CN103281175B - A Dynamic Balancing Method of LKH Key Management Tree - Google Patents

A Dynamic Balancing Method of LKH Key Management Tree Download PDF

Info

Publication number
CN103281175B
CN103281175B CN201310176324.6A CN201310176324A CN103281175B CN 103281175 B CN103281175 B CN 103281175B CN 201310176324 A CN201310176324 A CN 201310176324A CN 103281175 B CN103281175 B CN 103281175B
Authority
CN
China
Prior art keywords
key management
management tree
node
tree1
subtree
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Active
Application number
CN201310176324.6A
Other languages
Chinese (zh)
Other versions
CN103281175A (en
Inventor
徐杰
尹华云
孙健
隆克平
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
University of Electronic Science and Technology of China
Original Assignee
University of Electronic Science and Technology of China
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by University of Electronic Science and Technology of China filed Critical University of Electronic Science and Technology of China
Priority to CN201310176324.6A priority Critical patent/CN103281175B/en
Publication of CN103281175A publication Critical patent/CN103281175A/en
Application granted granted Critical
Publication of CN103281175B publication Critical patent/CN103281175B/en
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Landscapes

  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

本发明公开了一种LKH密钥管理树动态平衡方法通过对加入和离开密钥管理组的用户数目NJ和ND进行判断,采用不同的方法对原始密钥管理树进行动态平衡,得到新的密钥管理树即平衡密钥管理树,从而保证了LKH在组密钥管理上的高效性。

The invention discloses a dynamic balance method of an LKH key management tree. By judging the numbers N J and ND of users who join and leave the key management group, different methods are used to dynamically balance the original key management tree to obtain a new key management tree. The key management tree of LKH is the balanced key management tree, which ensures the efficiency of LKH in group key management.

Description

一种LKH密钥管理树动态平衡方法A Dynamic Balancing Method of LKH Key Management Tree

技术领域technical field

本发明属于网络信息安全技术领域,更为具体地讲,涉及一种LKH密钥管理树动态平衡方法。The invention belongs to the technical field of network information security, and more specifically relates to a method for dynamically balancing an LKH key management tree.

背景技术Background technique

快速发展的多播网络带来了多播业务的广泛应用,比如IPTV、车载通信、视频会议等。如何保证多播组内通信的安全是开展多播业务的基础,最常用和有效的方法是通过给组内消息加密,然后在组内合法成员之间共享一个加密密钥的方式来保证多播组内通信的安全性,这样可以有效阻止非法用户窃取组内通信内容。考虑到组内随时会有用户离开或者加入,为保证组内通信的前向和后向安全,组密钥管理中心需要及时更新加密密钥。如何高效地管理和更新组内加密密钥是一个极其重要的问题。目前,已提出了多种组密钥管理方法,譬如说OFT、ELK、SDR、SHKD和LKH,对于大型动态多播网络LKH(逻辑密钥分层)是高效的密钥管理方法之一。The rapid development of multicast networks has brought about the wide application of multicast services, such as IPTV, vehicular communications, and video conferencing. How to ensure the security of communication within a multicast group is the basis for developing multicast services. The most common and effective method is to encrypt messages within a group and then share an encryption key among legal members of the group to ensure multicast The security of communication within the group can effectively prevent illegal users from stealing the content of communication within the group. Considering that users in the group may leave or join at any time, in order to ensure the forward and backward security of communication in the group, the group key management center needs to update the encryption key in time. How to efficiently manage and update encryption keys within a group is an extremely important issue. At present, a variety of group key management methods have been proposed, such as OFT, ELK, SDR, SHKD, and LKH. For large dynamic multicast networks, LKH (Logical Key Hierarchy) is one of the efficient key management methods.

LKH采用一棵如图1所示的密钥管理树对组密钥进行管理。密钥管理树中存在三种类型的密钥,位于树根节点的为加密密钥K0,它用来直接加密组内通信内容;位于叶子节点为用户私钥PK1~PK6,每个用户加入到组时,组密钥管理中心都会给他分配一个用户私钥PK1~PK6;树中其他节点为分发密钥K1~K4,它主要是用来分发加密密钥。组内每个成员保存从它对应的叶子节点到树的根节点这条路径上所有密钥,组密钥管理中心保存密钥管理树中所有的密钥。当组内成员有变更时,密钥管理中心就会更新相应的密钥。如图1所示,假若成员M1离开通信组,为保证成员M1不能再解密组内通信内容,密钥管理中心需要更新密钥K0、K1和K3,产生如下密钥更新消息{K3'}PK2,{K'1}K'3,{K'1}K4,{K'0}K'1和{K'0}K2,其中,Ki'代表Ki的新密钥,{Ki'}Kj表示用Kj加密密钥Ki'。对于成员M2来说,当它接收到这些密钥更新消息后,它首先利用它的私钥PK2解密消息{K3'}PK2得到新的密钥K3',然后利用密钥K3'解密消息{K'1}K'3得到新密钥K1',最后利用谜语K1'解密消息{K'0}K'1得到新的加密密钥K'0。这样,组内剩余成员能成功得到了新的加密密钥,但成员M1不可能再获得新的加密密钥,这样保证了通信的安全。假若成员M1添加到组,同样为保证成员M1不能利用密钥解密组内以前的通信内容,所以当成员M1添加到组时,组密钥管理中心需要更新加密密钥。如图1所示,密钥K0、K1和K3需要更新,密钥更新消息为{K3'}PK1,{K3'}PK2,{K1'}K3',{K'1}K4,{K'0}K'1和{K'0}K2,这样成员M1根据消息{K3'}PK1,{K1'}K3'和{K'0}K'1能得到新的加密密钥,同样,组内其他成员根据密钥更新消息也可以得到新的加密密钥。LKH密钥管理开销和组内成员数量的对数相关,因而,它是一种低开销的组密钥管理方案。LKH uses a key management tree as shown in Figure 1 to manage group keys. There are three types of keys in the key management tree, the encryption key K 0 located at the root node of the tree, which is used to directly encrypt the communication content within the group; the user private keys PK 1 ~ PK 6 located at the leaf nodes, each When a user joins a group, the group key management center will assign him a user private key PK 1 ~ PK 6 ; other nodes in the tree are distribution keys K 1 ~ K 4 , which are mainly used to distribute encryption keys. Each member in the group saves all keys on the path from its corresponding leaf node to the root node of the tree, and the group key management center saves all keys in the key management tree. When the members in the group change, the key management center will update the corresponding key. As shown in Figure 1, if member M 1 leaves the communication group, in order to ensure that member M 1 can no longer decrypt the communication content in the group, the key management center needs to update the keys K 0 , K 1 and K 3 , and generate the following key update message {K 3 '}PK 2 ,{K' 1 }K' 3 ,{K' 1 }K 4 ,{K' 0 }K' 1 and {K' 0 }K 2 , where K i ' represents K i The new key of {K i '}K j means to encrypt the key K i ' with K j . For member M 2 , when it receives these key update messages, it first uses its private key PK 2 to decrypt the message {K 3 '}PK 2 to get a new key K 3 ', and then uses the key K 3 ' Decrypt the message {K' 1 }K' 3 to get the new key K 1 ', and finally use the riddle K 1 'to decrypt the message {K' 0 }K' 1 to get the new encryption key K' 0 . In this way, the remaining members in the group can successfully obtain the new encryption key, but member M1 cannot obtain the new encryption key, which ensures the security of communication. If member M 1 is added to the group, also to ensure that member M 1 cannot use the key to decrypt the previous communication content in the group, so when member M 1 is added to the group, the group key management center needs to update the encryption key. As shown in Figure 1, keys K 0 , K 1 and K 3 need to be updated, and the key update message is {K 3 '}PK 1 ,{K 3 '}PK 2 ,{K 1 '}K 3 ',{ K' 1 }K 4 , {K' 0 }K' 1 and {K' 0 }K 2 , so member M 1 according to the message {K 3 '}PK 1 , {K 1 '}K 3 'and {K' 0 }K' 1 can get a new encryption key, similarly, other members in the group can also get a new encryption key according to the key update message. The LKH key management overhead is related to the logarithm of the number of members in the group, so it is a low-overhead group key management scheme.

然而,LKH密钥管理高效的前提是有一棵平衡的密钥管理树,若组内用户关系变化导致密钥管理树不平衡,对LKH密钥管理高效性将是一个严重的挑战。However, the premise of efficient LKH key management is a balanced key management tree. If the relationship between users in the group changes and the key management tree is unbalanced, it will be a serious challenge to the efficiency of LKH key management.

发明内容Contents of the invention

本发明的目的在于克服现有技术的不足,提供一种LKH密钥管理树动态平衡方法,使LKH密钥管理树在任何情况下都能保持平衡,从而保证了LKH在组密钥管理上的高效性。The purpose of the present invention is to overcome the deficiencies in the prior art, provide a kind of LKH key management tree dynamic balance method, make LKH key management tree can keep balance under any circumstances, thereby guaranteed LKH on group key management Efficiency.

为实现上述发明目的,本发明LKH密钥管理树动态平衡方法,其特征在于包括以下步骤:In order to realize the above-mentioned purpose of the invention, the LKH key management tree dynamic balance method of the present invention is characterized in that comprising the following steps:

(1)、定义变量NJ和ND分别表示加入和离开密钥管理组的用户数目;(1) Define variables N J and N D to represent the number of users joining and leaving the key management group respectively;

(2)、对加入和离开密钥管理组的用户数目NJ和ND进行判断;(2) Judging the number N J and N D of users joining and leaving the key management group;

2.1)、当加入用户数量NJ>离开用户数量ND,则执行:2.1), when the number of joining users N J > the number of leaving users N D , then execute:

a1、选择数量为ND的加入用户替代原始密钥管理树中的离开用户;a1. Select a number of N D joining users to replace the leaving users in the original key management tree;

a2、将剩余的加入用户和原始密钥管理树合并为一棵新的密钥管理树:将加入用户看成单个节点的密钥管理树,将单节点密钥管理树和原始密钥管理树组成一个待合并密钥管理树集合,从待合并密钥管理树集合选择两棵高度最小的密钥管理树,将其合并为一棵密钥管理树并置于待合并密钥管理树集合,同时从待合并密钥管理树集合中删除这两个高度最小的密钥管理树;在待合并密钥管理树集合中再选择两棵高度最小的密钥管理树进行合并,这样重复,直至只剩下一棵密钥管理树为止,该密钥管理树为新的密钥管理树;a2. Merge the remaining joining users and the original key management tree into a new key management tree: regard the joining user as a key management tree of a single node, and combine the single-node key management tree and the original key management tree Form a set of key management trees to be merged, select two key management trees with the smallest height from the set of key management trees to be merged, merge them into a key management tree and place them in the set of key management trees to be merged, At the same time, delete these two key management trees with the smallest height from the set of key management trees to be merged; select two key management trees with the smallest height in the set of key management trees to be merged to merge, and repeat this until only Until one key management tree is left, the key management tree is a new key management tree;

2.2)、当加入用户数量NJ=用户数量离开用户数量ND,只需用加入用户替代原始密钥管理树中离开用户,得到新的密钥管理树即可;2.2) When the number of joining users N J = the number of users leaving the user N D , just replace the leaving users in the original key management tree with joining users to get a new key management tree;

2.3)、当加入用户数量NJ<离开用户数量ND,执行:2.3), when the number of joining users N J < the number of leaving users N D , execute:

b1、用所有加入用户替代原始密钥管理树中的数目为NJ的离开用户;b1, replace the number of N J leaving users in the original key management tree with all joining users;

b2、在原始密钥管理树中删除未被替代的离开用户,并进行节点删除:b2. Delete the left user who has not been replaced in the original key management tree, and delete the node:

若原始密钥管理树中节点缺少右节点子树或左节点子树,此节点将会被它剩下的节点子树替代;If the node in the original key management tree lacks the right node subtree or the left node subtree, this node will be replaced by its remaining node subtree;

b3、从下到上,从右至左依次检查原始密钥管理树中的每个节点是否为平衡节点,若节点不平衡,则合并不平衡节点的左右子树,并用新合并形成的子树替代不平衡节点,得到新的密钥管理树;b3. From bottom to top and from right to left, check whether each node in the original key management tree is a balanced node. If the node is unbalanced, merge the left and right subtrees of the unbalanced node, and use the newly merged subtree Replace unbalanced nodes to get a new key management tree;

(3)、密钥管理中心根据新的密钥管理树即平衡密钥管理树中节点变化情况产生密钥更新消息和位置更新消息,对组密钥进行管理;(3) The key management center generates a key update message and a location update message according to the change of nodes in the new key management tree, that is, the balanced key management tree, and manages the group key;

其中,步骤2.1)、步骤2.3)中所述的合并为:Among them, the merger described in step 2.1) and step 2.3) is:

待合并的两棵密钥管理树为Tree1和Tree2,并且密钥管理树Tree1和Tree2的最大高度为HMax_Tree1≥HMax_Tree2The two key management trees to be merged are Tree1 and Tree2, and the maximum height of the key management trees Tree1 and Tree2 is H Max_Tree1 ≥ H Max_Tree2 ;

c1、当密钥管理树Tree1的最大高度HMax_Tree1-密钥管理树Tree2的最小高度HMin_Tree2≤1时,采用合并方法一进行合并即:创建一个新的节点,并将密钥管理树Tree1和Tree2作为新建节点的左右子树,新建节点即为合并后的平衡密钥管理树的根节点;c1. When the maximum height H Max_Tree1 of the key management tree Tree1 - the minimum height H Min_Tree2 of the key management tree Tree2 ≤ 1, use the merge method 1 to merge: create a new node, and combine the key management tree Tree1 and Tree2 is used as the left and right subtrees of the newly created node, and the newly created node is the root node of the merged balanced key management tree;

c2、当密钥管理树Tree1的最大高度HMax_Tree1-密钥管理树Tree2的最小高度HMin_Tree2>1,且密钥管理树Tree1的最大高度最小高度相等即HMax_Tree1=HMin_Tree1时,采用合并方法二进行合并,即:c2. When the maximum height H Max_Tree1 of the key management tree Tree1 - the minimum height H Min_Tree2 of the key management tree Tree2 > 1, and the maximum height and minimum height of the key management tree Tree1 are equal, that is, H Max_Tree1 = H Min_Tree1 , the merge method is adopted Two to merge, namely:

第一步、计算出密钥管理树Tree1和Tree2最大高度HMax_Tree1、HMax_Tree2的差值h即h=HMax_Tree1-HMax_Tree2The first step is to calculate the difference h between the maximum heights H Max_Tree1 and H Max_Tree2 of the key management tree Tree1 and Tree2, i.e. h=H Max_Tree1- H Max_Tree2 ;

第二步、在密钥管理树Tree1第h层上,从左至右寻找一个待更新节点,若存在这样的节点,标记它;若不存在这样的节点,标记密钥管理树Tree1第h层上最后一个节点;The second step is to search for a node to be updated from left to right on the h layer of the key management tree Tree1, if there is such a node, mark it; if there is no such node, mark the h layer of the key management tree Tree1 on the last node;

第三步、创建一个新的节点替代第二步标记的节点,并将密钥管理树Tree2和以标记节点为根节点的子树作为新建节点的左右子树;The third step is to create a new node to replace the node marked in the second step, and use the key management tree Tree2 and the subtree with the marked node as the root node as the left and right subtrees of the newly created node;

c3、当密钥管理树Tree1的最大高度HMax_Tree1-密钥管理树Tree2的最小高度HMin_Tree2>1,且密钥管理树Tree1的最大高度最小高度不相等即HMax_Tree1≠HMin_Tree1时,采样合并方法三进行合并:c3. When the maximum height H Max_Tree1 of the key management tree Tree1 - the minimum height H Min_Tree2 of the key management tree Tree2 > 1, and the maximum height and minimum height of the key management tree Tree1 are not equal, that is, H Max_Tree1 ≠ H Min_Tree1 , sampling is merged Method 3 for merging:

第一步、定义参数:The first step, define parameters:

Set_M表示一个容器,用来储存密钥管理树Tree1的最小高度子树;Set_M represents a container used to store the minimum height subtree of the key management tree Tree1;

Set_T表示一个容器,用来储存待合并的密钥管理树,最初容器中只包含密钥管理树Tree2;Set_T represents a container for storing the key management tree to be merged. Initially, the container only contains the key management tree Tree2;

Num_M表示容器Set_M中最小高度子树的数目;Num_M represents the number of minimum height subtrees in the container Set_M;

Hi表示容器Set_M中第i棵最小高度子树的最大高度;H i represents the maximum height of the i-th minimum height subtree in the container Set_M;

MinTree_Hi表示高度为Hi的最小高度子树;MinTree_H i represents the minimum height subtree whose height is H i ;

H_MergeTree表示容器Set_T中高度最大的树;H_MergeTree represents the tree with the largest height in the container Set_T;

第二步:找出密钥管理树Tree1所有的最小高度子树,并按最大高度由大到小将这些最小高度子树记录在容器Set_M中,即有H1≥…≥HNum_MStep 2: Find all the minimum height subtrees of the key management tree Tree1, and record these minimum height subtrees in the container Set_M according to the maximum height from large to small, that is, H 1 ≥... ≥H Num_M ;

第三步:在容器Set_T中找出最大高度为最大的密钥管理树H_MergeTree;Step 3: Find the key management tree H_MergeTree with the largest height in the container Set_T;

第四步:比较密钥管理树H_MergeTree和容器Set_M中最小高度子树的最大高度,存在以后三种情形:Step 4: Comparing the maximum height of the minimum height subtree in the key management tree H_MergeTree and the container Set_M, there are the following three situations:

情形1:当密钥管理树H_MergeTree的最大高度HMax_H_MergeTree等于最小高度子树MinTree_Hi的最大高度Hi(1≤i≤Num_M)即HMax_H_MergeTree=Hi,则采用合并方法一的方法对密钥管理树H_MergeTree、最小高度子树MinTree_Hi进行合并;其次用合并得到密钥管理树替代密钥管理树Tree1中的MinTree_Hi,最后将H_MergeTree从容器Set_T删除;Situation 1: When the maximum height H Max_H_MergeTree of the key management tree H_MergeTree is equal to the maximum height H i (1≤i≤Num_M) of the minimum height subtree MinTree_H i (1≤i≤Num_M), that is, H Max_H_MergeTree =H i , the method of merging the key is adopted The management tree H_MergeTree and the minimum height subtree MinTree_H i are merged; secondly, the key management tree obtained by merging is used to replace the MinTree_H i in the key management tree Tree1, and finally H_MergeTree is deleted from the container Set_T;

情形2:当密钥管理树H_MergeTree的最大高度HMax_H_MergeTree小于最小高度子树MinTree_Hi的最大高度Hi且大于最小高度子树MinTree_Hi+1的最大高度Hi+1即HMax_H_MergeTree<Hi且HMax_H_MergeTree>Hi+1(i≠Num_M)时,如果Hi-HMin_H_MergeTree>1,用合并方法二的方法合并密钥管理树H_MergeTree和最小高度子树MinTree_Hi;否则利用合并方法一的方法合并H_MergeTree和MinTree_Hi,并用新合并的密钥管理树替代密钥管理树Tree1中的MinTree_Hi,最后将H_MergeTree从容器Set_T删除;Situation 2: When the maximum height H Max_H_MergeTree of the key management tree H_MergeTree is less than the maximum height H i of the minimum height subtree MinTree_H i and greater than the maximum height H i+ 1 of the minimum height subtree MinTree_H i+1 , that is, H Max_H_MergeTree <H i and When H Max_H_MergeTree >H i+1 (i≠Num_M), if H i -H Min_H_MergeTree >1, merge the key management tree H_MergeTree and the minimum height subtree MinTree_H i using the method of merging method 2; otherwise use the method of merging method 1 Merge H_MergeTree and MinTree_H i , and replace MinTree_H i in the key management tree Tree1 with the newly merged key management tree, and finally delete H_MergeTree from the container Set_T;

情形3:当密钥管理树H_MergeTree的最大高度HMax_H_MergeTree小于最小高度子树MinTree_H1的最大高度H1时,密钥管理树H_MergeTree不可能一次性合并至密钥管理树Tree1中,采取将密钥管理树H_MergeTree分解的措施,分步将其合并至密钥管理树Tree1:Case 3: When the maximum height H Max_H_MergeTree of the key management tree H_MergeTree is less than the maximum height H1 of the minimum height subtree MinTree_H1 , the key management tree H_MergeTree cannot be merged into the key management tree Tree1 at one time, and the key Measures for the decomposition of the management tree H_MergeTree, and merge it into the key management tree Tree1 step by step:

c31、在密钥管理树H_MergeTree中搜索一棵高度为H1的子树,记为子树H_MergeTree_H1c31, search for a subtree with a height of H1 in the key management tree H_MergeTree, denoted as subtree H_MergeTree_H1 ;

c32、标记子树H_MergeTree_H1的父节点到密钥管理树H_MergeTree根节点路径上的所有节点,移去标记节点后,将除子树H_MergeTree_H1外的其他剩余子树添加记录到容器Set_T;c32. Mark all nodes on the path from the parent node of the subtree H_MergeTree_H1 to the root node of the key management tree H_MergeTree. After removing the marked node, add records to the container Set_T for the remaining subtrees except the subtree H_MergeTree_H1 ;

c33、利用合并方法一的方法合并子树H_MergeTree_H1和最小高度子树MinTree_H1,并用合并后的子树替代密钥管理树Tree1中的最小高度子树MinTree_H1c33. Merge the subtree H_MergeTree_H1 and the minimum height subtree MinTree_H1 using the method of merging method one , and replace the minimum height subtree MinTree_H1 in the key management tree Tree1 with the merged subtree;

c34、从容器Set_T中删除密钥管理树H_MergeTree;c34. Delete the key management tree H_MergeTree from the container Set_T;

第五步:检查容器Set_T是否为空,若为空则合并完成,否则清空容器Set_M,返回第一步;Step 5: Check whether the container Set_T is empty, if it is empty, the merge is completed, otherwise empty the container Set_M, and return to the first step;

其中,所述合并步骤中,所述的密钥管理树的最大高度其在数值上等于密钥管理树根节点的最大高度即根节点到其孩子节点的最大长度路径,密钥管理树的最小高度其在数值上等于密钥管理树根节点的最小高度即跟节点到其孩子节点的最小路径长度;Wherein, in the merging step, the maximum height of the key management tree is numerically equal to the maximum height of the root node of the key management tree, that is, the maximum length path from the root node to its child nodes, and the minimum length of the key management tree is Height is numerically equal to the minimum height of the root node of the key management tree, that is, the minimum path length from the root node to its child nodes;

所述的平衡节点为如果节点的最大高度和最小高度之差不超过1,则称此节点为平衡节点;The balance node is that if the difference between the maximum height and the minimum height of the node does not exceed 1, then this node is called a balance node;

所述的平衡密钥管理树为若密钥管理树中所有节点都为平衡节点,则称此密钥管理树为平衡密钥管理树;The described balanced key management tree is if all nodes in the key management tree are balanced nodes, then this key management tree is called a balanced key management tree;

所述的树的层为设定密钥管理树的根节点位于第1层,层数从根节点层次开始依次加1;The layer of the tree is that the root node of the key management tree is set at the first layer, and the number of layers increases by 1 successively from the root node level;

所述的最小高度子树为在一棵非完全的平衡密钥管理树中,若节点的最小高度和最大高度相等但其父节点的最小高度和最大高度不相等,定义由此节点及其所有孩子节点组成的子树为最小高度子树。The minimum height subtree is in an incomplete balanced key management tree, if the minimum height and maximum height of a node are equal but the minimum height and maximum height of its parent node are not equal, the definition of this node and all its The subtree composed of child nodes is the minimum height subtree.

本发明的发明目的是这样实现的:The purpose of the invention of the present invention is achieved like this:

本发明LKH密钥管理树动态平衡方法通过对加入和离开密钥管理组的用户数目NJ和ND进行判断,采样不同的方法对原始密钥管理树进行动态平衡,得到新的密钥管理树即平衡密钥管理树,从而保证了LKH在组密钥管理上的高效性。The LKH key management tree dynamic balance method of the present invention judges the number of users N J and ND who join and leave the key management group, samples different methods to dynamically balance the original key management tree, and obtains a new key management The tree is a balanced key management tree, which ensures the efficiency of LKH in group key management.

附图说明Description of drawings

图1是LKH采样密钥管理树对组密钥进行管理的示意图;Fig. 1 is a schematic diagram of LKH sampling key management tree managing group keys;

图2是本发明中密钥管理树合并方法一合并示意图;Fig. 2 is a schematic diagram of key management tree merging method-merging in the present invention;

图3是本发明中密钥管理树合并方法二合并示意图;Fig. 3 is the key management tree merging method two merging schematic diagrams in the present invention;

图4是合并方法三中密钥管理树Tree1和最小高度子树一具体事例示意图;Fig. 4 is a schematic diagram of a concrete example of the key management tree Tree1 and the minimum height subtree in the merging method three;

图5是合并方法三中情形1示意图;Fig. 5 is a schematic diagram of situation 1 in the merger method three;

图6是合并方法三中情形2示意图;Fig. 6 is a schematic diagram of situation 2 in merging method three;

图7是合并方法三中情形3示意图;Fig. 7 is a schematic diagram of situation 3 in the merger method three;

图8是合并方法三中执行第一合并后的密钥管理树示意图;Fig. 8 is a schematic diagram of the key management tree after the first merging is performed in the third merging method;

图9是合并方法三中执行三次合并后的密钥管理树示意图;Fig. 9 is a schematic diagram of the key management tree after performing three merges in the merge method three;

图10是本发明中原始密钥管理树示意图;Fig. 10 is a schematic diagram of the original key management tree in the present invention;

图11是本发明加入用户数量大于离开用户数量的平衡示意图;Fig. 11 is a schematic diagram of the balance in which the number of joining users is greater than the number of leaving users in the present invention;

图12是本发明加入用户数量等于离开用户数量的平衡示意图;Fig. 12 is a schematic diagram of the balance in which the number of joining users is equal to the number of leaving users in the present invention;

图13是本发明加入用户数量大于离开用户数量的密钥管理树示意图;Fig. 13 is a schematic diagram of a key management tree in which the number of joining users is greater than the number of leaving users in the present invention;

图14是图13所示的密钥管理树平衡后的示意图。FIG. 14 is a schematic diagram of the balanced key management tree shown in FIG. 13 .

具体实施方式Detailed ways

下面结合附图对本发明的具体实施方式进行描述,以便本领域的技术人员更好地理解本发明。需要特别提醒注意的是,在以下的描述中,当已知功能和设计的详细描述也许会淡化本发明的主要内容时,这些描述在这里将被忽略。Specific embodiments of the present invention will be described below in conjunction with the accompanying drawings, so that those skilled in the art can better understand the present invention. It should be noted that in the following description, when detailed descriptions of known functions and designs may dilute the main content of the present invention, these descriptions will be omitted here.

合并方法一Merge method one

在本实施例中,图2(a)和(b)分别表示满足执行合并方法一的待合并密钥管理树tree1和tree2。利用合并方法一合并两棵密钥管理树时,只需新建一个节点new node并将待合并密钥管理树tree1和tree2分别作为新建节点new node的左孩子子树和右孩子子树,合并后的密钥管理树如图2(c)所示。In this embodiment, FIG. 2( a ) and ( b ) respectively represent the key management trees tree1 and tree2 to be merged that satisfy the first merge method. When using merge method 1 to merge two key management trees, you only need to create a new node new node and use the key management trees tree1 and tree2 to be merged as the left child subtree and right child subtree of the new node new node respectively. After merging The key management tree of is shown in Fig. 2(c).

合并方法二Merge method two

在本实施例中,图3(a)表示密钥管理树Tree1,图3(b)表示删除成员M2后的密钥管理树Tree1,由于成员M2离开,节点0、节点1和节点3的密钥需要更新。现要求将删除成员M2后的密钥管理树Tree1与如图3(c)所示的密钥管理树Tree2合并。根据合并方法二,首先在图3(b)所示密钥管理树Tree1的第2层寻找一个待更新的节点,显然节点1满足要求,标记节点1。然后新建一个节点new node替代标记的节点1,并将以节点1为根节点的子树和Tree2作为新建节点new node的左右子树,合并后的密钥管理树如图3(d)所示。In this embodiment, Fig. 3(a) shows the key management tree Tree1, and Fig. 3(b) shows the key management tree Tree1 after member M2 is deleted. Since member M2 leaves, the keys of node 0, node 1 and node 3 The key needs to be updated. It is now required to merge the key management tree Tree1 after deleting member M2 with the key management tree Tree2 shown in Figure 3(c). According to the merging method two, first find a node to be updated in the second layer of the key management tree Tree1 shown in Figure 3(b), and obviously node 1 meets the requirements, so mark node 1. Then create a new node new node to replace the marked node 1, and use the subtree with node 1 as the root node and Tree2 as the left and right subtrees of the new node new node. The merged key management tree is shown in Figure 3(d) .

合并方法三Merge method three

图4(a)给出了满足执行合并方法三条件的待合并密钥管理树Tree1,初始的密钥管理树Tree1共有三棵最小高度子树如图4(b)所示,它们的高度分别为3、1、1,将密钥管理树Tree1的最小高度子树记录到容器Set_M并按高度降序排序,即H1=3,H2=1,H3=1。同时,在执行合并步骤前,还需将待合并的密钥管理树Tree2添加到容器Set_T中。根据待合并密钥管理树Tree2的高度,分三种情形详细讨论合并方法三。在此需要说明的是第一次从容器Set_T中选取高度最大的待合并树H_MergeTree即为合并密钥管理树Tree2。Figure 4(a) shows the key management tree Tree1 to be merged that satisfies the three conditions of the merge method. The initial key management tree Tree1 has three minimum height subtrees, as shown in Figure 4(b), and their heights are respectively 3, 1, 1, the minimum height subtree of the key management tree Tree1 is recorded in the container Set_M and sorted in descending order of height, that is, H 1 =3, H 2 =1, H 3 =1. At the same time, before performing the merging step, the key management tree Tree2 to be merged needs to be added to the container Set_T. According to the height of the key management tree Tree2 to be merged, the merge method 3 is discussed in detail in three situations. What needs to be explained here is that the tree H_MergeTree with the largest height to be merged is selected from the container Set_T for the first time, which is the merged key management tree Tree2.

情形1:待合并密钥管理树Tree2的最大高度和密钥管理树Tree1某棵最小高度子树的高度相等。Case 1: The maximum height of the key management tree Tree2 to be merged is equal to the height of a minimum height subtree of the key management tree Tree1.

如图5(a)所示的密钥管理树Tree2满足情形1,有HMax_Tree2=H1。利用合并方法一的方法合并密钥管理树Tree2和最小高度子树MinTree_H1,并用合并后的树替代密钥管理树Tree1中高度为H1最小高度子树MinTree_H1。此情形下,合并密钥管理树Tree1和Tree2形成的最终合并树如图5(b)。The key management tree Tree2 shown in Figure 5(a) satisfies case 1, and H Max_Tree2 =H 1 . Merge the key management tree Tree2 and the minimum height subtree MinTree_H 1 using the method of merging method 1, and replace the minimum height subtree MinTree_H 1 with the height H 1 in the key management tree Tree1 with the merged tree. In this case, the final merged tree formed by merging the key management trees Tree1 and Tree2 is shown in Figure 5(b).

情形2:待合并密钥管理树Tree2的最大高度介于密钥管理树Tree1的两棵最小高度子树的高度之间。Case 2: The maximum height of the key management tree Tree2 to be merged is between the heights of the two minimum height subtrees of the key management tree Tree1.

图6(a)所示的密钥管理树Tree2满足情形2,有H1>Hmax_Tree2>H2。利用合并方法二的方法合并密钥管理树Tree2和最小高度子树MinTree_H1,并用合并后的树替代密钥管理树Tree1中高度为H1的最小高度子树MinTree_H1。此情形下,合并密钥管理树Tree1和密钥管理树Tree2形成的最终合并树如图6(b)所示。The key management tree Tree2 shown in Fig. 6(a) satisfies case 2, H 1 >H max_Tree2 >H 2 . Merge the key management tree Tree2 and the minimum height subtree MinTree_H 1 using the method of merging method 2, and replace the minimum height subtree MinTree_H 1 with height H 1 in the key management tree Tree1 with the merged tree. In this case, the final merged tree formed by merging the key management tree Tree1 and the key management tree Tree2 is shown in Figure 6(b).

情形3:待合并的密钥管理树Tree2的最大高度大于密钥管理树Tree1中高度最大的最小高度子树。Situation 3: The maximum height of the key management tree Tree2 to be merged is greater than the minimum height subtree with the largest height in the key management tree Tree1.

图7(a)所示的密钥管理树Tree2满足情形3,有Hmax_Tree2>H1。此时需要将密钥管理树Tree2拆分,首先在密钥管理树Tree2中找一棵高度和H1相等子树,记为H_MergeTree_H1,如图7(b)所示,密钥管理树Tree2的剩余子树如图7(c)所示,剩余子树被添加到容器Set_T中。利用合并方法一的方法将子树H_MergeTree_H1和最小高度子树MinTree_H1合并,并利用合并后的树替代密钥管理树tree1中的最小高度子树MinTree_H1,经过第一次合并后的Tree1如图8所示。将密钥管理树Tree2从容器Set_T中删除,第一次合并结束,但此时容器Set_T中还有密钥管理树Tree2的剩余子树,需继续执行合并操作,清空容器Set_M返回。执行完三次合并操作后,最终的密钥管理树如图9所示。The key management tree Tree2 shown in Fig. 7(a) satisfies case 3, H max_Tree2 >H 1 . At this time, the key management tree Tree2 needs to be split. First, find a subtree whose height is equal to H 1 in the key management tree Tree2, and record it as H_MergeTree_H 1 , as shown in Figure 7(b). The key management tree Tree2 The remaining subtree of is shown in Fig. 7(c), and the remaining subtree is added to the container Set_T. Merge the subtree H_MergeTree_H 1 and the minimum height subtree MinTree_H 1 using the method of merging method 1, and use the merged tree to replace the minimum height subtree MinTree_H 1 in the key management tree tree1. After the first merge, Tree1 is as follows Figure 8 shows. Delete the key management tree Tree2 from the container Set_T, and the first merging is completed, but at this time, there are still remaining subtrees of the key management tree Tree2 in the container Set_T, and the merging operation needs to be continued, and the container Set_M is emptied and returned. After performing three merge operations, the final key management tree is shown in Figure 9.

密钥管理树的动态平衡方法Dynamic Balance Method of Key Management Tree

假若密钥管理中心为组内用户建立了一棵如图10所示的密钥管理树即原始密钥管理树。现在具体实施组内用户动态变化时,密钥管理树动态变化过程。Suppose the key management center establishes a key management tree as shown in Figure 10 for the users in the group, that is, the original key management tree. Now implement the dynamic change process of the key management tree when the users in the group change dynamically.

情形1:加入用户数量大于离开用户数量Scenario 1: The number of joining users is greater than the number of leaving users

如图10,假若成员M4和M7离开,成员M12、M13、M14、M15和M16将加入。首先选取加入成员M12和M13替代离开成员M4和M7,然后考虑将剩余加入成员M14、M15和M16和原始密钥管理树合并成一棵新的平衡密钥管理树。具体操作:将M14、M15和M16看成单节点密钥管理树,加上原始密钥管理树,共有四棵密钥管理树,每次从密钥管理树中选择高度最小的两棵密钥管理并利用合并方法将它们合并为一棵密钥管理树,直到最终只剩一棵密钥管理树。经过前两次合并,成员M14、M15和M16合并成如图11(a)所示的密钥管理树。经过第三次合并后,最终的密钥管理树如图11(b)所示。As shown in Figure 10, if members M 4 and M 7 leave, members M 12 , M 13 , M 14 , M 15 and M 16 will join. Firstly select the joining members M 12 and M 13 to replace the leaving members M 4 and M 7 , and then consider merging the remaining joining members M 14 , M 15 and M 16 and the original key management tree into a new balanced key management tree. Specific operation: regard M 14 , M 15 and M 16 as a single-node key management tree, plus the original key management tree, there are four key management trees in total. Key management and use the merge method to merge them into a key management tree until finally only one key management tree remains. After the first two mergers, members M 14 , M 15 and M 16 merge into a key management tree as shown in Figure 11(a). After the third merge, the final key management tree is shown in Figure 11(b).

情形2:加入用户与离开用户数量相等Case 2: The number of joining users is equal to the number of leaving users

假若成员M4和M7离开,成员M12和M13加入,直接用加入用户替代离开用户,得到的密钥管理树如图12所示。If members M 4 and M 7 leave, and members M 12 and M 13 join, directly replace the leaving users with joining users, and the obtained key management tree is shown in Figure 12.

情形3:加入用户数量小于离开用户数量Case 3: The number of joining users is less than the number of leaving users

假若成员M4和M7离开,没有成员加入。删除离开用户M4和M7得到如图13所示的密钥管理树。由于用户的删除可能造成密钥管理树的不平衡,所以从左至右、从下至上依次检查密钥管理树中所有节点是否平衡。当检查到节点1时,发现节点1不平衡,这里采用合并算法3将节点1的左右两棵子树合并为一棵新的平衡密钥管理树,然后用它替代节点1。平衡后的密钥管理树如图14所示。If members M 4 and M 7 leave, no members join. Delete the outgoing users M4 and M7 to get the key management tree shown in Figure 13 . Since the deletion of a user may cause an imbalance in the key management tree, check whether all nodes in the key management tree are balanced from left to right and from bottom to top. When node 1 is checked, it is found that node 1 is unbalanced. Merge algorithm 3 is used here to merge the left and right subtrees of node 1 into a new balanced key management tree, and then replace node 1 with it. The balanced key management tree is shown in Figure 14.

尽管上面对本发明说明性的具体实施方式进行了描述,以便于本技术领域的技术人员理解本发明,但应该清楚,本发明不限于具体实施方式的范围,对本技术领域的普通技术人员来讲,只要各种变化在所附的权利要求限定和确定的本发明的精神和范围内,这些变化是显而易见的,一切利用本发明构思的发明创造均在保护之列。Although the illustrative specific embodiments of the present invention have been described above, so that those skilled in the art can understand the present invention, it should be clear that the present invention is not limited to the scope of the specific embodiments. For those of ordinary skill in the art, As long as various changes are within the spirit and scope of the present invention defined and determined by the appended claims, these changes are obvious, and all inventions and creations using the concept of the present invention are included in the protection list.

Claims (2)

1.一种逻辑密钥分层LKH密钥管理树动态平衡方法,其特征在于,包括以下步骤: 1. a logical key hierarchical LKH key management tree dynamic balance method, is characterized in that, comprises the following steps: (1)、定义变量NJ和ND分别表示加入和离开密钥管理组的用户数目; (1), define variable N J and N D to represent the number of users who join and leave the key management group respectively; (2)、对加入和离开密钥管理组的用户数目NJ和ND进行判断; (2), judge the user number N J and N D of joining and leaving the key management group; 2.1)、当加入用户数量NJ>离开用户数量ND,则执行: 2.1), when the number of joining users N J > the number of leaving users N D , then execute: a1、选择数量为ND的加入用户替代原始密钥管理树中的离开用户; a1. Select a number of N D joining users to replace the leaving users in the original key management tree; a2、将剩余的加入用户和原始密钥管理树合并为一棵新的密钥管理树:将加入用户看成单个节点的密钥管理树,将单节点密钥管理树和原始密钥管理树组成一个待合并密钥管理树集合,从待合并密钥管理树集合选择两棵高度最小的密钥管理树,将其合并为一棵密钥管理树并置于待合并密钥管理树集合,同时从待合并密钥管理树集合中删除这两个高度最小的密钥管理树;在待合并密钥管理树集合中再选择两棵高度最小的密钥管理树进行合并,这样重复,直至只剩下一棵密钥管理树为止,该密钥管理树为新的密钥管理树; a2. Merge the remaining joining users and the original key management tree into a new key management tree: regard the joining user as a key management tree of a single node, and combine the single-node key management tree and the original key management tree Form a set of key management trees to be merged, select two key management trees with the smallest height from the set of key management trees to be merged, merge them into a key management tree and place them in the set of key management trees to be merged, At the same time, delete these two key management trees with the smallest height from the set of key management trees to be merged; select two key management trees with the smallest height in the set of key management trees to be merged to merge, and repeat this until only Until one key management tree is left, the key management tree is a new key management tree; 2.2)、当加入用户数量NJ=用户数量离开用户数量ND,只需用加入用户替代原始密钥管理树中离开用户,得到新的密钥管理树即可; 2.2), when the number of joining users N J = the number of users leaving the user N D , it is only necessary to replace the leaving users in the original key management tree with joining users to obtain a new key management tree; 2.3)、当加入用户数量NJ<离开用户数量ND,执行: 2.3), when the number of joining users N J < the number of leaving users N D , execute: b1、用所有加入用户替代原始密钥管理树中的数目为NJ的离开用户; b1, replace the number of N J leaving users in the original key management tree with all joining users; b2、在原始密钥管理树中删除未被替代的离开用户,并进行节点删除: b2. Delete the left user who has not been replaced in the original key management tree, and delete the node: 若原始密钥管理树中节点缺少右节点子树或左节点子树,此节点将会被它剩下的节点子树替代; If the node in the original key management tree lacks the right node subtree or the left node subtree, this node will be replaced by its remaining node subtree; b3、从下到上,从右至左依次检查原始密钥管理树中的每个节点是否为平衡节点,若节点不平衡,则合并不平衡节点的左右子树,并用新合并形成的子树替代不平衡节点,得到新的密钥管理树; b3. From bottom to top and from right to left, check whether each node in the original key management tree is a balanced node. If the node is unbalanced, merge the left and right subtrees of the unbalanced node, and use the newly merged subtree Replace unbalanced nodes to get a new key management tree; (3)、密钥管理中心根据新的密钥管理树即平衡密钥管理树中节点变化情况产生密钥更新消息和位置更新消息,对组密钥进行管理。 (3) The key management center generates a key update message and a position update message according to the change of nodes in the new key management tree, ie, the balanced key management tree, to manage the group key. 2.根据权利要求1所述的逻辑密钥分层LKH密钥管理树动态平衡方法,其特征在于,步骤2.1)、步骤2.3)中所述的合并为: 2. logical key hierarchical LKH key management tree dynamic balance method according to claim 1, is characterized in that, step 2.1), step 2.3) described in merging as: 待合并的两棵密钥管理树为Tree1和Tree2,并且密钥管理树Tree1和Tree2 的最大高度为HMax_Tree1≥HMax_Tree2The two key management trees to be merged are Tree1 and Tree2, and the maximum height of the key management trees Tree1 and Tree2 is H Max_Tree1 ≥ H Max_Tree2 ; c1、当密钥管理树Tree1的最大高度HMax_Tree1-密钥管理树Tree2的最小高度HMin_Tree2≤1时,采用合并方法一进行合并,即:创建一个新的节点,并将密钥管理树Tree1和Tree2作为新建节点的左右子树,新建节点即为合并后的平衡密钥管理树的根节点; c1. When the maximum height H Max_Tree1 of the key management tree Tree1 - the minimum height H Min_Tree2 of the key management tree Tree2 ≤ 1, use the merge method 1 to merge, that is: create a new node, and merge the key management tree Tree1 and Tree2 as the left and right subtrees of the newly created node, and the newly created node is the root node of the merged balanced key management tree; c2、当密钥管理树Tree1的最大高度HMax_Tree1-密钥管理树Tree2的最小高度HMin_Tree2>1,且密钥管理树Tree1的最大高度最小高度相等即HMax_Tree1=HMin_Tree1时,采用合并方法二进行合并,即: c2. When the maximum height H Max_Tree1 of the key management tree Tree1 - the minimum height H Min_Tree2 of the key management tree Tree2 > 1, and the maximum height and minimum height of the key management tree Tree1 are equal, that is, H Max_Tree1 = H Min_Tree1 , the merge method is adopted Two to merge, namely: 第一步、计算出密钥管理树Tree1和Tree2最大高度HMax_Tree1、HMax_Tree2的差值h即h=HMax_Tree1-HMax_Tree2The first step, calculate the difference h of key management tree Tree1 and Tree2 maximum height H Max_Tree1 , H Max_Tree2 namely h=H Max_Tree1- H Max_Tree2 ; 第二步、在密钥管理树Tree1第h层上,从左至右寻找一个待更新节点,若存在这样的节点,标记它;若不存在这样的节点,标记密钥管理树Tree1第h层上最后一个节点; The second step is to search for a node to be updated from left to right on the h layer of the key management tree Tree1, if there is such a node, mark it; if there is no such node, mark the h layer of the key management tree Tree1 on the last node; 第三步、创建一个新的节点替代第二步标记的节点,并将密钥管理树Tree2和以标记节点为根节点的子树作为新建节点的左右子树; The third step is to create a new node to replace the node marked in the second step, and use the key management tree Tree2 and the subtree with the marked node as the root node as the left and right subtrees of the newly created node; c3、当密钥管理树Tree1的最大高度HMax_Tree1-密钥管理树Tree2的最小高度HMin_Tree2>1,且密钥管理树Tree1的最大高度最小高度不相等即HMax_Tree1≠HMin_Tree1时,采用合并方法三进行合并: c3. When the maximum height H Max_Tree1 of the key management tree Tree1 - the minimum height H Min_Tree2 of the key management tree Tree2 > 1, and the maximum and minimum heights of the key management tree Tree1 are not equal, that is, H Max_Tree1 ≠ H Min_Tree1 , merge Method 3 for merging: 第一步、定义参数: The first step, define parameters: Set_M表示一个容器,用来储存密钥管理树Tree1的最小高度子树; Set_M represents a container used to store the minimum height subtree of the key management tree Tree1; Set_T表示一个容器,用来储存待合并的密钥管理树,最初容器中只包含密钥管理树Tree2; Set_T represents a container for storing the key management tree to be merged. Initially, the container only contains the key management tree Tree2; Num_M表示容器Set_M中最小高度子树的数目; Num_M represents the number of minimum height subtrees in the container Set_M; Hi表示容器Set_M中第i棵最小高度子树的最大高度; H i represents the maximum height of the i-th minimum height subtree in the container Set_M; MinTree_Hi表示高度为Hi的最小高度子树; MinTree_H i represents the minimum height subtree whose height is H i ; H_MergeTree表示容器Set_T中高度最大的树; H_MergeTree represents the tree with the largest height in the container Set_T; 第二步:找出密钥管理树Tree1所有的最小高度子树,并按最大高度由大到小将这些最小高度子树记录在容器Set_M中,即有H1≥…≥HNum_MStep 2: Find all the minimum height subtrees of the key management tree Tree1, and record these minimum height subtrees in the container Set_M according to the maximum height from large to small, that is, H 1 ≥... ≥H Num_M ; 第三步:在容器Set_T中找出最大高度为最大的密钥管理树H_MergeTree; Step 3: Find the key management tree H_MergeTree with the largest height in the container Set_T; 第四步:比较密钥管理树H_MergeTree和容器Set_M中最小高度子树的最大高度,存在以下三种情形: Step 4: Compare the maximum height of the minimum height subtree in the key management tree H_MergeTree and the container Set_M, there are the following three situations: 情形1:当密钥管理树H_MergeTree的最大高度HMax_H_MergeTree等于最小高度子树MinTree_Hi的最大高度Hi(1≤i≤Num_M)即HMax_H_MergeTree=Hi,则采用合并方法一的方法对密钥管理树H_MergeTree、最小高度子树MinTree_Hi进行合并;其次用合并得到密钥管理树替代密钥管理树Tree1中的MinTree_Hi,最后将H_MergeTree从容器Set_T删除; Situation 1: When the maximum height H Max_H_MergeTree of the key management tree H_MergeTree is equal to the maximum height H i (1≤i≤Num_M) of the minimum height subtree MinTree_H i (1≤i≤Num_M), that is, H Max_H_MergeTree =H i , then the method of merging method 1 is used to pair the key The management tree H_MergeTree and the minimum height subtree MinTree_H i are merged; secondly, the key management tree obtained by merging is used to replace the MinTree_H i in the key management tree Tree1, and finally H_MergeTree is deleted from the container Set_T; 情形2:当密钥管理树H_MergeTree的最大高度HMax_H_MergeTree小于最小高度子树MinTree_Hi的最大高度Hi且大于最小高度子树MinTree_Hi+1的最大高度Hi+1即HMax_H_MergeTree<Hi且HMax_H_MergeTree>Hi+1(i≠Num_M)时,如果Hi-HMin_H_MergeTree>1,用合并方法二的方法合并密钥管理树H_MergeTree和最小高度子树MinTree_Hi;否则利用合并方法一的方法合并H_MergeTree和MinTree_Hi,并用新合并的密钥管理树替代密钥管理树Tree1中的MinTree_Hi,最后将H_MergeTree从容器Set_T删除; Situation 2: When the maximum height H Max_H_MergeTree of the key management tree H_MergeTree is smaller than the maximum height H i of the minimum height subtree MinTree_H i and greater than the maximum height H i+ 1 of the minimum height subtree MinTree_H i+1 , that is, H Max_H_MergeTree <H i and When H Max_H_MergeTree >H i+1 (i≠Num_M), if H i -H Min_H_MergeTree >1, merge the key management tree H_MergeTree and the minimum height subtree MinTree_H i using the method of merging method 2; otherwise use the method of merging method 1 Merge H_MergeTree and MinTree_H i , and replace MinTree_H i in the key management tree Tree1 with the newly merged key management tree, and finally delete H_MergeTree from the container Set_T; 情形3:当密钥管理树H_MergeTree的最大高度HMax_H_MergeTree小于最小高度子树MinTree_H1的最大高度H1时,密钥管理树H_MergeTree不可能一次性合并至密钥管理树Tree1中,采取将密钥管理树H_MergeTree分解的措施,分步将其合并至密钥管理树Tree1: Case 3: When the maximum height H Max_H_MergeTree of the key management tree H_MergeTree is less than the maximum height H1 of the minimum height subtree MinTree_H1 , the key management tree H_MergeTree cannot be merged into the key management tree Tree1 at one time, and the key Measures for the decomposition of the management tree H_MergeTree, and merge it into the key management tree Tree1 step by step: c31、在密钥管理树H_MergeTree中搜索一棵高度为H1的子树,记为子树H_MergeTree_H1c31, search for a subtree with a height of H1 in the key management tree H_MergeTree, denoted as subtree H_MergeTree_H1 ; c32、标记子树H_MergeTree_H1的父节点到密钥管理树H_MergeTree根节点路径上的所有节点,移去标记节点后,将除子树H_MergeTree_H1外的其他剩余子树添加记录到容器Set_T; c32. Mark all nodes on the path from the parent node of the subtree H_MergeTree_H1 to the root node of the key management tree H_MergeTree. After removing the marked node, add records to the container Set_T for the remaining subtrees except the subtree H_MergeTree_H1 ; c33、利用合并方法一的方法合并子树H_MergeTree_H1和最小高度子树MinTree_H1,并用合并后的子树替代密钥管理树Tree1中的最小高度子树MinTree_H1c33. Merge the subtree H_MergeTree_H1 and the minimum height subtree MinTree_H1 using the method of merging method one , and replace the minimum height subtree MinTree_H1 in the key management tree Tree1 with the merged subtree; c34、从容器Set_T中删除密钥管理树H_MergeTree; c34. Delete the key management tree H_MergeTree from the container Set_T; 第五步:检查容器Set_T是否为空,若为空则合并完成,否则清空容器Set_M,返回第一步; Step 5: Check whether the container Set_T is empty, if it is empty, the merge is completed, otherwise empty the container Set_M, and return to the first step; 其中,所述合并步骤中,所述的密钥管理树的最大高度其在数值上等于密钥管理树根节点的最大高度即根节点到其孩子节点的最大长度路径,密钥管理树的最小高度其在数值上等于密钥管理树根节点的最小高度即根节点到其孩子节点的最小路径长度; Wherein, in the merging step, the maximum height of the key management tree is numerically equal to the maximum height of the root node of the key management tree, that is, the maximum length path from the root node to its child nodes, and the minimum length of the key management tree is Height is numerically equal to the minimum height of the root node of the key management tree, that is, the minimum path length from the root node to its child nodes; 所述的平衡节点为如果节点的最大高度和最小高度之差不超过1,则称此节点为平衡节点; The balance node is that if the difference between the maximum height and the minimum height of the node does not exceed 1, then this node is called a balance node; 所述的平衡密钥管理树为若密钥管理树中所有节点都为平衡节点,则称此密钥管理树为平衡密钥管理树; The described balanced key management tree is if all nodes in the key management tree are balanced nodes, then this key management tree is called a balanced key management tree; 所述的树的层为设定密钥管理树的根节点位于第1层,层数从根节点层次开始依次加1; The layer of the tree is that the root node of the key management tree is set at the first layer, and the number of layers increases by 1 successively from the root node level; 所述的最小高度子树为在一棵非完全的平衡密钥管理树中,若节点的最小高度和最大高度相等但其父节点的最小高度和最大高度不相等,定义由此节点及其所有孩子节点组成的子树为最小高度子树。 The minimum height subtree is in an incomplete balanced key management tree, if the minimum height and maximum height of a node are equal but the minimum height and maximum height of its parent node are not equal, the definition of this node and all its The subtree composed of child nodes is the minimum height subtree.
CN201310176324.6A 2013-05-14 2013-05-14 A Dynamic Balancing Method of LKH Key Management Tree Active CN103281175B (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201310176324.6A CN103281175B (en) 2013-05-14 2013-05-14 A Dynamic Balancing Method of LKH Key Management Tree

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201310176324.6A CN103281175B (en) 2013-05-14 2013-05-14 A Dynamic Balancing Method of LKH Key Management Tree

Publications (2)

Publication Number Publication Date
CN103281175A CN103281175A (en) 2013-09-04
CN103281175B true CN103281175B (en) 2015-11-04

Family

ID=49063635

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201310176324.6A Active CN103281175B (en) 2013-05-14 2013-05-14 A Dynamic Balancing Method of LKH Key Management Tree

Country Status (1)

Country Link
CN (1) CN103281175B (en)

Families Citing this family (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JP2018157246A (en) * 2017-03-15 2018-10-04 株式会社東芝 Management apparatus and management method
CN109309564A (en) * 2017-07-28 2019-02-05 兰州世达电子工程技术有限公司 A kind of management method of the contribution type group code key by module exponent
CN109981293B (en) * 2019-03-28 2022-09-27 郑州师范学院 Method, device, device and storage medium for member revocation processing

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101257382A (en) * 2008-03-28 2008-09-03 清华大学 A Distributed Key Update Method Based on AVL Tree
CN101488849A (en) * 2009-02-18 2009-07-22 华南理工大学 Group key management method base spherical surface in N dimension

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN101257382A (en) * 2008-03-28 2008-09-03 清华大学 A Distributed Key Update Method Based on AVL Tree
CN101488849A (en) * 2009-02-18 2009-07-22 华南理工大学 Group key management method base spherical surface in N dimension

Non-Patent Citations (6)

* Cited by examiner, † Cited by third party
Title
An efficient LKH Tree balancing algorithm for group key management;Deuk-Whee Kwak等;《IEEE》;20060530;第10卷(第3期);第1089-7798页 *
一种改进LKH的组播密钥管理方案;范书平等;《计算机工程与应用》;20101211;第46卷(第35期);第104-108页 *
一种改进的R-LKH算法;刘利芬等;《计算机工程》;20080920;第34卷(第18期);第176-178页 *
基于LKH的移动组播密钥管理;晏轲;《中国优秀硕士学位论文数据库信息科技辑》;20061230;第I136 -396页 *
基于LKH的组播密钥管理技术的研究;赵光凯;《中国优秀硕士学位论文数据库信息科技辑》;20090530;第I138-62页 *
基于密钥树的批量密钥更新方法;李辉;《计算机工程》;20091205;第35卷(第23期);第133-135页 *

Also Published As

Publication number Publication date
CN103281175A (en) 2013-09-04

Similar Documents

Publication Publication Date Title
CN102497280B (en) Distributed system and method thereof for realizing management
CN107071011B (en) A cloud-based network data communication method
CN105488431A (en) Authority management method and device for block chain system
CN108012582A (en) block chain system and authority management method thereof
CN104660507B (en) The control method and device of forwarding data flow routing
CN103795644B (en) Policy Table&#39;s list item collocation method, apparatus and system
US20240080181A1 (en) Blockchain Data Structures and Systems and Methods Therefor for Multipath Transaction Management
US9300758B2 (en) Efficient name management for named data networking in datacenter networks
CN110287726A (en) A blockchain-based multi-domain identity authentication management system and method
CN103281175B (en) A Dynamic Balancing Method of LKH Key Management Tree
CN113609231B (en) Method and device for maintaining network architecture information of block chain system
CN103595634B (en) Dynamic service leading method in IP/WDM network
CN107276916A (en) Interchanger flow table management method based on agreement unaware retransmission technique
CN107306247B (en) Resource access control method and device
WO2014069034A1 (en) Communication control device, communication device, and computer program product
CN105955828A (en) Real-time cooperative editing consistency maintenance method supporting string operation
CN103248649B (en) Sort management method, equipment and the system of application
CN114124384B (en) QKD network virtualization method and quantum key cloud platform
CN108055232A (en) A kind of high speed lightweight mimicry virtual net construction method
CN103095833B (en) Cloud service system update method and device
CN114697002B (en) Distributed quantum cryptography network group key distribution method and system
CN105790929A (en) High-efficient access control method based on rule redundancy elimination in encryption environment
CN100386986C (en) Hybrid Location Method of Data Replica in Data Grid System
CN105574076A (en) Key value pair storage structure based on Bloom Filter and method
CN100396002C (en) A system and method for authenticating by using association query

Legal Events

Date Code Title Description
C06 Publication
PB01 Publication
C10 Entry into substantive examination
SE01 Entry into force of request for substantive examination
C14 Grant of patent or utility model
GR01 Patent grant