Practical Evaluation of Revocation Schemes

Group communication and the security thereof constitute two of the most important problems which need to be solved in the future cellular and wireless networks. This is especially true when the group is large and dynamically changing. One way to solve the security problem is to use so-called revocation schemes. However, these schemes do not scale very well and they create large computational costs, large communication overheads and/or memory requirements when the number of users grows. The aim of this Master’s Thesis was to evaluate the practicality of revocation schemes on both a practical and theoretical basis and, specifically, to investigate the possibility of implementing such a system in a future cellular and wireless network. Two different revocation schemes were implemented in the Master’s project, namely the Subset Difference-protocol (SD) and the Logical Key Hierarchy-protocol (LKH). The LKH-protocol was implemented in three versions which gives a total of four different implementations. These implementations were then tested on six different user behaviors and three different user set sizes. The SD-protocol showed superior performance compared to the other protocols on all user patterns except one. The SD-protocol also possesses a few qualitatively very good properties such as statelessness. However, even the SD-protocol’s communication overhead may be too large for low-speed links, and none of the implemented protocols does hence fully suit a cellular or wireless network. These results were all obtained when the dynamics of the group was relatively high. If the dynamics of the group is very low, the LKH-based protocols may be a feasible choice. Praktisk utvärdering av revokeringsprotokoll