A Framework for Secure Group Key Management

The need for secure group communication is increasingly evident in a wide variety of governmental, commercial, and Internet communities. Secure group key management is concerned with the methods of issuing and distributing group keys, and the management of those keys over a period of time. To provide perfect secrecy, a central group key manager (GKM) has to perform group rekeying for every join or leave request. Fast rekeying is crucial to an application\u27s performance that has large group size, experiences frequent joins and leaves, or where the GKM is hosted by a group member. Examples of such applications are interactive military simulation, secure video and audio broadcasting, and secure peer-to-peer networks. Traditionally, the rekeying is performed periodically for the batch of requests accumulated during an inter-rekey period. The use of a logical key hierarchy (LKH) by a GKM has been introduced to provide scalable rekeying. If the GKM maintains a LKH of degree d and height h, such that the group size n ≤ dh, and the batch size is R requests, a rekeying requires the GKM to regenerate O(R × h) keys and to perform O(d × R × h) keys encryptions for the new keys distribution. The LKH approach provided a GKM rekeying cost that scales to the logarithm of the group size, however, the number of encryptions increases with increased LKH degree, LKH height, or the batch size. In this dissertation, we introduce a framework for scalable and efficient secure group key management that outperforms the original LKH approach. The framework has six components as follows. First, we present a software model for providing secure group key management that is independent of the application, the security mechanism, and the communication protocol. Second, we focus on a LKH-based GKM and introduce a secure key distribution technique, in which a rekeying requires the GKM to regenerate O( R × h) keys. Instead of encryption, we propose a novel XOR-based key distribution technique, namely XORBP, which performs an XOR operation between keys, and uses random byte patterns (BPs) to distribute the key material in the rekey message to guard against insider attacks. Our experiments show that the XORBP LKH approach substantially reduces a rekeying computation effort by more than 90%. Third, we propose two novel LKH batch rekeying protocols . The first protocol maintains a balanced LKH (B+-LKH) while the other maintains an unbalanced LKH (S-LKH). If a group experiences frequent leaves, keys are deleted form the LKH and maintaining a balanced LKH becomes crucial to the rekeying\u27s process performance. In our experiments, the use of a B+-LKH by a GKM, compared to a S-LKH, is shown to substantially reduce the number of LKH nodes (i.e., storage), and the number of regenerated keys per a rekeying by more than 50%. Moreover, the B +-LKH performance is shown to be bounded with increased group dynamics. Fourth, we introduce a generalized rekey policy that can be used to provide periodic rekeying as well as other versatile rekeying conditions. Fifth, to support distributed group key management, we identify four distributed group-rekeying protocols between a set of peer rekey agents. Finally, we discuss a group member and a GKM\u27s recovery after a short failure time

Host mobility key management in dynamic secure group communication

The key management has a fundamental role in securing group communications taking place over vast and unprotected networks. It is concerned with the distribution and update of the keying materials whenever any changes occur in the group membership. Wireless mobile environments enable members to move freely within the networks, which causes more difficulty to design efficient and scalable key management protocols. This is partly because both member location dynamic and group membership dynamic must be managed concurrently, which may lead to significant rekeying overhead. This paper presents a hierarchical group key management scheme taking the mobility of members into consideration intended for wireless mobile environments. The proposed scheme supports the mobility of members across wireless mobile environments while remaining in the group session with minimum rekeying transmission overhead. Furthermore, the proposed scheme alleviates 1-affect-n phenomenon, single point of failure, and signaling load caused by moving members at the core network. Simulation results shows that the scheme surpasses other existing efforts in terms of communication overhead and affected members. The security requirements studies also show the backward and forward secrecy is preserved in the proposed scheme even though the members move between areas

DGKD: Distributed Group Key Distribution with Authentication Capability

Group key management (GKM} is the most important issue in secure group communication (SCC). The existing GKM protocols fall into three typical classes: centralized group key distribution (CGKD), decentralized group key management (DGKM), and distributed/contributory group key agreement (CGKA). Serious problems remains in these protocols, as they require existence of central trusted entities (such as group controller or subgroup controllers), relaying of messages (by subgroup controllers), or strict member synchronization (JOT multiple round stepwise key agreement), thus suffering from the single point of failure and attack, performance bottleneck, or mis-operations in the situation of transmission delay or network failure. In this paper, we propose a new class of GKM protocols: distributed group key distribution (DGKD). The new DGKD protocol solves the above problems and surpasses the existing GKM protocols ZR terms of simplicity, efficiency, scalability, and robustness

DGKD: Distributed Group Key Distribution with Authentication Capability

Group key management (GKM} is the most important issue in secure group communication (SCC). The existing GKM protocols fall into three typical classes: centralized group key distribution (CGKD), decentralized group key management (DGKM), and distributed/contributory group key agreement (CGKA). Serious problems remains in these protocols, as they require existence of central trusted entities (such as group controller or subgroup controllers), relaying of messages (by subgroup controllers), or strict member synchronization (JOT multiple round stepwise key agreement), thus suffering from the single point of failure and attack, performance bottleneck, or mis-operations in the situation of transmission delay or network failure. In this paper, we propose a new class of GKM protocols: distributed group key distribution (DGKD). The new DGKD protocol solves the above problems and surpasses the existing GKM protocols ZR terms of simplicity, efficiency, scalability, and robustness

Implementing Secure Group Communications using Key Graphs

While the technical issues of securing unicast communications for client-server computingare fairly well-understood, the technical issues of securing group communications are not. Theexisting approach to improve the scalability is to decompose a large group of clients into manysubgroups and employ a hierarchy of group security agents. In this paper, the secure groupcommunications using key graphs and the implementation of a different hierarchical approachto improve the scalability and secure group communication using key graphs has been presented