| Although some current distributed key management protocols are suitable for the distributed applications of large dynamic multicast groups, the system cost is great. For the group members, great network bandwidth is needed to authenticate others and broadcast is necessary for key agreements.In this paper, Scalable Distributed Key Management System (SDKM) is proposed in which new member is authenticated with a server. Based on the PKI public key infrastructure, identity is authenticated and session key used for ensuring security of the communication between the server and the member is transmitted with the technologies of electronic certificates and digital signature.Logical Key Hierarchy tree (LKH) is adopted to manage the keys in SDKM. To maintain the consistency of the multicast group information, a topological map of LKH is kept in the server. Every group member just keeps the information of those nodes on the path from the leaf node representing itself to the root node of the key tree, which is used for the member to compute the group key guaranteeing the group communication security with Diffie-Hellman key exchange algorithm. The server in SDKM has no chance to get the group key.The protocol supports three kinds of group operations: group key updating operations, the joining operations and the leaving operations. A new member initiates the joining operation to be added to the group. Other operations are initiates by a certain member in the group. All operations can be performed only via unicast and multicast. During the re-keying each group member modifies the path information with the received path update information to compute the new group key. Analyzed with math method, the protocol algorithms are proved to be able to provide group key secrecy, forward group key secrecy, and backward group key secrecy. The complexities of the group key computation time, the storage space for every member, and the total communication bandwidth to update the group key are approximately of logarithmic order of the group size, which make the protocol attractive for environments with less computation power and smaller storage.
|
PDF Full Text Request