| Secure group communication is an increasingly popular research area having received much attention in recent years. Since most group communication takes place over the wide-open expanse of the Internet, security is a major concern. The fundamental security challenge revolves around secure and efficient group key management. Centralized key management methods are appropriate for 2-party communication as well as for large multicast groups. However, many collaborative group settings require distributed key management techniques. In this thesis, we focus on secure and efficient distributed group key management techniques for secure group communication system.; More precisely, the contribution of this work is threefold: (1) we develop novel distributed key management techniques, (2) we prove the security of the proposed group key management techniques and (3) we integrate them with a reliable group communication system and measure the performance of the integrated system.; We first introduce two novel group key management techniques. Their key features are: simplicity, provable security and robustness with respect to network faults. The first protocol, called STR, achieves group key agreement by blending purposely imbalanced binary key tree with Diffie-Hellman key exchange. It trades off higher computation cost for near optimal communication overhead. By doing so, STR becomes most communication-efficient group key agreement so far. The second protocol, called TGDH, is based on (general) binary key trees. By using binary key tree, the computation and communication costs have logarithmic bound. The resultant technique is very simple, secure, fault-tolerant, and its efficiency surpasses that of prior art. Both TGDH and STR handle dynamic groups and network events such as group partitions and merges.; To validate our results we integrate our key management techniques with a reliable group communication system. As a first step, we design a group key agreement API to separate cryptographic protocols from communication protocols. The API provides an interface to multiple group key agreement protocols. Next, we integrate the API with the Spread group communication system developed at Johns Hopkins University. Finally, we measure the performance of all group key agreement methods over both local- and wide-area networks. |
