Key History Tree: Efficient Group Key Management with Off-Line Members

  • Antonio Lain
  • Viacheslav Borisov
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 2776)


We present a new approach to deal with off-line members that are part of a secure dynamic group, where all the group members share a secret key, and this key is continuously changed to match current membership. Instead of re-negotiating keys when members become off-line or forcing direct interaction with the key manager, we propose a safe caching mechanism particularly suited for LKH (Logical Key Hierarchy) schemes. The basis of our approach is that in many applications, members that are back on-line just need to know the current key and not all the intermediate keys negotiated while they were off-line. We have devised a compact representation for that purpose called KHT (Key History Tree). A KHT is built using only publicly available information, so it can be safely replicated over the network, and its operation is transparent to clients and key managers. We use as an example of the benefits of our approach a web-based subscription service that anonymizes customer interactions while enforcing membership payments. Extensive simulations show the advantage of our approach over more conventional schemes.


Secure Group Broadcast Encryption Secure Group Communication Refresh Period Encrypt Content 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Wallner, D.M., Harder, E.J., Agee, R.C.: Key Management for Multicast: Issues and Architectures. IETF, no 2627 (1999)Google Scholar
  2. 2.
    Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., Pinkas, B.: Multicast Security: A Taxonomy and Some Efficient Constructions. In: INFOCOMM 1999, pp. 708–716 (1999)Google Scholar
  3. 3.
    McGrew, D.A., Sherman, A.T.: Key Establishment in Large Dynamic Groups Using One-Way Function Trees (1998)Google Scholar
  4. 4.
    Wong, C.K., Gouda, M.G., Lam, S.S.: Secure Group Communications Using Key Graphs. Proceedings of the ACM SIGCOMM Computer Communication Review 28(4), 68–79 (1998)CrossRefGoogle Scholar
  5. 5.
    Canetti, R., Cheng, P.-C., Giraud, F., Pendarakis, D., Rao, J.R., Rohatgi, P.: An IPSec-based Host Architecture for Secure Internet Multicast, pp. 49–65Google Scholar
  6. 6.
    Baugher, M., Canetti, R., Hardjono, T., Weis, B.: IP Multicast issues with IPsec (2002)Google Scholar
  7. 7.
    Perrig, A., Song, D., Tygar, D.: ELK, a New Protocol for Efficient Large-Group Key Distribution, pp. 247–262Google Scholar
  8. 8.
    Kim, Y., Perrig, A., Tsudik, G.: Simple and fault-tolerant key agreement for dynamic collaborative groups. In: Jajodia, S., Samarati, P. (eds.) Proceedings of the 7th ACM Conference on Computer and Communications Security (CCS 2000), pp. 235–244. ACM Press, New York (2000)CrossRefGoogle Scholar
  9. 9.
    Fiat, A., Naor, M.: Broadcast Encryption. pp. 480–491Google Scholar
  10. 10.
    Naor, D., Naor, M., Lotspiech, J.: Revocation and Tracing Schemes for Stateless Receivers, pp. 41–62Google Scholar
  11. 11.
    Pinkas, B.: Efficient State Updates for Key Management. In: ACM CCS Workshop on Security and Privacy in Digital Rights Management. LNCS (2001)Google Scholar
  12. 12.
    Setia, S., Koussih, S., Jajodia, S.: Kronos: A Scalable Group Re-keying Approach for Secure Multicast, pp. 215–228Google Scholar
  13. 13.
    Haverkort, B.R.: Performance of Computer-Communication Systems, p. 515. John Wiley and Sons, Chichester (1998)CrossRefGoogle Scholar
  14. 14.
    RealNetworks, Inc. Press Releases: RealNetworks’ consumer media subscription service surpasses 400,000 monthly subscribers (2001)Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2003

Authors and Affiliations

  • Antonio Lain
    • 1
  • Viacheslav Borisov
    • 1
  1. 1.HP LabsBristolUK

Personalised recommendations