Secure group communications using key graphs

Subscribe (Full Service)


	Search: The ACM Digital Library The Guide

	Feedback

Secure group communications using key graphs

Full text

Pdf (1.68 MB)

Source

Applications, Technologies, Architectures, and Protocols for Computer Communication archive
Proceedings of the ACM SIGCOMM '98 conference on Applications, technologies, architectures, and protocols for computer communication table of contents

Vancouver, British Columbia, Canada

Pages: 68 - 79

Year of Publication: 1998

ISBN:1-58113-003-1

Also published in ...

Authors

Chung Kei Wong	Department of Computer Sciences, University of Texas at Austin, Austin, TX
Mohamed Gouda	Department of Computer Sciences, University of Texas at Austin, Austin, TX
Simon S. Lam	Department of Computer Sciences, University of Texas at Austin, Austin, TX

Sponsor

SIGCOMM: ACM Special Interest Group on Data Communication

Publisher

ACM New York, NY, USA

Bibliometrics

Downloads (6 Weeks): 6, Downloads (12 Months): 58, Citation Count: 73

Additional Information:

abstract references cited by index terms collaborative colleagues

Tools and Actions:	Request Permissions Review this Article Save this Article to a Binder Display Formats: BibTeX EndNote ACM Ref

DOI Bookmark:	Use this link to bookmark this Article: http://doi.acm.org/10.1145/285237.285260 What is a DOI?

ABSTRACT

Many emerging applications (e.g., teleconference, real-time information services, pay per view, distributed interactive simulation, and collaborative work) are based upon a group communications model, i.e., they require packet delivery from one or more authorized senders to a very large number of authorized receivers. As a result, securing group communications (i.e., providing confidentiality, integrity, and authenticity of messages delivered between group members) will become a critical networking issue.In this paper, we present a novel solution to the scalability problem of group/multicast key management. We formalize the notion of a secure group as a triple (U,K,R) where U denotes a set of users, K a set of keys held by the users, and R a user-key relation. We then introduce key graphs to specify secure groups. For a special class of key graphs, we present three strategies for securely distributing rekey messages after a join/leave, and specify protocols for joining and leaving a secure group. The rekeying strategies and join/leave protocols are implemented in a prototype group key server we have built. We present measurement results from experiments and discuss performance comparisons. We show that our group key management service, using any of the three rekeying strategies, is scalable to large groups with frequent joins and leaves. In particular, the average measured processing time per join/leave increases linearly with the logarithm of group size.

REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

	1	Tony Ballardie. Scalable Multicast Key Distribution, RFC 19~9, May 1996.
	2	T. Ballardie , J. Crowcroft, Multicast-specific security threats and counter-measures, Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95), p.2, February 16-17, 1995
	3	Shimshon Berkovits. How to Broadcast a Secret. In D.W. Davies, editor, Advances in cryptology, EURO- CRYPT '91, volume 547 of Lecture Notes in Computer Science, pages 535-541. Springer Verlag, 1991.
	4	Ray Bird , Inder Gopal , Amir Herzberg , Phil Janson , Shay Kutten , Refik Molva , Moti Yung, The KryptoKnight family of light-weight protocols for authentication and key distribution, IEEE/ACM Transactions on Networking (TON), v.3 n.1, p.31-41, Feb. 1995 [doi>10.1109/90.365435]
	5	Guang-huei Chiou , Wen-Tsuen Chen, Secure Broadcasting Using the Secure Lock, IEEE Transactions on Software Engineering, v.15 n.8, p.929-934, August 1989 [doi>10.1109/32.31350]
	6	S. E. Deering, Multicast routing in internetworks and extended LANs, Symposium proceedings on Communications architectures and protocols, p.55-64, August 16-18, 1988, Stanford, California, United States
	7	Amos Fiat , Moni Naor, Broadcast encryption, Proceedings of the 13th annual international cryptology conference on Advances in cryptology, p.480-491, January 1994, Santa Barbara, California, United States
	8	Li Gong. Enclaves: Enabling Secure Collaboration over the Internet. IEEE Journal on Selected Areas in Communications, pages 567-575, April 1997.
	9	H. Harney and C. Muckenhirn. Group Key Management Protocol {CKMP) Architecture, RFC 209J, July 1997.
	10	H. Harney and C. Muckenhirn. Croup Key Management Protocol (GKMP) Specification, RFC 2093, July 1997.
	11	J. B. Lacy, D. P. Mitchell, and W. M. Schell. CryptoLib: cryptography in software. In Proceedings of USENIX: .~th UNIX Security Symposium, October 1993.
	12	Simon S. Lain and Chung Kei Wong. Keystone: A Group Key Management Service. Work in progress, Department of Computer Sciences, The University of Texas at Austin.
	13	B. N. Levine , J. J. Garcia-Luna-Aceves, Improving Internet multicast with routing labels, Proceedings of the 1997 International Conference on Network Protocols (ICNP '97), p.241, October 28-31, 1997
	14	Ralph C. Merkle, A certified digital signature, Proceedings on Advances in cryptology, p.218-238, July 1989, Santa Barbara, California, United States
	15	Suvo Mittra, Iolus: a framework for scalable secure multicasting, Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication, p.277-288, September 14-18, 1997, Cannes, France
	16	B. Clifford Neuman. Proxy-Based Authorization and Accounting for Distributed Systems. In Proceedings of 13th International Conference on Distributed Computing Systems, pages 283-291, May 1993.
	17	Jennifer G. Steiner, Clifford Neuman, and Jeffrey I. Schiller. Kerberos: An Authentication Service for Open Network Systems. In USENIX Winter Conference, pages 191-202, February 1988.
	18	Doug R. Stinson, On Some Methods for Unconditionally Secure Key Distributionand Broadcast Encryption, Designs, Codes and Cryptography, v.12 n.3, p.215-243, Nov. 1997 [doi>10.1023/A:1008268610932]
	19	J.J. Tardo and K. Alagappan. SPX: Global authentication using public key certificates. In Proceedings of 12th IEEE Symposium on Research in Security and Privacy, pages 232-244, May 1991.
	20	Debby M. Wallner, Eric J. Harder, and Ryan C. Agee. Key Management for Multicast: Issues and Architectures. Working draft, National Security Agency, July 1997.
	21	Chung K Wong , Mohamed G. Gouda , Simon S. Lam, Secure Group Communications Using Key Graphs, University of Texas at Austin, Austin, TX, 1997
	22	Thomas Y.C. Woo, Raghuram Bindignavle, Shaowen Su, and Simon S. Lam. SNP: An interface for secure network programming. In Proceedings of USENIX'9.~ Summer Technical Conference, June 1994.
	23	Thomas Y.C. Woo and Simon S. Lain. Designing a Distributed Authorization Service. In Proceedings IEEE INFOCOM '98, San Francisco, March 1998.

CITED BY 74

	Yuh-Min Tseng, A scalable key-management scheme with minimizing key storage for secure group communications, International Journal of Network Management, v.13 n.6, p.419-425, November/December 2003
	Xiaozhou Steve Li , Yang Richard Yang , Mohamed G. Gouda , Simon S. Lam, Batch rekeying for secure group communications, Proceedings of the 10th international conference on World Wide Web, p.525-534, May 01-05, 2001, Hong Kong, Hong Kong
	John McHugh , J. Bret Michael, Secure group management in large distributed systems: what is a group and what does it do?, Proceedings of the 1999 workshop on New security paradigms, p.80-85, September 22-24, 1999, Caledon Hills, Ontario, Canada
	Yang Richard Yang , Xiaozhou Li , Simon S. Lam , Xincheng Zhang, Towards scalable and reliable group key management, ACM SIGMETRICS Performance Evaluation Review, v.29 n.1, p.314-315, June 2001
	Shouhuai Xu , Ravi Sandhu, Authenticated multicast immune to denial-of-service attack, Proceedings of the 2002 ACM symposium on Applied computing, March 11-14, 2002, Madrid, Spain
	Rei Safavi-Naini , Huaxiong Wang, New constructions for multicast re-keying schemes using perfect hash families, Proceedings of the 7th ACM conference on Computer and communications security, p.228-234, November 01-04, 2000, Athens, Greece
	Wen-Her Yang , Kai-Wei Fan , Shiuh-Pyng Shieh, A secure multicast protocol for the internet's multicast backbone, International Journal of Network Management, v.11 n.2, p.129-136, March-April 2001
	Refik Molva , Alain Pannetrat, Scalable multicast security with dynamic recipient groups, ACM Transactions on Information and System Security (TISSEC), v.3 n.3, p.136-160, Aug. 2000
	Sanjeev Setia , Sencun Zhu , Sushil Jajodia, A comparitive performance analysis of reliable group rekey transport protocols for secure multicast, Performance Evaluation, v.49 n.1-4, p.21-41, September 2002
	Clay Shields , J. J. Garcia-Luna-Aceves, KHIP—a scalable protocol for secure multicast routing, ACM SIGCOMM Computer Communication Review, v.29 n.4, p.53-64, Oct. 1999
	The architecture and performance of security protocols in the ensemble group communication system: Using diamonds to guard the castle, ACM Transactions on Information and System Security (TISSEC), v.4 n.3, p.289-319, August 2001
	Chang-Seop Park , Dong-Hoon Lee, Secure and efficient key management for dynamic multicast groups, ACM SIGOPS Operating Systems Review, v.35 n.4, p.32-38, October 2001
	Chung Kei Wong , Simon S. Lam, Digital signatures for flows and multicasts, IEEE/ACM Transactions on Networking (TON), v.7 n.4, p.502-513, Aug. 1999
	Yang Richard Yang , X. Steve Li , X. Brian Zhang , Simon S. Lam, Reliable group rekeying: a performance analysis, ACM SIGCOMM Computer Communication Review, v.31 n.4, p.27-38, October 2001
	Ali Aydin Selçuk , Deepinder Sidhu, Probabilistic optimization techniques for multicast key management, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.40 n.2, p.219-234, 7 October 2002
	Suman Banerjee , Arunesh Mishra, MobiCom poster: secure spaces: location-based secure wireless group communication, ACM SIGMOBILE Mobile Computing and Communications Review, v.7 n.1, January 2003
	Nuttapong Attrapadung , Kazukuni Kobara, Broadcast encryption with short keys and transmissions, Proceedings of the 3rd ACM workshop on Digital rights management, October 27-27, 2003, Washington, DC, USA
	Taejoon Park , Kang G. Shin, LiSP: A lightweight security protocol for wireless sensor networks, ACM Transactions on Embedded Computing Systems (TECS), v.3 n.3, p.634-660, August 2004
	Justin Goshi , Richard E. Ladner, Algorithms for dynamic multicast key distribution trees, Proceedings of the twenty-second annual symposium on Principles of distributed computing, p.243-251, July 13-16, 2003, Boston, Massachusetts
	Refik Molva , Alain Pannetrat, Network security in the multicast framework, Advanced lectures on networking, Springer-Verlag New York, Inc., New York, NY, 2002
	Sencun Zhu , Sanjeev Setia , Sushil Jajodia, LEAP: efficient security mechanisms for large-scale distributed sensor networks, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA
	X. Brian Zhang , Simon S. Lam , Dong-Young Lee , Y. Richard Yang, Protocol design for scalable and reliable group rekeying, IEEE/ACM Transactions on Networking (TON), v.11 n.6, p.908-922, 01 December 2003
	Group Key Agreement Efficient in Communication, IEEE Transactions on Computers, v.53 n.7, p.905-921, July 2004
	T. Kaya , G. Lin , G. Noubir , A. Yilmaz, Secure multicast groups on ad hoc networks, Proceedings of the 1st ACM workshop on Security of ad hoc and sensor networks, October 31, 2003, Fairfax, Virginia
	Abhrajit Ghosh , Farooq Anjum, Last hop topology sensitive multicasting key managment, Proceedings of the 1st ACM international workshop on Quality of service & security in wireless and mobile networks, October 13-13, 2005, Montreal, Quebec, Canada
	Donggang Liu , Peng Ning , Kun Sun, Efficient self-healing group key distribution with revocation capability, Proceedings of the 10th ACM conference on Computer and communications security, October 27-30, 2003, Washington D.C., USA
	Danilo Bruschi , Emilia Rosti, Secure multicast in wireless networks of mobile hosts: protocols and issues, Mobile Networks and Applications, v.7 n.6, p.503-511, December 2002
	Yacine Challal , Hatem Bettahar , Abdelmadjid Bouabdallah, SAKM: a scalable and adaptive key management approach for multicast communications, ACM SIGCOMM Computer Communication Review, v.34 n.2, April 2004
	X. Brian Zhang , Simon S. Lam , Dong-Young Lee, Group rekeying with limited unicast recovery, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.44 n.6, p.855-870, 22 April 2004
	Michael Steiner , Gene Tsudik , Michael Waidner, Key Agreement in Dynamic Peer Groups, IEEE Transactions on Parallel and Distributed Systems, v.11 n.8, p.769-780, August 2000
	Yongdae Kim , Adrian Perrig , Gene Tsudik, Tree-based group key agreement, ACM Transactions on Information and System Security (TISSEC), v.7 n.1, p.60-96, February 2004
	Wen-Guey Tzeng , Zhi-Jia Tzeng, A Public-Key Traitor Tracing Scheme with Revocation Using Dynamic Shares, Designs, Codes and Cryptography, v.35 n.1, p.47-61, April 2005
	Danfeng Yao , Nelly Fazio , Yevgeniy Dodis , Anna Lysyanskaya, ID-based encryption for complex hierarchies with applications to forward security and broadcast encryption, Proceedings of the 11th ACM conference on Computer and communications security, October 25-29, 2004, Washington DC, USA
	Sara Miner More , Michael Malkin , Jessica Staddon , Dirk Balfanz, Sliding-window self-healing key distribution, Proceedings of the 2003 ACM workshop on Survivable and self-regenerative systems: in association with 10th ACM Conference on Computer and Communications Security, p.82-90, October 31-31, 2003, Fairfax, VA
	Bogdan C. Popescu , Bruno Crispo , Andrew S. Tanenbaum , Frank L.A.J. Kamperman, A DRM security architecture for home networks, Proceedings of the 4th ACM workshop on Digital rights management, October 25-25, 2004, Washington DC, USA
	Dalit Naor , Moni Naor, Protecting Cryptographic Keys: The Trace-and-Revoke Approach, Computer, v.36 n.7, p.47-53, July 2003
	Alan T. Sherman , David A. McGrew, Key Establishment in Large Dynamic Groups Using One-Way Function Trees, IEEE Transactions on Software Engineering, v.29 n.5, p.444-458, May 2003
	Jeffrey Lotspiech , Stefan Nusser , Florian Pestoni, Broadcast Encryption's Bright Future, Computer, v.35 n.8, p.57-63, August 2002
	H. Seba , A. Bouabdallah , N. Badache, A new approach to scalable and fault-tolerant group key management protocols, Journal of High Speed Networks, v.13 n.4, p.283-296, January 2004
	Yao Yan , Yi Ping , Zhong Yi-Ping , Zhang Shi-Yong, Gossip-based scalable and reliable group key distribution framework, Proceedings of the 3rd international conference on Information security, November 14-16, 2004, Shanghai, China
	Alexandr Andoni , Jessica Staddon, Graceful service degradation (or, how to know your payment is late), Proceedings of the 6th ACM conference on Electronic commerce, p.9-18, June 05-08, 2005, Vancouver, BC, Canada
	Keith Frikken , Mikhail Atallah , Marina Bykova, Remote revocation of smart cards in a private DRM system, Proceedings of the 2005 Australasian workshop on Grid computing and e-research, p.169-177, January 01, 2005, Newcastle, New South Wales, Australia
	Bogdan C. Popescu , Bruno Crispo , Andrew S. Tanenbaum, Support for multi-level security policies in DRM architectures, Proceedings of the 2004 workshop on New security paradigms, September 20-23, 2004, Nova Scotia, Canada
	Chatree Sangpachatanaruk , Sherif M. Khattab , Taieb Znati , Rami Melhem , Daniel Mossé, Design and analysis of a replicated elusive server scheme for mitigating denial of service attacks, Journal of Systems and Software, v.73 n.1, p.15-29, September 2004
	Taenam Cho , Sang-Ho Lee , Won Kim, A group key recovery mechanism based on logical key hierarchy, Journal of Computer Security, v.12 n.5, p.711-736, September 2004
	Wen-Her Yang , Shiuh-Pyng Shieh, Secure key agreement for group communications, International Journal of Network Management, v.11 n.6, p.365-374, November/December 2001
	Junghyun Nam , Jinwoo Lee , Seungjoo Kim , Dongho Won, DDH-based group key agreement in a mobile environment, Journal of Systems and Software, v.78 n.1, p.73-83, October 2005
	G. Myles , S. Nusser, Content protection for games, IBM Systems Journal, v.45 n.1, p.119-143, January 2006
	Chun Zhang , Brian DeCleene , Jim Kurose , Don Towsley, Comparison of inter-area rekeying algorithms for secure wireless group communications, Performance Evaluation, v.49 n.1-4, p.1-20, September 2002
	Venkata C. Giruka , Saikat Chakrabarti , Mukesh Singhal, A distributed multi-party key agreement protocol for dynamic collaborative groups using ECC, Journal of Parallel and Distributed Computing, v.66 n.7, p.959-970, July 2006
	Indrajit Ray , Nayot Poolsappasit, Using mobile ad hoc networks to acquire digital evidence from remote autonomous agents, International Journal of Security and Networks, v.3 n.2, p.80-94, February 2008
	Justin Goshi , Richard E. Ladner, Algorithms for dynamic multicast key distribution, Journal of Experimental Algorithmics (JEA), 11, 2006
	Sencun Zhu , Sanjeev Setia , Sushil Jajodia, LEAP+: Efficient security mechanisms for large-scale distributed sensor networks, ACM Transactions on Sensor Networks (TOSN), v.2 n.4, p.500-528, November 2006
	Lukasz Opyrchal , Atul Prakash, Secure distribution of events in content-based publish subscribe systems, Proceedings of the 10th conference on USENIX Security Symposium, p.21-21, August 13-17, 2001, Washington, D.C.
	Sencun Zhu , Chao Yao , Donggang Liu , Sanjeev Setia , Sushil Jajodia, Efficient security mechanisms for overlay multicast based content delivery, Computer Communications, v.30 n.4, p.793-806, February, 2007
	Lukasz Opyrchal , Atul Prakash, Secure distribution of events in content-based publish subscribe systems, Proceedings of the 10th conference on USENIX Security Symposium, p.21-21, August 13-17, 2001, Washington, D.C.
	Ritesh Mukherjee , J. William Atwood, Scalable solutions for secure group communications, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.12, p.3525-3548, August, 2007
	Reza Curtmola , Seny Kamara, A Mechanism for Communication-Efficient Broadcast Encryption over Wireless Ad Hoc Networks, Electronic Notes in Theoretical Computer Science (ENTCS), v.171 n.1, p.57-69, April, 2007
	H. Ragab Hassen , A. Bouabdallah , H. Bettahar , Y. Challal, Key management for content access control in a hierarchy, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.11, p.3197-3219, August, 2007
	Sencun Zhu , Sanjeev Setia , Shouhuai Xu , Sushil Jajodia, GKMPAN: An Efficient Group Rekeying Scheme for Secure Multicast in Ad-Hoc Networks, Journal of Computer Security, v.14 n.4, p.301-325, July 2006
	Patrick McDaniel , Atul Prakash, Enforcing provisioning and authorization policy in the Antigone system, Journal of Computer Security, v.14 n.6, p.483-511, November 2006
	Mohamed Eltoweissy , M. Hossain Heydari , Linda Morales , I. Hal Sudborough, Combinatorial Optimization of Group Key Management, Journal of Network and Systems Management, v.12 n.1, p.33-50, March 2004
	Wei Yu , Yan (Lindsay) Sun , K. J. Ray Liu, Optimizing Rekeying Cost for Contributory Group Key Agreement Schemes, IEEE Transactions on Dependable and Secure Computing, v.4 n.3, p.228-242, July 2007
	Guojun Wang , Jie Ouyang , Hsiao-Hwa Chen , Minyi Guo, Efficient group key management for multi-privileged groups, Computer Communications, v.30 n.11-12, p.2497-2509, September, 2007
	Reihaneh Safavi-Naini , Shaoquan Jiang, Non-interactive conference key distribution and its applications, Proceedings of the 2008 ACM symposium on Information, computer and communications security, March 18-20, 2008, Tokyo, Japan
	Junbeom Hur , Youngjoo Shin , Hyunsoo Yoon, Decentralized group key management for dynamic networks using proxy cryptography, Proceedings of the 3rd ACM workshop on QoS and security for wireless and mobile networks, October 22-22, 2007, Chania, Crete Island, Greece
	Jen-Chiun Lin , Kuo-Hsuan Huang , Feipei Lai , Hung-Chang Lee, Secure and efficient group key management with shared key derivation, Computer Standards & Interfaces, v.31 n.1, p.192-208, January, 2009
	Thomas Martin , Keith M. Martin , Peter Wild, Establishing the broadcast efficiency of the Subset Difference Revocation Scheme, Designs, Codes and Cryptography, v.51 n.3, p.315-334, June 2009
	Kun Sun , An Liu , Roger Xu , Peng Ning , Douglas Maughan, Securing network access in wireless sensor networks, Proceedings of the second ACM conference on Wireless network security, March 16-19, 2009, Zurich, Switzerland
	Bing Wu , Jie Wu , Yuhong Dong, An efficient group key management scheme for mobile ad hoc networks, International Journal of Security and Networks, v.4 n.1/2, p.125-134, February 2009
	Wensheng Zhang , Sencun Zhu , Guohong Cao, Predistribution and local collaboration-based group rekeying for wireless sensor networks, Ad Hoc Networks, v.7 n.6, p.1229-1242, August, 2009
	Song Han , Biming Tian , Mingxing He , Elizabeth Chang, Efficient threshold self-healing key distribution with sponsorization for infrastructureless wireless networks, IEEE Transactions on Wireless Communications, v.8 n.4, p.1876-1887, April 2009
	Zhiguo Wan , Robert H. Deng , Feng Bao , Bart Preneel , Ming Gu, nPAKE⁺: a tree-based group password-authenticated key exchange protocol using different passwords, Journal of Computer Science and Technology, v.24 n.1, p.138-151, January 2009
	Randy Baden , Adam Bender , Neil Spring , Bobby Bhattacharjee , Daniel Starin, Persona: an online social network with user-defined privacy, ACM SIGCOMM Computer Communication Review, v.39 n.4, October 2009