Group Key Management In Dynamic Peer Groups

Along with the rapid growth of Internet, security problems have been revealed with the growing application of multicast technology. So, scholars began to turn their focuses on the se-curity of group communication. The method for supporting secure group communication is to share the key with authorized group members. All the communications are encrypted and de-crypted with this key. The dynamic nature of multicast groups requires the group key be updated in time to guarantee the backward secrecy and forward secrecy. This implies that, a set of me-chanisms to establish and update the group key are needed.The recent study of group key management is concentrated on two areas: large dynamic groups and dynamic peer groups (DPGs). In large dynamic groups, centralized and distributive group key managements are generally employed to maintain the group key, whereas in dynamic peer groups, contributory group key agreement is introduced to manage the key establishment and update.Contributory group key agreement protocols that compute a group key as a function of in-dividual contributions from all members, alleviate the problem of a single point of failure and trust problem in centralized and distributive key management. However, the multi-round nature of contributory group key agreement brings more computation cost for key establishing and up-dating, which determines it is less efficient in key rekeying and therefore can not scale well to large groups. So, the focus of contributory group key agreement is to improving time efficiency in key establishment and rekeying.With the aim to improve the rekeying efficiency of contributory group key agreement, this dissertation does the following works.Establishes a model for contributory group key agreement and in turn the model is used as the foundation for the proposed contributory group key agreement schemes in the rest of the thesis. The model introduces the membership events which bring the conference session trans-mission and the elementary methods for key generation and updating, analyzes security aspects of the model, and indicates the points to study further.Presents a join-tree-based Diffie-Hellman group key agreement (JDH) which reduces the average time cost for each join member from previous O( log(log n) ) to O( 1). Compared with existing scheme JET (join-exit-tree scheme), JDH scheme adopts a new join algorithm which inserts the new member into the root of the join tree and reduces the rekeying cost for each member join the group. The analysis shows that this join algorithm does not decrease the performance of other aspects when reduce the join cost. Simulations results and comparison with JET and TGDH schemes verify that JDH is efficient in user join.Put forwards a weighted-join-exit-tree (WJT) scheme for contributory group key agreement which achieves an average asymptotic time cost of O( 1) for both join and leave events when group dynamics are known a priori. WJT employs the join algorithm of JDH scheme, organizes the exit tree as a weighted tree based on the exit tree of JET scheme to reduce the leave cost, and presents a tree balancing algorithm to rebalancing the main tree. Performance analysis and simulation experiments demonstrate that WJT scheme is superior to JET and TGDH schemes for join events and leave events with the knowledge of group dynamics.Advances HJET scheme to minimizing group key establishment time and reducing the rekeying cost for join and departure events while considering user computation and location dif-ferences. Comparing with existing Huffman scheme, HJET has four improvements. First, sepa-rates users into subgroups according to their locations to minimize communication time. Second, Huffman coding is employed to design the subgroup key tree taking both computation cost and communication cost into consideration. Third, the combined weights are located in a higher place of the Huffman key tree to reduce the variance of the average key generation time and the group key establishing time. Last, join tree and exit tree are adopted for joining and leaving users to achieve better performance in key rekeying. Performance analysis and simulation results show that HJET scheme is superior to Huffman scheme for key establishment and better than JET and TGDH for key update.Proposes an integrated group key agreement scheme (IGK) to provide hierarchical access control as well as improve the efficiency of key establishing and updating when members have accesses to multiple resources. Based on centralized multi-group key management, IGK scheme employs the underlying relationship of group members, establishes integrated key graph to remove key redundancy in independent group key tree, and improves the time efficiency of group key establishment and rekeying. Performance analysis and simulation results demonstrate that IGK scheme is superior to independent group key agreement.