Group rekeying with limited unicast recovery q
نویسندگان
چکیده
In secure group communications, a key server can deliver a ‘‘group-oriented’’ rekey message [C.K. Wong, M.G. Gouda, S.S. Lam, Secure group communications using key graphs, in: Proceedings of ACM SIGCOMM 98, September 1998, pp. 68–79] to a large number of users efficiently using multicast. For reliable delivery, Keystone [C.K. Wong, S.S. Lam, Keystone: a group key management system, in: Proceedings of International Conference on Telecommunications, Acapulco, Mexico, May 2000] proposed the use of forward error correction (FEC) in an initial multicast, followed by the use of unicast delivery for users that cannot recover their new keys from the multicast. In this paper, we investigate how to limit unicast recovery to a small fraction r of the user population. By specifying a very small r, almost all users in the group will receive their new keys within a single multicast round. We present analytic models for deriving r as a function of the amount of FEC redundant information (denoted by h) and the rekeying interval duration (denoted by T ) for both Bernoulli and two-state Markov Chain loss models. From our analyses, we conclude that r decreases roughly at an exponential rate as h increases. We then present a protocol designed to adaptively adjust ðh; T Þ to achieve a specified r. In particular, our protocol chooses from among all feasible ðh; T Þ pairs one with h and T values close to their feasible minima. Our protocol also adapts to an increase in network traffic. Simulation results using ns-2 show that with network congestion our adaptive FEC protocol can still achieve a specified r by adjusting values of h and T . 2003 Elsevier B.V. All rights reserved. Research sponsored by NSF grants ANI-9977267 and ANI-0319168, and Texas Advanced Research Program 0036580439-2001. An abbreviated version of this paper appeared in Proceedings of ICC 2003 Symposium on Next Generation Internet, Anchorage, AK, May 2003. * Corresponding author. Tel.: +1-512-4719531; fax: +1-512-
منابع مشابه
Group rekeying with limited unicast recovery
In secure group communications, a key server can deliver a “group-oriented” rekey message [16] to a large number of users efficiently using IP multicast. For reliable delivery, Keystone [17] proposed the use of forward error correction (FEC) in an initial multicast, followed by the use of unicast delivery for users that cannot recover their new keys from the multicast. In this paper, we investi...
متن کاملSecure Group Communication with Self-healing and Rekeying in Wireless Sensor Networks
We have developed a self-healing key distribution scheme for secure multicast group communications for wireless sensor network environment. We present a strategy for securely distributing rekeying messages and specify techniques for joining and leaving a group. Access control in multicast system is usually achieved by encrypting the content using an encryption key, known as the group key (sessi...
متن کاملScalable Rekeying limited to Subgroup using Hybrid Key Trees
Maintaining security is a critical issue in any group communication protocols. The objective of security in a group communication is to ensure the access only to the legitimate members of the multicast group. The entry and eviction of the members are the main criteria to change the group key and to give them more assurance of a secret communication, which is known as re-keying. Since it is a fr...
متن کاملSliding Window Protocol for Secure Group Communication in Ad-Hoc Networks
Existing ad hoc routing protocols are either unicast or multicast. In this paper we propose a simple extension to the Dynamic Source Routing Protocol (DSR) to cater for group communications where all node addresses are unicast addresses and there is no single multicast address. The proposed sliding window protocol for multiple communications results in significant improvement in total packet de...
متن کاملHISS: A HIghly Scalable Scheme for Group Rekeying
Group communication is a suitable and effective communication model for large-scale distributed systems.To be fully exploitable, group communication must be protected.This is normally achieved by providing members with a group key which is revoked and redistributed upon every member’s joining (backward security) or leaving (forward security). Such a rekeying process must be efficient and highly...
متن کامل