Key History Tree: Efficient Group Key Management with Off-Line Members
We present a new approach to deal with off-line members that are part of a secure dynamic group, where all the group members share a secret key, and this key is continuously changed to match current membership. Instead of re-negotiating keys when members become off-line or forcing direct interaction with the key manager, we propose a safe caching mechanism particularly suited for LKH (Logical Key Hierarchy) schemes. The basis of our approach is that in many applications, members that are back on-line just need to know the current key and not all the intermediate keys negotiated while they were off-line. We have devised a compact representation for that purpose called KHT (Key History Tree). A KHT is built using only publicly available information, so it can be safely replicated over the network, and its operation is transparent to clients and key managers. We use as an example of the benefits of our approach a web-based subscription service that anonymizes customer interactions while enforcing membership payments. Extensive simulations show the advantage of our approach over more conventional schemes.
KeywordsSecure Group Broadcast Encryption Secure Group Communication Refresh Period Encrypt Content
Unable to display preview. Download preview PDF.
- 1.Wallner, D.M., Harder, E.J., Agee, R.C.: Key Management for Multicast: Issues and Architectures. IETF, no 2627 (1999)Google Scholar
- 2.Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., Pinkas, B.: Multicast Security: A Taxonomy and Some Efficient Constructions. In: INFOCOMM 1999, pp. 708–716 (1999)Google Scholar
- 3.McGrew, D.A., Sherman, A.T.: Key Establishment in Large Dynamic Groups Using One-Way Function Trees (1998)Google Scholar
- 5.Canetti, R., Cheng, P.-C., Giraud, F., Pendarakis, D., Rao, J.R., Rohatgi, P.: An IPSec-based Host Architecture for Secure Internet Multicast, pp. 49–65Google Scholar
- 6.Baugher, M., Canetti, R., Hardjono, T., Weis, B.: IP Multicast issues with IPsec (2002)Google Scholar
- 7.Perrig, A., Song, D., Tygar, D.: ELK, a New Protocol for Efficient Large-Group Key Distribution, pp. 247–262Google Scholar
- 9.Fiat, A., Naor, M.: Broadcast Encryption. pp. 480–491Google Scholar
- 10.Naor, D., Naor, M., Lotspiech, J.: Revocation and Tracing Schemes for Stateless Receivers, pp. 41–62Google Scholar
- 11.Pinkas, B.: Efficient State Updates for Key Management. In: ACM CCS Workshop on Security and Privacy in Digital Rights Management. LNCS (2001)Google Scholar
- 12.Setia, S., Koussih, S., Jajodia, S.: Kronos: A Scalable Group Re-keying Approach for Secure Multicast, pp. 215–228Google Scholar
- 14.RealNetworks, Inc. Press Releases: RealNetworks’ consumer media subscription service surpasses 400,000 monthly subscribers (2001)Google Scholar