Chinese remainder theorem based group key management

In this paper, we present two new centralized group key management protocols based on the Chinese Remainder Theorem (CRT). By shifting more computing load onto the key server we optimize the number of re-key broadcast messages, user-side key computation, and number of key storages. The first protocol is the base Chinese Remaindering Group Key (CRGK) protocol, which with a group of n users requires the key server to do O(n) XORs, additions, multiplications, and Extended Euclidean Algorithm computations and broadcast 1 re-key message; each individual user is required to do only 1 modulo arithmetic and 1 XOR operation for each group key update. The second protocol is the Fast Chinese Remaindering Group Key (FCRGK) protocol, which only requires the key server to do O(n) XORs, additions, and multiplications most of the times with no change to the number of re-key messages and user computation per group key update. For both protocols each user only needs to store 2 keys all the time. One special attraction for our FCRGK protocol is that it allows most of the re-keying computation to be done preemptively, which means when a user-join or user-leave event happens the response time for the key server to send out the new group key can be very short.

[1]  Dawn Xiaodong Song,et al.  ELK, a new protocol for efficient large-group key distribution , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[2]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[3]  Tony Ballardie,et al.  Scalable Multicast Key Distribution , 1996, RFC.

[4]  Danny Dolev,et al.  Using AVL trees for fault-tolerant group key management , 2000, International Journal of Information Security.

[5]  Mohamed Eltoweissy,et al.  Combinatorial Optimization of Group Key Management , 2003, Journal of Network and Systems Management.

[6]  Ran Canetti,et al.  Efficient Communication-Storage Tradeoffs for Multicast Encryption , 1999, EUROCRYPT.

[7]  Gene Tsudik,et al.  Key Agreement in Dynamic Peer Groups , 2000, IEEE Trans. Parallel Distributed Syst..

[8]  Carlo Blundo,et al.  Space Requirements for Broadcast Encryption , 1994, EUROCRYPT.

[9]  Alan T. Sherman,et al.  Key Establishment in Large Dynamic Groups Using One-Way Function Trees , 2003, IEEE Trans. Software Eng..

[10]  David Hutchison,et al.  A survey of key management for secure group communication , 2003, CSUR.

[11]  Wen-Tsuen Chen,et al.  Secure Broadcasting Using the Secure Lock , 1989, IEEE Trans. Software Eng..

[12]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Specification , 1997, RFC.

[13]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[14]  Yongdae Kim,et al.  On the performance of group key agreement protocols , 2004, TSEC.

[15]  Dilip D. Kandlur,et al.  Key management for secure lnternet multicast using Boolean function minimization techniques , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[16]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[17]  Yvo Desmedt,et al.  A Secure and Efficient Conference Key Distribution System (Extended Abstract) , 1994, EUROCRYPT.

[18]  Moti Yung,et al.  Perfectly Secure Key Distribution for Dynamic Conferences , 1998, Inf. Comput..

[19]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[20]  Gene Tsudik,et al.  Tree-based group key agreement , 2004, TSEC.

[21]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[22]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[23]  Richard E. Smith,et al.  Authentication: From Passwords to Public Keys , 2001 .