Chapter 2 Related Works
2.2 Key Management Protocols
This chapter is mainly focusing on the group key management in multicasting IP network. Hence, this chapter will introduce the security issues, the different key management, and key graphs for group communication.
2.2.1 The Security Issues of Multicasting Key Management
There are three ways to transmit IPTV services through IP network as described before. The main purpose of secure multicasting is not only protecting data‟s confidentiality, integrity, and authentication, but also other security issues as following [12]:
Only group members can get the content of group message.
The source has been authenticated before being transmitted to group members.
New group members could not get the content of group data transmitted before they join the group (Forward secrecy).
Leaving members could not get the content of group data after they are
12
revoked from the group (Backward secrecy).
A key management system has to satisfy four security requirements:
confidentiality, authenticity, backward secrecy, and forward secrecy. Collusion prevention is also a must in some circumstances.
According to those security issues mentioned before, the group key is needed.
Group key is an efficient way to securely manage group communications through multicasting IP network. Therefore this thesis proposed a group key management for the IPTV services.
2.2.2 Key Graphs
There is a scalability problem of group/multicast key management. The problem becomes more seriously when a member joins or leaves the group. Then, the server need to rekey, updating the group key, to make sure the forward secrecy and backward secrecy. There are three rekeying strategies were discussed as following [19]:
User oriented rekeying
Sending rekeying message to each user by using the keys user has. For example, when u4 is going to join/leave the secure group in Figure 8, server generates the rekey messages and sends to the group members, as shown in Table 2.
13
Figure 8: User joins or leaves a key tree Table 2: User oriented rekey messages
u4 joins the key tree u4 leaves the key tree s->{u4,…, u8}: {k1-8‟}k1-8
s->{u1, u2}: {k1-8‟, k14‟}k14 s->{u3}: {k1-8‟, k14‟, k34‟}k34 s->{u4}: {k1-8‟, k14‟, k34‟}k4
s->{u4,…, u8}: {k1-8}k58 s->{u1, u2}: {k1-8, k14}k12 s->{u3}: {k1-8, k14, k34}k3
Key oriented rekeying
Server sends new keys encrypted by old keys to group members, when user joins the group. Instead, server sends new keys individually encrypted by unaffected old keys. An example shows in Table 3.
Table 3: Key oriented rekey messages
u4 joins the key tree u4 leaves the key tree s->{u1,…, u8}: {k1-8‟}k1-8
s->{u1, u2, u3}: {k14‟}k14
s->{u4,…, u8}: {k1-8}k58
s->{u1, u2}: {k1-8}k14, {k14}k12
14
Server sends only two messages to the group when a user joins the group.
One message contains all the new keys and broadcasts to the whole group members, and the other one message only transmits to the join member.
Server only needs to send one message to group members when a user leaves the group, instead. Table 4 shows an example in Figure 8.
Table 4: Group oriented rekey messages
u4 joins the key tree u4 leaves the key tree customer‟s processing loading will increase gradually as taking user oriented, key oriented, and then the group oriented rekeying strategies. According to the recent network transmission ability, bandwidth, and user‟s computing power limitation…etc., server managers would have a different choice of the rekeying strategies.
2.2.3 Classifications of Group Key Management
In generally, Group key management protocols could reside primarily in three categories: centralized, decentralized, and distributed. The simplest way to manage
15
group members has scalable limitation, however. Such as Simple Key Distribution Center (SKDC), a group manager using different keys and each key corresponds to a group member. If a group with n members, there are n rekeying messages and n encryptions when a member join or leave a group. Therefore, the more scalable way are as following [14]:
Centralized group key management protocols
In centralized protocols, a key server (KS) is employed for controlling group activities. Most of them, such as LKH, OFT [15], etc., are tree-based. A tree-based approach employs a hierarchy of keys in which each group member, based on his/her location, and is assigned a set of keys. For a group of nn members in a k − ary tree-based group key management system, each member keeps logkn administration keys and KS has to send (k − 1) ∗ logkn rekeying messages. Therefore, minimizing the storage, computational power and bandwidth utilization on both client and server are critical issues.
Numbers of packages sent by server also need to be concerned.
Decentralized group key management protocols
In decentralized protocols, a network is divided into many subgroups.
Each subgroup has a group manager to manage their own subgroups. The advantage is that if a subgroup manager goes down, it won‟t affect whole system. However, there is still a main system manager connecting all subgroup managers. When the system manager stops working, the whole system is still affected, and subgroups could not communicate with each other.
Distributed group key management protocols
In distributed protocols, there is no group manager, and the group key is generated and maintained by the group members themselves. The group key is usually generated together by all members contributing their own secure
16
information due to security requirements and each member‟s computation power. When the members grow up, the processing and communication time are also linearly increasing. To maintain the protocols robust, group membership list needs to be take care too.
In this thesis, we focus our paper on the centralized ones due to the flexibility of payments as mentioned in the motivation. The channel-based group key management, this thesis proposed, revises from the Sun‟s et al. „s conditional access system[17].
Following sections will delineate the method.