Simulation Results and Analytical Analysis

There are two parts in this section. First part is going to analyze the costs from simulation results in a quantitative way when rekeying operations triggered. Second part is the simulation results showing that maintaining balance trees in two situations as examples.

The simulation programs are writing in C++ and simulation environment is Windows operating system.

4.2.1 Simulation Results and Analytical Analysis

Cutting down delay time is critical issue when users start using services. Besides, with rapid development of internet, users are easier work together and break keys. To avoid collusion attacks, keys are need to frequently update and manager‟s loading are increase, too. Therefore, there are three indexes and five scenarios to analyze the efficiency of protocols in analytical analyses.

This thesis mainly modified from Sun‟s et al. CAS. Sun‟s et al. CAS „s feature is that users have flexibility to subscribe/ unsubscribe the service. Dynamic groups cause

50

key structure changing more frequently, and keys are harder to manage. This thesis‟s protocol is stronger, due to preventing more security issues described in section 4.1. On the other hand, service providers‟ loading is also an issue. There are some indexes to evaluate the efficiency when a member joining or leaving a group:

 Computational Costs:

When a member joins/leaves a certain group, the keys are going to update and generate by service provider. The service manager‟s computational costs include generate new keys and encrypting messages. Those two items are factors that affect the efficient key management.

 Number of rekeying messages

Rekeying messages are needed, when a member joins/leaves a group.

When there are less rekeying messages, there are less bandwidth costs and time to encrypt/decrypt messages.

 Storages

There are keys managing by service provider in this protocol. Those keys are including group key, acknowledge keys, key encryption keys, R values…etc.

As long as those keys decreasing, the storage costs are less to manager or each user.

Multicasting is a way to manage keys and transmit keys encrypted by KEK. It consumes lots of time to updates keys, when members frequently join or leave a group.

Numbers of rekeying messages is an index to measure the efficiency of updating keys and encrypting messages. If the group size is large and has lots of keys, rekeying messages‟ time costs and computational costs are tremendous and could not be ignored.

This section is focus on measuring rekeying messages, storages, and computational costs, and comparing with other protocols, like Simple Key Distribution Center (SKDC), Logical Key Hierarchy (LKH), and One-way Function Tree (OFT)[12][15]. The ways to

51

update keys are different when member joins and leaves a group. Therefore, there are four scenarios analyzing rekeying messages and computational costs: the join operation triggered, the leave operation triggered, the multi-join operation triggered, and the multi-leave operation triggered. Then, there is a scenario compares storages between IPTVP, SKDC, and LKH. The costs are summarized C_E,C_f,C_K, andC_R. Following clearly describe factors‟

analytical analyses in those five scenarios.

4.2.1.1 Scenario 1: The join operation triggered

There are two factors to analyze the efficiency between protocols in this scenario:

number of rekeying messages and computational costs.

When a member joins a group, the costs to rekey are shown in Table 9. IPTVP only needs to transmit a plain text to inform related member updating keys when a member joins a certain group. Other group protocols transmit new keys to group members encrypted by old keys when a member joins the group. On the other hand, group members need to compute in IPTVP than those group protocols.

Table 9: Efficiency comparisons when a member joins

SKDC LKH OFT IPTVP

IPTVP broadcasts only a message to all members no matter how many group members are there. SKDC, however, needs to send n of messages, when there are n of group members. OFT and LKH needs to send log2n or 2log2n messages, but those messages still are increasing according to group members.

52

In Figure 34, the managers‟ computational cost is only one in IPTVP, and the reason is same with number of messages transmitted when joining a member. OFT, LKH, SKDC are increasing computation costs as group member growing.

Figure 33: Number of rekeying messages when a member joins a group

Figure 34: The computational costs of service manager when a member joins a group

53

4.2.1.2 Scenario 2: The leave operation triggered

There are two factors to analyze the efficiency between protocols in this scenario:

number of rekeying messages and computational costs.

When a member leaves a group, the costs to rekey are shown in Table 13. IPTVP transmits new keys to those members held the keys before and encrypts keys by KEK.

The way is same with other group protocols, SKDC, LKH, and OFT. IPTVP transmits log2n numbers of messages, and it is same performance with OFT. LKH needs to send twice numbers of messages than OFT and IPTVP. SKDC is a worst situation. In Figure 35: Number of rekeying messages, there is a quantitative figure showing the number of messages transmitted when a member leaves.

In Figure 36, IPTVP manager‟ computational costs are the least. IPTVP only needs to encrypt the messages when a member leaves the group. OFT also encrypt the messages, but OFT needs to generate blind keys. LKH encrypts the messages, but those messages need to transmit are twice than IPTVP, 2(log₂n), when a member leaves a group. SKDC also is a worst situation

Table 10: Efficiency comparisons when a member leaves

SKDC LKH OFT IPTVP

Msg

N 2(log2n) log2n log2n

S_Ccomp

nCE CE(2log2n) CE(log2n)+2Cf(log2n) CE(log2n) +CK(log2n -1)

Max. M_comp

CE CE(log2n) CE+Cf(log2n) CK+CR+CE+(log2(n-1))(CR)

Min. M_comp

CE CE CE+Cf CR+CE

54

Figure 35: Number of rekeying messages when a member leaves a group

Figure 36: The computational costs of service manager when a member leaves a group

4.2.1.3 Scenario 3: The multi-join operation triggered

There are two factors to analyze the efficiency between protocols in this scenario:

number of rekeying messages and computational costs.

When more than one member join a group in same time, the costs to rekey are shown in Table 11. IPTVP only needs to transmit a plain text to inform related member

55

updating keys when members join a certain group. However, other group protocols transmit new keys to group members encrypted by old keys when a member joins the group. On the other hand, group members need to compute in IPTVP more than those group protocols.

Table 11: Efficiency analyses when members join a group

SKDC LKH OFT IPTVP

The quantitative comparisons show in Figure 37 and Figure 38. Both in Figure 37 and Figure 38 assume that there are 1024 group members, and random members join a group in a same time. The results are average number from 2000 set random members

In Figure 37, IPTVP broadcasts only a message to all members no matter how many group members join the group in the same time. SKDC, however, needs to send n+l of messages, when l members join a group in a same time. OFT and LKH needs to send 2*sl or sl messages, and are more than IPTVP.

In Figure 38, the managers‟ computational cost is only one in IPTVP, and the reason is same with number of messages transmitted when members join a group in a same time. OFT, LKH, SKDC are increasing computation costs as group member growing or numbers of joiners increasing.

56

Figure 37: Number of rekeying messages when members join a group

Figure 38: The computation costs of service manager when members join a group

In Figure 37 and Figure 38, there are curve lines instead of straight lines. The reason is some interior nodes‟ corresponding administration keys do not sent by managers. If an interior node‟ all leaves‟ members are new joiners, there is not necessary to send rekey messages to group members. Managers, instead, send those news keys by unicast to each new user. However, SKDC don‟t use administration keys. Hence, SKDC shows a straight line in simulation result figures.

57

4.2.1.4 Scenario 4: The multi-leave operation triggered

There are two factors to analyze the efficiency between protocols in this scenario:

number of rekeying messages and computational costs.

When members leave a group in a same time, the costs to rekey are shown in Table 13. IPTVP transmits new keys to those members who held the keys before and encrypts keys by KEK. The way is same with other group protocols, SKDC, LKH, and OFT.

IPTVP transmits sl-l numbers of messages, if there are l members leave the group in a same time. However, OFT and LKH needs to send 2sl-l and 2sl numbers of messages, and are more than IPTVP. SKDC is not a worst situation in this case, and it needs to send n-l numbers of messages.

There are quantitative figures in Figure 39 and Figure 40. Both in Figure 39 and Figure 40 assume that there are 1024 group members, and random members leave a group in a same time. The results are average number from 2000 set random members.

Figure 39 shows the number of multicast messages sent by manager when members leave a group in a same time. IPTVP manager sends least number of multicast messages. LKH is twice bigger due to each node‟s corresponding administration key need to send to both leaves.

In Figure 40, IPTVP manager‟ computational costs are the least. OFT needs to generate blind keys, causing C

E+2C

f. computational costs. LKH encrypts the messages, but those messages need to transmit to both leaves.

Table 12: Efficiency analyses when members leave a group

SKDC LKH OFT IPTVP

Msg

n-l 2sl-l

sl sl-l

58

Figure 39: Number of rekeying messages when members leave a group

Figure 40: The computational costs of service manager when members leave a group In Figure 39 and Figure 40, there are curve lines instead of straight lines. The reason is

59

some interior nodes‟ corresponding administration keys do not sent by managers. If an interior node‟ all leaves‟ members are leavers, manager do not send rekey messages to group members. However, SKDC don‟t use administration keys. Hence, SKDC shows a straight line in simulation result figures. Besides, IPTVP‟s computational costs are the least only when less than 250 group members leave a group, which the size of the group is 2¹⁰. As shown in Figure 40.

4.2.1.5 Scenario 5: Storage analyses

In this scenario, there are only storage analyses between protocols. There are number of keys service manager needs to keep and each user needs to keep. Those keys have different functions and those are MPK, KEK, AK, RGK, and R values.

As shown in Table 13 in a quantitative way. IPTVP provider has to keep twice number of keys than OFT and LKH providers. SKDC provider only needs to keep same number of members with keys. Correspond with service manager‟s storages, each member‟s storages in IPTVP service are twice big than in OFT and LKH services, and SKDC service‟ each member only needs to keep 2 keys. The simulation results are Figure 42 and Figure 41. With group members increasing, the storages raise.

Table 13: Storage analyses

SKDC LKH OFT IPTVP

S_St.

N 2n 2n 4n

M_St.

2 log2n+1 log2n+1 2(log2n+1)

60

Figure 41: Service manager's storages

Figure 42: Each member's storages

4.2.2 Simulation Results: Tree Balance

In this section, there are showing the simulation results in section 3.5. Those results assume that the trees are binary trees and in sequence order. Besides, the numbers of joiner and leaver are random numbers. The two situations are showing in following examples.

4.2.2.1 The number of joiners is more than a tree‟s capacity.

In this example, assume a tree with 16 leaf nodes and the numbers 4, 10, 18 leaf nodes are vacant. If eight members join the group in the same time, the tree needs to rebuild.

61

The new tree is 32 leaf nodes with 11 vacant leaf nodes. Firstly the vacant leaf nodes are occupied. Then the rest joiners are added after new tree constructed, as described in 3.5.2.

The results are Figure 43 and more clearly in Figure 44 and Figure 45.

Figure 43: The number of joiners is more than a tree‟s capacity

Figure 44: A tree is 16 leaf nodes with 3 vacant leaf nodes

Figure 45: The new tree is 32 leaf nodes with 11 vacant leaf nodes 4.2.2.2 The number of leavers is more than a half of tree‟s capacity

Suppose there are a tree with 32 leaf nodes, and 32 group members. When 18

62

members leave the group at the same time, the tree needs to reconstruct. If numbers of those 18 members are 10, 26, 38, 8, 32, 54, 36, 42, 34, 58, 44, 2, 6, 12, 14, 48, 50, 40, the simulation results are Figure 46 and Figure 48. Figure 47 and Figure 49 illustrate the results more specifically.

Figure 46: A tree with 32 leaf nodes, and 32 group members (1)

Figure 47: A tree with 32 leaf nodes, and 32 group members (2)

Figure 48: A new tree after reconstruction (1)

Figure 49: A new tree after reconstruction (2)

63

4.3 Discussions

In security analysis, there prevents collusion attacks and provide both forward and backward securities comparing with Sun‟s et al. CAS [17]. This thesis also provides stronger protocol comparing with improvement of Sun‟s et al. CAS [9]. In security requirements, this thesis provides same with other group protocols.

In analytical analysis, three indexes and five scenarios are used to analyze the efficiency of protocols. The three indexes are the computational costs, number of rekeying messages and storages. As described scenario 3 and scenario 4, the SKDC don‟t have administrative keys which is different with IPTVP, LKH and OFT. The computational costs and number of rekeying messages for SKDC‟s routinely updates are higher than LKH, OFT and IPTVP.

Therefore, we only compare IPTVP with the average results from LKH and OFT summarizations.

In scenario 1 and 3, manager‟s computational costs and rekeying messages sent are only one broadcast plain text. IPTVP is better than other protocols at least 98% when member/members join a group, as shown in Figure 51, Figure 50, Figure 52 and Figure 53.

When a member leaves a group, in scenario 2, IPTVP‟s service manager‟s computational costs are same with LKH, and the number of rekeying messages is same with OFT. IPTVP still is the least in three protocols. In scenario 4, IPTVP‟s both computational costs of service manager and rekeying messages are the least. IPTVP‟s numbers of rekeying messages are at least 40% less than other protocols, as shown in Figure 54. IPTVP‟s computational costs of service manager are at least 30% less than other protocols as shown in Figure 55. Even though, the storages are twice bigger comparing with OFT and LKH. This thesis provides a secure and efficient key management protocol. Finally, this thesis also completes the simulation experiment that keeping tree in balance.

64

Figure 50: The percentages that IPTVP less than other protocols' number of rekeying messages in scenario 1

Figure 51: The percentages that IPTVP less than other protocols‟ computational costs in scenario 1

Figure 52: The percentages that IPTVP less than other protocols' number of rekeying messages in scenario 3

65

Figure 53: The percentages that IPTVP less than other protocols‟ computational costs in scenario 3

Figure 54: The percentages that IPTVP less than other protocols' number of rekeying messages in scenario 4

Figure 55: The percentages that IPTVP less than other protocols‟ computational costs in scenario 4

66

在文檔中 一個針對IPTV服務以頻道分群為基礎的金鑰管理協定 (頁 63-80)