SIGCOMM '93 Conference proceedings on Communications architectures, protocols and applications
Iolus: a framework for scalable secure multicasting
SIGCOMM '97 Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication
Secure group communications using key graphs
IEEE/ACM Transactions on Networking (TON)
Scalable reliable multicast using multiple multicast channels
IEEE/ACM Transactions on Networking (TON)
Router level filtering for receiver interest delivery
COMM '00 Proceedings of NGC 2000 on Networked group communication
Reliable group rekeying: a performance analysis
Proceedings of the 2001 conference on Applications, technologies, architectures, and protocols for computer communications
Key Trees and the Security of Interval Multicast
ICDCS '02 Proceedings of the 22 nd International Conference on Distributed Computing Systems (ICDCS'02)
Improving Internet multicast with routing labels
ICNP '97 Proceedings of the 1997 International Conference on Network Protocols (ICNP '97)
A scalable multicast key management scheme for heterogeneous wireless networks
IEEE/ACM Transactions on Networking (TON)
Efficient Algorithms for Batch Re-Keying Operations in Secure Multicast
HICSS '06 Proceedings of the 39th Annual Hawaii International Conference on System Sciences - Volume 09
Dynamic Balanced Key Tree Management for Secure Multicast Communications
IEEE Transactions on Computers
Energy and bandwidth-efficient key distribution in wireless ad hoc networks: a cross-layer approach
IEEE/ACM Transactions on Networking (TON)
Optimal tree structure for key management of simultaneous join/leave in secure multicast
MILCOM'03 Proceedings of the 2003 IEEE conference on Military communications - Volume II
A case for end system multicast
IEEE Journal on Selected Areas in Communications
Application-layer multicasting with Delaunay triangulation overlays
IEEE Journal on Selected Areas in Communications
High Performance Group Merging/Splitting Scheme for Group Key Management
Wireless Personal Communications: An International Journal
Hi-index | 0.24 |
We focus on the problem of distributing key updates in secure dynamic group communication. In secure groups, to reflect changing group membership, the group controller needs to change and distribute new keys to ensure confidentiality of the group communication. However, in the current key management algorithms, which include the well-known logical key hierarchical algorithms, the group controller broadcasts all key updates even if only a subset of users need them. In this paper, we describe key-update distribution algorithms for distributing keys to only those users who need them. Our algorithms consist of a descendant tracking scheme - to track downstream users in the multicast tree and forwarding mechanisms - to forward key updates using the descendant tracking information. The forwarding mechanisms, in turn, depend on the type of key management algorithm used by the group controller. Using our descendant tracking scheme, a node forwards an encrypted key update only if it believes that there are descendents who know the encrypting key which enables them to decrypt the required key update. Our descendant tracking scheme requires minimal state overhead, of the order of logN bits for a group of N users, to be stored at the intermediate nodes in the multicast tree. We also describe an identifier assignment algorithm that assigns closely clustered logical identifiers to users who are in physical proximity in the multicast tree. Our identifier assignment algorithms leverages the fact that logically clustered users require the approximately same set of key updates. We show that our identifier assignment algorithm improves the performance of our key update distribution algorithms as well as that of a previous solution. Furthermore, we show that, our proposed algorithms reduce the cost of secure data distribution in applications where data needs to be sent securely to only a subset of the group users. To validate our algorithms, we tested them on different key management algorithms for distributing key updates and data. Our simulations results show that a bandwidth reduction of up to 55%, compared to broadcast, is achieved by our algorithms. We also discuss implications of topology matching and logical key tree balancing on our key distribution algorithm and show that it is possible to achieve bandwidth saving up to 90% by combining all three techniques.