Key Bundles and Parcels: Secure Communication in Many Groups

  • Eunjin Jung
  • Xiang-Yang Alex Liu
  • Mohamed G. Gouda
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2816)

Abstract

We consider a system where each user is in one or more elementary groups. In this system, arbitrary groups of users can be specified using the operations of union, intersection, and complement over the elementary groups in the system. Each elementary group in the system is provided with a security key that is known only to the users in the elementary group and to the system server. Thus, for any user u to securely multicast a data item d to every user in an arbitrary group G, u first forwards d to the system server which encrypts it using the keys of the elementary groups that comprise G before multicasting the encrypted d to every user in G. Every elementary group is also provided with a key tree to ensure that the cost of changing the key of the elementary group, when a user leaves the group, is small. We describe two methods for packing the key trees of elementary groups into key bundles and into key parcels. Packing into key bundles has the advantage of reducing the number of encryptions needed to multicast a data item to the complement of an elementary group. Packing into key parcels has the advantage of reducing the total number of keys in the system. We apply these two methods to a class of synthetic systems: each system has 10000 users and 500 elementary groups, and each user is in 2 elementary groups on average. Simulations of these systems show that our proposals to pack key trees into key bundles and key parcels live up to their promises.

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Gong, L.: Enclaves: Enabling secure collaboration over the internet. IEEE Journal of Selected Areas in Communications 15, 567–575 (1997)CrossRefGoogle Scholar
  2. 2.
    Mittra, S.: Iolus: a framework for scalable secure multicasting. In: The Proceedings of the ACM SIGCOMM 1997, pp. 277–288. ACM Press, New York (1997)Google Scholar
  3. 3.
    Wallner, D.M., Harder, E.J., Agee, R.C.: Key management for multicast: Issues and architectures. RFC 2627 (1999) Google Scholar
  4. 4.
    Wong, C.K., Gouda, M., Lam, S.S.: Secure group communications using key graphs. IEEE/ACM Transactions on Networking (TON) 8, 16–30 (2000)CrossRefGoogle Scholar
  5. 5.
    Steiner, M., Tsudik, G., Waidner, M.: Key agreement in dynamic peer groups. IEEE Transactions on Parallel and Distributed Systems 11, 769–780 (2000)CrossRefGoogle Scholar
  6. 6.
    Gong, L., Shacham, N.: Multicast security and its extension to a mobile environment. Wireless Networks 1, 281–295 (1995) Google Scholar
  7. 7.
    Ballardie, A.: Scalable multicast key distribution. RFC 1949 (1996) Google Scholar
  8. 8.
    Chang, I., Engel, R., Kandlur, D.D., Pendarakis, D.E., Saha, D.: Key management for secure internet multicast using boolean function minimization techniques. In: The Proceedings of IEEE Infocom 1999, vol. 2, pp. 689–698 (1999)Google Scholar
  9. 9.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001)CrossRefGoogle Scholar
  10. 10.
    Rodeh, O., Birman, K., Dolev, D.: The architecture and performance of security protocols in the ensemble group communication system: Using diamonds to guard the castle. ACM Transactions on Information and System Security (TISSEC) 4, 289–319 (2001)CrossRefGoogle Scholar
  11. 11.
    Setia, S., Koussih, S., Jajodia, S., Harder, E.: Kronos: A scalable group re-keying approach for secure multicast. In: The Proceedings of IEEE Symposium on Security and Privacy (2000) Google Scholar
  12. 12.
    Waldvogel, M., Caronni, G., Sun, D., Weiler, N., Plattner, B.: The versakey framework: Versatile group key management. IEEE Journal on Selected Areas in Communications 17, 1614–1631 (1999)CrossRefGoogle Scholar
  13. 13.
    Gouda, M.G., Huang, C.T., Elnozahy, E.: Key trees and the security of the interval multicast. In: The Proceedings of the 22nd International Conference on Distributed Computing Systems, pp. 467–468 (2002) Google Scholar
  14. 14.
    Li, X.S., Yang, Y.R., Gouda, M.G., Lam, S.S.: Batch rekeying for secure group communications. In: The Proceedings of the 10th international World Wide Web conference on World Wide Web, pp. 525–534. ACM Press, New York (2001)CrossRefGoogle Scholar
  15. 15.
    Yang, Y.R., Li, X.S., Zhang, X.B., Lam, S.S.: Reliable group rekeying: a performance analysis. In: The Proceedings of the 2001 conference on applications, technologies, architectures, and protocols for computer communications, pp. 27–38. ACM Press, New York (2001)CrossRefGoogle Scholar
  16. 16.
    Snoeyink, J., Suri, S., Varghese, G.: A lower bound for multicast key distribution. In: The Proceedings of IEEE Infocom 2001, pp. 667–675 (2001) Google Scholar
  17. 17.
    Jung, E., Liu, X.Y.A., Gouda, M.G.: Key bundles and parcels: Secure communication in many groups. Technical Report TR-03-21, Dept. of Computer Sciences, The University of Texas at Austin (2003)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Eunjin Jung
    • 1
  • Xiang-Yang Alex Liu
    • 1
  • Mohamed G. Gouda
    • 1
  1. 1.Department of Computer SciencesThe University of Texas at Austin 

Personalised recommendations