Performance Optimizations for Group Key Management Schemes for Secure Multicast

Scalable group rekeying is one of the biggest challenges that need to be addressed to support secure communications for large and dynamic groups. In recent years, many group key management approaches based on the use of logical key trees have been proposed to address this issue. Using logical key trees reduces the complexity of group rekeying operation from O(N) to O(logN), where N is the group size. In this paper, we present two optimizations for logical key tree organizations that utilize information about the characteristics of group members to further reduce the overhead of group rekeying. First, we propose a partitioned key tree organization that exploits the temporal patterns of group member joins and departures to reduce the overhead of rekeying. Using an analytic model, we show that our optimization can achieve up to 31.4% reduction in key server bandwidth overhead over the un-optimized scheme. Second, we propose an approach under which the key tree is organized based on the loss probabilities of group members. Our analysis shows this optimization can reduce the rekeying overhead by up to 12.1%.

[1]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[2]  Pankaj Rohatgi,et al.  Maintaining Balanced Key Trees for Secure Multicast , 1999 .

[3]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[4]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[5]  Bob Briscoe,et al.  MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences , 1999, Networked Group Communication.

[6]  Bobby Bhattacharjee,et al.  Scalable secure group communication over IP multicast , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[7]  Sushil Jajodia,et al.  Kronos: a scalable group re-keying approach for secure multicast , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[8]  K. C. Almeroth,et al.  Multicast group behavior in the Internet's multicast backbone (MBone) , 1997 .

[9]  Dawn Xiaodong Song,et al.  ELK, a new protocol for efficient large-group key distribution , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[10]  Dilip D. Kandlur,et al.  Key management for secure lnternet multicast using Boolean function minimization techniques , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[11]  Alan T. Sherman,et al.  Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization , 2000 .

[12]  M. Handley An Examination of MBone Performance , 1997 .

[13]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[14]  Donald F. Towsley,et al.  A comparison of sender-initiated and receiver-initiated reliable multicast protocols , 1994, IEEE J. Sel. Areas Commun..

[15]  Miki Yamamoto,et al.  Layered Multicast Group Construction for Reliable Multicast Communications , 1999, Networked Group Communication.

[16]  Christopher McCubbin,et al.  Probabilistic Optimization of LKH-based Multicast Key Distribution Schemes , 2001 .

[17]  Eric Harder,et al.  Logical Key Hierarchy Protocol , 1999 .

[18]  Donald F. Towsley,et al.  Parity-based loss recovery for reliable multicast transmission , 1997, TNET.

[19]  Yang Richard Yang,et al.  Protocol design for scalable and reliable group rekeying , 2001, TNET.

[20]  Sushil Jajodia,et al.  A comparative performance analysis of reliable group rekey transport protocols for secure multicast , 2002, Perform. Evaluation.