JET: Dynamic Join-Exit-Tree Amortization and Scheduling for Contributory Key Management

In secure group communications, the time cost associated with key updates in the events of member join and departure is an important aspect of quality of service, especially in large groups with highly dynamic membership. To achieve better time efficiency, we propose a join-exit-tree (JET) key management framework. First, a special key tree topology with join and exit subtrees is introduced to handle key updates for dynamic membership. Then, optimization techniques are employed to determine the capacities of join and exit subtrees for achieving the best time efficiency, and algorithms are designed to dynamically update the join and exit trees. We show that, on average, the asymptotic time cost for each member join/departure event is reduced to O(log(logn)) from the previous cost of O(logn), where n is the group size. Our experimental results based on simulated user activities as well as the real MBone data demonstrate that the proposed JET scheme can significantly improve the time efficiency, while maintaining low communication and computation cost, of tree-based contributory key management

[1]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[2]  Nathalie Weiler,et al.  The VersaKey framework: versatile group key management , 1999, IEEE J. Sel. Areas Commun..

[3]  Ashok Samal,et al.  DISEC: a distributed framework for scalable secure many-to-many communication , 2000, Proceedings ISCC 2000. Fifth IEEE Symposium on Computers and Communications.

[4]  K. J. Ray Liu,et al.  Resource-aware conference key establishment for heterogeneous networks , 2005, IEEE/ACM Transactions on Networking.

[5]  Gene Tsudik,et al.  CLIQUES: a new approach to group key agreement , 1998, Proceedings. 18th International Conference on Distributed Computing Systems (Cat. No.98CB36183).

[6]  Sushil Jajodia,et al.  Performance optimizations for group key management schemes , 2003, 23rd International Conference on Distributed Computing Systems, 2003. Proceedings..

[7]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[8]  Colin D. Walter,et al.  Hardware Implementation of Montgomery's Modular Multiplication Algorithm , 1993, IEEE Trans. Computers.

[9]  K. C. Almeroth,et al.  Multicast group behavior in the Internet's multicast backbone (MBone) , 1997 .

[10]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[11]  David A. Patterson,et al.  Computer Architecture: A Quantitative Approach , 1969 .

[12]  Gene Tsudik,et al.  Diffie-Hellman key distribution extended to group communication , 1996, CCS '96.

[13]  Matthew J. Moyer,et al.  A survey of security issues in multicast communications , 1999, IEEE Network.

[14]  Chak-Kuen Wong,et al.  A conference key distribution system , 1982, IEEE Trans. Inf. Theory.

[15]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Specification , 1997, RFC.

[16]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[17]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[18]  David A. Patterson,et al.  Computer Architecture - A Quantitative Approach, 5th Edition , 1996 .

[19]  Bobby Bhattacharjee,et al.  Scalable secure group communication over IP multicast , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[20]  David A. Patterson,et al.  Computer Architecture - A Quantitative Approach (4. ed.) , 2007 .

[21]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[22]  Dawn Xiaodong Song,et al.  ELK, a new protocol for efficient large-group key distribution , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[23]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[24]  Uta Wille,et al.  Communication complexity of group key distribution , 1998, CCS '98.

[25]  Gene Tsudik,et al.  Simple and fault-tolerant key agreement for dynamic collaborative groups , 2000, CCS.

[26]  Min Wu,et al.  Dynamic join-exit amortization and scheduling for time-efficient group key agreement , 2004, IEEE INFOCOM 2004.

[27]  David A. Patterson,et al.  Computer architecture (2nd ed.): a quantitative approach , 1996 .

[28]  Thomas H. Cormen,et al.  Introduction to algorithms [2nd ed.] , 2001 .

[29]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[30]  Dilip D. Kandlur,et al.  Key management for secure lnternet multicast using Boolean function minimization techniques , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[31]  K. J. Ray Liu,et al.  A time-efficient contributory key agreement scheme for secure group communications , 2002, 2002 IEEE International Conference on Communications. Conference Proceedings. ICC 2002 (Cat. No.02CH37333).

[32]  Mostafa H. Ammar,et al.  Gothic: a group access control architecture for secure multicast and anycast , 2002, Proceedings.Twenty-First Annual Joint Conference of the IEEE Computer and Communications Societies.

[33]  Refik Molva,et al.  Scalable multicast security in dynamic groups , 1999, CCS '99.

[34]  K. J. Ray Liu,et al.  A scalable multicast key management scheme for heterogeneous wireless networks , 2004, IEEE/ACM Transactions on Networking.

[35]  Sanjoy Paul,et al.  Multicasting on the Internet and its Applications , 1998, Springer US.

[36]  Kevin C. Almeroth,et al.  A long-term analysis of growth and usage patterns in the Multicast Backbone (MBone) , 2000, Proceedings IEEE INFOCOM 2000. Conference on Computer Communications. Nineteenth Annual Joint Conference of the IEEE Computer and Communications Societies (Cat. No.00CH37064).