In this chapter, we discuss the case of applying our GKM scheme to provide multiple programs by the server. Suppose that there are M TV programs provided by the server and users can subscribe them according to their in-terest. To satisfy the security requirements, a simple solution is to associate a group key to each program and maintain each group key by our GKM scheme such that only the members who subscribe the program can get the corresponding group key and auxiliary keys. Fig. 5.1 shows a multiple key tree with three TV programs P1, P2, and P3. Each memberU who subscribes program Pi is assigned GKi and the auxiliary keys from the key tree root of Pi to U’s associated leaf node in the key tree of Pi . Thus, each member holds M lg N secret keys in the worst case (if each member subscribes all the programs.) In the worst case, if a member who subscribes all TV pro-grams cancels all of his subscribed propro-grams, the server needs to broadcast 2M lg N − 6 rekey messages and the existent members need to do the rekey procedure as described in Chapter 3.1 for the member leaving.
We can apply the key assignment of our GKM scheme to the two-level key
GK1 P1
GK2 P2
GK3 P3
Figure 5.1: A multiple key tree with three TV programs
tree proposed by Sun and Liu [21]. The lower level consists of TSGi, the key trees of service groups (SGs) with roots SGi and the higher level consists of TPi, the key trees of TV programs with roots Pi. A service group is a subset of the set of all TV programs. If there are M TV programs, the number of service groups is 2M − 1 at most. In the lower level key trees, members who associate with the leaf nodes of a TSG have the same subscribed TV programs. In the higher level key trees, the root node of a TSG is a leaf node of a TP if P ∈ SG. Fig. 5.2 shows a two-level key tree of Sun and Liu [21]
with three TV programs P1, P2, P3 and four service groups SG1 ={P1, P2}, SG2 = {P1, P2, P3}, SG3 = {P2, P3}, SG4 = {P3}. Since the height of a TSG is at most lg N and the height of a TP is at most lg(2M − 1) ≈ M, each member who subscribes all TV programs holds at most M2+lg N secret keys.
In the worst case, if a member who subscribes all TV programs cancels all of his subscribed programs, the server needs to broadcast (M + 1)(M2+ lg N ) rekey messages and the existent members need to do the rekey procedure as described in Chapter 3.1 for the member leaving.
While applying our GKM scheme, other properties shared by above of the
GK1 P1
GK2 P2
GK3 P3
SG2 SG3 SG4
SG1
Figure 5.2: A two-level tree of Sun and Liu [21] with three TV programs
multi-GKM schemes are as follows. (1) Each member only needs to decrypt one ciphertext or compute one hash value to get the group key for each group key update. (2) To handle the key update for reconnect members, the storage size of the public bulletin and the computation time of reconnected members are independent of the number of group key updates. Thus, the result multi-GKM schemes minimize the delay time before decrypting a TV program and can be used in Pay-TV systems practically even if the frequency of group key update is very high (e.g. Pay-Per-View TV service.)
Chapter 6 Conclusion
We propose an efficient and secure GKM scheme that is very suitable for Pay-TV systems. The simulation results confirm the usability of our scheme and the theoretical comparisons with former schemes. In the future works, we can try to improve the efficiency factors of our GKM scheme or find more applications for our GKM scheme.
Bibliography
[1] Conditional-access broadcasting systems. International Telecommuni-cation Union (ITU), 1992.
[2] Isabella Chang, Robert Engel, Dilip D. Kandlur, Dimitrios E. Pen-darakis, and Debanjan Saha. Key management for secure internet mul-ticast using boolean function minimization techniques. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), pages 689–698, 1999.
[3] Yi-Ruei Chen, J. D. Tygar, and Wen-Guey Tzeng. Secure group key management using uni-directional proxy re-encryption schemes. In Pro-ceedings of the IEEE International Conference on Computer Communi-cations (INFOCOM), pages 1322–1330, 2011.
[4] E. Cruselles, J. L. Melus, and M. Soriano. An overview of security in eurocrypt conditional access system. In Proceedings of the IEEE International Conference on Global Communications (GLOBECOM), pages 188–193, 1993.
[5] Qijun Gu, Peng Liu, Wang-Chien Lee, and Chao-Hsien Chu. Ktr: An efficient key management scheme for secure data access control in wire-less broadcast services. IEEE Transactions on Dependable and Secure Computing, 6(3):188–201, 2009.
[6] Yu-Lun Huang, Shiuh-Pyng Shieh, Fu-Shen Ho, and Jian-Chyuan Wang.
Efficient key distribution schemes for secure media delivery in pay-tv systems. IEEE Transactions on Multimedia, 6(5):760–769, 2004.
[7] Yu-Lun Huang, Shiuh-Pyng Winston Shieh, and Jian-Chyuan Wang.
Practical key distribution schemes for channel protection. In Proceedings of the International Computer Software and Applications Conference (COMPSAC), pages 569–574, 2000.
[8] Junbeom Hur and Hyunsoo Yoon. A decentralized multi-group key man-agement scheme. IEICE Transactions, 92-B(2):632–635, 2009.
[9] Tianpu Jiang, Shibao Zheng, and Baofeng Liu. Key distribution based on hierarchical access control for conditional access system in dtv broad-cast. IEEE Transactions on Consumer Electronics, 50(1):225–230, 2004.
[10] Jung-Yoon Kim and Hyoung-Kee Choi. Improvements on sun ’s condi-tional access system in pay-tv broadcasting systems. IEEE Transactions on Multimedia, 12(4):337–340, 2010.
[11] Xiaozhou (Steve) Li, Yang Richard Yang, Mohamed G. Gouda, and Si-mon S. Lam. Batch rekeying for secure group communications. In
Pro-ceedings of International World Wide Web Conference (WWW), pages 525–534, 2001.
[12] Iuon-Chang Lin, Shih-Shan Tang, and Chung-Ming Wang. Multicast key management without rekeying processes. Computer Journal, 53(7):939–
950, 2010.
[13] Jen-Chiun Lin, Kuo-Hsuan Huang, Feipei Lai, and Hung-Chang Lee.
Secure and efficient group key management with shared key derivation.
Computer Standards & Interfaces, 31(1):192–208, 2009.
[14] Jen-Chiun Lin, Feipei Lai, and Hung-Chang Lee. Efficient group key management protocol with one-way key derivation. In Proceedings of the IEEE Conference on Local Computer Networks (LCN), pages 336–
343, 2005.
[15] Baofeng Liu, Wenjun Zhang, and Tianpu Jiang. A scalable key distri-bution scheme for conditional access system in digital pay-tv system.
IEEE Transactions on Consumer Electronics, 50(2):632–637, 2004.
[16] B.M. Macq and J.-J. Quisquater. Cryptology for digital tv broadcasting.
Proceedings of the IEEE, 83(6):944–957, 1995.
[17] Adrian Perrig, Dawn Xiaodong Song, and J. D. Tygar. Elk, a new pro-tocol for efficient large-group key distribution. In Proceedings of IEEE Symposium on Security and Privacy, pages 247–262, 2001.
[18] Ali Aydin Sel¸cuk and Deepinder P. Sidhu. Probabilistic methods in mul-ticast key management. In Proceedings of the International Workshop on Information Security (ISW), pages 179–193, 2000.
[19] Alan T. Sherman and David A. McGrew. Key establishment in large dynamic groups using one-way function trees. IEEE Transactions on Software Engineering, 29(5):444–458, 2003.
[20] Hung-Min Sun, Chien-Ming Chen, and Cheng-Zong Shieh. Flexible-pay-per-channel: A new model for content access control in pay-tv broad-casting systems. IEEE Transactions on Multimedia, 10(6):1109–1120, 2008.
[21] Yan Sun and K. J. Ray Liu. Hierarchical group access control for secure multicast communications. IEEE/ACM Transactions on Networking, 15(6):1514–1526, 2007.
[22] Fu-Kuan Tu, Chi-Sung Laih, and Hsu-Hung Tung. On key distribution management for conditional access system on pay-tv system. IEEE Transactions on Consumer Electronics, 45(1):151–158, 1999.
[23] Guojun Wang, Jie Ouyang, Hsiao-Hwa Chen, and Minyi Guo. Efficient group key management for multi-privileged groups. Computer Commu-nications, 30(11-12):2497–2509, 2007.
[24] Chung Kei Wong, Mohamed G. Gouda, and Simon S. Lam. Secure group communications using key graphs. IEEE/ACM Transactions on Networking, 8(1):16–30, 2000.
[25] Junqi Zhang, Vijay Varadharajan, and Yi Mu. A scalable multi-service group key management scheme. In Proceedings of the Advanced Interna-tional Conference on Telecommunications and InternaInterna-tional Conference on Internet and Web Applications and Services (AICT/ICIW), page 172, 2006.
[26] Zhibin Zhou and Dijiang Huang. An optimal key distribution scheme for secure multicast group communication. In Proceedings of the IEEE International Conference on Computer Communications (INFOCOM), pages 331–335, 2010.
[27] Wen Tao Zhu and Robert H. Deng. On group key management for secure multicast employing the inverse element. In Proceedings of the International Conference on Multimedia Information Networking and Security, pages 337–341, 2009.