ACM Portal
  Subscribe (Full Service)    Register (Limited Service, Free)    Login
  Search:   The ACM Digital Library   The Guide
  
ACM Home Page
Please provide us with feedback. Feedback
A survey of key management for secure group communication
Full text PdfPdf (346 KB)
Source ACM Computing Surveys (CSUR) archive
Volume 35 ,  Issue 3  (September 2003) table of contents
Pages: 309 - 329  
Year of Publication: 2003
ISSN:0360-0300
Authors
Sandro Rafaeli  Computing Department, Lancaster University, Lancaster, United Kingdom
David Hutchison  Computing Department, Lancaster University, Porto Alegre, Brazil
Publisher
ACM  New York, NY, USA
Bibliometrics
Downloads (6 Weeks): 89,   Downloads (12 Months): 538,   Citation Count: 46
Additional Information:

abstract   references   cited by   index terms   collaborative colleagues  

Tools and Actions: Request Permissions Request Permissions    Review this Article  
DOI Bookmark: Use this link to bookmark this Article: http://doi.acm.org/10.1145/937503.937506
What is a DOI?

ABSTRACT

Group communication can benefit from IP multicast to achieve scalable exchange of messages. However, there is a challenge of effectively controlling access to the transmitted data. IP multicast by itself does not provide any mechanisms for preventing nongroup members to have access to the group communication. Although encryption can be used to protect messages exchanged among group members, distributing the cryptographic keys becomes an issue. Researchers have proposed several different approaches to group key management. These approaches can be divided into three main classes: centralized group key management protocols, decentralized architectures and distributed key management protocols. The three classes are described here and an insight given to their features and goals. The area of group key management is then surveyed and proposed solutions are classified according to those characteristics.


REFERENCES

Note: OCR errors may be found in this Reference List extracted from the full text article. ACM has opted to expose the complete List rather than only correct and linked references.

 
1
Ballardie, A. 1996. Scalable Multicast Key Distribution. RFC 1949.
 
2
T. Ballardie , J. Crowcroft, Multicast-specific security threats and counter-measures, Proceedings of the 1995 Symposium on Network and Distributed System Security (SNDSS'95), p.2, February 16-17, 1995
3
Klaus Becker , Uta Wille, Communication complexity of group key distribution, Proceedings of the 5th ACM conference on Computer and communications security, p.1-6, November 02-05, 1998, San Francisco, California, United States  [doi>10.1145/288090.288094]
 
4
Colin Boyd, On Key Agreement and Conference Key Agreement, Proceedings of the Second Australasian Conference on Information Security and Privacy, p.294-302, July 07-09, 1997
 
5
Bob Briscoe, MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences, Proceedings of the First International COST264 Workshop on Networked Group Communication, p.301-320, November 17-20, 1999
 
6
Burmester, M. and Desmedt, Y. 1994. A secure and efficient conference key distribution system (extended abstract). In Advances in Cryptology---EUROCRYPT 94, A. D. Santis, Ed., Lecture Notes in Computer Science, vol. 950. Springer-Verlag, New York, pp. 275--286.
 
7
Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., and Pinkas, B. 1999a. Multicast Security: A Taxonomy and Some Efficient Constructions. In Proceedings of the IEEE INFOCOM. Vol. 2. (New Yok, N.Y., Mar.). 708--716.
 
8
Canetti, R., Malkin, T., and Nissim, K. 1999b. Efficient communication-storage tradeoffs for multicast encryption. In Advances in Cryptology---EUROCRYPT '99, J. Stem, Ed. Lectures Notes in Computer Science, vol. 1599. Springer-Verlag, New York, pp. 459--474.
 
9
Chang, I., Engel, R., Kandlur, D., Pendarakis, D., and Saha, D. 1999. Key management for secure internet multicast using boolean function minimization techniques. In IEEE INFOCOM. Vol. 2. (New York, March 1999), 689--698.
 
10
DeCleene, B., Dondeti, L., Griffin, S., Hardjono, T., Kiwior, D., Kurose, J., Towsley, D., Vasudevan, S., and Zhang, C. 2001. Secure group communications for wireless networks. In Proceedings of the MILCOM. (June).
 
11
Deering, S. 1989. Host Extensions for IP Multicasting. RFC 1112.
 
12
Diffie, W. and Hellman, M. E. 1976. New directions in cryptography. IEEE Trans. Inf. Theory IT-22, 6 (Nov.), 644--654.
 
13
Dondeti, L., Mukherjee, S., and Samal, A. 1999a. A distributed group key management scheme for secure many-to-many communication. Tech. Rep. PINTL-TR-207-99, Department of Computer Science, University of Maryland.
 
14
Dondeti, L., Mukherjee, S., and Samal, A. 1999b. Scalable secure one-to-many group communication using dual encryption. Comput. Commun. 23, 17 (Nov.), 1681--1701.
 
15
Fenner, W. 1997. Internet Group Management Protocol, Version 2. RFC 2236.
16
Oded Goldreich , Shafi Goldwasser , Silvio Micali, How to construct random functions, Journal of the ACM (JACM), v.33 n.4, p.792-807, Oct. 1986  [doi>10.1145/6490.6503]
 
17
Hardjono, T. and Tsudik, G. 2000. IP multicast security: Issues and directions. Ann. Telecom. 324--340.
 
18
Harney, H. and Muckenhirn, C. 1997a. Group Key Management Protocol (GKMP) Specification. RFC 2093.
 
19
Harney, H. and Muckenhirn, C. 1997b. Group Key Management Protocol (GKMP) Architecture. RFC 2094.
20
Yongdae Kim , Adrian Perrig , Gene Tsudik, Simple and fault-tolerant key agreement for dynamic collaborative groups, Proceedings of the 7th ACM conference on Computer and communications security, p.235-244, November 01-04, 2000, Athens, Greece  [doi>10.1145/352600.352638]
 
21
Li, M., Poovendran, R., and Berenstein, C. 2001. Optimization of key storage for secure. In Proceedings of the 35th Annual Conference on Information Sciences and Systems (CISS). (John Hopkins, Mar.).
 
22
McDaniel, P., Prakash, A., and Honeyman, P. 1999. Antigone: A flexible framework for secure group communication. In Proceedings of the 8th USENIX Security Symposium. (Washington, D.C. Aug.). 99--114.
 
23
McGrew, D. A. and Sherman, A. T. 1998. Key establishment in large dynamic groups using one-way function trees. Tech. Rep. No. 0755 (May), TIS Labs at Network Associates, Inc., Glenwood, Md.
 
24
Meyer, D. 1998. Administratively Scoped IP Multicast. RFC 2365.
 
25
Mills, D. L. 1992. Network Time Protocol (Version 3) Specification, Implementation and Analysis. RFC 1305.
26
Suvo Mittra, Iolus: a framework for scalable secure multicasting, Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communication, p.277-288, September 14-18, 1997, Cannes, France
27
Refik Molva , Alain Pannetrat, Scalable multicast security in dynamic groups, Proceedings of the 6th ACM conference on Computer and communications security, p.101-112, November 01-04, 1999, Kent Ridge Digital Labs, Singapore  [doi>10.1145/319709.319723]
 
28
Moyer, M. J., Rao, J. R., and Rohatgi, P. 1999. A survey of security issues in multcast communications. IEEE Netw. Mag. 13, 6 (Nov./Dec.), 12--23.
 
29
Perrig, A. 1999. Efficient collaborative key management protocols for secure autonomous group communication. In Proceedings of the International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC'99). (Hong Kong, China, July). M. Blum and C H Lee, Eds. City University of Hong Kong Press, Hong Kong, China, pp. 192--202.
 
30
Adrian Perrig , Dawn Song , J. D. Tygar, ELK, a New Protocol for Efficient Large-Group Key Distribution, Proceedings of the 2001 IEEE Symposium on Security and Privacy, p.247, May 14-16, 2001
 
31
Sandro Rafaeli , David Hutchison, Hydra: A Decentralised Group Key Management, Proceedings of the 11th IEEE International Workshops on Enabling Technologies: nfrastructure for Collaborative Enterprises, p.62-67, June 10-12, 2002
 
32
Sandro Rafaeli , Laurent Mathy , David Hutchison, EHBT: An Efficient Protocol for Group Key Management, Proceedings of the Third International COST264 Workshop on Networked Group Communication, p.159-171, November 07-09, 2001
 
33
Rivest, R. 1992. The MD5 Message-Digest Algorithm. RFC 1321.
 
34
Rodeh, O., Birman, K., and Dolev, D. 2000. Optimized group rekey for group communication systems. In Network and Distributed System Security. (San Diego, Calif., Feb.).
 
35
Bruce Schneier, Applied cryptography (2nd ed.): protocols, algorithms, and source code in C, John Wiley & Sons, Inc., New York, NY, 1995
 
36
Sanjeev Setia , Samir Koussih , Sushil Jajodia , Eric Harder, Kronos: A Scalable Group Re-Keying Approach for Secure Multicast, Proceedings of the 2000 IEEE Symposium on Security and Privacy, p.215, May 14-17, 2000
37
Michael Steiner , Gene Tsudik , Michael Waidner, Diffie-Hellman key distribution extended to group communication, Proceedings of the 3rd ACM conference on Computer and communications security, p.31-37, March 14-15, 1996, New Delhi, India  [doi>10.1145/238168.238182]
 
38
Waldvogel, M., Caronni, G., Sun, D., Weiler, N., and Plattner, B. 1999. The VersaKey framework: Versatile group key management. IEEE J. Sel. Areas Commun. (Special Issue on Middleware) 17, 9 (Aug.), 1614--1631.
 
39
Wallner, D., Harder, E., and Agee, R. 1999. Key Management for Multicast: Issues and Architectures. RFC 2627.
 
40
Ingo Wegener, The complexity of Boolean functions, John Wiley & Sons, Inc., New York, NY, 1987
 
41
Nathalie Weiler, SEMSOMM--A Scalable Multiple Encryption Scheme for One-To-Many Multicast, Proceedings of the 10th IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, p.231-236, June 20-22, 2001
 
42
Chung Kei Wong , Mohamed Gouda , Simon S. Lam, Secure group communications using key graphs, IEEE/ACM Transactions on Networking (TON), v.8 n.1, p.16-30, Feb. 2000  [doi>10.1109/90.836475]

CITED BY  47
Yacine Challal , Hatem Bettahar , Abdelmadjid Bouabdallah, SAKM: a scalable and adaptive key management approach for multicast communications, ACM SIGCOMM Computer Communication Review, v.34 n.2, April 2004
Dijiang Huang , Deep Medhi, A key-chain-based keying scheme for many-to-many secure group communication, ACM Transactions on Information and System Security (TISSEC), v.7 n.4, p.523-552, November 2004
Ahsan Habib , Dongyan Xu , Mikhail Atallah , Bharat Bhargava , John Chuang, A Tree-Based Forward Digest Protocol to Verify Data Integrity in Distributed Media Streaming, IEEE Transactions on Knowledge and Data Engineering, v.17 n.7, p.1010-1014, July 2005
Shouhuai Xu, On the security of group communication schemes based on symmetric key cryptosystems, Proceedings of the 3rd ACM workshop on Security of ad hoc and sensor networks, November 07-07, 2005, Alexandria, VA, USA
Mudhakar Srivatsa , Ling Liu, Securing publish-subscribe overlay services with EventGuard, Proceedings of the 12th ACM conference on Computer and communications security, November 07-11, 2005, Alexandria, VA, USA
Loubna Mekouar , Youssef Iraqi , Raouf Boutaba, Peer-to-peer's most wanted: malicious peers, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.50 n.4, p.545-562, 15 March 2006
M. Moharrum , R. Mukkamala , M. Eltoweissy, A novel collusion-resilient architecture for secure group communication in wireless ad-hoc networks, Journal of High Speed Networks, v.15 n.1, p.73-92, January 2006
Majid Sarrafzadeh , Foad Dabiri , Roozbeh Jafari , Tammara Massey , Ani Nahapetan, Low power light-weight embedded systems, Proceedings of the 2006 international symposium on Low power electronics and design, October 04-06, 2006, Tegernsee, Bavaria, Germany
Gianluca Dini , Ida Maria Savino, Scalable and secure group rekeying in wireless sensor networks, Proceedings of the 24th IASTED international conference on Parallel and distributed computing and networks, p.84-88, February 14-16, 2006, Innsbruck, Austria
Ram Krishnan , Ravi Sandhu , Kumar Ranganathan, PEI models towards scalable, usable and high-assurance information sharing, Proceedings of the 12th ACM symposium on Access control models and technologies, June 20-22, 2007, Sophia Antipolis, France
Lauri I. W. Pesonen , David M. Eyers , Jean Bacon, Encryption-enforced access control in dynamic multi-domain publish/subscribe networks, Proceedings of the 2007 inaugural international conference on Distributed event-based systems, June 20-22, 2007, Toronto, Ontario, Canada
Nen-Chung Wang , Shian-Zhang Fang, A hierarchical key management scheme for secure group communications in mobile ad hoc networks, Journal of Systems and Software, v.80 n.10, p.1667-1677, October, 2007
Srijith Krishnan Nair , Ivan Djordjevic , Bruno Crispo , Theo Dimitrakos, Secure web service federation management using tpm virtualisation, Proceedings of the 2007 ACM workshop on Secure web services, November 02-02, 2007, Fairfax, Virginia, USA
Xinliang Zheng , Chin-Tser Huang , Manton Matthews, Chinese remainder theorem based group key management, Proceedings of the 45th annual southeast regional conference, March 23-24, 2007, Winston-Salem, North Carolina
Chun-Ying Huang , Yun-Peng Chiu , Kuan-Ta Chen , Chin-Laung Lei, Secure multicast in dynamic environments, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.10, p.2805-2817, July, 2007
H. Ragab Hassen , A. Bouabdallah , H. Bettahar , Y. Challal, Key management for content access control in a hierarchy, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.11, p.3197-3219, August, 2007
Gianluca Dini , Ida Maria Savino, An Efficient Key Revocation Protocol for Wireless Sensor Networks, Proceedings of the 2006 International Symposium on on World of Wireless, Mobile and Multimedia Networks, p.450-452, June 26-29, 2006
Ephraim Korach , Michal Stern, The complete optimal stars-clustering-tree problem, Discrete Applied Mathematics, v.156 n.4, p.444-450, February, 2008
Mohamed F. Younis , Kajaldeep Ghumman , Mohamed Eltoweissy, Location-Aware Combinatorial Key Management Scheme for Clustered Sensor Networks, IEEE Transactions on Parallel and Distributed Systems, v.17 n.8, p.865-882, August 2006
Mathias Fischer , Guenter Schaefer , Robert Schmidt , Thorsten Strufe, A key management solution for overlay-live-streaming, Proceedings of the workshop on Security in Opportunistic and SOCial networks, September 22-25, 2008, Istanbul, Turkey
Xia Wang , Johnny Wong , Wensheng Zhang, A heterogeneity-aware framework for group key management in wireless mesh networks, Proceedings of the 4th international conference on Security and privacy in communication netowrks, September 22-25, 2008, Istanbul, Turkey
Zhi-Zhong Chen , Ze Feng , Minming Li , Frances Yao, Optimizing deletion cost for secure multicast key management, Theoretical Computer Science, v.401 n.1-3, p.52-61, July, 2008
Youtao Zhang , Jun Yang , Lan Gao, Supporting flexible streaming media protection through privacy-aware secure processors, Computers and Electrical Engineering, v.35 n.2, p.286-299, March, 2009
Neng-Wen Wang , Yueh-Min Huang , Wei-Ming Chen, A novel secure communication scheme in vehicular ad hoc networks, Computer Communications, v.31 n.12, p.2827-2837, July, 2008
Jin-Hee Cho , Ing-Ray Chen , Ding-Chau Wang, Performance optimization of region-based group key management in mobile ad hoc networks, Performance Evaluation, v.65 n.5, p.319-344, May, 2008
Dijiang Huang , Deep Medhi, A secure group key management scheme for hierarchical mobile ad hoc networks, Ad Hoc Networks, v.6 n.4, p.560-577, June, 2008
Alireza Nemaney Pour , Kazuya Kumekawa , Toshihiko Kato , Shuichi Itoh, A hierarchical group key management scheme for secure multicast increasing efficiency of key distribution in leave operation, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.51 n.17, p.4727-4743, December, 2007
Guojun Wang , Jie Ouyang , Hsiao-Hwa Chen , Minyi Guo, Efficient group key management for multi-privileged groups, Computer Communications, v.30 n.11-12, p.2497-2509, September, 2007
Ren-Hung Lin , Jinn-Ke Jan, An innovative revocation scheme for one-to-many E-services, Electronic Commerce Research and Applications, v.6 n.3, p.358-363, October, 2007
Junbeom Hur , Youngjoo Shin , Hyunsoo Yoon, Decentralized group key management for dynamic networks using proxy cryptography, Proceedings of the 3rd ACM workshop on QoS and security for wireless and mobile networks, October 22-22, 2007, Chania, Crete Island, Greece
Emad Eldin Mohamed , Hussein Abdel-Wahab, Multicast for multimedia collaborative applications: services and mechanisms, International Journal of Advanced Media and Communication, v.1 n.3, p.224-236, June 2007
Ruidong Li , Jie Li , Hsiao-Hwa Chen, DKMS: distributed hierarchical access control for multimedia networks, International Journal of Security and Networks, v.2 n.1/2, p.3-10, March 2007
Shouhuai Xu, On the security of group communication schemes, Journal of Computer Security, v.15 n.1, p.129-169, January 2007
Maxim Raya , Jean-Pierre Hubaux, Securing vehicular ad hoc networks, Journal of Computer Security, v.15 n.1, p.39-68, January 2007
Avinash Srinivasan , Feng Li , Jie Wu , Minglu Li, Clique-based group key assignment in Wireless Sensor Networks, International Journal of Security and Networks, v.3 n.4, p.226-239, October 2008
Jean Bacon , David M. Eyers , Jatinder Singh , Peter R. Pietzuch, Access control in publish/subscribe systems, Proceedings of the second international conference on Distributed event-based systems, July 01-04, 2008, Rome, Italy
Túlio Cicero Salvaro de Souza , Jean Everson Martina , Ricardo Felipe Custódio, Audit and backup procedures for hardware security modules, Proceedings of the 7th symposium on Identity and trust on the Internet, March 04-06, 2008, Gaithersburg, Maryland
Ren-Hung Lin , Jinn-Ke Jan, A tree-based scheme for security of many-to-many communications, Journal of High Speed Networks, v.16 n.1, p.69-79, January 2007
Ram Krishnan , Jianwei Niu , Ravi Sandhu , William H. Winsborough, Stale-safe security properties for group-based secure information sharing, Proceedings of the 6th ACM workshop on Formal methods in security engineering, p.53-62, October 27-27, 2008, Alexandria, Virginia, USA
Junzhi Yan , Jianfeng Ma , Hongyue Liu, Key hierarchies for hierarchical access control in secure group communications, Computer Networks: The International Journal of Computer and Telecommunications Networking, v.53 n.3, p.353-364, February, 2009
Minming Li , Ze Feng , Nan Zang , Ronald L. Graham , Frances F. Yao, Approximately optimal trees for group key management with batch updates, Theoretical Computer Science, v.410 n.11, p.1013-1021, March, 2009
Alex Wun , Hans-Arno Jacobsen, A policy management framework for content-based publish/subscribe middleware, Proceedings of the ACM/IFIP/USENIX 2007 International Conference on Middleware, November 26-30, 2007, Newport Beach, California
Bing Wu , Jie Wu , Yuhong Dong, An efficient group key management scheme for mobile ad hoc networks, International Journal of Security and Networks, v.4 n.1/2, p.125-134, February 2009
Jiannong Cao , Lin Liao , Guojun Wang , Hao Ma , Bin Xiao, A novel dual-key management protocol based on a hierarchical multicast infrastructure in mobile internet, International Journal of Ad Hoc and Ubiquitous Computing, v.4 n.3/4, p.183-190, April 2009
Jean Bacon , David Eyers , Ken Moody , Lauri Pesonen, Securing publish/subscribe for multi-domain systems, Proceedings of the ACM/IFIP/USENIX 2005 International Conference on Middleware, p.1-20, November 01-01, 2005, Grenoble, France
Ram Krishnan , Ravi Sandhu , Jianwei Niu , William H. Winsborough, Foundations for group-centric secure information sharing models, Proceedings of the 14th ACM symposium on Access control models and technologies, June 03-05, 2009, Stresa, Italy
Hatem Bettahar , Mothanna Alkubeily , Abdelmadjid Bouabdallah, TKS: a transition key management scheme for secure application level multicast, International Journal of Security and Networks, v.4 n.4, p.210-222, September 2009

INDEX TERMS

Primary Classification:
  C. Computer Systems Organization
  C.2 COMPUTER-COMMUNICATION NETWORKS
      C.2.2 Network Protocols

Additional Classification:
  K. Computing Milieux
  K.6 MANAGEMENT OF COMPUTING AND INFORMATION SYSTEMS
      K.6.5 Security and Protection (D.4.6, K.4.2)


General Terms:
Design, Management, Security


Keywords:
Group Key Distribution, Multicast Security

Collaborative Colleagues:
Sandro Rafaeli: colleagues
David Hutchison: colleagues

The ACM Portal is published by the Association for Computing Machinery. Copyright © 2009 ACM, Inc.
Terms of Usage   Privacy Policy   Code of Ethics   Contact Us

Useful downloads: Adobe Acrobat    QuickTime    Windows Media Player    Real Player