The VersaKey framework: versatile group key management (original) (raw)
Related papers
Towards scalable key management for secure multicast communication
Information Technology And Control, 2012
Secure multicast communication allows a sender to deliver encrypted messages to a group of authorized receivers. A practical approach is that the sender uses a common key shared by the authorized receivers to encrypt the transmitted messages. The common key must be renewed to ensure forward/backward secrecy when group members leave/join the group, called the rekeying process. Thus, the rekeying problem is a critical issue for secure multicast communication. Many key management schemes have been proposed to improve the performance of the rekeying process. In 2010, Lin et al. proposed two key management schemes without the rekeying process. However, the transmission size required in their schemes increases linearly with the number of group members. In this article, we use the time-bound concept to propose two new key management schemes without the rekeying process. The point is that the required transmission size is constant. Performance analysis is given to demonstrate that our schemes have better performance as compared with the recently proposed key management schemes in terms of transmission size and computational cost. Under several security assumptions, we prove that the proposed schemes satisfy the requirements of secure multicast communication.
Kronos: A scalable group re-keying approach for secure multicast
2000
Abstract The authors describe a novel approach to scalable group re-keying for secure multicast. Our approach, which we call Kronos, is based upon the idea of periodic group re-keying. We first motivate our approach by showing that if a group is re-keyed on each membership change, as the size of the group increases and/or the rate at which members leave and join the group increases, the frequency of rekeying becomes the primary bottle neck for scalable group re-keying.
A novel dynamic key management scheme for secure multicasting
The 11th IEEE International Conference on Networks, 2003. ICON2003.
We pmpose a new secure multicast scheme based on a novel hybrid key distribution scheme. This scheme meets the requirements described in the Internet Engineering Task Force (IETF) for multicast security architecture. It exhibits certain unique advantages in security services over existing schemes in the area of dynamic gmup key management. Our scheme allows efficient mechanisms for group members to join and leave a group frequently.
A scalable and distributed multicast security protocol using a subgroup-key hierarchy
Computers & Security, 2004
In the present paper, a scalable protocol for securing multicast communication is proposed. The proposed protocol is based on the idea of dividing the whole group into smaller subgroups as in the Iolus protocol. For a member join or leave, the decomposition of the group into smaller subgroups will reduce the computation complexity from O(M), where M is the number of the whole group members, to O(N), where N is the number of the subgroup members. Moreover, each subgroup is organized in a logical key hierarchy as in the LKH protocol. The use of logical key hierarchy will reduce the computation complexity cost from O(N) to OðlogðNÞÞ in case of member leave/join. Furthermore, the number of communicating messages containing the changed keys will be reduced. The proposed protocol is compared with the two well-known protocols: Iolus and LKH. The comparison is undertaken according to two criteria: the cost of encryption required for the rekey operation in case of member join or leave and the length of the re-key message. The results show that the proposed protocol outperforms both the Iolus and the LKH protocols. Therefore, the proposed protocol will enhance the group performance in terms of computation and communication. ª
Efficient Secure Multicast with Well-Populated Multicast Key Trees
2004
Secure group communications is the basis for many recent multimedia and web technologies. In order to maintain secure and efficient communications within a dynamic group, it is essential that the generation and management of group key(s) be secure and efficient with realtime response. Typically, a logical key hierarchy is used for distribution of group keys to users so that whenever users leave or join the group, new keys are generated and distributed using the key hierarchy. In this paper, we propose Well-Populated Multicast Key Tree (WPMKT), a new efficient technique to handle group dynamics in the key tree and maintain the tree balanced with minimal cost. In WPKT, sub-trees are swapped in a way that keeps the key tree balanced and well populated. At the same time, rekeying overhead due to reorganization is kept at a minimum. Another advantage of WPKT is that rebalancing has no effect on the internal key structure of the swapped sub-trees Results from simulation studies show that under random user deletion, our approach achieves one order of magnitude in overhead less than existing approaches. Under clustered sequential user deletion, our approach achieves almost a linear growth with tree size under individual rebalancing. For periodic rebalancing, we achieved almost half the overhead introduced by other approaches.
TKS: a transition key management scheme for secure application level multicast
International Journal of Security and Networks, 2009
The Application Level Multicast (ALM) simplifies the implementation of group communication. However, it still suffer from the same management overhead in case of highly dynamic sessions. In this paper, we propose an efficient key management protocol, called Transition Key Scheme (TKS), for ALM communication. TKS aims to reduce the key management overhead in case of highly dynamic membership sessions by using a unique Traffic Encryption Key (TEK), for the group, and a small number of individual transition keys to temporally manage members who recently joined the group. Simulation results confirm that TKS reduces significantly key management overhead, compared to other existing ALM key management protocols. In addition, we validated our scheme using AVISPA validation tool, and the results show that TKS is safe against intruder attacks.
Efficient Security for Large and Dynamic Multicast Groups
Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, 1998
Proposals for multicast security that have been published so far are complex, often require trust in network components or are in- efficient. In this paper we propose a series of novel approaches for achieving scalable security in IP multicast, providing privacy and authentication on a group-wide basis. They can be employed to ef- ficiently secure multi-party applications where members of
A Scalable and Distributed Security Protocol for Multicast Communications
2011
In this paper, we propose an efficient and a scalable protocol for secure multicast communication. This protocol is based on the Iolus and the logical key hierarchy protocols. It divides the whole group into several subgroups as in the Iolus protocol. Each subgroup in turn is organized in a logical key hierarchy as in the LKH protocol. This decomposition reduces the complexity for a member join or leave form O(n) to O(logm), where n is the number of the whole group members and m is the number of each subgroup members. The performance of the proposed protocol is compared with that of the Simple App., Iolus and LKH protocols. The comparison is undertaken according to the computational overhead, communication overhead, storage overhead, and message size. The results show that the proposed protocol enhances the group performance in terms of computation overhead, and communication overhead especially at the leave operation.
Multicast security: issues and new schemes for key management
Security is one of the major concerns for using multicast communications in many Internet applications. This paper identifies and discusses various issues related to secure multicasting. It reviews some requirements for creating secure multicast sessions and gives an overview of existing secure multicast schemes. The main security problem discussed is key management. Taxonomy of various schemes that provide solutions to this problem is given and new improved key distribution schemes are provided. We expand the traditional two basic schemes, the single-group and singletree, into three new schemes: group-of-trees, tree-of-groups and tree-oftrees. The performance of all these schemes is evaluated as a function of the multicast group size.
Key Management Techniques for Dynamic Secure Multicasting: A Distributed Computing Approach
Most of the Internet applications today require multicasting. For example, software updates, multimedia content distribution, interacting gaming and stock data distribution require multicast services. All of these applications require privacy and authenticity of the participants. Most of the multicasting groups are dynamic and some of them are large in number. Only those users who belong to the multicasting group should receive the information and be able to decrypt it. New users joining the group should receive information immediately but should not understand the information that was released prior to their joining. Similarly, if users leave the group, they should not receive any further information and should not be able to decrypt it. Keys need to be distributed to the users belonging to the current session and hence some kind of key management is required. Existing schemes for secure multicasting are limited to small and static groups. To allow large and dynamic groups to use the services of multicasting, some protocols have been developed: Multicast Trees, Spanning Tree, Centralized Tree-Based Key Management, Flat-key Management and Distributed Key Management. Some of these schemes are better than others with respect to the speed, memory consumption, and amount of communication needed to distribute the keys. All these schemes are limited in performance with respect to the speed, memory consumption, and amount of communication needed in distributing the keys. In this thesis, a number of public and private key algorithms and key management techniques for secure and dynamic multicasting are studied and analyzed. The thesis is focused on the secure lock method developed by Chiou and Chen, using the Chinese Remainder Theorem. The protocol is implemented for a small group of users and its performance is studied. While, the secure lock method works well for a small group of users and the performance is degraded when the group grows in size. A protocol is proposed for a large and dynamic group, based on the idea of the Chinese Remainder Theorem. A performance study is carried out by comparing our proposed protocol with the existing multicasting protocols. The analysis shows that the proposed protocol works well for large and dynamic groups and gives significantly better performance.