HySOR: group key management with collusion-scalability tradeoffs using a hybrid structuring of receivers

One problem in securing group communication is the scalability of group key management in dynamic multicast sessions. The main challenge arises when a member leaves the multicast session and a rekeying of the group is required to prevent the departing member from accessing the information being multicast after they leave. Recent research developed the logical key hierarchy (LKH) protocol which uses a tree structuring of receivers and requires O(log(n)) rekeying messages when a member leaves. It has also been demonstrated that /spl Omega/(log(n)) is the best one can achieve if strict confidentiality and non-collusion are required. While strict non-collusion is required for some highly sensitive data, we argue that some commercial content delivery applications will be extremely cost sensitive and willing to tolerate some small level of collusion. In this paper we consider the question of how one might trade off the message cost of rekeying with some increased vulnerability to collusion. We consider a range of protocols. In one extreme is LKH which is completely immune from collusion. On the other extreme is a protocol based on the linear ordering of receivers (LORE), which requires O(1) messages for rekeying but in which any two receivers can collude. We describe a scheme using a hybrid structuring of receivers (HySOR) which is tunable between the LKH and LORE extremes and by which one can trade off some vulnerability to collusion for a decrease in rekeying message cost. We provide analytical as wen as simulation results to investigate the performance of HySOR and its tunability along the collusion/scalability spectrum.

[1]  Moni Naor,et al.  Multicast security: a taxonomy and some efficient constructions , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[2]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[3]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[4]  Marvin A. Sirbu,et al.  Pricing Multicast Communication: A Cost-Based Approach , 2001, Telecommun. Syst..

[5]  Hugh Harney,et al.  Group Key Management Protocol (GKMP) Architecture , 1997, RFC.

[6]  Tony Ballardie,et al.  Scalable Multicast Key Distribution , 1996, RFC.

[7]  Ran Canetti,et al.  A taxonomy of multicast security issues (temporary version) , 1998 .

[8]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[9]  Bob Briscoe,et al.  MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences , 1999, Networked Group Communication.

[10]  Yang Richard Yang,et al.  A Secure Group Key Management Communication Lower Bound , 2000 .

[11]  Dilip D. Kandlur,et al.  Key management for secure lnternet multicast using Boolean function minimization techniques , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[12]  Alan T. Sherman,et al.  Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization , 2000 .

[13]  Moni Naor,et al.  Issues in Multicast Security: A Taxonomy and E cient Constructions , 1999, IEEE Conference on Computer Communications.

[14]  Suvo Mittra,et al.  Iolus: a framework for scalable secure multicasting , 1997, SIGCOMM '97.

[15]  Manuel Blum,et al.  How to generate cryptographically strong sequences of pseudo random bits , 1982, 23rd Annual Symposium on Foundations of Computer Science (sfcs 1982).