Key management and distribution for secure multimedia multicast

The problem of controlling access to multimedia multicasts requires the distribution and maintenance of keying information. Typically, the problem of key management is considered separately from the problem of distributing the rekeying messages. Multimedia sources provide two approaches to distributing the rekeying messages associated with securing group communication. The first, and more conventional, approach employs the use of a media-independent channel to convey rekeying messages. We propose, however, a second approach that involves the use of a media-dependent channel, and is achieved for multimedia by using data embedding techniques. Compared to a media-independent channel, the use of data embedding to convey rekeying messages provides enhanced security by masking the presence of rekeying operations. This covert communication makes it difficult for an adversary to gather information regarding the group membership and its dynamics. In addition to proposing a new mode of conveyance for the rekeying messages, we introduce a new message format that is suitable for multicast key management schemes. This new message format uses one-way functions to securely distribute new key material to subgroups of users. An advantage of this approach over the traditional message format is that no additional messages must be sent to flag the users which portion of the message is intended for them, thereby reducing communication overhead. We then show how to map the message to a tree structure in order to achieve desirable scalability in communication and computational overhead. Next, as an example of the interplay between the key management scheme and the mode of conveyance, we study the feasibility of embedding rekeying messages using a data embedding method that has been recently proposed for fractional-pel video coding standards such as H.263 and MPEG-2. Finally, since multimedia services will involve multiple layers or objects, we extend the tree-based key management schemes to include new operations needed to handle multilayer multimedia applications where group members may subscribe or cancel membership to some layers while maintaining membership to other layers.