Protecting Membership Information in Secure Multicasting
Many existing key management schemes focus on maintaining key secrecy and reducing the communication overhead associated with updating the associated keys   . However, it is found that key management can disclose information about dynamic group membership to both insiders and outsiders. In other words, while the content of group communication is protected by encryption using the secret keys, group dynamic information is disclosed through key management. Group dynamic information (GDI) is the information that describes the dynamic group membership, including the number of users in a multicast group as a function of time, and the number of joining or departing users in a time interval.
In many secure group applications, group dynamic information should be kept confidential [123, 124]. Key management is a technology that enables key updating in real time as group membership changes. Future commercial multicast services, which could occur in non-traditional broadcast media such as Internet and 3G/4G wireless networks, will allow a user to subscribe to an arbitrary set of programs and change his/her subscription at any time  . The users can choose to pay for exactly what they get, instead of a fixed monthly fee. This new type of services give the most flexibility to users, as well as opportunities to new business models. Over the non-traditional broadcast media, the global media giants as well as small multimedia producers can be the service providers. The service providers perform group management and have the knowledge of GDI, i.e audience statistics. However, it is highly undesirable to disclose instant and detailed GDI to competitors. Assume a competitor can monitor the audience statistics of the service provider X. Then, the competitor may broadcast its programs at different time slots and see how it affects its own and X’s audience statistics. As a consequence, the competitor can develop the best program schedule to compete with X. This example also shows that GDI should also be concealed from insiders. A regular user, who receives the multicast content, should not know the overall audience statistics. Otherwise, the competitor can send one of its employees to register as X’s member for a small cost, and collect valuable audience statistics from X. In addition, there are multicast communication scenarios where GDI represents sensitive deployment information about the network. For example, in a sensor network, the base station sends many broadcast messages to sensors. The base station and sensors form a secure multicast group. If some sensors are compromised, the group key should be updated such that the compromised sensors cannot decrypt future multicast messages from the BS. One possible way to update group keys is to use group key management schemes. In such an application scenario, GDI represents the number of sensors deployed in an area, and the number of revoked sensors. In this example, if GDI is not protected, attackers can obtain sensor deployment information by exploiting the key management scheme.
KeywordsCommunication Overhead Collusion Attack Group Controller Secure Multicasting Perform Admission Control
Unable to display preview. Download preview PDF.