Abstract: Multicast key management is a critical issue in secure multicast. Members’ hierarchical tree structure based on relationship of administrative subordination is presented. In this structure, keys among levels are generated by one-way function chain to guarantee accessing popedom, and the keys of members in lowest subgroups formed logical key hierarchical trees. Then rekeying ways including keys among levels and subgroup keys are researched when members are dynamic. At last, security and load of the scheme is analyzed, The results show that it ensures forward secrecy, backward secrecy, and avoids the problem of single node invalidation. It can be applied in large dynamic multicast group where members have relationships of administrative subordination.

Key words: relationship of administrative subordination, multicast key management, logical key tree, one-way function chain, rekeying

摘要： 组播密钥管理是组播安全的核心问题。通过组成员的隶属关系建立成员的等级树结构，结构中利用单向函数链生成层间密钥来维护上下层访问权限，并将最下层子组内成员密钥构成逻辑密钥树；研究了成员动态变化时的层间密钥、子组密钥更新方法；对模型的安全性和负载进行分析。分析表明方案满足前向保密、后向保密等安全需求，避免了单点失效问题的发生，适用于大型动态变化的具有成员隶属关系的部门组播应用。

关键词: 隶属关系, 组播密钥管理, 逻辑密钥树, 单向函数链, 密钥更新