Conference PaperPDF Available

Security and Risk in the Current Multicast Group Key Distribution Protocols

Authors:

Abstract

Multicast communications seem particularly well adapted for large scale commercial distribution applications, for example interactive distance-learning, the pay TV channels, board-meetings, group discussions, publish-subscribe systems, and secure videoconferencing. The security for this type of applications is essential for data transmission through an insecure network. A more difficult and challenging issue arises due to the multicast group membership being dynamic. Users can leave and join the groups, thus making the issue of group management more difficult in large-scale systems. Therefore, one of the most important issues in multicast security is the group key management. Key management mainly has to do with the distribution and update of keying material during the group life. Several approaches have been proposed by various authors to create and distribute the multicast group key in effective manner. There are different key management algorithms that facilitate efficient distribution and rekeying of the group key. These protocols normally add communication overhead as well as computation overhead at the both sides, the group key controller and the group members. Those schemes can be generally classified into three basic types, the centralized scheme, decentralized scheme and the distributed scheme. In this paper, we investigate the-state-of-art multicast group key management algorithms and protocols. We also provide the comparative analysis of the various algorithms, evaluating their features based on criteria containing the following elements: The algorithm properties, the type of costs, the secrecy, and the amount of storage. Additionally, the study explores the pros and cons of each scheme, providing conclusions and a guideline for a future development and work in securing multicast group communication. Keywords: Multicast security, key management, secure communication, secrecy, security, secure group communication
A preview of the PDF is not available
ResearchGate has not been able to resolve any citations for this publication.
Article
Full-text available
This paper presents a robust, scalable extension to the recently proposed multicast Group Key Management Protocol (GKMP), in terms of security administration. The GKMP has two major security related problems, (a) lack of any mechanism to remove a compromised group administrator, (b) lack of scalability. We are able to remove a compromised single panel member from generating the group keys by setting the panel members with shared authority to generate the group keys. We then introduce the sub-controllers who have all the functionalities of the group control panel except the authority to generate the group keys. The sub-control panel helps scalability of the network in terms of the security operations. The sub-controllers are chosen using a threshold based clustering algorithm.
Article
Full-text available
Multicasting is increasingly used as an efficient communication mechanism for group-oriented applications in the Internet. In order to offer secrecy for multicast applications, the traffic encryption key has to be changed whenever a user joins or leaves the system. Such a change has to be communicated to all the current users. The bandwidth used for such rekeying operation could be high when the group size is large. The proposed solutions to cope with this limitation, commonly called 1 affects n phenomenon, consist of organizing group members into subgroups that use independent traffic encryption keys. This kind of solutions introduce a new challenge which is the requirement of decrypting and reencrypting multicast messages whenever they pass from one subgroup to another. This is a serious drawback for applications that require real-time communication such as video-conferencing. In order to avoid the systematic decryption / reencryption of messages, we propose in this paper an adaptive solution which structures group members into clusters according to the application requirements in term of synchronization and the membership change behavior in the secure session. Simulation results show that our solution is efficient and typically adaptive compared to other schemes.
Conference Paper
The authors describe a novel approach to scalable group re-keying for secure multicast. Our approach, which we call Kronos, is based upon the idea of periodic group re-keying. We first motivate our approach by showing that if a group is re-keyed on each membership change, as the size of the group increases and/or the rate at which members leave and join the group increases, the frequency of rekeying becomes the primary bottle neck for scalable group re-keying. In contrast, Kronos can scale to handle large and dynamic groups because the frequency of re-keying is independent of the size and membership dynamics of the group. Next, we describe how Kronos can be used in conjunction with distributed key management frameworks such as IGKMP (T. Hardjono et al., 1998) that use a single group-wide session key for encrypting communications between members of the group. Using a detailed simulation, we compare the performance tradeoffs between Kronos and other key management protocols
Article
Encryption is used in a communication system to safeguard information in the transmitted messages from anyone other than the intended receiver(s). To perform the encryption and decryption the transmitter and receiver(s) ought to have matching encryption and decryption keys. A clever way to generate these keys is to use the public key distribution system invented by Diffie and Hellman. That system, however, admits only one pair of communication stations to share a particular pair of encryption and decryption keys, The public key distribution system is generalized to a conference key distribution system (CKDS) which admits any group of stations to share the same encryption and decryption keys. The analysis reveals two important aspects of any conference key distribution system. One is the multitap resistance, which is a measure of the information security in the communication system. The other is the separation of the problem into two parts: the choice of a suitable symmetric function of the private keys and the choice of a suitable one-way mapping thereof. We have also shown how to use CKDS in connection with public key ciphers and an authorization scheme.
Article
Secure group communication is an increasingly popular research area having received much attention in recent years. However, most existing approaches construct the group key without caring about the type of the group itself and the environment in which it evolves. This leads to inefficient solution for real multicast groups. In this paper, we propose a new approach to enhance key management performance. In our solution, we take into consideration group characteristics. We first classify the various group characteristics and point out their influence on the efficiency of key management protocols. We, then, propose two key management protocols, which maintain good performance by adapting the key management process to the type of the group. A comparative Study and simulation results evaluate the efficiency of our approach.
Conference Paper
Hydra is a scaleable decentralised architecture to create and distribute symmetric cryptographic keys to large multicast-based groups. The group is divided into a number of TTL-scoped regions in order to achieve flexible and efficient key management, particularly in face of group membership changes. Hydra does not employ a manager for subgroup managers, and hence, it is not vulnerable to failures of single entities.