Dynamics of Key Management in

Security is an important concern in today's infor- mation age and particularly so in satellite systems, where eaves- dropping can be easily performed. This paper addresses efficient key management for encrypted multicast traffic transmitted via satellite. We consider the topic of encrypting traffic in large multicast groups, where the group size and dynamics have a significant im- pact on the network load. We consider life cycle key management costs of a multicast connection, and show for a logical key hier- archy (LKH) how member preregistration and periodic admission reduces the initialization cost, and how the optimum outdegree of a hierarchical tree varies with the expected member volatility and rekey factor. This improves network utilization, but encryption at the network layer can pose problems on satellite links. We, there- fore, propose and analyze an interworking solution between mul- tilayer Internet protocol security (IPSEC) and LKH that also re- duces key management traffic while enabling interworking with performance enhancing modules used on satellite links. Index Terms—Logical key hierarchy (LKH), multicast, multi- layer Internet protocol security (IPSEC), performance-enhancing modules (PEMs), performance-enhancing proxies (PEPs).

[1]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.

[2]  Yang Richard Yang,et al.  Reliable group rekeying: a performance analysis , 2001, SIGCOMM 2001.

[3]  Hilarie K. Orman,et al.  The OAKLEY Key Determination Protocol , 1997, RFC.

[4]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[5]  Alan T. Sherman,et al.  Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization , 2000 .

[6]  Gabriel Montenegro,et al.  Performance Enhancing Proxies Intended to Mitigate Link-Related Degradations , 2001, RFC.

[7]  Jari Arkko,et al.  MIKEY: Multimedia Internet KEYing , 2004, RFC.

[8]  John S. Baras,et al.  An information-theoretic approach for design and analysis of rooted-tree-based multicast key management schemes , 2001, IEEE Trans. Inf. Theory.

[9]  Pankaj Rohatgi,et al.  Maintaining Balanced Key Trees for Secure Multicast , 1999 .

[10]  George Varghese,et al.  A lower bound for multicast key distribution , 2001, Proceedings IEEE INFOCOM 2001. Conference on Computer Communications. Twentieth Annual Joint Conference of the IEEE Computer and Communications Society (Cat. No.01CH37213).

[11]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[12]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[13]  G. Noubir,et al.  Security issues in Internet protocols over satellite links , 1999, Gateway to 21st Century Communications Village. VTC 1999-Fall. IEEE VTS 50th Vehicular Technology Conference (Cat. No.99CH36324).

[14]  Markus Dillinger,et al.  Interworking between IP security and performance enhancing proxies for mobile networks , 2002 .

[15]  Brian Weis,et al.  The Group Domain of Interpretation , 2003, RFC.

[16]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[17]  Sushil Jajodia,et al.  Kronos: a scalable group re-keying approach for secure multicast , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[18]  Matthew J. Moyer,et al.  A survey of security issues in multicast communications , 1999, IEEE Network.

[19]  W. Douglas Maughan,et al.  Internet Security Association and Key Management Protocol (ISAKMP) , 1998, RFC.