CN111769936B - Encrypted multicast data transmission method based on centralized configuration - Google Patents
Encrypted multicast data transmission method based on centralized configuration Download PDFInfo
- Publication number
- CN111769936B CN111769936B CN202010555071.3A CN202010555071A CN111769936B CN 111769936 B CN111769936 B CN 111769936B CN 202010555071 A CN202010555071 A CN 202010555071A CN 111769936 B CN111769936 B CN 111769936B
- Authority
- CN
- China
- Prior art keywords
- multicast
- centralized configuration
- decryption
- configuration server
- private key
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Active
Links
Images
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0819—Key transport or distribution, i.e. key establishment techniques where one party creates or otherwise obtains a secret value, and securely transfers it to the other(s)
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0816—Key establishment, i.e. cryptographic processes or cryptographic protocols whereby a shared secret becomes available to two or more parties, for subsequent use
- H04L9/0838—Key agreement, i.e. key establishment technique in which a shared key is derived by parties as a function of information contributed by, or associated with, each of these
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/30—Public key, i.e. encryption algorithm being computationally infeasible to invert or user's encryption keys not requiring secrecy
-
- Y—GENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
- Y02—TECHNOLOGIES OR APPLICATIONS FOR MITIGATION OR ADAPTATION AGAINST CLIMATE CHANGE
- Y02D—CLIMATE CHANGE MITIGATION TECHNOLOGIES IN INFORMATION AND COMMUNICATION TECHNOLOGIES [ICT], I.E. INFORMATION AND COMMUNICATION TECHNOLOGIES AIMING AT THE REDUCTION OF THEIR OWN ENERGY USE
- Y02D30/00—Reducing energy consumption in communication networks
- Y02D30/50—Reducing energy consumption in communication networks in wire-line communication networks, e.g. low power modes or reduced link rate
Abstract
The invention discloses an encrypted multicast data transmission method based on centralized configuration, which relates to the technical field of network security, adopts a centralized configuration server to plan multicast tasks in a unified way, can realize one-to-many multicast message encryption, can realize one-time encryption of a multicast source, simultaneously decrypt a plurality of receivers conforming to CP-ABE attributes, obtain a multicast decryption key by only an appointed target multicast receiver, and cannot decrypt multicast data even if other multicast receivers join a multicast group; the ciphertext strategy tree can be directly transmitted in a network after being encrypted, and an encrypted communication channel does not need to be established for a plurality of multicast receivers.
Description
Technical Field
The invention relates to the technical field of network security, in particular to an encrypted multicast data transmission method based on centralized configuration.
Background
With the development of the Internet, various interactive data, voice and video information in the network are more and more, and meanwhile, emerging services such as electronic commerce, online conferences, online auctions, video on demand, remote teaching and the like mostly conform to a point-to-multipoint mode, and provide higher requirements for network bandwidth. The traditional unicast and broadcast communication modes can not realize the problems of single-point transmission and multipoint reception with minimum network overhead.
The IP multicast technology is a point-to-multipoint transmission method, which solves the above problems. When some users in the network need specific data, the multicast data sender (i.e. multicast source) only sends the data once, and establishes a multicast distribution tree for the multicast data packet by means of the multicast routing protocol, and the transferred data starts to be copied and distributed after reaching the node as close as possible to the user terminal.
IP multicast has been developed for over a decade, and many international organizations have made a lot of work on technical research and business development of multicast, and multicast communication technology has become more and more mature. However, the security of multicast data in the network transmission process is not well guaranteed, the data is usually transmitted in the clear text on the network and is easily intercepted by a third party, meanwhile, in the IP network, any terminal or user can easily join in a multicast task, and a verification mechanism for multicast receivers is lacked. The traditional encryption technology can only realize the point-to-point encryption function and cannot be suitable for the use scene of multicast point-to-multipoint.
Disclosure of Invention
The present invention is directed to providing a method for encrypted multicast data transmission based on centralized configuration, which can alleviate the above problems.
In order to alleviate the above problems, the technical scheme adopted by the invention is as follows:
a method for transmitting encrypted multicast data based on centralized configuration comprises the following steps:
s1, a centralized configuration server carries out CP-ABE initialization, and then generates a public and private key pair required by CP-ABE for each terminal in a network, wherein the public and private key pair is generated according to the attribute of the corresponding terminal;
s2, a terminal is appointed as a multicast source in a network by utilizing a centralized configuration server, and other terminals are appointed as multicast receivers;
s3, a plurality of multicast data receivers are designated by utilizing the centralized configuration server and serve as target multicast receivers capable of receiving the message data, and a decryption strategy is generated according to the terminal attributes of the target multicast receivers;
s4, the multicast source generates a random decryption key, generates a ciphertext strategy tree according to the decryption strategy and embeds the decryption key into the ciphertext strategy tree;
s5, the multicast source forwards the ciphertext strategy tree to each multicast receiver through a centralized configuration server;
s6, the target multicast receiver decrypts the ciphertext strategy tree according to a private key in the corresponding public and private key pair and obtains a decryption key;
s7, the multicast source encrypts the multicast data according to the decryption key generated by the multicast source, and sends the encrypted multicast data to each multicast receiver;
and S8, the target multicast receiver decrypts the encrypted multicast data according to the decryption key to complete the transmission of the multicast data.
The technical effect of the technical scheme is as follows: the centralized configuration server uniformly plans a multicast task, can realize one-to-many multicast message encryption, can realize one-time encryption of a multicast source, simultaneously decrypts a plurality of receivers conforming to CP-ABE attributes, can obtain a multicast decryption key only by a specified target multicast receiver, and cannot decrypt multicast data even if other multicast receivers join a multicast group; the ciphertext strategy tree can be directly transmitted in a network after being encrypted, and an encrypted communication channel does not need to be established for a plurality of multicast receivers.
Furthermore, the public and private key pair is safely issued to each terminal in an online or offline manner.
Furthermore, a public key in the public and private key pair refers to the attribute of a corresponding terminal, and a private key is obtained by calculation according to the public key by using a CP-ABE algorithm.
The technical effect of the technical scheme is as follows: decryption is possible when the attributes are able to satisfy the policy.
Furthermore, for each multicast receiver, if the attribute of the multicast receiver accords with the decryption strategy generated by the centralized configuration server, the ciphertext strategy tree embedded with the decryption key can be decrypted according to the private key of the corresponding public and private key pair, and if the attribute of the multicast receiver does not accord with the decryption strategy generated by the centralized configuration server, the ciphertext strategy tree embedded with the decryption key cannot be decrypted according to the private key of the corresponding public and private key pair.
Further, the decryption key is a symmetric decryption key.
The technical effect of the technical scheme is as follows: the multicast receiver can directly decrypt by using the symmetric decryption key, and the efficiency is higher.
Furthermore, the multicast data is encrypted or decrypted by adopting an AES/DES/RC4 algorithm.
Further, the decryption strategy is sent to the multicast source through the network security by the centralized configuration server.
Further, the centralized configuration server and the terminals realize data communication through network equipment.
Furthermore, the gateway is configured to forward the multicast tasks planned by the centralized configuration server to each terminal, forward the decryption policy generated by the centralized configuration server to the multicast source, forward the ciphertext policy tree generated by the multicast source to the centralized configuration server, forward the ciphertext policy tree received by the centralized configuration server to each multicast receiver, and forward the multicast data encrypted by the multicast source to each multicast receiver; the multicast task specifies a multicast source and a multicast recipient.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a flowchart of an encrypted multicast data transmission method based on centralized configuration according to an embodiment of the present invention;
FIG. 2 is a schematic diagram illustrating the planning and delivery of multicast tasks according to an embodiment of the present invention;
FIG. 3 is a schematic diagram illustrating generation and issuance of a public-private key pair based on attributes according to an embodiment of the present invention;
FIG. 4 is a schematic diagram illustrating the generation and key agreement of a multicast task ciphertext policy tree according to an embodiment of the present invention;
fig. 5 is a schematic diagram of encryption and decryption communication of multicast data according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1 to fig. 5, an embodiment of the present invention provides a method for transmitting encrypted multicast data based on centralized configuration, which includes:
s1, a centralized configuration server carries out CP-ABE initialization, and then generates a public and private key pair required by CP-ABE for each terminal in a network, wherein the public and private key pair is generated according to the attribute of the corresponding terminal.
In this embodiment, the centralized configuration server and each terminal implement data communication through the network device, and the centralized configuration server issues each public and private key pair to the corresponding terminal securely on line through the network device, as shown in fig. 2 and fig. 3.
In this embodiment, there are four terminals in the network, terminal 1, terminal 2, terminal 3 and terminal 4.
The public key in the public and private key pair refers to the attribute of the corresponding terminal, and the private key is obtained by calculation according to the public key by using a CP-ABE algorithm;
for terminal 1, its attribute is (id =001, level = 1), and the private key in its public and private key pair is priv1;
for terminal 2, its attribute is (id =002,level = 2), and the private key in its public and private key pair is priv2;
for terminal 3, its attribute is (id =003, level = 3), and the private key in its public and private key pair is priv3;
for the terminal 4, its attribute is (id =004, level = 4), and the private key in its public and private key pair is priv4.
And S2, using the centralized configuration server to designate one terminal as a multicast source and designate other terminals as multicast receivers in the network.
As shown in fig. 2, the centralized configuration server issues a uniformly planned multicast task to each terminal through the network device, where the multicast task specifies a multicast source and a multicast receiver. The multicast task is embodied in the form of a forwarding table entry in the network equipment, and the network accessibility of the multicast message is ensured.
In this embodiment, the terminal 1 is a multicast source, and the terminals 2, 3 and 4 are all multicast receivers.
And S3, a plurality of multicast data receivers are designated by the centralized configuration server to serve as target multicast receivers capable of receiving the message data, and a decryption strategy is generated according to the terminal attributes of the target multicast receivers.
And after the decryption strategy is generated, the decryption strategy is sent to the multicast source by the centralized configuration server through network security.
In this embodiment, the terminal 2, the terminal 3, and the terminal 4 are all target multicast receivers, and the decryption policy is level ≧ 1.
And S4, the terminal 1 generates a random decryption key, generates a ciphertext strategy tree according to the decryption strategy and embeds the decryption key into the ciphertext strategy tree.
In this embodiment, the decryption key AES _ Priv randomly generated by the terminal 1 is used for symmetric encryption and decryption, and the encryption and decryption algorithm is the standard AES algorithm.
And S5, the terminal 1 forwards the ciphertext strategy tree to the terminal 2, the terminal 3 and the terminal 4 through the centralized configuration server.
In the process of transmitting the ciphertext policy tree, other non-target multicast receivers (not shown in the figure) may be present in addition to the target multicast receiver terminal 2, terminal 3, and terminal 4.
And S6, the terminal 2, the terminal 3 and the terminal 4 decrypt the ciphertext strategy tree according to the private key in the corresponding public and private key pair and acquire a decryption key.
In this embodiment, the terminal 2, the terminal 3, and the terminal 4 respectively perform decryption operation on the ciphertext policy tree according to the private key in the public and private key pair corresponding to the terminal 2, the terminal 3, and the terminal 4, respectively, which are determined target multicast receivers capable of receiving the file, have respective attributes level 2, level 3, and level 4 which are all greater than or equal to 1, and therefore all conform to the described decryption policy level which is greater than or equal to 1, and conform to the ciphertext policy tree, and all of them can successfully decrypt the ciphertext policy tree and obtain the decryption key therefrom.
If non-target multicast receivers appear in the multicast transmission process, the ciphertext strategy tree cannot be successfully decrypted to obtain the correct decryption key because the non-target multicast receivers do not have the attribute which is in accordance with the described decryption strategy, namely the secure transmission of the decryption key is ensured.
And S7, the terminal 1 encrypts the multicast data according to the decryption key generated by the terminal 1 and sends the encrypted multicast data to the terminal 2, the terminal 3 and the terminal 4.
And S8, the terminal 2, the terminal 3 and the terminal 4 decrypt the encrypted multicast data according to the decryption key to finish the transmission of the multicast data.
In this embodiment, since all the terminals 2, 3 and 4 acquire the decryption key, they can decrypt and acquire the multicast data, and if a non-target multicast receiver appears in the multicast group, since the non-target multicast receiver cannot acquire the correct decryption key, the multicast data cannot be decrypted, that is, the secure transmission of the multicast data is realized.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.
Claims (9)
1. A method for transmitting encrypted multicast data based on centralized configuration is characterized by comprising the following steps:
s1, a centralized configuration server carries out CP-ABE initialization, and then generates a public and private key pair required by CP-ABE for each terminal in a network, wherein the public and private key pair is generated according to the attribute of the corresponding terminal;
s2, a terminal is appointed in a network as a multicast source by using a centralized configuration server, and other terminals are appointed as multicast receivers;
s3, a plurality of multicast data receivers are designated by using the centralized configuration server to serve as target multicast receivers capable of receiving the message data, and a decryption strategy is generated according to the terminal attributes of the target multicast receivers;
s4, the multicast source generates a random decryption key, a ciphertext strategy tree is generated according to a decryption strategy, and the decryption key is embedded into the ciphertext strategy tree;
s5, the multicast source forwards the ciphertext strategy tree to each multicast receiver through a centralized configuration server;
s6, the target multicast receiver decrypts the ciphertext strategy tree according to a private key in the corresponding public and private key pair and obtains a decryption key;
s7, the multicast source encrypts the multicast data according to the decryption key generated by the multicast source, and sends the encrypted multicast data to each multicast receiver;
and S8, the target multicast receiver decrypts the encrypted multicast data according to the decryption key to complete the transmission of the multicast data.
2. The method for encrypted multicast data transmission according to claim 1, wherein the public-private key pair is securely distributed to each terminal in an online or offline manner.
3. The method as claimed in claim 1, wherein the public key in the public-private key pair refers to the attribute of the corresponding terminal, and the private key is calculated according to the public key by using CP-ABE algorithm.
4. The method as claimed in claim 1, wherein for each multicast receiver, if its attribute conforms to the decryption policy generated by the centralized configuration server, the encrypted policy tree with the decryption key embedded therein can be decrypted according to the private key of the corresponding public-private key pair, and if its attribute does not conform to the decryption policy generated by the centralized configuration server, the encrypted policy tree with the decryption key embedded therein cannot be decrypted according to the private key of the corresponding public-private key pair.
5. The method according to claim 1, wherein the decryption key is a symmetric decryption key.
6. The method of claim 5, wherein the multicast data is encrypted or decrypted by AES/DES/RC4 algorithm.
7. The method according to claim 1, wherein the decryption policy is securely sent to the multicast source through a network by the centralized configuration server.
8. The method according to claim 1, wherein the centralized configuration server and the terminals communicate with each other via a network device.
9. The method according to claim 8, wherein the network device is configured to forward multicast tasks planned by the centralized configuration server to the terminals, forward decryption policies generated by the centralized configuration server to the multicast source, forward ciphertext policy trees generated by the multicast source to the centralized configuration server, forward ciphertext policy trees received by the centralized configuration server to the multicast receivers, and forward multicast data encrypted by the multicast source to the multicast receivers; the multicast task specifies a multicast source and a multicast recipient.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010555071.3A CN111769936B (en) | 2020-06-17 | 2020-06-17 | Encrypted multicast data transmission method based on centralized configuration |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202010555071.3A CN111769936B (en) | 2020-06-17 | 2020-06-17 | Encrypted multicast data transmission method based on centralized configuration |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN111769936A CN111769936A (en) | 2020-10-13 |
| CN111769936B true CN111769936B (en) | 2023-04-18 |
Family
ID=72720975
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202010555071.3A Active CN111769936B (en) | 2020-06-17 | 2020-06-17 | Encrypted multicast data transmission method based on centralized configuration |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN111769936B (en) |
Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101860796A (en) * | 2010-05-14 | 2010-10-13 | 南京邮电大学 | Network multicast information encryption method against conspiracy attack |
| CN110166258A (en) * | 2019-06-21 | 2019-08-23 | 郑州轻工业学院 | The group key agreement method authenticated based on secret protection and attribute |
-
2020
- 2020-06-17 CN CN202010555071.3A patent/CN111769936B/en active Active
Patent Citations (2)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN101860796A (en) * | 2010-05-14 | 2010-10-13 | 南京邮电大学 | Network multicast information encryption method against conspiracy attack |
| CN110166258A (en) * | 2019-06-21 | 2019-08-23 | 郑州轻工业学院 | The group key agreement method authenticated based on secret protection and attribute |
Also Published As
| Publication number | Publication date |
|---|---|
| CN111769936A (en) | 2020-10-13 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| CN106452741B (en) | The communication system and communication means of the transmission of information encryption and decryption are realized based on quantum network | |
| US7434046B1 (en) | Method and apparatus providing secure multicast group communication | |
| US8750507B2 (en) | Dynamic group creation for managed key servers | |
| US6584566B1 (en) | Distributed group key management for multicast security | |
| Choi et al. | Efficient secure group communications for SCADA | |
| CN108540436B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on quantum network | |
| CN102088441B (en) | Data encryption transmission method and system for message-oriented middleware | |
| CN108847928B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card | |
| CN107094156B (en) | Secure communication method and system based on P2P mode | |
| US10375051B2 (en) | Stateless server-based encryption associated with a distribution list | |
| CN102905199B (en) | A kind of multicast service realizing method and equipment thereof | |
| CN115632779B (en) | Quantum encryption communication method and system based on power distribution network | |
| CN102088352A (en) | Data encryption transmission method and system for message-oriented middleware | |
| US6587943B1 (en) | Apparatus and method for limiting unauthorized access to a network multicast | |
| CN111769936B (en) | Encrypted multicast data transmission method based on centralized configuration | |
| US11411744B2 (en) | Encryption communication method, information processing apparatus, and program | |
| US7127610B1 (en) | Apparatus and method of implementing multicast security between multicast domains | |
| CN112235320B (en) | Cipher-based video networking multicast communication method and device | |
| Mohamed et al. | OMAC: a new access control architecture for overlay multicast communications | |
| CN114765546B (en) | End-to-end hard encryption method, system, encryption equipment and key management server | |
| Du et al. | Towards solving multicast key management problem | |
| CN111917534B (en) | Multicast data transmission method for embedding ciphertext strategies in message | |
| Baddi et al. | Key management for secure multicast communication: A survey | |
| Lee et al. | Scalable and lightweight key distribution for secure group communications | |
| CN111224777A (en) | SDN network multicast member information encryption method, system, terminal and storage medium |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| GR01 | Patent grant | ||
| GR01 | Patent grant |