Scalable Delay-constrained Multicast Group Key Management

In the last few years, multicasting is increasingly used as an efficient communication mechanism for group-oriented applications in the Internet. Some multicast applications require confidentiality for transmitted data. So, a traffic encryption key is used to assure this confidentiality and has to be changed and distributed to all valid members whenever a membership change (join or leave) occurs in the group. The bandwidth used for re-keying operations could be high when the group size is large. To cope with this limitation, many solutions propose to organize group members into subgroups that use independent traffic encryption keys in order to mitigate the scope of key management and thereby to scale better to large groups. Unfortunately, these solutions require the decryption and re-encryption of multicast messages whenever they pass from one subgroup to another. Moreover, the decryption / re-encryption operations induce delays in packet delivery throughout the delivery path. In order to avoid delays in packet delivery and perturbations caused by re-keying, we propose in this paper an adaptive solution for key management which organizes group members into dynamic and homogeneous clusters according to the application level requirements. First, we show that partitioning the group into clusters of subgroups that use independent traffic encryption keys can be formulated as tree partitioning problem. Then, we propose a protocol to solve the problem with respect to the application requirements and membership behavior. We conducted several simulations of the proposed protocol and the obtained results show that our solution is efficient and achieves better performance trade-offs compared to other schemes.