Adaptive key management for secure group communication

Group communication is the core of many modern networking applications. Examples of such applications are, conferencing applications, event notification systems, stock quote dissemination and Internet TV programming. In applications such as these, it is necessary to secure the transmitted information from unauthorized access as the data is sensitive or requires the users to pay for it. The current approach to secure group communication is to encrypt it using a cryptographic key, called the group key, that is known only to the users in the group.; In this dissertation, we address the problems of single user revocation, multiple user revocation and key update distribution in secure group communication. Specifically, we focus on the aspect of adapting to the storage and computational requirements of the users while reducing the duration of interruption to the group communication. Our contributions in this dissertation are as follows: (1) We describe group key management algorithms which adapt to the storage and computational requirements of the users. Depending on the tolerances of the users, the group controller chooses the appropriate group key management algorithm. We describe techniques which allow the group controller to change the group key management algorithm at run-time to reflect current user requirements. (2) In our single user revocation algorithms, we identify the tradeoff between the duration of interruption and the number of keys stored by each user. We show that our algorithms reduce the duration of interruption to the group communication when compared to the existing solutions. (3) In our multiple user revocation algorithms, we identify the tradeoff between the cost of rekeying while addressing the issue of collusion. We show that some existing algorithms are instances of our algorithms. (4) We describe key update distribution algorithms, in which the key updates sent by the group controller are delivered to only those users who need them. Our algorithms reduce the amount of bandwidth needed to distribute the key updates to the users. (5) We describe a generic algorithm to revoke users in adhoc networks. We show that our revocation algorithm is successful in revoking users operating in different network settings.; We have performed extensive simulated experiments to validate and prove the effectiveness of our algorithms. The results of our experiments are helpful to system developers for choosing an appropriate group key management algorithm for their applications. We have considered various scenarios that require adaptation in secure group communication and described instances of our algorithms that are suitable for such scenarios. (Abstract shortened by UMI.)...