Efficient self-healing group key distribution with revocation capability

This paper presents group key distribution techniques for large and dynamic groups over unreliable channels. The techniques proposed here are based on the self-healing key distribution methods (with revocation capability) recently developed by Staddon et al. [27]. By introducing a novel personal key distribution technique, this paper reduces (1) the communication overhead of personal key share distribution from O(t2log q) to O(tlogq), (2) the communication overhead of self-healing key distribution with t-revocation capability from O((mt2+tm)log q) to O(mtlog q), and (3) the storage overhead of the self-healing key distribution with $t$-revocation capability at each group member from O(m2log q) to O(mlogq), where $t$ is the maximum number of colluding group members, $m$ is the number of sessions, and $q$ is a prime number that is large enough to accommodate a cryptographic key. All these results are achieved without sacrificing the unconditional security of key distribution. In addition, this paper presents two techniques that allow trade-off between the broadcast size and the recoverability of lost session keys. These two methods further reduce the broadcast message size in situations where there are frequent but short-term disruptions of communication and where there are long-term but infrequent disruptions of communication, respectively.

[1]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[2]  Amit Sahai,et al.  Coding Constructions for Blacklisting Problems without Computational Assumptions , 1999, CRYPTO.

[3]  Douglas R. Stinson,et al.  Trade-offs Between Communication and Storage in Unconditionally Secure Schemes for Broadcast Encryption and Interactive Key Distribution , 1996, CRYPTO.

[4]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[5]  Pankaj Rohatgi,et al.  Maintaining Balanced Key Trees for Secure Multicast , 1999 .

[6]  Moti Yung,et al.  Perfectly Secure Key Distribution for Dynamic Conferences , 1992, Inf. Comput..

[7]  Xiaozhou Li,et al.  Batch rekeying for secure group communications , 2001, WWW '01.

[8]  Dawn Xiaodong Song,et al.  ELK, a new protocol for efficient large-group key distribution , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[9]  Evangelos Kranakis,et al.  On key distribution via true broadcasting , 1994, CCS '94.

[10]  Douglas R. Stinson,et al.  On Some Methods for Unconditionally Secure Key Distribution and Broadcast Encryption , 1997, Des. Codes Cryptogr..

[11]  Sushil Jajodia,et al.  Kronos: a scalable group re-keying approach for secure multicast , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[12]  Danny Dolev,et al.  Optimized Group Rekey for Group Communications Systems , 1999 .

[13]  Gene Tsudik,et al.  CLIQUES: a new approach to group key agreement , 1998, Proceedings. 18th International Conference on Distributed Computing Systems (Cat. No.98CB36183).

[14]  Bob Briscoe,et al.  MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences , 1999, Networked Group Communication.

[15]  Bobby Bhattacharjee,et al.  Scalable secure group communication over IP multicast , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[16]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[17]  D. Liu,et al.  Efficient and Self-Healing Key Distribution with Revocation for Tactical Wireless Networks , 2003 .

[18]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[19]  Ran Canetti,et al.  Efficient Communication-Storage Tradeoffs for Multicast Encryption , 1999, EUROCRYPT.

[20]  Li Gong New protocols for third-party-based authentication and secure broadcast , 1994, CCS '94.

[21]  Xiaozhou Li,et al.  Reliable group rekeying: a performance analysis , 2001, SIGCOMM '01.

[22]  Alan T. Sherman,et al.  Key Establishment in Large Dynamic Groups Using One-Way Function Trees , 2003, IEEE Trans. Software Eng..

[23]  Simon S. Lam,et al.  Group rekeying with limited unicast recovery , 2004, Comput. Networks.

[24]  Dilip D. Kandlur,et al.  Key management for secure lnternet multicast using Boolean function minimization techniques , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[25]  Alan T. Sherman,et al.  Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization , 2000 .

[26]  Reihaneh Safavi-Naini,et al.  New constructions for multicast re-keying schemes using perfect hash families , 2000, CCS.

[27]  Matthew K. Franklin,et al.  Self-healing key distribution with revocation , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[28]  Douglas R. Stinson,et al.  Some New Results on Key Distribution Patterns and Broadcast Encryption , 1998, Des. Codes Cryptogr..

[29]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[30]  Gene Tsudik,et al.  Tree-based group key agreement , 2004, TSEC.

[31]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[32]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[33]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[34]  Yang Richard Yang,et al.  Protocol design for scalable and reliable group rekeying , 2001, TNET.

[35]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Specification , 1997, RFC.

[36]  Gene Tsudik,et al.  Key Agreement in Dynamic Peer Groups , 2000, IEEE Trans. Parallel Distributed Syst..

[37]  Shimshon Berkovits,et al.  How To Broadcast A Secret , 1991, EUROCRYPT.

[38]  Jessica Staddon,et al.  Combinatorial Bounds for Broadcast Encryption , 1998, EUROCRYPT.

[39]  Malibu Canyon RdMalibu Keystone: a Group Key Management Service , 2000 .