Abstract
Group communication can benefit from IP multicast to achieve scalable exchange of messages. However, there is a challenge of effectively controlling access to the transmitted data. IP multicast by itself does not provide any mechanisms for preventing nongroup members to have access to the group communication. Although encryption can be used to protect messages exchanged among group members, distributing the cryptographic keys becomes an issue. Researchers have proposed several different approaches to group key management. These approaches can be divided into three main classes: centralized group key management protocols, decentralized architectures and distributed key management protocols. The three classes are described here and an insight given to their features and goals. The area of group key management is then surveyed and proposed solutions are classified according to those characteristics.
- Ballardie, A. 1996. Scalable Multicast Key Distribution. RFC 1949.]] Google ScholarDigital Library
- Ballardie, A. and Crowcroft, J. 1995. Multicast specific security threats and counter-measures. In Proceedings of the Symposium on Network and Distributed System Security. (San Diego, Calif., Feb.).]] Google ScholarDigital Library
- Becker, C. and Wille, U. 1998. Communication complexity of group key distribution. In Proceedings of the 5th ACM Conference on Computer and Communications Security. (San Francisco, Calif., Nov.). ACM, New York.]] Google ScholarDigital Library
- Boyd, C. 1997. On key agreement and conference key agreement. In Proceedings of the Information Security and Privacy: Australasian Conference. Lecture Notes in Computer Science, vol. 1270. Springer-Verlag, New York, 294--302.]] Google ScholarDigital Library
- Briscoe, B. 1999. MARKS: Multicast key management using arbitrarily revealed key sequences. In Proceedings of the 1st International Workshop on Networked Group Communication. (Pisa, Italy, Nov.).]] Google ScholarDigital Library
- Burmester, M. and Desmedt, Y. 1994. A secure and efficient conference key distribution system (extended abstract). In Advances in Cryptology---EUROCRYPT 94, A. D. Santis, Ed., Lecture Notes in Computer Science, vol. 950. Springer-Verlag, New York, pp. 275--286.]]Google Scholar
- Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., and Pinkas, B. 1999a. Multicast Security: A Taxonomy and Some Efficient Constructions. In Proceedings of the IEEE INFOCOM. Vol. 2. (New Yok, N.Y., Mar.). 708--716.]]Google Scholar
- Canetti, R., Malkin, T., and Nissim, K. 1999b. Efficient communication-storage tradeoffs for multicast encryption. In Advances in Cryptology---EUROCRYPT '99, J. Stem, Ed. Lectures Notes in Computer Science, vol. 1599. Springer-Verlag, New York, pp. 459--474.]]Google Scholar
- Chang, I., Engel, R., Kandlur, D., Pendarakis, D., and Saha, D. 1999. Key management for secure internet multicast using boolean function minimization techniques. In IEEE INFOCOM. Vol. 2. (New York, March 1999), 689--698.]]Google Scholar
- DeCleene, B., Dondeti, L., Griffin, S., Hardjono, T., Kiwior, D., Kurose, J., Towsley, D., Vasudevan, S., and Zhang, C. 2001. Secure group communications for wireless networks. In Proceedings of the MILCOM. (June).]]Google Scholar
- Deering, S. 1989. Host Extensions for IP Multicasting. RFC 1112.]] Google ScholarDigital Library
- Diffie, W. and Hellman, M. E. 1976. New directions in cryptography. IEEE Trans. Inf. Theory IT-22, 6 (Nov.), 644--654.]]Google ScholarDigital Library
- Dondeti, L., Mukherjee, S., and Samal, A. 1999a. A distributed group key management scheme for secure many-to-many communication. Tech. Rep. PINTL-TR-207-99, Department of Computer Science, University of Maryland.]]Google Scholar
- Dondeti, L., Mukherjee, S., and Samal, A. 1999b. Scalable secure one-to-many group communication using dual encryption. Comput. Commun. 23, 17 (Nov.), 1681--1701.]]Google Scholar
- Fenner, W. 1997. Internet Group Management Protocol, Version 2. RFC 2236.]] Google ScholarDigital Library
- Goldreich, O., Goldwasser, S., and Micali, S. 1986. How to construct random functions. J. ACM 33, 4 (Oct.), 792--807.]] Google ScholarDigital Library
- Hardjono, T. and Tsudik, G. 2000. IP multicast security: Issues and directions. Ann. Telecom. 324--340.]]Google Scholar
- Harney, H. and Muckenhirn, C. 1997a. Group Key Management Protocol (GKMP) Specification. RFC 2093.]] Google ScholarDigital Library
- Harney, H. and Muckenhirn, C. 1997b. Group Key Management Protocol (GKMP) Architecture. RFC 2094.]] Google ScholarDigital Library
- Kim, Y., Perrig, A., and Tsudik, G. 2000. Simple and fault-tolerant key agreement for dynamic collaborative groups. In Proceedings of the 7th ACM Conference in Computer and Communication Security, (Athens, Greece Nov.). (S. Jajodia and P. Samarati, Eds.), pp. 235--241.]] Google ScholarDigital Library
- Li, M., Poovendran, R., and Berenstein, C. 2001. Optimization of key storage for secure. In Proceedings of the 35th Annual Conference on Information Sciences and Systems (CISS). (John Hopkins, Mar.).]]Google Scholar
- McDaniel, P., Prakash, A., and Honeyman, P. 1999. Antigone: A flexible framework for secure group communication. In Proceedings of the 8th USENIX Security Symposium. (Washington, D.C. Aug.). 99--114.]] Google ScholarDigital Library
- McGrew, D. A. and Sherman, A. T. 1998. Key establishment in large dynamic groups using one-way function trees. Tech. Rep. No. 0755 (May), TIS Labs at Network Associates, Inc., Glenwood, Md.]]Google Scholar
- Meyer, D. 1998. Administratively Scoped IP Multicast. RFC 2365.]] Google ScholarDigital Library
- Mills, D. L. 1992. Network Time Protocol (Version 3) Specification, Implementation and Analysis. RFC 1305.]] Google ScholarDigital Library
- Mittra, S. 1997. Iolus: A framework for scalable secure multicasting. In Proceedings of the ACM SIGCOMM. Vol. 27, 4 (New York, Sept.) ACM, New York, pp. 277--288.]] Google ScholarDigital Library
- Molva, R. and Pannetrat, A. 1999. Scalable multicast security in dynamic groups. In Proceedings of the 6th ACM Conference on Computer and Communications Security. (Singapore, Nov.). ACM, New York, 101--112.]] Google ScholarDigital Library
- Moyer, M. J., Rao, J. R., and Rohatgi, P. 1999. A survey of security issues in multcast communications. IEEE Netw. Mag. 13, 6 (Nov./Dec.), 12--23.]]Google ScholarDigital Library
- Perrig, A. 1999. Efficient collaborative key management protocols for secure autonomous group communication. In Proceedings of the International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC'99). (Hong Kong, China, July). M. Blum and C H Lee, Eds. City University of Hong Kong Press, Hong Kong, China, pp. 192--202.]]Google Scholar
- Perrig, A., Song, D., and Tygar, J. D. 2001. ELK, A new protocol for efficient large-group key distribution. In Proceedings of the IEEE Symposium on Security and Privacy. (Oakland, Calif., May). IEEE Computer Society Press, Los Alamitos, Calif.]] Google ScholarDigital Library
- Rafaeli, S. and Hutchison, D. 2002. Hydra: A decentralised group key management. In Proceedings of the 11th IEEE International WETICE: Enterprise Security Workshop, A. Jacobs, Ed. (Pittsburgh, Pa., June). IEEE Computer Society Press, Los Alamitos, Calif.]] Google ScholarDigital Library
- Rafaeli, S., Mathy, L., and Hutchison, D. 2001. EHBT: An efficient protocol for group key management. In Proceedings of the 3rd International Workshop on Networked Group Communications. (London, U.K., Nov.). Lecture Notes in Computer Science, vol. 2233. Springer-Verlag, New York, pp. 159--171. Springer-Verlag.]] Google ScholarDigital Library
- Rivest, R. 1992. The MD5 Message-Digest Algorithm. RFC 1321.]] Google ScholarDigital Library
- Rodeh, O., Birman, K., and Dolev, D. 2000. Optimized group rekey for group communication systems. In Network and Distributed System Security. (San Diego, Calif., Feb.).]]Google Scholar
- Schneier, B. 1996. Applied Cryptography Second Edition: protocols, algorithms, and source code in C. Wiley, New York. ISBN 0-471-11709-9.]] Google ScholarDigital Library
- Setia, S., Koussih, S., and Jajodia, S. 2000. Kronos: A scalable group re-keying approach for secure multicast. In Proceedings of the IEEE Symposium on Security and Privacy. (Oakland Calif., May). IEEE Computer Society Press, Los Alamitos, Calif.]] Google ScholarDigital Library
- Steiner, M., Tsudik, G., and Waidner, M. 1996. Diffie-Hellman key distribution extended to group communication. In SIGSAC Proceedings of the 3rd ACM Conference on Computer and Communications Security. (New Delhi, India, Mar.). ACM, New York, pp. 31--37.]] Google ScholarDigital Library
- Waldvogel, M., Caronni, G., Sun, D., Weiler, N., and Plattner, B. 1999. The VersaKey framework: Versatile group key management. IEEE J. Sel. Areas Commun. (Special Issue on Middleware) 17, 9 (Aug.), 1614--1631.]]Google Scholar
- Wallner, D., Harder, E., and Agee, R. 1999. Key Management for Multicast: Issues and Architectures. RFC 2627.]] Google ScholarDigital Library
- Wegener, I. 1987. The Complexity of Boolean Functions. Wiley, New York. ISBN: 0-471-91555-6.]] Google ScholarDigital Library
- Weiler, N. 2001. SEMSOMM---A scalable multiple encryption scheme for one-to-many multicast. In Proceedings of the 10th IEEE International WETICE Enterprises Security Workshop, (Cambridge, Mass., June). IEEE Computer Society Press, Los Alamitos, Calif.]] Google ScholarDigital Library
- Wong, C. K., Gouda, M. G., and Lam, S. S. 2000. Secure group communications using key graphs. IEEE/ACM Trans. Netw. 8, 1 (Feb.), 16--30.]] Google ScholarDigital Library
Index Terms
- A survey of key management for secure group communication
Recommendations
Secure receiver access control for IP multicast at the network level
The classical service model of IP multicast is open; anyone can receive multicast data. When using this model, it is impossible to ensure that receivers are authorized to receive the data, or (if appropriate) to generate any revenue from a service based ...
A Survey of Group Key Management
CSSE '08: Proceedings of the 2008 International Conference on Computer Science and Software Engineering - Volume 03Group-oriented applications are urgent in network communications for bandwidth economizations. The security issues in multicast are also urgent to be addressed. And the group key management is the foundation stone of multicast security. It has been ...
A New Model for Reliable and Secure Multicast
ICCIS '13: Proceedings of the 2013 International Conference on Computational and Information SciencesIn computer network, multicast is an efficient scheme for one-to-many and many-to-many communication. Although research on multicast has begun as early as the rise of Internet, multicast is still not widely deployed in the current backbone Internet. ...
Comments