Key management for secure multicast communications

Providing key management schemes for large scale multicast groups has become an important problem due to many potential commercial applications such as stock quote and software distribution on the Internet. For secure multicast communication, all the group members have to share a common session key. Since the member dynamics such as join or deletion do not necessarily terminate the multicast session, it is important to update the session key to all the valid members, so that the non-members do not have access to the future keys. Finding efficient ways for key generation and distribution in the presence of member dynamics is an actively researched problem.; This dissertation considers the single sender, multiple receiver model of secure multicast communication. The goal is to develop schemes that have reduced computational overhead at the time of key generation, minimize the amount of message units required at the time of key updates, and minimize the number of keys to be stored by the sender as well as receivers. In order to achieve this goal, a key generation and distribution architecture based on rooted trees and control panels is proposed. A control panel is assumed to consist of mutually suspicious members who jointly generate the keys that are distributed to the rest of the members. Based on the assumption about the control panel, we provide a distributed key generation mechanism which allows a set of mutually suspicious members to contribute to the generation of a joint secret without revealing their individual contributions.; The key distribution scheme presented considers the member revocation event and relates it to the key assignment of individual users. We define and show that the entropy of the member revocation event plays an important role in determining the number of keys assigned to a member. We claim that the number of keys allocated to a member based on the elementary concepts from information theory will also correspond to the minimum number of keys that need to be assigned to a member unless additional functional relationship among keys exists, since it completely captures the uncertainty of the member revocation event. We also identify some weaknesses in the recent schemes in [17, 15], and solve an open problem posed at Eurocrypt'99 [16].