請用此 Handle URI 來引用此文件:
http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/27397
完整後設資料紀錄
DC 欄位 | 值 | 語言 |
---|---|---|
dc.contributor.advisor | 賴飛羆(Feipei Lai) | |
dc.contributor.author | Jen-Chiun Lin | en |
dc.contributor.author | 林振群 | zh_TW |
dc.date.accessioned | 2021-06-12T18:03:36Z | - |
dc.date.available | 2008-01-30 | |
dc.date.copyright | 2008-01-30 | |
dc.date.issued | 2008 | |
dc.date.submitted | 2008-01-22 | |
dc.identifier.citation | [1] K. C. Almeroth and M. H. Ammar. Collecting and modeling the join/leave behavior of multicast group members in the MBone.
In Proceedings of the Symposium on High Performance Distributed Computing, pages 209-216. IEEE, August 1996. [2] D. Balenson, D. McGrew, and A. Sherman. Internet-Draft: Key Mangement for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization. Internat Draft, IRTF, http://www.securemulticast.org/smug3-balenson.pdf, August 2000. [3] Y. Challal, H. Bettahar, and A. Bouabdallah. SAKM: A scalable and adaptive key management approach for multicast communications. SIGCOMM Computer Communications Review, 34(2):55-70, 2004. [4] T.-H. Chen, W.-B. Lee, and G. Horng. Secure sas-like password authentication schemes. Computer Standards & Interfaces, Elsevier Science, 27:25-31, 2004. [5] Y. F. Chung, K. H. Huang, F. Lai, and T. S. Chen. Id-based digital signature scheme on the elliptic curve cryptosystem. Computer Standards & Interfaces, Elsevier Science, 29:601-604, 2007. [6] W. Dai. Crypto++ library. URL: http://www.cryptopp.com/. [7] L. Dondeti, A. Samai, and S. Mukherjee. A dual encyrpion protocol for scalable secure multicasting. In The Fourth IEEE Symposium on Computers and Communications, Red Sea, Egypt, July 1999. [8] FIPS 180-1. Secure Hash Standard (SHS), April 1995. [9] FIPS 180-2. Secure Hash Standard (SHS), August 2002. [10] FIPS 197. Advanced Encryption Standard (AES), May 2002. [11] J. Goshi and R. E. Ladner. Algorithms for dynamic multicast key distribution trees. In Proceedings of the twenty-second annual symposium on Principles of distributed computing, pages 243-251, Boston, Massachusetts, 2003. ACM Press. [12] H. Harney and E. Harder. Logical Key Hierarchy Protocol. Internat Draft, IETF, April 1999. expired in August 1999. [13] G. Horng. Cryptanalysis of a key management scheme for secure multicast communications. IEICE Transcations on Communication, E85-B(5):1050-1051, 2002. [14] M. Hosseini, D. T. Ahmed, S. Shirmohammadi, and N. D. Georganas. A survey of application-layer multicast protocols. IEEE Communications Surveys & Tutorials, 9(3):58-74, 2007. [15] J.-H. Huang and S. Mishra. Mykil: A highly scalable key distribution protocol for large group multicast. In IEEE 2003 Global Communications Conference (GLOBALCOM 2003), San Francisco, CA, December 2003. [16] M.-S. Hwang, J.-W. Lo, and S.-C. Lin. An e±cient user identification scheme based onid-based cryptosystem. Computer Standards & Interfaces, Elsevier Science, 26:565-569, 2004. [17] IETF. RFC1075: Distance Vector Multicast Routing Protocol, November 1988. [18] IETF. RFC2362: Protocol Independent Multicast-Sparse Mode (PIM-SM): Protocol Specification, June 1998. [19] IETF. RFC3973: Protocol Independent Multicast-Dense Mode (PIM-DM): Protocol Specification, January 2005. [20] R. Ingle and G. Sivakumar. Tunable group key agreement. In Proceedings of the 32nd IEEE Conference on Local Computer Networks, pages 1017-1024, 2007. [21] Y. Kim, A. Perrig, and G. Tsudik. Simple and fault-tolerant key agreement for dynamic collaborative group. In Proceedings of ACM CCS (CCS-7), Nov. 2000. [22] W.-C. Ku and S.-M. Chen. An improved key management scheme for large dynamic groups using one-way function trees. In Proceedings of the IEEE Internaltional Conference on Parallel Processing Workshops, 2003. [23] J. O. Kwon, I. R. Jeong, K. Sakurai, and D. H. Lee. E±cient verifier-based password-authenticated key exchange in the three-party setting. Computer Standards & Interfaces, Elsevier Science, 29:513-520, 2007. [24] M. S. Lacher, J. Nonnenmacher, and E. W. Biersack. Performance comparison of centralized versus distributed error recovery for reliable multicast. IEEE/ACM Transactions on Networking, 8(2):224-238, April 2000. [25] N.-Y. Lee and Y.-C. Chiu. Improved remote authentication scheme with smart card. Computer Standards & Interfaces, Elsevier Science, 27:177-180, 2005. [26] X. S. Li, Y. R. Yang, M. G. Gouda, and S. S. Lam. Batch rekeying for secure group communications. In Proceedings of the 10th International Conference on World Wide Web, pages 525-534. ACM Press, 2001. [27] T. Liao. Webcanal: a multicast web application. In Proceedings of the Sixth Intenational WWW Conference, Santa Clara, California, April 1997. [28] J. C. Lin, C. Y. Chou, F. Lai, and K. P. Wu. A distributed key management protocol for dynamic groups. In Proceedings of the 27th Annual IEEE Conference on Local Computer Networks, pages 113-122, Nov. 2002. [29] J.-C. Lin, C.-H. Tzeng, F. Lai, and H.-C. Lee. Optimizing centralized secure group communications with binary key tree recomposition. 18th International Conference on Advanced Information Networking and Applications (AINA 2004), 1:202-207, 2004. [30] S. H. Low, N. F. Maxemchuk, and S. Paul. Anonymous credit cards and their collusion analysis. IEEE/ACM Transactions on Networking, 4(6):809-816, December 1996. [31] S. Mittra. Iolus: A framework for scalable secure multicasting. In ACM SIGCOMM, pages 277-288, Sept. 1997. [32] M. Moyer, J. Rao, and P. Rohatgi. Maintaining Balanced Key Trees for Secure Multicast. IETF, June 1999. draft-irtf-smug-key-tree-balance-00.txt. [33] W. H. D. Ng, M. Howarth, Z. Sun, and H. Cruickshank. Dynamic balanced key tree management for secure multicast communications. IEEE Trans. on Computers, 56(5):590-605, August 2007. [34] J. Nonnenmacher, E. W. Biersack, and D. Towsley. Parity-based loss recovery for reliable multicast transmission. IEEE/ACM Transactions on Networking, 6(4):349-361, August 1998. [35] A. Perrig, D. Song, and J. D. Tygar. ELK: a new protocol for e±cient large-group key distribution. In Proceedings of the IEEE Security and Privacy Symposium, pages 247-262, May 2001. [36] B. Schneier. Applied Cryptography, 2nd edition. John Wiley & Sons, Inc., 1996. [37] A. T. Sherman and D. A. McGrew. Key establishment in large dynamic groups using one-way function trees. IEEE Transactions on Software Engineering, 29(5):444-458, May 2003. [38] J. Snoeyink, S. Suri, and G. Varghese. A lower bound for multicast key distribution. In Proceedings of IEEE INFOCOM, volume 1, pages 422-431, April 2001. [39] N. F. M. Steven H. Low. An algorithm to compute collusion paths. In INFOCOM 1997, pages 745-751, Kobe, Japan, April 1997. [40] T. Tung. Mediaboard: A shared whiteboard application for the mbone. Master's thesis, U.C. Berkeley, 1998. [41] T. Turletti and C. Huitema. Video-conferencing on the internet. ACM/IEEE Trans. Networking, 4(3):340-351, June 1996. [42] M. Waldvogel, G. Caronni, D. Sun, N. Weiler, and B. Plattner. The VersaKey framework: Versatile group key management. IEEE JSAC, 17(9), 1999. [43] X. Wang, Y. L. Yin, and H. Yu. Finding collisions in the full SHA-1. Advances in Cryptology - CRYPTO'05, pages 17-36, 2005. [44] X.-M. Wang, W.-F. Zhang, J.-S. Zhang, and M. K. Khan. Cryptanalysis and improvement on two e±cient remote user authentication scheme using smart cards. Computer Standards & Interfaces, Elsevier Science, 29:507-512, 2007. [45] C. Wong, M. Gouda, and S. Lam. Secure group communications using key graphs. Proceedings of the ACM SIGCOMM'98, pages 68-79, Sept. 1998. [46] C. K.Wong and S. S. Lam. Keystone: A group key management service. In International Conference on Telecommunications, ICT 2000, 2000. [47] K. P. Wu, S. J. Ruan, F. Lai, and C. K. Tseng. On key distribution in secure multicasting. In Proceedings of the 25th Annual IEEE Conference on Local Computer Networks, pages 208-212, Nov. 2000. [48] Y. R. Yang and S. S. Lam. A secure group key management protocol communication lower bound. Tech. rep. TR2000-24, Dept. of Computer Sciences, the University of Texas at Austin, July 2000. [49] Y. R. Yang, X. S. Li, X. B. Zhang, and S. S. Lam. Reliable group rekeying: Design and performance analysis. In Proceedings of ACM SIGCOMM '01, San Diego, CA, August 2001. [50] W. Yu, Y. Sun, and K. R. Liu. Optimizing the rekeying cost for contributory group key agreement schemes. IEEE Trans. on Dependable and Secure Computing, 4(3):228-242, 2007. [51] X. B. Zhang, S. S. Lam, D.-Y. Lee, and Y. R. Yang. Protocol design for scalable and reliable group rekeying. IEEE/ACM Transactions on Networking, 11(6):908-922, December 2003. | |
dc.identifier.uri | http://tdr.lib.ntu.edu.tw/jspui/handle/123456789/27397 | - |
dc.description.abstract | 在很多網路的應用中,包括遠距教學,網路廣播電台,視訊串流,線上遊戲等等,資料發送者往往都會需要用到將訊息傳送給多個接收者,IP多點傳播和應用層多點傳播提供了有效率且高擴展性的一對多或多對多傳輸機制。由數個使用者利組成的群組,可以使用共用的金鑰(稱之為群組金鑰)來加密多點傳播的傳輸資料,以保護他們之通訊的安全性。我們設計了一個新的以金鑰樹為基礎的群組金鑰管理協定,利用共享金鑰推導法以達成安全且有效率的群組金鑰管理。利用共享金鑰推導法,讓部分群組成員可以自行演算所需要的更新金鑰,伺服器不需加密並傳播這些金鑰給可以自行推算的成員,可達成節省傳輸頻寬及運算量的目的,並改進這個新的協定所支援同步與非同步金鑰更新運算的效能,包括單一成員加入運算,單一成員離開運算,與多成員異動批次更新運算等等。金鑰推導函數可以使用安全雜湊函數,安全亂數產生器,或是單向後門函數等合成,當金鑰推導函數與選用的金鑰加解密函數是安全的,我們可以證明惡意的使用者無法在可接受的時間內共謀而成功計算出依協定他們不應取得的金鑰,也因此本協定滿足背向及正向群組金鑰保密性。這個協定可以有效地降低系統的通訊量及運算量,而且不論就分析或模擬的結果,這個新協定都較其他數種類似性質的群組金鑰管理協定為優異。這個協定在使用二元金鑰樹時,配合非同步金鑰更新運算,可達到最佳的系統效能。本協定只要稍加修改,即可支援縮短金鑰更新延遲時間或變更金鑰長度,以符合實際的應用上的需要。 | zh_TW |
dc.description.abstract | In many network applications, including distance learning, audio webcasting, video streaming, and online gaming, often a source has to send data to many receivers. IP multicasts and application-layer multicasts provide efficient and scalable one-to-many or many-to-many communications. A common secret key, the group key, shared by multiple users can be used to secure the information transmitted in the multicast communication channel. A new key-tree-based group key management protocol with shared key derivation is proposed to securely and efficiently manage the group key. With shared key derivation, new keys derivable by members themselves do not have to be encrypted or delivered by the server, and the performance of synchronous and asynchronous rekeying operations, including single join, single leave, and batch update, is thus improved. The key derivation function can be easily constructed with secure hash functions, secure pseudo-random number generators, or one-way trapdoor functions. When the key derivation function and the key encryption function are secure, it is computationally infeasible for malicious users to collude to compute a key which is not granted by the protocol, and both backward group key secrecy and forward group key secrecy are guaranteed. The protocol reduces the computation and communication costs of group key rekeying, outperforms the other comparable protocols from our analysis and simulation, and is particularly efficient with binary key trees and asynchronous rekeying. With minor modification, the rekeying delay and the key size of the protocol can be tuned to meet different system needs. | en |
dc.description.provenance | Made available in DSpace on 2021-06-12T18:03:36Z (GMT). No. of bitstreams: 1 ntu-97-D89921021-1.pdf: 1186242 bytes, checksum: bc7830a97ab77def3bc00829472b7dd7 (MD5) Previous issue date: 2008 | en |
dc.description.tableofcontents | Abstract...........................................................i
List of Tables...................................................vii List of Figures...................................................ix 1 Introduction.....................................................1 2 Preliminary and Related Work.....................................5 2.1 Overview.......................................................5 2.1.1 Secure Group Communication...................................5 2.1.2 Key Tree.....................................................7 2.1.3 Synchronous Rekeying and Asynchronous Rekeying..............10 2.2 Related Work..................................................12 3 Shared Key Derivation (SKD) Protocol............................15 3.1 Key Derivation Function.......................................15 3.1.1 Hash Function...............................................17 3.1.2 Pseudo-Random Number Generator..............................17 3.1.3 One-way Trapdoor Function...................................18 3.2 Synchronous Rekeying Operations...............................18 3.2.1 Single Join Operation.......................................19 3.2.2 Single Leave Operation......................................21 3.3 Asynchronous Rekeying Operations..............................23 3.3.1 Join Operation..............................................24 3.3.2 Leave Operation.............................................24 3.3.3 Batch Update Operation......................................25 3.4 Encoding and Decoding Rekeying Messages.......................32 3.4.1 Encoding....................................................37 3.4.2 Decoding....................................................39 4 Security Analysis...............................................43 5 Performance Analysis............................................51 5.1 Communication, Computation, and Storage Costs.................51 5.2 Optimal Degree of Key Tree....................................54 6 Simulation......................................................57 6.1 Communication Costs...........................................59 6.1.1 Communication Costs of LKH, OFT, ELK, and SKD...............59 6.1.2 Communication Cost Reduction by Asynchronous Rekeying.......65 6.1.3 Encoding Overheads of Rekeying Messages.....................70 6.2 Computation Costs.............................................72 7 Practical Issues and Tradeoffs..................................75 7.1 Reliable Multicast Rekeying...................................75 7.2 Rekeying Delay................................................76 7.3 Key Size......................................................77 8 Conclusion and Future Work......................................79 8.1 Conclusion....................................................79 8.2 Future Work...................................................81 A Insertion of New Members in Batch Update Operations.............83 A.1 Simulation....................................................85 A.1.1 Communication Costs.........................................86 A.1.2 Computation Costs...........................................89 B SKD2 with Key Tree Recomposition................................93 B.1 Binary Key Tree Recomposition.................................93 B.2 Supporting Binary Key Tree Recomposition......................95 B.3 The Optimality of Algorithm CO...............................107 B.4 Amortized Height of Binary Key Trees with Recomposition......109 B.5 Simulation Results...........................................114 Bibliography.....................................................117 | |
dc.language.iso | en | |
dc.title | 利用共享金鑰推導之群組金鑰管理協定 | zh_TW |
dc.title | Secure and Efficient Group Key Management with Shared Key Derivation | en |
dc.type | Thesis | |
dc.date.schoolyear | 96-1 | |
dc.description.degree | 博士 | |
dc.contributor.oralexamcommittee | 許永真(Yung-Jen Hsu),李秀惠(Hsiu-Hui Lee),陳澤雄(Tzer-Shyong Chen),沈榮麟(Rong-Lin Shen),周君彥(Chun-Yen Chou),李鴻璋(Hung-Chang Lee) | |
dc.subject.keyword | 安全群組通訊,多點傳播,群組金鑰,金鑰樹,共享金鑰推導, | zh_TW |
dc.subject.keyword | secure group communication,multicast,group key,key tree,shared key derivation, | en |
dc.relation.page | 123 | |
dc.rights.note | 有償授權 | |
dc.date.accepted | 2008-01-22 | |
dc.contributor.author-college | 電機資訊學院 | zh_TW |
dc.contributor.author-dept | 電機工程學研究所 | zh_TW |
顯示於系所單位: | 電機工程學系 |
文件中的檔案:
檔案 | 大小 | 格式 | |
---|---|---|---|
ntu-97-1.pdf 目前未授權公開取用 | 1.16 MB | Adobe PDF |
系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。