In many secure group communication models, there exists a group manager that creates the group key and distributes it to every group member. Such group manager is responsible for changing and re-distributing (rekeying) the group key whenever it deems necessary. Many applications will require very fast rekeying so that it is not disruptive to their performance. In this paper, we present a generic software model for secure group key management. We present the main components along with their functionality and interactions. With emphasis on the rekey manager, we discuss two issues that critically impact the rekey time: establishment and maintenance of the logical key hierarchy (LKH), and the key packet construction for a changed key. We show that our novel idea of maintaining balanced LKH as B/sup +/ search tree greatly reduces the number of changed keys compared to an unbalanced LKH. In addition, we show that a rekey packet construction using simple XOR operations between keys instead of the usual encryption technique substantially reduces rekey time. We preformed experiments that demonstrate the effectiveness and feasibility of our approaches.
[1]
Eric J. Harder,et al.
Key Management for Multicast: Issues and Architectures
,
1999,
RFC.
[2]
Xiaozhou Li,et al.
Batch rekeying for secure group communications
,
2001,
WWW '01.
[3]
Pankaj Rohatgi,et al.
Maintaining Balanced Key Trees for Secure Multicast
,
1999
.
[4]
Sushil Jajodia,et al.
Kronos: a scalable group re-keying approach for secure multicast
,
2000,
Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.
[5]
Moshe J. Augenstein,et al.
Data Structures Using Pascal
,
1981
.
[6]
Suvo Mittra,et al.
Iolus: a framework for scalable secure multicasting
,
1997,
SIGCOMM '97.
[7]
Mohamed G. Gouda,et al.
Secure group communications using key graphs
,
1998,
SIGCOMM '98.
[8]
Hussein M. Abdel-Wahab,et al.
A simple XOR-based technique for distributing group key in secure multicasting
,
2000,
Proceedings ISCC 2000. Fifth IEEE Symposium on Computers and Communications.
[9]
Ran Canetti,et al.
Secure IP Multicast: Problem areas, Framework, and Building Blocks
,
2000
.