20-06-2013, 12:21 PM
Efficient Key Agreement for Large and Dynamic Multicast Groups
Efficient Key Agreement.pdf (Size: 226.08 KB / Downloads: 20)
Abstract
Secure multicast represents the core component of many
web and multimedia applications such as pay-TV, telecon-
ferencing, real-time distribution of stock market price and
etc. The main challenges for secure multicast is scalabil-
ity, efficiency and authenticity. In this paper, we propose
a scalable, efficient, authenticated group key agreement
scheme for large and dynamic multicast systems. The
proposed key agreement scheme is identity-based which
uses the bilinear map over the elliptic curves. Compared
with the previously published schemes, our scheme pro-
vides group member authenticity without imposing extra
mechanism. Furthermore, we give a scalability solution
based on the subgroups, which has advantages over the
existing schemes. Security analysis shows that our scheme
satisfies both forward secrecy and backward secrecy.
Introduction
Many types of group applications, such as pay per view
distribution of digital media, teleconferencing, software
updates and real-time delivery of stock market informa-
tion can benefit from IP multicast [13, 14, 15], which
greatly reduced the server overhead and bandwidth us-
age by enabling source to send a single copy of message
to multiple recipients.
One of the main challenges for secure multicast is ac-
cess control for making sure that only legitimate members
of multicast group have access to the group communica-
tion. In the passed two or three decades, cryptography
has become the well-established means to solve the secu-
rity problems in networking. However, there are still a
lot of difficulties for directly deploying cryptography al-
gorithms into multicasting environment as what has been
done for unicasting environment.
Related Work
There are several schemes proposed for secure multi-
cast. In this section, we will briefly review some of these
schemes.
Iolus [28] approach proposed the notion of hierar-
chy subgroup for scalable and secure mulitcast. In this
method, a large communication group is divided into
smaller subgroups. Each subgroup is treated almost like
a separate multicast group and is managed by a trusted
group security intermediary (GSI). GSI connect between
the subgroups and share the subgroup key with each of
their subgroup members. GSIs act as message relays and
key translators between the subgroups by receiving the
multicast messages from one subgroup, decrypting them
and then remulticasing them to the next subgroup after
encrypting them by the subgroup key of the next sub-
group. The GSIs are also grouped in a top-level group
that is managed by a group security controller (GSC),
see Figure 1
Security Requirements for Multicast
We consider dynamic groups where users can join or leave
the multicast group at any time. The main security prop-
erties of multicast are:
1) Group Key Secrecy guarantees that it is computa-
tionally infeasible for a passive adversary to discover
any group key.
2) Backward Secrecy is used to prevent a new member
from decoding messages exchanged before it joined
the group. This property guarantees that a passive
adversary who knows a subset of group keys cannot
discover the previous group keys.
3) Forward Secrecy is used to prevent a leaving user
or expelled group member to continue accessing the
group communication. This property guarantees
that a passive adversary who knows a subset of old
group keys cannot discover the subsequent group
keys.
Conclusion
We have proposed an efficient, authenticated, scalable
key agreement for large and dynamic multicast systems,
which is based on the bilinear map. Compared with the
previously published schemes in literature, we use an iden-
tity tree to achieve the authentication of the group mem-
ber. Further, our scheme solve the scalability problem in
multicast communications. Since a large group is divided
into many small groups. Each subgroup is treated almost
like a separate multicast group with its own subgroup key.
All the keys used in each subgroup can be generated by a
group of KGCs in parallel. The intuitively surprising as-
pect of this scheme is that, even the subgroup controller
aborts, it does not affect the users in this subgroup. Be-
cause every user in the subgroup can act as a subgroup
controller. This is a significant feature especially for the
mobile and ad hoc networks. From the security analy-
sis we can see that our scheme satisfies both forward and
backward secrecy.