[go: up one dir, main page]

CN111917534A - Multicast data transmission method for embedding ciphertext strategy in message - Google Patents

Multicast data transmission method for embedding ciphertext strategy in message Download PDF

Info

Publication number
CN111917534A
CN111917534A CN202010554823.4A CN202010554823A CN111917534A CN 111917534 A CN111917534 A CN 111917534A CN 202010554823 A CN202010554823 A CN 202010554823A CN 111917534 A CN111917534 A CN 111917534A
Authority
CN
China
Prior art keywords
multicast
ciphertext
data
receiver
strategy
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
CN202010554823.4A
Other languages
Chinese (zh)
Other versions
CN111917534B (en
Inventor
詹晋川
张帆
周志远
熊浩
张啸宇
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Shenzhen Forward Industrial Co Ltd
Original Assignee
Shenzhen Forward Industrial Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Shenzhen Forward Industrial Co Ltd filed Critical Shenzhen Forward Industrial Co Ltd
Priority to CN202010554823.4A priority Critical patent/CN111917534B/en
Publication of CN111917534A publication Critical patent/CN111917534A/en
Application granted granted Critical
Publication of CN111917534B publication Critical patent/CN111917534B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L9/00Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols
    • H04L9/06Cryptographic mechanisms or cryptographic arrangements for secret or secure communications; Network security protocols the encryption apparatus using shift registers or memories for block-wise or stream coding, e.g. DES systems or RC4; Hash functions; Pseudorandom sequence generators
    • H04L9/0618Block ciphers, i.e. encrypting groups of characters of a plain text message using fixed encryption transformation
    • H04L9/0631Substitution permutation network [SPN], i.e. cipher composed of a number of stages or rounds each involving linear and nonlinear transformations, e.g. AES algorithms
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L12/00Data switching networks
    • H04L12/02Details
    • H04L12/16Arrangements for providing special services to substations
    • H04L12/18Arrangements for providing special services to substations for broadcast or conference, e.g. multicast
    • H04L12/185Arrangements for providing special services to substations for broadcast or conference, e.g. multicast with management of multicast group membership

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • Data Exchanges In Wide-Area Networks (AREA)

Abstract

The invention discloses a multicast data transmission method for embedding a ciphertext strategy in a message, and relates to the technical field of network security. The method comprises the following steps: the multicast source generates a ciphertext strategy tree according to the AES key and the decryption strategy; the multicast source encrypts the multicast data according to the AES key to generate ciphertext data; the multicast source binds the ciphertext strategy tree and the ciphertext data together to generate a binding data packet, and sends the binding data packet to all multicast receivers; and the target multicast receiver obtains the AES key from the decrypted ciphertext strategy tree, and decrypts the ciphertext data by adopting the AES key to obtain the multicast data. The invention realizes one-to-many multicast message encryption, so that even if an illegal receiver joins in a multicast task to obtain encrypted data, the encrypted data cannot be decrypted, and a multicast source can conveniently modify a ciphertext strategy in the same multicast task to control whether the receiver can decrypt the encrypted data at any time.

Description

Multicast data transmission method for embedding ciphertext strategy in message
Technical Field
The invention relates to the technical field of network security, in particular to a multicast data transmission method for embedding a ciphertext strategy in a message.
Background
With the development of the Internet, various interactive data, voice and video information in the network are more and more, and meanwhile, the newly-developed services of electronic commerce, online conference, online auction, video on demand, remote teaching and the like mostly conform to a point-to-multipoint mode and put forward higher requirements on network bandwidth. The traditional unicast and broadcast communication modes can not realize the problems of single-point transmission and multipoint reception with minimum network overhead.
The IP multicast technology is a point-to-multipoint transmission method, which solves the above problems in time. When some users in the network need specific data, the multicast data sender (i.e. multicast source) only sends data once, and establishes a multicast distribution tree for the multicast data packet by means of the multicast routing protocol, and the transferred data starts to be copied and distributed after reaching the node as close as possible to the user terminal.
IP multicast has been developed for over a decade, and many international organizations have made a lot of work on technical research and business development of multicast, and multicast communication technology has become more and more mature. However, the security of multicast data in the network transmission process is not well guaranteed, the data is usually transmitted in the clear text on the network and is easily intercepted by a third party, meanwhile, in the IP network, any terminal or user can easily join in a multicast task, and a verification mechanism for multicast receivers is lacked. The traditional encryption technology can only realize the point-to-point encryption function and cannot be suitable for the use scene of multicast point-to-multipoint.
Disclosure of Invention
The present invention provides a multicast data transmission method for embedding ciphertext policy in a packet, which can alleviate the above problems.
In order to alleviate the above problems, the technical scheme adopted by the invention is as follows:
a multicast data transmission method for embedding ciphertext strategy in message includes the following steps:
s1, each multicast receiver acquires its own attribute and a private key corresponding to its own attribute generated according to the CP-ABE algorithm;
s2, the multicast source determines a target multicast receiver, randomly generates an AES key, formulates a decryption strategy according to the attribute of the target multicast receiver, and generates a ciphertext strategy tree according to a strategy generation condition, wherein the strategy generation condition comprises the AES key and the decryption strategy;
s3, the multicast source encrypts the multicast data according to the AES key to generate ciphertext data;
s4, the multicast source binds the ciphertext strategy tree and the ciphertext data together to generate a network data packet, and sends the network data packet to all multicast receivers;
s5, each multicast receiver analyzes the ciphertext strategy tree and ciphertext data from the network data packet;
s6, each multicast receiver decrypts the ciphertext strategy tree according to the decryption condition of the multicast receiver, wherein the decryption condition comprises a private key generated according to the attribute of the multicast receiver, and only the attribute of the target multicast receiver is matched with the ciphertext strategy tree, so that an AES key can be obtained by decryption;
and S7, the target multicast receiver decrypts the ciphertext data by adopting the AES key to obtain plaintext multicast data.
The technical effect of the technical scheme is as follows: the problem of one-to-many multicast message encryption is solved, the multicast source is encrypted once, and a plurality of receivers can decrypt simultaneously according to the attribute, so that the multicast data is prevented from being transmitted in a clear text in a network; the network behavior is not changed, an illegal receiver can be added into a multicast task in a certain mode, but the whole multicast data is encrypted, so that the illegal receiver cannot decrypt the data and cannot obtain the plaintext data even if the illegal receiver is added into the multicast to obtain the data; the multicast source can conveniently modify the decryption strategy in the same multicast task and control the decryption authority of the multicast receiver.
Further, the policy generation condition further includes a random number and a public parameter, the random number is generated by the multicast source, and the public parameter refers to a parameter required by the CP-ABE algorithm; the decryption conditions also include public parameters.
Further, the public parameter is generated by the PKG server and is disclosed in the network in which the multicast group is located.
Furthermore, the attribute and the private key of each multicast receiver are generated by the PKG server in a unified way.
The technical effect of the technical scheme is as follows: the key pair is generated by unified management, and safety and reliability are realized.
Furthermore, the attributes and the private key generated by the PKG server are copied to each multicast receiver offline after being stored in the Ukey.
The technical effect of the technical scheme is as follows: the security and the confidentiality of the private key can be ensured, and the private key is prevented from being intercepted by people in the network.
Further, the attribute of each multicast receiver is disclosed by the PKG server in the network in which the multicast group is located.
Further, the target multicast receiver refers to a multicast receiver that requires decryption to obtain multicast data in the data transmission task.
Further, the AES key is a symmetric key, and the multicast data is encrypted or decrypted by using an AES algorithm.
The technical effect of the technical scheme is as follows: the AES algorithm has high operation speed, very low requirement on a memory, suitability for a limited environment and flexible design of the packet length and the key length.
In order to make the aforementioned objects, features and advantages of the present invention comprehensible, embodiments accompanied with figures are described in detail below.
Drawings
In order to more clearly illustrate the technical solutions of the embodiments of the present invention, the drawings needed to be used in the embodiments will be briefly described below, it should be understood that the following drawings only illustrate some embodiments of the present invention and therefore should not be considered as limiting the scope, and for those skilled in the art, other related drawings can be obtained according to the drawings without inventive efforts.
Fig. 1 is a flowchart of a multicast data transmission method according to an embodiment of the present invention;
fig. 2 is a schematic diagram of distribution of attributes and private keys of multicast group members in the embodiment of the present invention;
FIG. 3 is a schematic block diagram of an encryption process of a multicast source according to an embodiment of the present invention;
fig. 4 is a schematic block diagram of a decryption process of a target multicast recipient according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the embodiments of the present invention clearer, the technical solutions in the embodiments of the present invention will be clearly and completely described below with reference to the drawings in the embodiments of the present invention, and it is obvious that the described embodiments are some, but not all, embodiments of the present invention. The components of embodiments of the present invention generally described and illustrated in the figures herein may be arranged and designed in a wide variety of different configurations.
Thus, the following detailed description of the embodiments of the present invention, presented in the figures, is not intended to limit the scope of the invention, as claimed, but is merely representative of selected embodiments of the invention. All other embodiments, which can be derived by a person skilled in the art from the embodiments given herein without making any creative effort, shall fall within the protection scope of the present invention.
Referring to fig. 1, fig. 2, fig. 3, and fig. 4, an embodiment of the present invention discloses a multicast data transmission method for embedding a ciphertext policy in a packet, which includes:
s1, each multicast receiver acquires its own attribute and a private key corresponding to its own attribute generated according to the CP-ABE algorithm;
s2, the multicast source determines a target multicast receiver, a decryption strategy (such as id >2 and level >1) is formulated according to the attribute of the target multicast receiver, an AES key is randomly generated, a ciphertext strategy tree is generated according to a strategy generation condition, the strategy generation condition comprises the AES key and the decryption strategy, and the multicast receiver which can decrypt and obtain multicast data is required in a data transmission task pointed by the target multicast receiver;
s3, the multicast source encrypts the multicast data according to the AES key to generate ciphertext data;
s4, the multicast source binds the ciphertext strategy tree and the ciphertext data together to generate a network data packet, and then replaces the plaintext data to be transmitted originally with the network data packet to send to all multicast receivers;
s5, each multicast receiver analyzes the ciphertext strategy tree and ciphertext data from the network data packet;
s6, each multicast receiver decrypts the ciphertext strategy tree according to the decryption condition of the multicast receiver, wherein the decryption condition comprises a private key generated according to the attribute of the multicast receiver, if the attribute of the receiver does not accord with the decryption strategy formulated by the multicast sender, the AES key cannot be decrypted, the decryption fails, and the AES key can be correctly decrypted only when the attribute of the receiver accords with the decryption strategy formulated by the multicast sender, in the embodiment, only the attribute of the target multicast receiver is matched with the ciphertext strategy tree, and the AES key can be decrypted from the attribute;
and S7, the target multicast receiver decrypts the ciphertext data by adopting the AES key to obtain plaintext multicast data.
In the present embodiment, the multicast recipients include terminal 1, terminal 2, terminal 3, and terminal 4. The multicast receiver needs to obtain its own attribute and the private key based on the attribute in advance, for example, the attribute of the multicast receiver terminal 1 is Att1(id 001, level 1), the corresponding private key is: priv1. Wherein the attribute can be public and the private key cannot be revealed.
In this embodiment, the policy generation condition further includes a random number s generated by the multicast source and a public parameter, where the public parameter refers to a parameter required by the CP-ABE algorithm; the decryption conditions also include public parameters.
In this embodiment, the public parameter, the attribute of each multicast receiver, and the private key are all generated by the PKG server, and the public parameter and the attribute of each multicast receiver are disclosed by the PKG server in the network where the multicast group is located.
In this embodiment, the distribution manner of the attributes and the private key generated by the PKG server is as follows: after being stored in the Ukey, the multicast data is off-line copied to each multicast receiver.
In this embodiment, the AES key is a symmetric key, and the multicast data is encrypted or decrypted by using an AES algorithm. In addition, other symmetric encryption algorithms such as DES, RC4, etc. may be used for encryption or decryption.
The above description is only a preferred embodiment of the present invention and is not intended to limit the present invention, and various modifications and changes may be made by those skilled in the art. Any modification, equivalent replacement, or improvement made within the spirit and principle of the present invention should be included in the protection scope of the present invention.

Claims (8)

1. A multicast data transmission method for embedding ciphertext strategy in message is characterized by comprising the following steps:
s1, each multicast receiver acquires its own attribute and a private key corresponding to its own attribute generated according to the CP-ABE algorithm;
s2, the multicast source determines a target multicast receiver, randomly generates an AES key, formulates a decryption strategy according to the attribute of the target multicast receiver, and generates a ciphertext strategy tree according to strategy generation conditions, wherein the strategy generation conditions comprise the AES key and the decryption strategy;
s3, the multicast source encrypts the multicast data according to the AES key to generate ciphertext data;
s4, the multicast source binds the ciphertext strategy tree and the ciphertext data together to generate a network data packet, and sends the network data packet to all multicast receivers;
s5, each multicast receiver analyzes the ciphertext strategy tree and ciphertext data from the network data packet;
s6, each multicast receiver decrypts the ciphertext strategy tree according to the decryption condition of the multicast receiver, wherein the decryption condition comprises a private key generated according to the attribute of the multicast receiver, and only the attribute of the target multicast receiver is matched with the ciphertext strategy tree, so that an AES key can be obtained by decryption;
and S7, the target multicast receiver decrypts the ciphertext data by adopting the AES key to obtain plaintext multicast data.
2. The multicast data transmission method according to claim 1, wherein the policy generation condition further includes a random number and a public parameter, the random number is generated by a multicast source, and the public parameter refers to a parameter required by a CP-ABE algorithm; the decryption conditions also include public parameters.
3. The method according to claim 2, wherein the public parameter is generated by the PKG server and is disclosed in a network in which the multicast group is located.
4. The multicast data transmission method according to claim 3, wherein the attribute and the private key of each multicast receiver are generated by the PKG server.
5. The multicast data transmission method according to claim 4, wherein the attribute and the private key generated by the PKG server are copied to each multicast receiver offline after being stored in the Ukey.
6. The multicast data transmission method according to claim 5, wherein the attribute of each multicast receiver is disclosed by the PKG server in the network where the multicast group is located.
7. The method for transmitting multicast data with the ciphertext policy embedded in the packet according to claim 1, wherein the data transmission task pointed by the target multicast receiver requires a multicast receiver capable of decrypting to obtain the multicast data.
8. The method for transmitting multicast data with a ciphertext policy embedded in a packet according to claim 1, wherein the AES key is a symmetric key, and the multicast data is encrypted or decrypted by using an AES algorithm.
CN202010554823.4A 2020-06-17 2020-06-17 Multicast data transmission method for embedding ciphertext strategies in message Active CN111917534B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202010554823.4A CN111917534B (en) 2020-06-17 2020-06-17 Multicast data transmission method for embedding ciphertext strategies in message

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202010554823.4A CN111917534B (en) 2020-06-17 2020-06-17 Multicast data transmission method for embedding ciphertext strategies in message

Publications (2)

Publication Number Publication Date
CN111917534A true CN111917534A (en) 2020-11-10
CN111917534B CN111917534B (en) 2023-12-15

Family

ID=73237793

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202010554823.4A Active CN111917534B (en) 2020-06-17 2020-06-17 Multicast data transmission method for embedding ciphertext strategies in message

Country Status (1)

Country Link
CN (1) CN111917534B (en)

Cited By (1)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115085901A (en) * 2022-05-30 2022-09-20 深圳数字电视国家工程实验室股份有限公司 Data transmission method and system based on digital interface key

Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101106470A (en) * 2007-06-30 2008-01-16 华为技术有限公司 A multicast method, network device and system
US20090024845A1 (en) * 2007-07-19 2009-01-22 Benshetler Jeffery E Method and system for encryption of messages in land mobile radio systems
US7634085B1 (en) * 2005-03-25 2009-12-15 Voltage Security, Inc. Identity-based-encryption system with partial attribute matching
CN102833230A (en) * 2012-07-31 2012-12-19 杭州华三通信技术有限公司 Method and system for encrypting broadcast data
CN103546279A (en) * 2013-10-28 2014-01-29 成都卫士通信息产业股份有限公司 Secure multicast secret key management mechanism
US20140226816A1 (en) * 2011-08-24 2014-08-14 Shlomi Dolev A method for attribute based broadcast encryption with permanent revocation
CN103997463A (en) * 2014-05-23 2014-08-20 中国人民解放军理工大学 Secure multicast method for overlay network at low expenses
CN104135473A (en) * 2014-07-16 2014-11-05 北京航空航天大学 A method for realizing identity-based broadcast encryption by ciphertext-policy attribute-based encryption
US9882714B1 (en) * 2013-03-15 2018-01-30 Certes Networks, Inc. Method and apparatus for enhanced distribution of security keys
CN109257173A (en) * 2018-11-21 2019-01-22 郑州轻工业学院 Asymmetric group key agreement method based on authority information exchange

Patent Citations (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US7634085B1 (en) * 2005-03-25 2009-12-15 Voltage Security, Inc. Identity-based-encryption system with partial attribute matching
CN101106470A (en) * 2007-06-30 2008-01-16 华为技术有限公司 A multicast method, network device and system
US20090024845A1 (en) * 2007-07-19 2009-01-22 Benshetler Jeffery E Method and system for encryption of messages in land mobile radio systems
US20140226816A1 (en) * 2011-08-24 2014-08-14 Shlomi Dolev A method for attribute based broadcast encryption with permanent revocation
CN102833230A (en) * 2012-07-31 2012-12-19 杭州华三通信技术有限公司 Method and system for encrypting broadcast data
US9882714B1 (en) * 2013-03-15 2018-01-30 Certes Networks, Inc. Method and apparatus for enhanced distribution of security keys
CN103546279A (en) * 2013-10-28 2014-01-29 成都卫士通信息产业股份有限公司 Secure multicast secret key management mechanism
CN103997463A (en) * 2014-05-23 2014-08-20 中国人民解放军理工大学 Secure multicast method for overlay network at low expenses
CN104135473A (en) * 2014-07-16 2014-11-05 北京航空航天大学 A method for realizing identity-based broadcast encryption by ciphertext-policy attribute-based encryption
CN109257173A (en) * 2018-11-21 2019-01-22 郑州轻工业学院 Asymmetric group key agreement method based on authority information exchange

Non-Patent Citations (4)

* Cited by examiner, † Cited by third party
Title
T. HARDJONO (NORTEL); B. CAIN (MIRROR IMAGE);N. DORASWAMY (PHOTONEX);: "A Framework for Group Key Management for Multicast Security", IETF *
T. HARDJONO;VERISIGN;B. WEIS; CISCO;: "The Multicast Group Security Architecture", IETF *
唐强;杨庚;曹晓梅;: "一种基于ABE的抗共谋组播方案", 广东通信技术, no. 07 *
苏锐丹;丁振国;周利华;: "基于IBC策略驱动的组播内容分发方案", 系统工程与电子技术, no. 12 *

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN115085901A (en) * 2022-05-30 2022-09-20 深圳数字电视国家工程实验室股份有限公司 Data transmission method and system based on digital interface key
CN115085901B (en) * 2022-05-30 2024-10-22 深圳数字电视国家工程实验室股份有限公司 Data transmission method and system based on digital interface key

Also Published As

Publication number Publication date
CN111917534B (en) 2023-12-15

Similar Documents

Publication Publication Date Title
US7120696B1 (en) Cryptographic communications using pseudo-randomly generated cryptography keys
US6584566B1 (en) Distributed group key management for multicast security
Gong et al. Multicast security and its extension to a mobile environment
US7016499B2 (en) Secure ephemeral decryptability
Choi et al. Efficient secure group communications for SCADA
Eskicioglu Multimedia security in group communications: recent progress in key management, authentication, and watermarking
CN102088441B (en) Data encryption transmission method and system for message-oriented middleware
WO2009043238A1 (en) Method, device and system for multimedia service management
CN102088352A (en) Data encryption transmission method and system for message-oriented middleware
CN102905199A (en) Implement method and device of multicast service and device thereof
US10375051B2 (en) Stateless server-based encryption associated with a distribution list
CN113973007B (en) Time-controlled encrypted anonymous query method and system based on broadcast encryption and onion routing
KR20220050863A (en) Secure instant messaging method and attaratus thereof
US6587943B1 (en) Apparatus and method for limiting unauthorized access to a network multicast
CN111917534B (en) Multicast data transmission method for embedding ciphertext strategies in message
Mukherjee et al. Scalable solutions for secure group communications
Angamuthu et al. Balanced key tree management for multi‐privileged groups using (N, T) policy
D’Arco et al. Fault tolerant and distributed broadcast encryption
KR100888075B1 (en) Encryption and Decryption System for Multicast Using Individual Symmetric Keys
CN111769936B (en) Encrypted multicast data transmission method based on centralized configuration
JP2003229844A (en) Data transfer system
Chaddoud et al. Efficient secure group management for SSM
Molva et al. Network security in the multicast framework
Kirstein et al. Secure multicast conferencing
Thomas et al. A novel decentralized group key management using attribute based encryption

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
GR01 Patent grant
GR01 Patent grant