CN116527254A - Method for encrypting multicast video stream and managing key - Google Patents
Method for encrypting multicast video stream and managing key Download PDFInfo
- Publication number
- CN116527254A CN116527254A CN202310595026.4A CN202310595026A CN116527254A CN 116527254 A CN116527254 A CN 116527254A CN 202310595026 A CN202310595026 A CN 202310595026A CN 116527254 A CN116527254 A CN 116527254A
- Authority
- CN
- China
- Prior art keywords
- multicast
- key
- management node
- user
- private
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
- 238000000034 method Methods 0.000 title claims abstract description 24
- 238000005336 cracking Methods 0.000 claims abstract description 5
- 238000005304 joining Methods 0.000 claims description 5
- 238000012795 verification Methods 0.000 claims description 5
- 230000003993 interaction Effects 0.000 claims description 4
- 238000013475 authorization Methods 0.000 claims description 3
- 239000000758 substrate Substances 0.000 claims 3
- 239000000523 sample Substances 0.000 claims 1
- 230000006854 communication Effects 0.000 abstract description 13
- 238000004891 communication Methods 0.000 abstract description 12
- 230000006872 improvement Effects 0.000 description 3
- 230000005540 biological transmission Effects 0.000 description 2
- 238000010586 diagram Methods 0.000 description 2
- 238000009826 distribution Methods 0.000 description 2
- 239000003999 initiator Substances 0.000 description 2
- 230000008569 process Effects 0.000 description 2
- 230000009286 beneficial effect Effects 0.000 description 1
- 238000004364 calculation method Methods 0.000 description 1
- 230000008859 change Effects 0.000 description 1
- 238000011161 development Methods 0.000 description 1
- 238000005516 engineering process Methods 0.000 description 1
- 230000002452 interceptive effect Effects 0.000 description 1
- 230000004048 modification Effects 0.000 description 1
- 238000012986 modification Methods 0.000 description 1
- 238000003860 storage Methods 0.000 description 1
- 239000002699 waste material Substances 0.000 description 1
Classifications
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L12/00—Data switching networks
- H04L12/02—Details
- H04L12/16—Arrangements for providing special services to substations
- H04L12/18—Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0861—Generation of secret information including derivation or calculation of cryptographic keys or passwords
- H04L9/0869—Generation of secret information including derivation or calculation of cryptographic keys or passwords involving random numbers or seeds
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/088—Usage controlling of secret information, e.g. techniques for restricting cryptographic keys to pre-authorized uses, different access levels, validity of crypto-period, different key- or password length, or different strong and weak cryptographic algorithms
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/08—Key distribution or management, e.g. generation, sharing or updating, of cryptographic keys or passwords
- H04L9/0891—Revocation or update of secret information, e.g. encryption key update or rekeying
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L9/00—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
- H04L9/32—Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols including means for verifying the identity or authority of a user of the system or for message authentication, e.g. authorization, entity authentication, data integrity or data verification, non-repudiation, key authentication or verification of credentials
Landscapes
- Engineering & Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Computer Networks & Wireless Communication (AREA)
- Signal Processing (AREA)
- Data Exchanges In Wide-Area Networks (AREA)
Abstract
The invention provides a method for encrypting and managing keys of a multicast video stream, which belongs to the technical field of communication information security, uses one key for encryption, decrypts by more than one key, and simultaneously meets the requirements of forward confidentiality, backward confidentiality and security against collusion cracking; the multicast management node generates a private key only once for each user, and the private keys of each user are different from each other; when each time the group member changes, the message sender only needs to generate a new auxiliary key according to the private information of the new authorized user; the user obtains a new decryption key to decrypt the multicast information by using the new auxiliary key and the private key of the user.
Description
Technical Field
The invention relates to the technical field of communication information security, in particular to a method for encrypting a multicast video stream and managing a secret key. The invention is applied to the scenes of IPTV, broadcast television, multiparty video conference and the like which need to transmit streaming media data through a multicast protocol and have higher requirements on security.
Background
With the rapid development of communication technology and social informatization, especially the rapid popularization of the Internet, more and more demands for group communication, such as online interaction, video conference, online game, IPTV, etc., are generated. These group communications need to have the ability to send group information from a single point to multiple points or from multiple points to multiple points. The group communication can be realized by adopting traditional unicast or broadcast, but the burden of the network and the waste of bandwidth are increased, and the multicast is a new and efficient network transmission scheme aiming at the problem, so that the communication delay can be greatly reduced, and the network bandwidth resource is saved. Meanwhile, with importance of people on information security, multicast security, especially providing access control to multicast communication participants, providing security services such as encryption, integrity protection, playback resistance, source authentication, group authentication and the like to multicast content, preventing non-group members from eavesdropping and tampering with the communication content, or interfering with normal operation of the communication process, and preventing security threats from within the group, is increasingly important.
Symmetric (e.g., AES) or public key (e.g., RSA) encryption methods are designed primarily for unicast communications, and are characterized by a key encryption and a key decryption. The encryption key may be the same as the decryption key (symmetric cryptography) or may be different (public key cryptography). Multicast is a transmission scheme in which a single sender transmits data to a plurality of listeners, and is one-to-many communication. When symmetric or public key cryptography is used directly for multicasting, collusion cracking problems arise because the encryption keys of all group members are identical.
Key management techniques:
when a group member changes during multicast, the group key needs to be updated to meet the forward and backward confidentiality requirements. When symmetric or public key cryptography is used directly for secure multicast, when the number of members in a group is large and the group members change frequently, the key update occupies a lot of bandwidth, while secure multicast based on key update is still required to update a group of keys by secure unicast or some form of secure multicast, the improvement of the efficiency is limited and is always a bottleneck of the multicast system.
Disclosure of Invention
In order to solve the technical problems, the invention provides a method for encrypting a multicast video stream and managing keys, thereby realizing safe multicast and realizing key management with low updating cost by a centralized key management mode.
The technical scheme of the invention is as follows:
a method for encrypting and managing keys for multicast video streams,
decrypting by using one key and decrypting by more than one key, and simultaneously meeting the requirements of forward confidentiality, backward confidentiality and security multicast against collusion cracking;
the multicast management node generates a private key only once for each user, and the private keys of each user are different from each other;
when each time the group member changes, the private key in the user hand does not need to be changed, and the message sender only needs to generate a new auxiliary key according to the private information of the new authorized user; the user obtains a new decryption key to decrypt the multicast information by using the new auxiliary key and the private key of the user.
Further, the method comprises the steps of,
comprising the steps of (a) a step of,
the multicast management node and each multicast member are positioned under the same switch, and information interaction is carried out through a multicast network;
the multicast management node selects two prime numbers and two positive integers;
randomly generating an n-dimensional vector and a prime number;
when the group member joins the multicast group, authentication is performed at the multicast management node, and after the authentication is passed, a unique identity is generated for the multicast management node.
The multicast management node computes a private key for the user.
The prime numbers are randomly generated.
Still further, the method comprises the steps of,
when a user wants to send multicast to other users, the user firstly needs to send a user list which expects authorization to a multicast management node, and then the management node randomly selects a secret key and a random number;
interpolation parameters of all multicast users (including multicast initiator as well) construct a maximum degree interpolation polynomial.
Where kui is the interpolation parameter of the multicast user ui, which is different for each user.
The multicast management node sends out multicast initialization information to multicast the auxiliary key to the whole multicast group; after receiving the message, the multicast sender calculates interpolation parameters first, and then calculates secret key;
the multicast sender encrypts the multicast information according to the IDEA algorithm by using the calculated key, and then sends the ciphertext to the multicast group; other members use the key to decrypt.
When a member needs to join a multicast group, the member firstly sends a joining request to a multicast management node, and after the management node performs identity verification, if the member is accepted to join, a private key is generated for the member, and then the key is updated;
when a member needs to leave the multicast group, the member firstly sends a leave request to a multicast management node, and when the management node receives the leave request, the key is updated.
The invention is applied to the scenes of IPTV, broadcast television, multiparty video conference and the like which need to transmit streaming media data through a multicast protocol and have higher requirements on security
The invention has the beneficial effects that
1. The multicast management node only calculates the encryption key and the auxiliary key according to the private key of the authorized user, and although all members can receive the multicast information, only the authorized user can decrypt the multicast information, and unauthorized users cannot decrypt the multicast information. The encryption method realizes the functions of encrypting a key and decrypting a plurality of keys, and simultaneously meets the requirements of forward confidentiality, backward confidentiality and collusion cracking resistance on safe multicasting.
2. The multicast management node generates a private key only once for each user, and the private keys of each user are different from each other. The private key in the user's hand need not be changed each time a group member changes, and the message sender only needs to generate a new auxiliary key according to the private information of the new authorized user. The user obtains a new decryption key to decrypt the multicast information by using the new auxiliary key and the private key of the user. Therefore, the consumption of sending a private key to a user by a message sender in each multicast process is avoided, the bandwidth is saved, and the key updating efficiency is improved.
Drawings
FIG. 1 is a schematic block diagram of the operation of the present invention;
fig. 2 is a schematic diagram of a key distribution architecture.
Detailed Description
For the purpose of making the objects, technical solutions and advantages of the embodiments of the present invention more apparent, the technical solutions of the embodiments of the present invention will be clearly and completely described below with reference to the accompanying drawings in the embodiments of the present invention, and it is apparent that the described embodiments are some embodiments of the present invention, but not all embodiments, and all other embodiments obtained by those skilled in the art without making any inventive effort based on the embodiments of the present invention are within the scope of protection of the present invention.
The invention provides a method for encrypting a multicast video stream and managing a key, which is suitable for encrypting multicast communication; meanwhile, the centralized key management architecture widely used at present is improved, and the storage cost and the update cost of the centralized key management architecture are reduced, and the centralized key management architecture is mainly expressed in the following steps:
1. the multicast management node calculates an encryption key and an auxiliary key only according to the private key of an authorized user based on an International Data Encryption Algorithm (IDEA), and the multicast management node can only decrypt the multicast information by the authorized user and can not decrypt the multicast information by unauthorized users although all members can receive the multicast information.
2. Improvement of key distribution mode: the multicast management node generates a private key only once for each user, and the private keys of each user are different from each other. The private key in the user's hand need not be changed each time a group member changes, and the message sender only needs to generate a new auxiliary key according to the private information of the new authorized user. The user obtains a new decryption key to decrypt the multicast information by using the new auxiliary key and the private key of the user. Therefore, the consumption of sending a private key to a user by a message sender in each multicast process is avoided, the bandwidth is saved, and the key updating efficiency is improved.
The method specifically comprises the following steps:
1. as shown in fig. 1, the multicast management node and each multicast member are located under the same switch, and perform information interaction through the multicast network.
2. The multicast management node selects two large prime numbers, which are marked as s and t, and then calculates:
N=s×t,L=(s-1)×(t (1)
3. continuously selecting two positive integers u and v, and meeting the following conditions:
uv=1(mod L) (2)
4. randomly generating an n-dimensional vector M:
M=(a 1 ,a 2 ,...a n )1≤a i ≤L-1(1≤i≤n) (3)
5. a prime number is randomly generated and denoted as h.
6. Group member U i When joining a multicast group, firstly, carrying out identity verification on a multicast management node, and generating a unique identity for the multicast management node after the verification is passed as follows:
D i =(x i1 ,x i2 ,...x in )x ij ∈{0,1},(1≤j≤n) (4)
then extend equation (4):
f(D i )=(y i1 ,y i2 ,...y in )′y ij ∈{0,1},(1≤j≤n) (5)
7. the multicast management node calculates a private key for the user as follows:
U i =M*f(D i )mod L=∑ 1≤j≤n a j y ij mod L (6)
wherein: n, u, f (), h are disclosed, s, t, v, M is not disclosed
8. When a certain user U p Intended for other users U 1 、U 2 、……U p-1 U when transmitting multicast p First a list of users desiring authorization (U 1 、U 2 、……U p-1 ) And then the management node randomly selects a secret key m and a random number r, and the following calculation is performed:
C 1 =h ur mod N (7)
wherein G is i 、The result of the modulo operation in equations 8, 9, respectively (this result is not directly transmitted, is calculated by the multicast member in equation 11, and is finally used to calculate the key m in equation 12)
9. Using all generated in step 8(wherein multicast initiator U is also included) p A maximum of p th degree of interpolation polynomial is constructed as follows:
10. the multicast management node sends out the multicast initialization information to assist the key (B (x), C) 1 ) Multicast to the entire multicast group. When group member U i (1.ltoreq.i.ltoreq.p-1) and multicast sender U p After receiving the message, first calculate
Wherein,,interpolation parameters for all multicast users Ui
Then calculate key m:
11、U p the multicast information is encrypted according to the IDEA algorithm using the key calculated in step 9, and then the ciphertext is transmitted to the multicast group. Other members (U) 1 、U 2 、……U p-1 ) Decryption is performed using key m.
12. As shown in FIG. 2, there is a member U i When it is necessary to join a multicast group, it is assumed that U i The private key of (a) is a i . Member U i Firstly, a joining request is sent to a multicast management node, after the management node performs identity verification on the multicast management node, if the member joining is accepted, then the key updating is performed.
13. As shown in FIG. 2, there is a member U j When it is required to leave the multicast group, it is assumed that U j The private key of (a) is a j . Member U j Firstly, sending a leave request to a multicast management node, and when the management node receives the leave request, updating a key.
14. The key updating method in the steps 12 and 13 is as follows: management node computingAnd k= [ d/n ]]R=d mod N, thereby obtainingAnd encrypting the key M, encrypting the plaintext M by using the key M to obtain the ciphertext C, and transmitting the ciphertext C to the multicast group. After the group members receive the message, calculate r=a i -kn mod a i And d=kn+r, resulting in a decryption key d' to solve the plaintext.
The foregoing description is only illustrative of the preferred embodiments of the present invention, and is not intended to limit the scope of the present invention. Any modification, equivalent replacement, improvement, etc. made within the spirit and principle of the present invention are included in the protection scope of the present invention.
Claims (8)
1. A method for encrypting and managing keys for multicast video stream is characterized in that,
decrypting by using one key and decrypting by more than one key, and simultaneously meeting the requirements of forward confidentiality, backward confidentiality and security multicast against collusion cracking;
the multicast management node generates a private key only once for each user, and the private keys of each user are different from each other;
when each time the group member changes, the private key in the user hand does not need to be changed, and the message sender only needs to generate a new auxiliary key according to the private information of the new authorized user; the user obtains a new decryption key to decrypt the multicast information by using the new auxiliary key and the private key of the user.
2. The method of claim 1, wherein the step of determining the position of the substrate comprises,
comprising the steps of (a) a step of,
the multicast management node and each multicast member are positioned under the same switch, and information interaction is carried out through a multicast network;
the multicast management node selects two prime numbers and two positive integers;
randomly generating an n-dimensional vector and a prime number;
when the group member joins the multicast group, authentication is performed at the multicast management node, and after the authentication is passed, a unique identity is generated for the multicast management node.
3. The method of claim 2, wherein the step of determining the position of the substrate comprises,
the multicast management node computes a private key for the user.
4. The method of claim 2, wherein the step of determining the position of the substrate comprises,
the prime numbers are randomly generated.
5. The method of claim 3, wherein the step of,
when a user wants to send multicast to other users, the user firstly needs to send a user list which expects authorization to a multicast management node, and then the management node randomly selects a secret key and a random number;
interpolation parameters of all multicast subscribers (including multicast originators as well) are generated, and a maximum degree interpolation polynomial is constructed.
6. The method of claim 5, wherein the step of determining the position of the probe is performed,
the multicast management node sends out multicast initialization information to multicast the auxiliary key to the whole multicast group; after receiving the message, the multicast sender calculates interpolation parameters first, and then calculates secret key;
the multicast sender encrypts the multicast information according to the IDEA algorithm by using the calculated key, and then sends the ciphertext to the multicast group; other members use the key to decrypt.
7. The method of claim 6, wherein the step of providing the first layer comprises,
when a member needs to join the multicast group, the member firstly sends a joining request to the multicast management node, and after the management node performs identity verification, if the member is accepted to join, a private key is generated for the member, and then the key is updated.
8. The method of claim 6, wherein the step of providing the first layer comprises,
when a member needs to leave the multicast group, the member firstly sends a leave request to a multicast management node, and when the management node receives the leave request, the key is updated.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310595026.4A CN116527254A (en) | 2023-05-25 | 2023-05-25 | Method for encrypting multicast video stream and managing key |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN202310595026.4A CN116527254A (en) | 2023-05-25 | 2023-05-25 | Method for encrypting multicast video stream and managing key |
Publications (1)
| Publication Number | Publication Date |
|---|---|
| CN116527254A true CN116527254A (en) | 2023-08-01 |
Family
ID=87401121
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN202310595026.4A Pending CN116527254A (en) | 2023-05-25 | 2023-05-25 | Method for encrypting multicast video stream and managing key |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN116527254A (en) |
-
2023
- 2023-05-25 CN CN202310595026.4A patent/CN116527254A/en active Pending
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US6941457B1 (en) | Establishing a new shared secret key over a broadcast channel for a multicast group based on an old shared secret key | |
| US7328343B2 (en) | Method and apparatus for hybrid group key management | |
| Canetti et al. | Multicast security: A taxonomy and some efficient constructions | |
| US6584566B1 (en) | Distributed group key management for multicast security | |
| Chan et al. | Key management approaches to offer data confidentiality for secure multicast | |
| US6785809B1 (en) | Server group key for distributed group key management | |
| CN101309137B (en) | Uni-directional function tree multicast key management method based on cipher sharing | |
| CN108847928B (en) | Communication system and communication method for realizing information encryption and decryption transmission based on group type quantum key card | |
| CN104618110A (en) | VoIP safety meeting session key transmission method | |
| JP4156588B2 (en) | Cryptographic communication system, key distribution server, terminal device, and key sharing method | |
| KR20060079491A (en) | Method for broadcast encryption based on the combination | |
| CN112422276B (en) | Method and system for realizing multi-party key agreement | |
| CN100588153C (en) | Multicast data enciphered transmission method | |
| Mukherjee et al. | Scalable solutions for secure group communications | |
| CN116527254A (en) | Method for encrypting multicast video stream and managing key | |
| CN115603902A (en) | SM9 anonymous broadcast encryption method for CCA security | |
| Tomar et al. | Secure Group Key Agreement with Node Authentication | |
| CN111917534B (en) | Multicast data transmission method for embedding ciphertext strategies in message | |
| Kurnio et al. | Efficient revocation schemes for secure multicast | |
| Zhang et al. | A novel dynamic key management scheme for secure multicasting | |
| Thomas et al. | A novel decentralized group key management using attribute based encryption | |
| Molva et al. | Network security in the multicast framework | |
| Kalaiselvi et al. | A secure group communication using non-interactive key computation in multiparty key agreement | |
| Mohammadi et al. | A dynamic, zero-message broadcast encryption scheme based on secure multiparty computation | |
| Zhang et al. | A scalable multi-service group key management scheme |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| PB01 | Publication | ||
| PB01 | Publication | ||
| SE01 | Entry into force of request for substantive examination | ||
| SE01 | Entry into force of request for substantive examination |