The Research And Application On IPv6Security Management Techniques Of Group Members

With the increasing development and improvement of IPv6technology, as well as themulticast applications, higher requirements have been put forward for multicast security in thecomplex Internet environment. One of the most important key points is the securitymanagement of group members. Currently, multicast technology research in the IPv4networkenvironment has been much mature, however, the research and application on IPv6securitymanagement techniques of group members is still in its initial stage, and the standards have notbeen unified. In response to this situation, researching Multicast security in the new generationof trusted Internet to achieve the security management of group members is of great value.Based on In-depth study of the dynamic threshold secret sharing scheme, threshold-basedgroup key management scheme is proposed. In the IPv6network environment, Correspondingsolutions are proposed toward the key link in the process of multicast receiver access control toachieve secure multicast, and also to reduce the impact on network performance when thegroup members join in or leave from the group frequently. In this paper, research works thathave finished are as follows:1. Threshold-based group key management and access control scheme applied to the LANand other shared media. The leak of Group key can easily threaten the security of the entireenvironment of LAN and other shared media. Therefore, propose a non-symmetric mode usingthe idea of Shamir threshold encryption to implement group key distribution, encryption anddecryption. This scheme called Group Key Management based on Threshold can achieve LANaccess control, and make it possible that group members holding different group keys canrestore the same encrypted multicast data. The original program can be expanded to LGKMTby adding the sub-group key controller, which can expand the scheme apply to large-scalemulticast application environment.2. Secure Control of Multicast Client. For the lack of security and effective management ofgroup members in the current IPv6network environment, propose an identification schemeabbreviated to ISMC which is applied to multicast environment and a channel-based accesscontrol scheme abbreviated to EAP-OTP which is applied to the IPv6network. To constructIPv6Secure Control of Multicast Client system abbreviated to SCMC combining with LGKMTscheme. This system can provide security and effective management in the process of user loginand channel access, prescribe the legitimate users’ permissions to avoid unauthorized users’malicious occupancy of multicast resources and the attacker’s destruction of multicast system.3. The design and implementation process of the SCMC system will be proposed. The detail method and steps of SCMC system will be described from the perspective of server,access router and client; and the description of the functions and the variables will beintroduced from the perspective of object-oriented; and finally, the implementation ofEAP-OTP scheme from the SCMC system will be analyzed through the way of the statediagram.Finally, SCMC system is successfully deployed on CERNET2, which verify the maintechniques and methods of security group membership management.