Secure group communications using key graphs

Many emerging network applications are based upon a group communications model. As a result, securing group communications, i.e., providing confidentiality, authenticity, and integrity of messages delivered between group members, will become a critical networking issue. We present, in this paper, a novel solution to the scalability problem of group/multicast key management. We formalize the notion of a secure group as a triple (U,K,R) where U denotes a set of users, K a set of keys held by the users, and R a user-key relation. We then introduce key graphs to specify secure groups. For a special class of key graphs, we present three strategies for securely distributing rekey messages after a join/leave and specify protocols for joining and leaving a secure group. The rekeying strategies and join/leave protocols are implemented in a prototype key server we have built. We present measurement results from experiments and discuss performance comparisons. We show that our group key management service, using any of the three rekeying strategies, is scalable to large groups with frequent joins and leaves. In particular, the average measured processing time per join/leave increases linearly with the logarithm of group size.

[1]  Simon S. Lam,et al.  Designing a distributed authorization service , 1998, Proceedings. IEEE INFOCOM '98, the Conference on Computer Communications. Seventeenth Annual Joint Conference of the IEEE Computer and Communications Societies. Gateway to the 21st Century (Cat. No.98.

[2]  J.J. Tardo,et al.  SPX: global authentication using public key certificates , 1991, Proceedings. 1991 IEEE Computer Society Symposium on Research in Security and Privacy.

[3]  Moti Yung,et al.  The KryptoKnight family of light-weight protocols for authentication and key distribution , 1995, TNET.

[4]  Li Gong,et al.  Enclaves: Enabling Secure Collaboration Over the Internet , 1996, IEEE J. Sel. Areas Commun..

[5]  B. Clifford Neuman,et al.  Proxy-based authorization and accounting for distributed systems , 1993, [1993] Proceedings. The 13th International Conference on Distributed Computing Systems.

[6]  J. J. Garcia-Luna-Aceves,et al.  Improving Internet multicast with routing labels , 1997, Proceedings 1997 International Conference on Network Protocols.

[7]  Douglas R. Stinson,et al.  On Some Methods for Unconditionally Secure Key Distribution and Broadcast Encryption , 1997, Des. Codes Cryptogr..

[8]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[9]  Amos Fiat,et al.  Broadcast Encryption , 1993, CRYPTO.

[10]  Robert H. Deng,et al.  Authenticated key distribution and secure broadcast using no conventional encryption: a unified approach based on block codes , 1995, Proceedings of GLOBECOM '95.

[11]  Wen-Tsuen Chen,et al.  Secure Broadcasting Using the Secure Lock , 1989, IEEE Trans. Software Eng..

[12]  Tony Ballardie,et al.  Scalable Multicast Key Distribution , 1996, RFC.

[13]  Simon S. Lam,et al.  Digital signatures for flows and multicasts , 1999, TNET.

[14]  Shimshon Berkovits,et al.  How To Broadcast A Secret , 1991, EUROCRYPT.

[15]  Jon Crowcroft,et al.  Multicast-specific security threats and counter-measures , 1995, Proceedings of the Symposium on Network and Distributed System Security.

[16]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Specification , 1997, RFC.

[17]  B. Clifford Neuman,et al.  Kerberos: An Authentication Service for Open Network Systems , 1988, USENIX Winter.

[18]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[19]  Ronald L. Rivest,et al.  Introduction to Algorithms , 1990 .

[20]  Ralph C. Merkle,et al.  A Certified Digital Signature , 1989, CRYPTO.

[21]  John B. Lacy CryptoLib: Cryptography in Software , 1993, USENIX Security Symposium.

[22]  Michael K. Reiter,et al.  Secure agreement protocols: reliable and atomic group multicast in rampart , 1994, CCS '94.

[23]  Stephen E. Deering,et al.  Multicast routing in internetworks and extended LANs , 1988, CCRV.

[24]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[25]  Simon S. Lam,et al.  SNP: An Interface for Secure Network Programming , 1994, USENIX Summer.