Research On Key Agreement Schemes For Secure Multicast

IP multicast provides an efficient mechanism for a sender to send a packet to multiple receivers simultaneously. It greatly reduces the bandwidth usage and server overhead by incorporating the reiteration transmission of packets on routers, and hence improves the performance of network. Multicast may be applied in multimedia remote education, collaborative workspaces, multimedia conferencing, pay-per-view, online multiplayer gaming and etc. The security of multicast has been an important research issue in the area of communication and information security in recent years. The main challenge for secure multicast is assuring the legitimate members of multicast group have access to the group communication while the outside invalid hosts do not. The basic technique for realizing secure multicast is to maintain a group key that is known to all group members, but is unknown to any one outside the group. Therefore, the design of efficient dynamic key agreement schemes for multicast applications is the main consideration of secure multicast.In this paper, based on comprehensive analysis of some typical schemes, several efficient and practical key agreement and secure multicast schemes are proposed using the theory of threshold secret sharing, identity-based cryptosystem, and public key broadcast encryption respectively. The proposed new schemes have some advantages over the previous schemes. The procedures of multicast communication and updating of group keys with the dynamic change of group members are discussed. The security and efficiency of the schemes are analyzed in detail.The first scheme emploies the theory of threshold secret sharing and the idea of two level hierachical method. The scheme is applicable to real time multicast applications with large dynamic group members for its small computation cost. The second scheme achieves quick agreement of each subgroup and alleviation of a single KGC's load by division of the multicast group and use of some parallel key generator centers. The third scheme is identity-based, and it realizes direct secret communication between discretional subgroups without KGC's transmission. It reduces delay and avoids the single point of failure. The fourth scheme makes use of public key broadcast encryption. Using the new scheme, a secure multicast model is constructed. The model is efficient in computation and communication. The fifth scheme utilizes subset-cover framework and public key broadcast encryption. An identity-based secure multicast architecture is constructed using the new scheme. The architecture is not only feasible to SSM with large scale users, e.g., pay-per-view, but also is adaptable for ASM with small size, e.g., multimedia conferencing. A prominent advantage of our architecture is utilizing multicast itself for rekeying when the membership changes dynamically.Compared with the other existing schemes, the proposed new schemes supply a good guarantee of security. They not only satisfy the dynamic feature of multicast groups, realize the distributed generation and management of group keys, but also efficiently reduce the computation, communication, and storage cost for the participating entities in the multicast procedure. So the use of our new schemes may improve the multicast and network performance effectively.