Group key management for IP multicast: model & architecture

The Internet key exchange protocol as it stands is unsuitable for secure group and IP multicast communications due to the method of negotiating security association (SA) elements. This paper reports developments in the IETF in this area. In particular, it describes the design of the group key management architecture and group security association (GSA) model within the secure multicast group (SMUG) in the IRTF, and which have recently been carried-over into the multicast security (MSEC) Working Group in the IETF.

[1]  William Allen Simpson,et al.  Photuris: Session-Key Management Protocol , 1999, RFC.

[2]  Dan Harkins,et al.  The Internet Key Exchange (IKE) , 1998, RFC.

[3]  Mihir Bellare,et al.  Entity Authentication and Key Distribution , 1993, CRYPTO.

[4]  Alan T. Sherman,et al.  Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization , 2000 .

[5]  Bob Briscoe,et al.  MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences , 1999, Networked Group Communication.

[6]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Specification , 1997, RFC.

[7]  Hugo Krawczyk,et al.  SKEME: a versatile secure key exchange mechanism for Internet , 1996, Proceedings of Internet Society Symposium on Network and Distributed Systems Security.

[8]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1998, Proceedings Sixth International Conference on Network Protocols (Cat. No.98TB100256).

[9]  Hugh Harney,et al.  Multicast Security Management Protocol (MSMP) Requirements and Policy , 1999 .

[10]  Paul C. van Oorschot,et al.  Authentication and authenticated key exchanges , 1992, Des. Codes Cryptogr..

[11]  Bob Briscoe,et al.  Nark: receiver-based multicast non-repudiation and key management , 1999, EC '99.

[12]  Hugo Krawczyk,et al.  A Security Architecture for the Internet Protocol , 1999, IBM Syst. J..

[13]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[14]  Stephen T. Kent,et al.  Security Architecture for the Internet Protocol , 1998, RFC.