Satellite networks are playing a more and more important role in network infrastructure. They are useful in providing
broadband connectivity to remote locations which are harder to reach through terrestrial infrastructure. Data
confidentiality and integrity are two critical issues for satellite networks. The multicast traffic should be accessible only
to subscribers, this requires security and efficient methods to generate, distribute and update the keys. Access control can
be achieved by data encryption, such as end to end security mechanisms----IPSec. Due to the high rekeying cost, most
current key management protocols do not scale well for secure multicast over satellite networks. In this article we
proposed a scalable key management scheme to provide secure communication in satellite networks with minimal key
management overhead. The principle of this approach is to break up IPSec encryption into multiple encryption zones on
a single packet and encrypts different regions of the IP packet using different keys. All of those keys are composed into
just only one multi group key tree for secure multicast over satellite networks. The proposed scheme can reduce the
communication and storage overhead significantly. In addition, the proposed key graph is scalable well.
|