Scalable Group Key Management for Secure Multicast: A Taxonomy and New Directions

  • Sencun Zhu
  • Sushil Jajodia


Many multicast-based applications (e.g., pay-per-view, online auction, and teleconferencing) require a secure communication model to prevent disclosure of distributed data to unauthorized users. One solution for achieving this goal is to let all members in a group share a key that is used for encrypting data. To provide backward and forward confidentiality [23] (i.e., a new member should not be allowed to decrypt the earlier communication and a revoked user should not be able to decrypt the future communication), this shared group key should be updated and redistributed to all authorized members in a secure, reliable, and timely fashion upon a membership change. This process is referred to as group rekeying.


Bandwidth Overhead Parity Packet Membership Duration Stateless Protocol Batch Rekeying 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


  1. 1.
    S. Banerjee, and B. Bhattacharjee. Scalable Secure Group Communication over IP Multicast. In Proceedings of International Conference on Network Protocols (ICNP) 2001, Riverside, California, November 2001.Google Scholar
  2. 2.
    D. Balenson, D. McGrew, and A. Sherman. Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization. IETF Internet draft (work in progress), August 2000.Google Scholar
  3. 3.
    B. Briscoe. MARKS: Zero Side Effect Multicast Key Management Using Arbitrarily Revealed Key Sequences. In Proceedings of First International Workshop on Networked Group Communication, NGC 1999.Google Scholar
  4. 4.
    R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas. Multicast Security: A Taxonomy and Some Efficient Constructions. In Proceedings of IEEE INFOCOM’99, March 1999.Google Scholar
  5. 5.
    Y. Chu, S. Rao, S. Seshan, and H. Zhang. Enabling Conferencing Applications on the Internet Using an Overlay Multicast Architecture. In Proceedings of ACM SIGCOMM 2001, August 2001.Google Scholar
  6. 6.
    Y. Chu, S. Rao, and H. Zhang. A Case for EndSystem Multicast. In Proceedings of ACM Sigmetrics, June 2000.Google Scholar
  7. 7.
    L. Eschenauer, and V. Gligor. A Key-Management Scheme for Distributed Sensor Networks. In Proceedings of ACM CCS 2002.Google Scholar
  8. 8.
    S. Floyd, V. Jacobson, C. Liu, S. McCanne, and L. Zhang. A Reliable Multicast Framework for Lightweight Session and Application Layer Framing. IEEE/ACM Transactions on Networking, December 1997.Google Scholar
  9. 9.
    H. Harney, and E. Harder. Logical Key Hierarchy Protocol Internet Draft, draft-harney-sparta-lkhp-sec-00.txt, March 1999.Google Scholar
  10. 10.
    D. Halevy, and A. Shamir. The LSD Broadcast Encryption Scheme. In Proceedings of Advances in Cryptology - CRYPTO 2002.Google Scholar
  11. 11.
    T. Kaya, G. Lin, G. Noubir, and A. Yilmaz. Secure Multicast Groups on Ad Hoc Networks. In Proceedings of ACM Workshop on Security of Ad Hoc and Sensor Networks (SASN’03), 2003.Google Scholar
  12. 12.
    D. Liu, P. Ning, and K. Sun. Efficient Self-Healing Group Key Distribution with Revocation Capability. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS’03), pp. 231–240, Washington, DC, October 2003.Google Scholar
  13. 13.
    L. Lazos, and R. Poovendran. Energy-Aware Secure Multicast Communication in Ad-hoc Networks Using Geographic Location Information. In Proceedings of IEEE ICASSP’03, Hong Kong, China, April 2003.Google Scholar
  14. 14.
    J. Lin, and S. Paul. RMTP: A Reliable Multicast Transport Protocol, In Proceedings of IEEE INFOCOM’96, March 1996.Google Scholar
  15. 15.
    A. Mcauley. Reliable Broadband Communications Using a Burst Erasure Correcting Code. In Proceedings of ACM SIGCOMM’90, Philadelphia, PA, September 1990.Google Scholar
  16. 16.
    D. Naor, M. Naor, and J. Lotspiech. Revocation and Tracing Schemes for Stateless Receivers. In Advances in Cryptology - CRYPTO 2001, LNCS 2139, pp. 41–62, Springer, 2001.Google Scholar
  17. 17.
    A. Perrig, D. Song, and D. Tygar. ELK, a new protocol for efficient large-group key distribution. In Proceedings of the IEEE Symposium on Security and Privacy 2001, Oakland, CA, May 2001.Google Scholar
  18. 18.
    S. Setia, S. Koussih, S. Jajodia, and E. Harder. Kronos: A Scalable Group Re-Keying Approach for Secure Multicast. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2000.Google Scholar
  19. 19.
    J. Staddon, S. Miner, M. Franklin, D. Balfanz, M. Malkin, and D. Dean. Self-Healing Key Distribution with Revocation. In Proceedings of the IEEE Symposium on Security and Privacy, Oakland, CA, May 2002.Google Scholar
  20. 20.
    A. Selcuk, C. McCubbin, and D. Sidhu. Probabilistic Optimization of LKH-based Multicast Key Distribution Schemes. Draft-selcuk-probabilistic-lkh-01.txt, Internet Draft, January 2000.Google Scholar
  21. 21.
    S. Setia, S. Zhu, and S. Jajodia. A Comparative Performance Analysis of Reliable Group Rekey Transport Protocols for Secure Multicast. In Performance Evaluation, 49(1/4):21–41, 2002. Special issue Proceedings of Performance 2002, Rome, Italy, September 2002.Google Scholar
  22. 22.
    C. Wong, M. Gouda, and S. Lam. Secure Group Communication Using Key Graphs. In Proceedings of SIGCOMM 1998, pp. 68–79, Vancouver, British Columbia.Google Scholar
  23. 23.
    D. Wallner, E. Harder, and R. Agee. Key Management for Multicast: Issues and Architecture. Internet Draft, draft-wallner-key-arch-01.txt, September 1998.Google Scholar
  24. 24.
    The Xbow Company. URL: Http://
  25. 25.
    Y. Yang, X. Li, X. Zhang, and S. Lam. Reliable group rekeying: Design and Performance Analysis. In Proceedings of ACM SIGCOMM 2001, pp. 27–38, San Diego, CA, USA, August 2001.Google Scholar
  26. 26.
    S. Zhu, S. Setia, and S. Jajodia. Performance Optimizations for Group Key Management Schemes. In Proceedings of the 23rd IEEE ICDCS 2003, Providence, RI, May 2003.Google Scholar
  27. 27.
    S. Zhu, S. Setia, and S. Jajodia. Adding Reliable and Self-Healing Key Distribution to the Subset Difference Group Rekeying Method for Secure Multicast. In Proceedings of 5th International Workshop on Networked Group Communications (NGC 2003), Germany, September 2003.Google Scholar
  28. 28.
    S. Zhu, S. Setia, and S. Jajodia. LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks. In Proceedings of the 10th ACM Conference on Computer and Communications Security (CCS’03), Washington, DC, October 2003.Google Scholar
  29. 29.
    S. Zhu, S. Setia, S. Xu, and S. Jajodia. GKMPAN: An Efficient Group Key Management Scheme for Secure Multicast in Ad-hoc Networks. In Proceedings of the 1st International Conference on Mobile and Ubiquitous Systems (Mobiquitous’04), Boston, Massachusetts, August 22–25, 2004.Google Scholar
  30. 30.
    S. Zhu, S. Xu, S. Setia, and S. Jajodia. Establishing Pair-wise Keys For Secure Communication in Ad Hoc Networks: A Probabilistic Approach. In Proceedings of the 11th IEEE International Conference on Network Protocols (ICNP’03), Atlanta, Georgia, November 4–7, 2003.Google Scholar

Copyright information

© Springer Science+Business Media, LLC 2010

Authors and Affiliations

  1. 1.Department of Computer Science, School of Information Science and TechnologyThe Pennsylvania State UniversityUniversity ParkUSA

Personalised recommendations