Scalable secure group communication over IP multicast

We introduce and analyze a scalable re-keying scheme for implementing secure group communications over IP multicast. We show that our scheme incurs constant processing, message, and storage overhead for a re-key operation when a single member joins or leaves the group, and logarithmic overhead for bulk simultaneous changes to the group membership. These bounds hold even when group dynamics are not known a priori. Our re-keying algorithm requires a particular clustering of the members of the secure multicast group. We describe a protocol to achieve such clustering and show that it is feasible to efficiently cluster members over realistic Internet-like topologies. We evaluate the overhead of our own re-keying scheme and also of previously published schemes via simulation over an Internet topology map containing over 280,000 routers. Through analysis and detailed simulations, we show that this re-keying scheme performs better than previous schemes for a single change to group membership. Further, for bulk changes, our algorithm outperforms all previously known schemes by several orders of magnitude in terms of actual bandwidth usage, processing costs and storage requirements.

[1]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[2]  Deborah Estrin,et al.  Fault isolation in multicast trees , 2000, SIGCOMM.

[3]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[4]  J. Crowcroft,et al.  The PGM Reliable Multicast Protocol , 2002 .

[5]  Paul Francis,et al.  Core based trees (CBT) , 1993, SIGCOMM '93.

[6]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[7]  Tony Ballardie,et al.  Scalable Multicast Key Distribution , 1996, RFC.

[8]  Dilip D. Kandlur,et al.  Key management for secure lnternet multicast using Boolean function minimization techniques , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[9]  J. J. Garcia-Luna-Aceves,et al.  Improving Internet multicast with routing labels , 1997, Proceedings 1997 International Conference on Network Protocols.

[10]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[11]  Xiaozhou Li,et al.  Batch Updates of Key Trees , 2000 .

[12]  Tony Ballardie,et al.  Core based trees , 1993 .

[13]  David Thaler,et al.  Protocol Independent Multicast-Sparse Mode (PIM-SM): Protocol Specification , 1997, RFC.

[14]  Bob Briscoe,et al.  MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences , 1999, Networked Group Communication.

[15]  Stephen E. Deering,et al.  Distance Vector Multicast Routing Protocol , 1988, RFC.

[16]  Ramesh Govindan,et al.  Heuristics for Internet map discovery , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).

[17]  Bradley Cain,et al.  Status of this Memo , 1985 .

[18]  Bobby Bhattacharjee,et al.  Scalable secure group communication over IP multicast , 2002, IEEE J. Sel. Areas Commun..