Multilayer multicast key management with threshold cryptography

The problem of distributing multimedia securely over the Internet is often viewed as an instance of secure multicast communication, in which multicast messages are protected by a group key shared among the group of clients. One important class of key management schemes makes use of a hierarchical key distribution tree. Constructing a hierarchical tree based on secret shares rather than keys yields a scheme that is both more flexible and provably secure. Both the key-based and share-based hierarchical key distribution tree techniques are designed for managing keys for a single data stream. Recent work shows how redundancies that arise when this scheme is extended to multi-stream (e.g. scalable video) applications may be exploited in the key-based system by viewing the set of clients as a “multi-group”. In this paper, we present results from an adaptation of a multi-group key management scheme using threshold cryptography. We describe how the multi-group scheme is adapted to work with secret shares, and compare this scheme with a naïve multi-stream key-management solution by measuring performance across several critical parameters, including tree degree, multi-group size, and number of shares stored at each node.