On Dynamic Subset Difference Revocation Scheme

Subset Difference Revocation (SDR) [7] has been proposed to perform group rekeying in a stateless manner. However, statelessness comes at a cost in terms of key storage and messaging overhead when the number of currently active members is much smaller than the number of potential group members [3]. In this paper, we propose a dynamic SDR scheme to address these two problems. Briefly, rather than maintaining a large static key tree that can accommodate all potential group members, we use a smaller dynamic key tree for only currently active members. We dynamically assign current members to the positions in the key tree rather than using fixed pre-assignment. The smaller key tree requires less key storage and dynamic assignment achieves a smaller rekeying cost. We also describe enhancements to dynamic SDR that further improve performance. Our evaluation shows that the dynamic scheme significantly improves the performance of SDR, reducing by half the rekey communication cost in the case that the number of the currently active members is much less than the total number of potential members. Also, compared to the SDR in [7], dynamic SDR does not need to know the maximum number of potential group members in advance, a value that can be difficult to estimate in practice. keywords: System design, Network security, Group rekeying, Subset Difference Revocation ∗This research has been supported in part by the NSF under grant awards ANI-0085848. Any opinions, findings, and conclusions or recommendations expressed in this material are those of the authors and do not necessarily reflect the views of the National Science Foundation. 1