摘要： 目前安全多播应用系统大多采用相对简单的集中式组密钥管理方案。单一密钥服务器容易导致单点失效和拥塞问题，系统安全性和可用性较差，恢复时延长。该文将入侵容忍的思想引入组密钥管理方案中，借助于门限秘密共享方案和信息分割算法，在集中式组密钥管理方法的基础上，提出一种具有容侵能力的组密钥管理方式。将单一的密钥服务器置换为分布式的密钥服务器组，各服务器借助于选举机制，通过相互协作来完成多播组密钥的管理以及信息的安全存储，既保持了集中式控制的优点，又有效减少了单点失效，增强了抗网络入侵的能力，提高了系统的可用性。

关键词: 多播, 密钥管理, 容侵, 管理机制, 信息分割算法

Abstract: The simple centralized group key management is used in most multicast application systems. Single point failure and congestion are often caused by single key server, and it’s difficult to recover from failure, so the security and integrity are unavailable. In order to solve these problems, this paper proposes a scheme based on Information Dispersal Algorithm(IDA) and Threshold Secret Sharing(TSS). This paper replaces the single key server in the centralized model with a set of distributed key servers. The group management operations and the storage of the group key information are performed through the collaboration of all the servers. So the security and integrity of the key management system are enhanced. The management mechanism and the method of storage and distribution of the key information are then discussed in this paper.

Key words: multicast, key management, intrusion tolerance, group management mechanism, Information Dispersal Algorithm(IDA)

中图分类号: 

• TP393