SAKM: a scalable and adaptive key management approach for multicast communications

Multicasting is increasingly used as an efficient communication mechanism for group-oriented applications in the Internet. In order to offer secrecy for multicast applications, the traffic encryption key has to be changed whenever a user joins or leaves the system. Such a change has to be communicated to all the current users. The bandwidth used for such rekeying operation could be high when the group size is large. The proposed solutions to cope with this limitation, commonly called 1 affects n phenomenon, consist of organizing group members into subgroups that use independent traffic encryption keys. This kind of solutions introduce a new challenge which is the requirement of decrypting and reencrypting multicast messages whenever they pass from one subgroup to another. This is a serious drawback for applications that require real-time communication such as video-conferencing. In order to avoid the systematic decryption / reencryption of messages, we propose in this paper an adaptive solution which structures group members into clusters according to the application requirements in term of synchronization and the membership change behavior in the secure session. Simulation results show that our solution is efficient and typically adaptive compared to other schemes.

[1]  J. J. Garcia-Luna-Aceves,et al.  KHIP—a scalable protocol for secure multicast routing , 1999, SIGCOMM '99.

[2]  Rolf Oppliger,et al.  Distributed Registration and Key Distribution for Online Universities , 1997, Communications and Multimedia Security.

[3]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[4]  Ran Canetti,et al.  A taxonomy of multicast security issues (temporary version) , 1998 .

[5]  K. C. Almeroth,et al.  Multicast group behavior in the Internet's multicast backbone (MBone) , 1997 .

[6]  Ashok Samal,et al.  Comparison of Hierarchical Key Distribution Schemes , 1999 .

[7]  Adi Shamir,et al.  A method for obtaining digital signatures and public-key cryptosystems , 1978, CACM.

[8]  S. Wittevrongel,et al.  Queueing systems , 2019, Autom..

[9]  Stephen E. Deering,et al.  Multicast routing in internetworks and extended LANs , 1988, CCRV.

[10]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[11]  Ashok Samal,et al.  Scalable secure one-to-many group communication using dual encryption , 2000, Comput. Commun..

[12]  Kevin C. Almeroth,et al.  Collecting and modeling the join/leave behavior of multicast group members in the MBone , 1996, Proceedings of 5th IEEE International Symposium on High Performance Distributed Computing.

[13]  Mischa Schwartz,et al.  ACM SIGCOMM computer communication review , 2001, CCRV.

[14]  Alan T. Sherman,et al.  Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization , 2000 .

[15]  Shueng-Han Gary Chan,et al.  Distributed servers approach for large-scale secure multicast , 2002, IEEE J. Sel. Areas Commun..

[16]  Jon Crowcroft,et al.  Multicast-specific security threats and counter-measures , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[17]  Rolf Oppliger,et al.  Distributed registration and key distribution (DiRK) , 1996, SEC.

[18]  Kai Sorensen,et al.  Federal Information Processing Standards Publication , 1985 .

[19]  Gene Tsudik,et al.  IP multicast security: Issues and directions , 2000, Ann. des Télécommunications.

[20]  Xiaozhou Li,et al.  Reliable group rekeying: a performance analysis , 2001, SIGCOMM '01.

[21]  Nathalie Weiler,et al.  The VersaKey framework: versatile group key management , 1999, IEEE J. Sel. Areas Commun..

[22]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Specification , 1997, RFC.

[23]  Mostafa Ammar,et al.  Security issues and solutions in multicast content distribution: a survey , 2003 .

[24]  Ghassan Chaddoud,et al.  Dynamic group communication security , 2001, Proceedings. Sixth IEEE Symposium on Computers and Communications.

[25]  David Hutchison,et al.  A survey of key management for secure group communication , 2003, CSUR.

[26]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[27]  Sushil Jajodia,et al.  Kronos: a scalable group re-keying approach for secure multicast , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[28]  William C. Fenner Internet Group Management Protocol, Version 2 , 1997, RFC.

[29]  Hua Wang,et al.  A secure multicast protocol with copyright protection , 2002, CCRV.

[30]  George Varghese,et al.  A lower bound for multicast key distribution , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[31]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.