A key distribution and rekeying framework with totally ordered multicast protocols

Many network applications based on a group communications model have been developed. As a remit securing group communications, i.e., providing confidentiality, authenticity and integrity of messages delivered between group members, will become a critical networking issue. We present a novel solution to the problem of scalable group key management. For the rekeying of the group key, all members of the group should agree the rekeying of the key. However, synchronization with all members for agreement of the rekeying is very costly. We propose the asynchronous rekeying framework based on the reliable and totally ordered multicast protocols (RTOMP). In our framework, a group is consists of some domains which has some group members and one trusted key distribution server (KDS). When the membership of a domain is changed, the KDS of the domain creates the group key and distributes to the all other KDSs via the secure multicast channel on its own responsibility. The KDS also sends the group key which is encrypted by the individual key to all new members of the domain. Therefore, the cost of the creation and distribution of the group key is dispersed over the all KDSs. From our simulations, the group key managed at the KDS is reasonable and scalability is improved even if the ratio of the key change is high.

[1]  Wen-Tsuen Chen,et al.  Secure Broadcasting Using the Secure Lock , 1989, IEEE Trans. Software Eng..

[2]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[3]  Jon Crowcroft,et al.  Core Based Trees (CBT) An Architecture for Scalable Inter-Domain Multicast Routing , 1993, SIGCOMM 1993.

[4]  Simon S. Lam,et al.  SNP: An Interface for Secure Network Programming , 1994, USENIX Summer.

[5]  Moti Yung,et al.  The KryptoKnight family of light-weight protocols for authentication and key distribution , 1995, TNET.

[6]  John R. Callahan,et al.  Fault recovery in the reliable multicast protocol , 1995 .

[7]  Jon Crowcroft,et al.  Multicast-specific security threats and counter-measures , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[8]  Tony Ballardie,et al.  Scalable Multicast Key Distribution , 1996, RFC.

[9]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Specification , 1997, RFC.

[10]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[11]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[12]  Douglas R. Stinson,et al.  On Some Methods for Unconditionally Secure Key Distribution and Broadcast Encryption , 1997, Des. Codes Cryptogr..

[13]  Danny Dolev,et al.  An adaptive totally ordered multicast protocol that tolerates partitions , 1998, PODC '98.

[14]  Tadanori Mizuno,et al.  A Reliable Multicast Protocol with Total Ordering for Distributed Virtual Environment , 2000, ICDCS Workshop on Group Communications and Computations.

[15]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.