Scalable group key management schemes for large-scaled groups

Abstract

The importance of group-based applications such as Internet TV, grid computing, and video conference has been emphasized. In group communications, a sender simultaneously send data to all the receivers through multicast protocols, instead of separately sending data per each receiver. Using multicast protocols helps to reduce consumed network resources and the loads of group members. Security of group communications is one of the important requirements for the successful deployment of group communication applications. Service providers want to allow their services only to legitimate consumers. Confidentiality of transmitted data is a basic requirement, especially in military communications. Authentication of both the sender and transmitted data is necessary to prevent malicious adversary`s threats. Thus, secure group communication has been motivated by enforcing group access control, confidentiality and authentication of data transmission. To provide a secure way that only group members communicate with each other, a secret group key is shared by only group members and utilized to encrypt transmitted data. Whenever a new user joins or an existing user leaves the group, the group key should be rekeyed to a new one to guarantee both the backward secrecy and the forward secrecy of transmitted data. Because rekeying and distribution of the group key is very consumptive and group membership is frequently changed in large groups, a scalable group key management scheme is essential. In this thesis, we present three kinds of group key management schemes having different target environments: a centralized scheme for dynamic groups, a distributed scheme for ad hoc networks, and a reactive access control scheme for various access privileges. First, we present a novel group key management scheme with the help of the centralized Key Distribution Center (KDC). The concept of an exclusive key tree with RSA functions is devised to reduce the network overhead for rekey...