针对集中式组播密钥管理协议具有前向安全、后向安全、同谋破解等问题,本文提出了一种基于三叉树(Ternary Tree)的OFT组密钥管理协议(T-OFT)。使用三叉树的逻辑密钥结构,减少了密钥服务器存储密钥的数量,有效的降低了存储和通信开销。并借用可信安全模块(TPM)来产生和保存密钥信息,确保没有密钥信息显式的出现在TPM之外,保证了密钥的绝对安全。当组成员关系发生变化时,本协议通过更新组密钥保证前后向安全和防止同谋破解,提供了一种安全高效的组密钥管理服务。分析结果表明,该协议可以有效的降低存储和通信开销,并能保证密钥服务器的物理安全性。A novel group key management protocol based on Ternary Tree and One-way Function (T-OFT) is proposed in this paper to avoid the problem about forward confidentiality, backward confidentiality and conspiracy attack. The ternary tree is used in the protocol which reduces the number of storing keys and lowers the cost of storage and communication. We also use TPM to generate and store keys to ensure no keys outside plainly, guaranteeing absolute security of keys. The group key will be renewed when group members join or quit in order to provide a safe key management module. The protocol overcomes the above defects and lowers the cost of storage and communication, and could guarantee the physical security of the key server.
展开▼
