一個針對IPTV服務以頻道分群為基礎的金鑰管理協定

隨著網路快速發展，IPTV (Internet Protocol Television)將成為一個可行的服務。IPTV需要一個安全、有效率、且具有延展性的金鑰管理協定，來防止未授權的使用者看到IPTV傳播之內容。就此議題，本論文針對IPTV服務提出一個以頻道為分群基礎的金鑰管理協定。於此協定中，IPTV服務提供者握有多把群組金鑰、頻道金鑰、輔助金鑰及密鑰；訂閱者握有一把群組金鑰、多把頻道金鑰、輔助金鑰及密鑰。此外，此協定提出金鑰更新演算法，包括：定期更新金鑰、使用者訂閱、不訂閱IPTV服務、或當使用者改變訂閱IPTV服務內容演算法。本論文亦提出樹平衡演算法以維持金鑰更新效率。我們對所提出的協定與其他相關協定進行分析：從安全分析上，本協定多提供向前安全(forward secrecy)、向後安全(backward secrecy)，並且避免共謀攻擊(collusion attacks)的發生；在效率分析上，本論文以傳送的訊息數量、服務提供者的運算量、以及金鑰的儲存成本來做比較。本論文所提出的協定，雖然在儲存成本上高出了一倍。但當IPTV服務使用者(多人或單人)進入群組時，此協定在傳送的訊息數量、服務提供者的運算量上至少減少98%；當單一使用者離開群組時，此協定傳送的訊息數量、服務提供者的運算量則相同；當多個使用者同時離開群組時，此協定傳送的訊息數量至少減少30%、服務提供者的運算量至少減少40%。最後模擬實驗結果說明本論文所提的樹平衡演算法能夠維持樹平衡。

關鍵字

以頻道為分群基礎的金鑰管理方式；金鑰更新演算法；金鑰管理；安全群播；平衡樹；共謀攻擊； IPTV服務

並列摘要

With the rapid development of network, Internet Protocol Television (IPTV) becomes feasible. IPTV needs a secure, efficient, and scalable key management to prevent unauthorized users watching IPTV’s contents. This thesis presents an idea of channel-based key management protocol for IPTV service. In this protocol, IPTV service provider keeps lots of group keys, channel keys, administrative keys, and secret numbers. Each subscriber keeps a group keys and lots of channel keys, administrative keys, and secret numbers. Besides, this thesis proposes rekeying operations including: Join Operation, Leave Operation, Change Operation, and Per-update Operation. This protocol also maintains the efficient rekeying by maintaining balance trees. We analyze our protocol’s performance with other related protocols. In security analysis, this protocol more provides forward secrecy, backward secrecy, and collusion attacks prevention. In simulation analysis, three indexes are used: computational costs, number of rekeying messages and storages. Even though, the storages of this protocol are twice bigger. When a member/ members join a group, this protocol is at least 98% better. When a member leaves a group, the service manager’s computational costs and number of rekeying messages are same. When members leave a group, numbers of rekeying messages are at least 40% less and the computational costs of service manager are at least 30% less. Finally, the simulation results show that this protocol can keep trees in balance.

並列關鍵字

Channel-based key management ； IPTV service ； Rekeying operation ； Key management ； Secure multicast ； Tree balance ； Collusion attack

參考文獻

[9] Jung-Yoon Kim and Hyoung-Kee Choi,”Improvements on Sun et al.'s Conditional Access System in Pay-TV Broadcasting Systems”, IEEE Trans. Multimedia, vol. 12, no. 4, pp. 337, Jun. 2010

[10] Chi-Chun Lo, Chun-Chieh Huang and Meng-Ju Lee, “A Channel-Based Key Management Protocol for IPTV Service”, 8th annual IEEE Consumer Communications & Networking Conference, Jan. 2011

[11] J. Maisonneuve, M. Deschanel, J. Heiles, H. Liu, R. Sharpe, Y. Wu. An overview of IPTV standards Development, in: IEEE Transactions on Broadcasting vol.55, no3, June 2009 pp.315-328

[12] M. J. Moyer, J. R. Rao and P. Rohatgi, “A Survey of Security Issues in Multicast Communications,” IEEE Network 13(6), Nov/Dec 1999, p.12-p.23.

[14] S. Rafaeli and D. Hutchison, A Survey of Key Management for Secure Group Communication, ACM Computing Surveys, Vol. 35, No.3, September 2003, pp.309-329.

國際替代計量

一個針對IPTV服務以頻道分群為基礎的金鑰管理協定

全文下載

主題瀏覽