hierarchy sub-clustering of the invention.
Fig. 7 is one of nerve of a covering node data distribution schematic diagram of the invention.
Fig. 8 is the two of nerve of a covering node data distribution schematic diagram of the invention.
Fig. 9 is the three of nerve of a covering node data distribution schematic diagram of the invention.
Figure 10 is layering sub-clustering multicast topology structure chart of the invention.
Figure 11 is multicast tree construction flow chart of the invention.
Figure 12 is multicast routing optimization flow chart of the invention.
Figure 13 is Multicast Routing security key flow chart of the invention.
Figure 14 is state feedback module flow chart of the invention.
Figure 15 is that simulated effect of the invention compares figure.
Specific embodiment
The present invention is used using the multicasting tree constructing method of layering sub-clustering by discharging the child node expense of cluster head node
Data separation encrypted transmission mode guarantees data security and improves the robustness of system while transmission.This system is come up from deployment
It divides, multicast management server end, multicast key server end and client can be divided into;Functionally divide, it can be with
It is divided into multicast management module, data distribution module, key management module.Its basic principle is as follows: using bottom-up layering
Clustering algorithm constructs multicast tree, by cutting the son node number of cluster head, so that the complexity of the maintenance control topology of all nodes
For constant, guarantee that node overheads do not increase with group scale and aggravated;Self-balancing binary tree algorithm is used in cluster, constructs multicast distribution
Path guarantees that system stability reduces data delay simultaneously;Using distinguishing key strategy, the 0th node layer and non-when data distribution
0th node layer uses different key strategies, carries out encrypted transmission to data, provides Information Security.
Basic skills of the invention is: when initialization, all nodes are all located at the 0th layer, and the 0th node layer is divided into size
For the cluster of k, cluster head node is chosen in each cluster, forms the 1st layer of member;Then the 1st node layer is divided into size is k
Cluster, choose cluster head node in each cluster, form the 2nd layer of member, while will be the non-1st in the child node of the 2nd layer of member
The node of layer member is transferred under the 1st layer of child node;And so on, the (i-1)-th node layer is divided into the cluster that size is k,
Cluster head node is chosen in each cluster, forms i-th layer of member, while by (i-1)-th layer of member's non-in the child node of i-th layer of member
Node is transferred under (i-1)-th layer of child node, and until top layer is 1 node, material is thus formed node maximum control topology is multiple
The multicast topology structure that miscellaneous degree is k.In cluster, using self-balancing binary tree algorithm, the data topology structure of thick interior nodes is constituted,
The expense of control node while guaranteeing timeliness.It is larger (low if frequently addition is exited for the dynamic of the 0th node layer
Performance leads to abnormal crash), and cluster head node stability is stronger, is encrypted using key strategy is distinguished to data transmission,
In non-0th layer of cluster when data distribution, adopted using unified global secret management strategy in the 0th layer of cluster interior nodes data distribution
With point-to-point key management strategy.According to this method, in extensive node administration, control topological complexity is a constant
K is not influenced by scale;Using self-balancing binary tree --- red-black tree algorithm can reduce the depth of tree, control topological complexity
It is cluster size for logk, k, this point-score method effectively reduces data forwarding delay;Using key strategy is distinguished, guaranteeing data
Reduce the influence to efficiency while safety to the greatest extent, this design scheme is on the leading domestic level in similar product.
Technical solution of the present invention is broadly divided into following three step:
Step 1, layering sub-clustering multicast distribution topological structure in, upper level node be responsible for forwarding data task, because
The control topological complexity of this upper level node directly influences the delay that bottom layer node receives data, and the higher delay of complexity is more
Greatly.The present invention shifts the son node number of upper level node, guarantees the control topological complexity of upper level node by balancing method of loads
For constant, reduces and forward data delay between upper level node, improve data distribution efficiency.
In step 2, building cluster when data distribution routing, using red black tree algorithm construction multicast distribution tree, red-black tree algorithm
It is a kind of self-balancing binary search tree, the cluster for being k for size, complexity is that logk is constant.It is calculated using balanced binary tree
The height of distribution tree in cluster, the forwarding load of balance cluster internal members, the cluster internal data that effectively shortens distribution can be effectively reduced in method
Delay.
Step 3 carries out encrypted transmission to data using differentiation key strategy.Pass through multicast tree Constructing Policy from bottom to top
Obtained multicast topology structure, available to draw a conclusion: the 0th lower dynamic of node layer performance is stronger, and the 1st layer or more
The joint behavior higher stability of layer is higher.The present invention using data encryption algorithm (Data Encryption Algorithm,
DEA there are two ways to) this symmetry algorithm encrypts data, often uses for key management strategy: first is that global unified
Key strategy, i.e., all nodes are by identical global secret come encrypting and decrypting data;Second is that point-to-point key strategy, i.e. two sections
Key between point is generated by the two nodes, and the key between different nodes is not identical.The advantages of method one is that forward node is straight
Switch through hair encryption data, forward efficiency and non-encrypted data are equivalent, the disadvantage is that node, which is dynamically added, exits operation frequency
When numerous, the more new key in whole nodes is needed, increases control overhead.The advantages of method two is that being dynamically added for node is exited only
The key for needing to regenerate itself and father node, child node, will not influence global secret, the disadvantage is that each node receives data
Afterwards, it requires first to decrypt, then by being transmitted further to next-hop with the encryption of the arranging key of next-hop node, substantially increase
The forwarding expense of node.Therefore the present invention is using key strategy is distinguished, in the stronger non-zero node layer of stability using global unified
Key uses point-to-point key in the 0th poor node layer of stability.By analysis, it is assumed that N is number of nodes, and k is that cluster is big
It is small, then use the number of nodes of global same key forUse the number of nodes of point-to-point key forCluster head node
Dynamic causes key to safeguard that complexity isKey caused by the dynamic of 0th node layer safeguards that complexity is 1.This side
Method under the premise of ensuring data security, greatly reduces the expense for bringing key to safeguard due to security mechanism.
Present invention is further described in detail with reference to the accompanying drawing.
The present invention is to realize the highly effective and safe multicast of covering network data, is based on NICE protocol frame, is adopted in multicast building
With equally loaded mechanism, cluster interior nodes obtain the distribution path of a balanced binary tree using red-black tree algorithm, close using distinguishing
Key strategy encryption data.Multicast management server end, multicast key server end and client are well arranged, and respective function is bright
Really, multicast management server end is the core of whole system, and the addition of responsible node is exited and the building of Multicast Routing, multicast
The generation and distribution of global secret are responsible in key server end, and client is responsible for the forwarding and reception of data.
A kind of nerve of a covering safe multicasting method of low overhead of the invention is based on multicast management server end, multicast key takes
The framework of business device end and multiple nodes composition.Multicast is installed on multicast management server and constructs software, is responsible for route construction, routing
Reconstruct, route distribution, interface response, trusted node verifying etc., abbreviation multicast management server end.Pacify on multicast key server
It fills key and generates and distribute with distribution software, responsible global secret management and global secret, abbreviation multicast key server end.It is multiple
It is respectively mounted multicast node on node and receives software, is responsible for local Multicast Routing and data distribution, abbreviation multicast client.
In conjunction with Fig. 1, multicast management server end function structure chart of the invention.Multicast management server end includes multicast
Route construction module, Multicast Routing reconstructed module, route distribution module, interface respond module, trusted node authentication module and
Scheduler module composition is waited for, respond module is added, exits respond module, heartbeat respond module wherein wait for scheduler module and be divided into again
With member registration's respond module.
Multicast management server end is passed through using the multicast constructing technology of the higher slice sub-clustering bottom of from and is split low layer section
Point safeguards the cluster head node of a low overhead.
Multicast management server end can be by realizing on standard C platform, and disposes and operate in multicast management server
On, by Internet come the behavior of responsive node, a global control network topology knot is constructed on multicast management server
Structure.The standard C platform, the modification and compiling wrapped by a small amount of library are suitable for kinds of platform (such as Windows, UNIX, Qi
Unicorn, ARM) application.In addition, due to C platform it is born close to low level development, the processing delay of development platform can be dropped to most
It is low.
The Multicast Routing building module and Multicast Routing reconstructed module of multicast management server end, are responsible for building and optimization group
Broadcast topological structure.
Multicast Routing constructs module, is used for according to layering sub-clustering low overhead strategy, using the nodal distance detected as foundation,
Sub-clustering is carried out to node, finally reaches the node topology figure of layering sub-clustering.
Multicast Routing reconstructed module, in the multicast topology for monitoring layering sub-clustering, to abnormal parent-child-grandson's link into
Row optimization, improves the distribution efficiency of data.
Route distribution module is distributed to for that will route constructing module and the generated routing iinformation of routing reconfigurability module
Each member node.
System information for parsing the order of user's input, and is output to console by interface respond module, be responsible for
The operation of user interface.
Trusted node authentication module, for verifying, the MAC Address of node, IP address, user name, that whether password meets is credible
Appoint the constraints policy of node.
Wait for the operation response that scheduler module is responsible for client.Wherein: respond module is added, for adding for responsive node
Enter request, and issues feedback message.Respond module is exited, the release for responsive node is requested, and issues feedback message.
Heartbeat respond module is used for responsive node heartbeat message, and issues feedback message.Member registration's respond module is used
In parsing Node registry message, after authenticating by trusted node authentication module, the message that succeeds in registration is fed back, otherwise, feedback registration
Failed message.
In conjunction with Fig. 2, multicast key server end function structure chart of the invention.Multicast key server end includes the overall situation
Key management module and global secret distribution module composition.Multicast key server end is used to generate and issue global key,
When node is added, new key is broadcasted, updates global secret.Server where data source, first passes through multicast key server
The key at end generates encryption data, then forwards encryption data to next-hop node.
Global secret management module, for generating DES (Data Encryption Standard, data encryption standards) institute
The ciphertext of 64 bits needed, and encrypted by the ciphertext that system carries, form global ciphertext.
Global secret distribution module is sent to multicast member section for the key that global secret management module is generated
Point.
In conjunction with Fig. 3, multicast client function structure chart of the invention.Multicast client is divided into multicast management module and data
Distribution module.
Multicast management module is divided into nodes heart beat module again, module is added in node, node exits module, interface response mould
Block, local routing management module and exception processing module.Nodes heart beat module is responsible for the heartbeat measurement in period between cluster interior nodes, visitor
As soon as family end is every a heart beat cycle, to father node report node existing state.Module is added in node and node exits module and bears
It blames to multicast management server end and reports node state, client addition group sowing time initiates node to multicast management server end
Request is added;Client exits a group sowing time, initiates node to multicast management server end and exits request.Interface respond module is used for
The order of user's input is parsed, and system information is output to console, the mould in function and multicast management server end
Block function is identical, is responsible for interacting with user.Local node routing management module is responsible for parsing and storing the routing iinformation of this cluster,
The routing iinformation sent for parsing multicast management server end increases the record of local routing table, is deleted, modifying behaviour
Make.Exception processing module is responsible for the exception information of managing multicast node, and reports multicast management server end.
Data distribution module include key management module, data encryption module, data decryption module, data reception module,
Data forwarding module, task status monitoring module, data dispatch module, buffer management module.Data distribution module is responsible for number
According to safe and efficient transmission, wherein key management module, data encryption module, data decryption module are based on DEA data encryption strategy,
Guarantee the safe transmission of data;Data reception module and data forwarding module are responsible for data landing and are used for this node, Yi Jigen
According to the next-hop in routing iinformation, next node is forwarded the data to;Data dispatch module is used to optimize the reading of local data
It takes and efficient storage;Buffer management module is responsible for clearing up hash expired or dirty in buffer area, releasing memory
Space.
The data that data reception module will receive are stored in local, re-encrypted by data decryption module after decryption
Or directly forward encryption data to next-hop.
Key management module, the key sent for receiving multicast key server end, while being also responsible for generating this section
The key of point.Data encryption module, for carrying out cryptographic operation to the data received.Data decryption module, for reception
To data operation is decrypted.Data reception module, the data sent for receiving father node upper hop, by data deciphering
After be stored in local.Data forwarding module, for by the data forwarding received to next-hop node.Task status monitors mould
Block, after receiving data for node, upper hop feedback reception state.Data dispatch module, in local file system
Middle storage and reading data.Buffer management module discharges Installed System Memory for the caching of periodic cleaning local.
The addition of client and exiting directly is responsible for by multicast management server end, after node is added and before node exits,
The behavior of node is that father node is responsible for, and mitigates the expense of multicast management server end;Client is connect by Unified Data Transport
Mouthful, complete the reliable transmission of data.
Multicast client receives, stores and forward the data in (nonleaf node) multicast packet source, while having data buffer storage
Ability can realize rapidly that data retransmit when son node number is according to reception failure.
In conjunction with fig. 4 to fig. 6, the control Topology g eneration procedure chart of nerve of a covering nodal hierarchy sub-clustering of the invention.Of the invention
Multicast topology structure construction step be from bottom to top, layering sub-clustering construction method, Fig. 4 indicate initialization when, all multicasts
Node carries out sub-clustering, sets cluster size k=4, using mutual distance as weight, is divided into 4 clusters: [A0, A1, A2, B0],
[A3, A4, A5, C0], [A6, A7, A8, B1], [A9, A10, A11, B2] are the 0th layer.Cluster head definition: apart from other in each cluster
Node sum weight reckling is that race is first.Defined according to cluster head: the cluster head that B0, B1, B2, C0 are the 0th layer, they form the 1st
The member node of layer;Similarly, defined according to cluster head: the cluster head that C0 is the 1st layer also forms the 2nd layer of member node.At this time
There is the 1st node layer B0, B1, B2 and the 0th node layer A3, A4, A5 in the child node of C0.According to what is described in basic skills: will
The node of non-(i-1)-th layer of member is transferred under (i-1)-th layer of child node in the child node of i-th layer of member.In conjunction with Fig. 5, need by
(the 0th layer) node A3, A4, A5 1st layer non-, are transferred to the child node of the 1st node layer B0, B1, B2 in the child node of 2nd layer of member
In, transition rule is the 0th node layer in next level of child nodes B0, B1, B2 of C0, finds the respective nearest node conduct of distance
Father node.In conjunction with Fig. 6, in the child node of final C0 node, only the 1st node layer: B0, B1, B2, without the 0th node layer: A3,
A4, A5, this ensure that the control topological complexity of upper level node is constant k.
In conjunction with Fig. 7 to 9, nerve of a covering node data of the invention distributes schematic diagram.Layering sub-clustering nerve of a covering group of the invention
Broadcast, be that multi-source is supported to distribute: each member node all can serve as distribution source, and different distribution sources is according in layering sub-clustering
Multicast path formed distribution path.In conjunction with Fig. 7, using node A0 as the distribution path in data distribution source.In conjunction with Fig. 8, with node
A7 is the distribution path in data distribution source.In conjunction with Fig. 9, using node C0 as the distribution path in data distribution source.
In conjunction with Figure 10, it is an object of the present invention to construct the layering sub-clustering group that a node control topological complexity is constant
Broadcast topological structure.The bottom is the 0th layer, is all non-cluster head node and the 0th layer of cluster head node;1st layer is the 0th layer
The member node of cluster head node and the second layer;2nd layer is top, the cluster head node that member is the 1st layer.Each cluster head
Node, all cross-layer exist, be both next layer cluster head node and upper one layer of member node, but not there are a nodes
Across more than 2 layers.Point-to-point key management strategy is used in the 0th layer, one key of maintenance between each pair of node, non-0th layer
Global secret management strategy is used between node.
In conjunction with Figure 11, multicast tree construction flow chart of the invention.Multicast tree construction algorithm of the invention is located at multicast management
Server end.Execute following steps:
Step 1: obtaining euclidean distance between node pair, the foundation as sub-clustering;
Step 2: obtaining all multicast member nodal informations;
Step 3: the nearest node of distance in i-th layer is classified as same cluster by initialization layer i=0, until cluster size be k, and
Sub-clustering flag F LAG is stamped to sub-clustering node;
Step 4: being chosen in each cluster one the smallest as cluster head apart from the accumulative weight of other nodes;
Step 5: in the node of never FLAG label, cluster algorithm is continued to execute, until all member nodes all belong to
In some cluster;
Step 6: i-th layer of cluster head node forms the member of i+1 layer;
Step 7: i-th layer will be not belonging in the child node of i+1 layer, using i-th layer of child node as father node, again plus
Enter in multicast tree;
Step 8: judging whether i+1 node layer only has 1 node otherwise to continue to execute if it is, jumping to the 9th step
The process of 4th step to the 8th step;
Step 9: Multicast Routing building terminates;
Step 10: Multicast Routing distribution.
In conjunction with Figure 12, multicast routing optimization flow chart of the invention.Multicast restructing algorithm of the invention is that optimization multicast is opened up
Flutter structure.First is that member node in cluster, is compared in father and elder brothers' node, if there is more preferably father node.Second is that being inside cluster
It is no to have node more smaller than the accumulated weight of existing thick first node, have, updates the cluster head node of the cluster.
In conjunction with Figure 13, Multicast Routing security key flow chart of the invention.Of the invention is carried out using differentiation key mechanism
Data security transmission.According to the difference of key mechanism, node is divided into three classes: the 0th layer of non-cluster head node, the 1st layer of non-cluster head section
Point and the 2nd layer and with upper layer node.The first situation, the 0th layer of non-cluster head node receive data, obtain the key with upper hop
Data are decrypted, then storage obtains the key with next-hop, encrypt, then obtain next to data to locally
Address is jumped to be forwarded.Second situation, the 1st layer of non-cluster head node receive data, obtain global unified data key into
Then row decryption, storage obtain the key with next-hop, encrypt to data to local, then obtain next hop address into
Row forwarding.The third situation, obtains global unified data key and is decrypted by the 2nd layer and with upper layer node, storage to this
Then the encryption data received is directly forwarded by ground.
In conjunction with Figure 14, state feedback module flow chart of the invention.Data receiver failure in two kinds of situation, receives super first
When and parsing failure, distribution source receive distribution failed message after, if number of retransmissions adds 1 less than 3 times, by number of retransmissions,
Then it is retransmitted, does not otherwise execute re-transmission, immediately arrive at data distribution failure conclusion.Distribution source receives data distribution success
After message, data distribution success conclusion is obtained.
In conjunction with Figure 15, simulated effect of the invention compares figure.Simulated environment uses half l-G simulation test of emulation of NS2
Mode generates 10 transmission topologys with GT-ITM first, and each topological structure has two layers of transmission network and meshed network, often
A topology has 4 domain transmissions and 64 nodes domains, and each nodes domains generate 50 terminal nodes, and terminal node passes through local area network
It is connected to node router.
The method of the present invention with NICE multicast, IP multicast in data transmission delay compared with organizing scale relationship, NICE algorithm
It is the application layer multicast layering sub-clustering building method based on extensive node, IP multicast is the distribution highest multicast distribution side of efficiency
Method.During multicast data delivery, it will increase the transmission path of data with the growth of group scale, data transfer delay caused to increase
Greatly, Figure 15 can be seen that the growth with group scale, and the time delay growth of IP multicast is slower, and the time delay of the method for the present invention is wanted
Less than traditional NICE agreement, and as group scale increases, this advantage is more and more obvious.
Claims (1)
1. a kind of nerve of a covering safe multicasting method of low overhead is based on by multicast management server end, multicast key server
The network architecture of end and multiple nodes composition, it is characterised in that the following steps are included:
Step 1: multicast management server end detects the nodal information of all survivals present in current network, and constructs one entirely
Office's control network topology structure:
Multicast management server end constructs multicast tree using bottom-up layering clustering algorithm, by the child node for cutting cluster head
Number, so that the control topological complexity of all node maintenance topological relations is constant;
Multicast management server end is responsible for the addition of control node and is exited, and node passes through after being added with the behavior before node exits
The client of node is responsible for by its father node;
The client of node completes data transmission by Unified Data Transport interface;
Step 2: multicast is added in node:
Ingress to be added is sent to multicast management server end by its client and request is added, and multicast management server end will push up
Node layer address feeds back to the client of ingress to be added;Ingress to be added to top mode send be added request, and calculate with
Round-trip delay between top mode and the child node of top mode;Ingress to be added continues to the smallest node hair of round-trip delay
Addition is sent to request, until the smallest node of round-trip delay is exactly that node itself or the smallest node of round-trip delay is added in request
It is leaf node, at this moment the smallest node of the round trip delay time is just used as the father node of ingress to be added;
Step 3: node exits multicast:
Node, which exits multicast and is divided into, actively to be exited and abnormal exits;
When node actively exits, the client of node exits multicast request, multicast management clothes to the transmission of multicast management server end
The Multicast Routing reconstructed module at business device end reconfigures Multicast Routing, and updated Multicast Routing is distributed to each node;
When node exits extremely, the heartbeat respond module of multicast management server end is all not received by 3 heart beat cycles
The heartbeat message of node then judges that the node exits extremely, the Multicast Routing reconstructed module of multicast management server end structure again
Multicast Routing is made, and updated Multicast Routing is distributed to each node;
Step 4: building multicast distribution path:
A node is chosen in all nodes for participating in multicast as multicast distribution source, using multicast distribution source as root node, cluster
According to set membership between first node and bunch member node, according to self-balancing binary tree algorithm between cluster interior nodes, multicast point is constructed
Send out path;
Step 5: multicast key server end generates and issues global key:
Using key strategy is distinguished when data distribution, the 0th node layer and 0 node layer of Fei use different key strategies, logarithm
According to progress encrypted transmission;
Point-to-point key mode is used between 0th node layer, non-0th node layer uses global secret mode;
Belong to the 0th node layer of set membership on multicast distribution path, is determined between each other by handshake method point-to-point close
Key;Non- 0th node layer broadcasts global unified key using multicast key server end;
Step 6: the data distribution between non-0th node layer:
The data reception module of multicast distribution source node client, monitors to need to distribute data, and data encryption module is called close
The unified key of the overall situation in key management module, encrypts distribution data, data forwarding module searches local routing and manages mould
Next-hop node in block, by encrypted data distribution to next-hop node;
Step 7: the data distribution between non-0th node layer and the 0th node layer:
The data reception module of the cluster head node client of 0th node layer receives the distribution data that upper hop is sent, data solution
Close module calls the unified key of the overall situation in key management module, distribution data is decrypted, and the data after decryption are deposited
Storage is in local;
Data forwarding module searches the next-hop node in local routing management module, and data encryption module is from key management module
Point-to-point key between middle acquisition and next-hop node encrypts distribution data, encrypted data distribution is given down
One hop node;
Step 8: the data distribution between the 0th node layer:
The data reception module of cluster interior nodes client, receives the distribution data from upper hop, and data decryption module is from close
The point-to-point key between upper hop node is obtained in key management module, distribution data is decrypted, and will be after decryption
Data are stored in local;
Data forwarding module searches the next-hop node in local routing management module, and data encryption module is from key management module
Point-to-point key between middle acquisition and next-hop node encrypts distribution data, encrypted data distribution is given down
One hop node.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410223572.6A CN103997463B (en) | 2014-05-23 | 2014-05-23 | A kind of nerve of a covering safe multicasting method of low overhead |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201410223572.6A CN103997463B (en) | 2014-05-23 | 2014-05-23 | A kind of nerve of a covering safe multicasting method of low overhead |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN103997463A CN103997463A (en) | 2014-08-20 |
| CN103997463B true CN103997463B (en) | 2019-06-18 |
Family
ID=51311472
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201410223572.6A Active CN103997463B (en) | 2014-05-23 | 2014-05-23 | A kind of nerve of a covering safe multicasting method of low overhead |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN103997463B (en) |
Families Citing this family (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN111917534B (en) * | 2020-06-17 | 2023-12-15 | 深圳市风云实业有限公司 | Multicast data transmission method for embedding ciphertext strategies in message |
| CN111934892B (en) * | 2020-07-09 | 2021-08-17 | 北京航空航天大学 | Multicast-based civil aviation information efficient sharing method |
| CN112364364B (en) * | 2020-11-20 | 2024-06-28 | 中国人民武装警察部队工程大学 | Encryption method and system for semi-structured data |
| CN114697002A (en) * | 2020-12-28 | 2022-07-01 | 科大国盾量子技术股份有限公司 | Distributed quantum cipher network group key distribution method and system |
Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101309137A (en) * | 2008-07-10 | 2008-11-19 | 浙江大学 | Uni-directional function tree multicast key management method based on cipher sharing |
Family Cites Families (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| US20110158405A1 (en) * | 2009-12-31 | 2011-06-30 | The Industry & Academy Cooperation in Chungnam National University (IAC) | Key management method for scada system |
-
2014
- 2014-05-23 CN CN201410223572.6A patent/CN103997463B/en active Active
Patent Citations (1)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101309137A (en) * | 2008-07-10 | 2008-11-19 | 浙江大学 | Uni-directional function tree multicast key management method based on cipher sharing |
Non-Patent Citations (4)
| Title |
|---|
| Iolus: A Framework for Scalable Secure Multicasting;Mittra S;《ACM SIGCOMM Computer Communication Review》;19970918;第27卷(第4期);第277-288页 |
| Scalable Application Layer Multicast;Banerjee S;《ACM SIGCOMM Computer Communication Review》;20020823;第32卷(第4期);第205-217页 |
| 一种应用层安全组播系统的研究与实现;罗娇敏;《网络安全技术与应用》;20090430(第4期);第34-36页 |
| 安全高效的应用层组播系统;杨悦;《福建电脑》;20110630(第6期);第131-133页 |
Also Published As
| Publication number | Publication date |
|---|---|
| CN103997463A (en) | 2014-08-20 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Wu et al. | Big data analysis-based secure cluster management for optimized control plane in software-defined networks | |
| CN108683747B (en) | Resource obtaining, distributing and downloading method, device, equipment and storage medium | |
| TWI590617B (en) | Flexibly defined communication network controller based control, operations and management of networks | |
| Nour et al. | ICN publisher-subscriber models: Challenges and group-based communication | |
| US10999252B1 (en) | Private virtual network replication of cloud databases | |
| CN103997463B (en) | A kind of nerve of a covering safe multicasting method of low overhead | |
| CN101964080A (en) | Be used for file as method and the system thereof of fragments store on memory element | |
| Liu et al. | A DQN-based consensus mechanism for blockchain in IoT networks | |
| CN112835977A (en) | Database management method and system based on block chain | |
| Li et al. | EmuStack: An OpenStack‐Based DTN Network Emulation Platform (Extended Version) | |
| CN106101146B (en) | The method and system of Flash peer-to-peer network live streaming are carried out based on block style | |
| Zhou et al. | Unified declarative platform for secure netwoked information systems | |
| Yin et al. | TrustStream: A secure and scalable architecture for large-scale Internet media streaming | |
| Guo et al. | A novel security mechanism for software defined network based on Blockchain | |
| Long et al. | A key management architecture and protocols for secure smart grid communications | |
| CN108111461B (en) | Method, device, gateway and system for realizing virtual machine access management network | |
| Corici et al. | An SDN-based solution for increasing flexibility and reliability of dedicated network environments | |
| CN110233829A (en) | Confidential information system and communication means based on distributed storage | |
| Guodong et al. | A SDN security control forwarding mechanism based on cipher identification | |
| Qi et al. | Authentication and access control in satellite network | |
| Cheng et al. | The anatomy study of server-initial agreement for general hierarchy wired/wireless networks | |
| Goh et al. | Three architectures for trusted data dissemination in edge computing | |
| Feng et al. | PSMA: Layered Deployment Scheme for Secure VNF Multiplexing Based on Primary and Secondary Multiplexing Architecture | |
| Sunny et al. | Secure Group Communication Using Elliptic Curve Cryptography in WSN | |
| Sharma et al. | Third Party Authentication Process in CBCCP for Services Management using MSBE and MCBS |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |