Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

Gestion de clés et sécurité multipoint: étude et perspectives

Key management and multicast security: A survey

  • Published:
Annales Des Télécommunications Aims and scope Submit manuscript

Résumé

La communication multipoint (ou communication de groupe) est un moyen efficace pour envoyer des données aux membres d’un groupe. Plusieurs types d’applications utilisant les communications multipoint nécessitent un certain niveau de sécurité: authentification, intégrité, confidentialité et contrôle d’accès. Comme les techniques implémentant ces services dans les communications point-à-point ne peuvent être appliquées telles quelles aux communications de groupe, la sécurité des communications de groupe a fait l’objet de plusieurs travaux. La gestion de clés qui constitue la brique de base des services de sécurité a été largement étudiée et a donné lieu à plusieurs publications. Dans cet article, nous décrivons les différentes approches existantes pour gérer et distribuer les clés dans un groupe. Nous discutons les avantages et les inconvénients des protocoles proposés dans la littérature et présentons une classification et une étude comparative de ces protocoles. Nous terminons cet article par quelques critiques et perspectives.

Abstract

Multicast routing is an efficient communication mechanism for group-oriented applications. Several such applications need security guarantees: authentication, integrity confidentiality and access control. Techniques implementing these security services for point-to-point communications can not be directly used in a group communication settings. Consequently, group communication security has been extensively studied. Much current research has been dedicated to key management, which is a building block for all security mechanisms. In this paper, we describe the different existing approaches for managing keys within a group. We discuss the advantages and drawbacks of key management protocols existing in the literature and present a classification and a comparative study of these protocols. We also provide some criticisms and future directions.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Subscribe and save

Springer+ Basic
$34.99 /Month
  • Get 10 units per month
  • Download Article/Chapter or eBook
  • 1 Unit = 1 Article or 1 Chapter
  • Cancel anytime
Subscribe now

Buy Now

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Références

  1. Amir (Y.),Ateniese (G.),Hasse (D.),Kim (Y.),Nita-Rotaru (C.),Schlossnagle (T.),Schultz (J.),Stanton (J.),Tsudik (G.), “Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments”,Proc. 20 th IEEE Intl. Conf. On Distributed Computing Systems, Taipei, Taiwan, pp. 333–343, April, 2000.

  2. Agarwal (D. A.),Cevassut (O.),Thompson (M. R.),Tsudik (G.), “An Integrated Solution for Secure group Communication in Wide-Area Networks”,IEEE Symposium on Computers and Communications, July 2001.

  3. Amir (Y.),Danilov (C.),Stanton (J.), “A Low Latency, Loss Tolerant Architecture and protocol For Wide Area Group Communication”,In Proc. Of intl. Conf. On Dependable Systems and Networks, pp. 327–336, June 2000.

  4. Amir (Y.),Kim (Y.),Nita-Rotaru (C.),Schultz (J.),Stanton (J.),Tsudik (G.), “Exploring Robustness in group key Agreement”, In Proc. ofIEEE ICDS’2001, April 2001.

  5. Amir (Y.), Kim (Y.), Nita-Rotaru (C.), Tsudik (G.), “On the performance of Group key Agreement Protocols”, CTR CNDS-2001-5, Department of Computer Science, Johns Hopkins University, Baltimore, November 2001.

    Google Scholar 

  6. Amir (Y.),Kim (Y.),Nita-Rotaru (C.),Tsudik (G.), “On the performance of Group key Agreement Protocols”, In Proc. of the22nd International Conference on Distributed Computing Systems (ICDCS 2002), Vienna, Austria, July 2–5, 2002.

  7. Adelman (L.), Rivest (R.), Shamir (A.), “A Method for Obtaining Digital Signatures and Publickey Cryptosystems”, Communications of the ACM, 21(2), pp. 120–126, February 1978.

    Article  Google Scholar 

  8. Amir (Y.),Stanton (J.), “The Spread Wide Area Group Communication System”, Tech. Rep. TR98-4, Department of Computer Science, John Hopkins University, 1998.

  9. Ateniese (G.),Steiner (M.),Tsudik (G.), “New Multi-party Authentication Services and Key Agreement Protocols”, inIEEE Journal of Selected Areas in Communications, 18(4), April 2000.

  10. Ateniese (G.),Steiner (M.),Tsudik (G.), “Authenticated Group Key Agreement and Friends”, In proc. of 5th ACMConf. on Computer and Communication Security, pp. 17–26, November 1998.

  11. Ballardie (T.), “Scalable Multicast Key Distribution”, RFC 1949, May 1996.

  12. Bettahar (H.),Bouabdallah (A.),Challal (Y.), “AKMP: an Adaptive Key Management Protocol for Secure Multicast”, In proc. of IC3N (11th International Conference on Computer Communications and Networks), USA, October 2002.

  13. Ballardie (T.),Crowcroft (J.), “Multicast-specific Security Threats and Conter-Measures”, In proc. ofSymposium on Network and Distributed System Security, pp. 2–16, San Diego, California, February 1995.

  14. Bergadano (F.),Cavagnino (D.),Crispo (B.), “Issues in Multicast Security”, Cambridge Intl. Workshop on Security Protocols,uk, lncs 1796,Springer, pp. 119–131, April 1999.

  15. Ballardie (T.),Chain (B.),Zhang (Z.), “Core based Trees (CBT version 3) Multicast Routing”, Internet draft, August 1998.

  16. Burmester (M.), Desmedt (Y.), “A Secure and Efficient Conference Key Distribution System”, In I. B. Damgard, editor, Advances in Cryptography- EuroCrypt’94, Lecture Notes in Computer Science.Springer-Verlag, Berlin Germany, 1994.

    Google Scholar 

  17. Blundo (C.),De Santis (A.),Herzberg (A.),Kutten (S.),Vaccaro (U.),Yung (M.), “Perfectly-Secure Key Distribution for Dynamic Conferences”, Information and Computation, December 1997.

  18. Ballardie (T.),Francis (I. P.),Crowcroft (J.), “Core Based Trees: an Architecture for Scalable Inter-domain Multicast Routing”, In proc. of ACM SIGCOMM’93, San Fransisco, pp. 85–95, 1993.

  19. Boyd (C.), “On Key Agreement and Conference Key Agreement”, InACISP: Information Security and Privacy Australasian Conf., pp. 294–302,Springer-Verlag, 1997.

  20. Becker (K.), Wille (U.), “Communication Complexity of Group Key Distribution”, In proc. ofACM Conf. On Computer and Communication Security, USA, November 1998.

  21. Chiou (G. H.), Chen (W. T.), “Secure Broadcast using Secure Lock”, IEEE transactions on Software Engineering, 15(8):929–934, August 1989.

    Article  Google Scholar 

  22. Challal (Y.),Bettahar (H.),Bouabdallah (A.), “A scalable and adaptive key management approach for group communication”,Sécurité et Architecture Réseaux: SAR’2003, Marrakech, Juillet 2003.

  23. Chaddoud (G.),Chrisment (I.),Schaff (A.), “Secure Multicast Survey”, In proc. of the15 th IFIP International Conference on Information Security (IFIP/SEC 2000), China, August 2000.

  24. Chaddoud (G.),Chrisment (I.),Schaff (A.), “Baal: Sécurisation des communications de Groupes Dynamiques”, In proc. of the8 e Colloque Francophone sur l’Ingénierie des Protocoles (CFIP’2000), Toulouse, France, Octobre, 2000.

  25. Chaddoud (G.),Chrisment (I.),Schaff (A.), “Dynamic Group Communication Security”, LNCS of the Mathematical Methods, Models and Architectures for Network Security Systems(MMM-ACNS 2001), Russia, May 2001.

  26. Chaddoud (G.),Chrisment (I.),Chaff (A.), “Dynamic Group Key Management” In proc. of the6 th IEEE Symposium on Computers and Communications (ISCC2001), Tunisie, Juin, 2001.

  27. Canneti (R.), Garay (J.), Itkis (G.), Micciancio (D.), Naor (M.), Pinkas (B.), “Multicast Security: A Taxonomy and Some Efficient Constructions”, In Proc. of the INFOCOM99, vol. 2, pp. 708–716, New York, NY, USA, March 1999.

    Google Scholar 

  28. Chang (I.),Engel (R.),Kandlur (D.),Pendarakis (D.),Saha (D.), “Key Management for Secure Internet Multicast using Boolean Function Minimization Techniques”, In IEEE INFOCOM99, USA, March 1999.

  29. Canneti (R.),Malkin (T.),Nissim (K.), “Efficient Communication-Storage Tradeoffs for Multicast Encryption”, In Proc. ofEUROCRYPT Conf., pp. 459–474, 1999.

  30. Canetti (R.),Pinkas (B.), “A Taxomnomy of Multicast Security Issues”, Internet draft, 〈draft-canetti-secure-multicast-taxonomy-01.txt〉, 1999.

  31. Chu (H.),Qiao (L.),Nahrstedt (K.), “A Secure Multicast Protocol with Copyright Protection”, In proc. ofIS&tspie’s Symposium on Electronic Imaging: Science and Technology, January 1999.

  32. Caronni (G.),Waldvogel (M.),Sun (D.),Plattner (B.), “Efficient Security for large and Dynamic Multicast Groups”, InProc. of 7th IEEE Workshop on Enabling Technologies, (WETICE’98), IEEE Computer Society Press, pp. 376–383, June 1998.

  33. Dunigan (T.),Cao (C.), “Group Key Management”, Technical Report, ORNL/TM-13470, Computer Science and Mathematics Division, U. S. Department of Energy, 1998.

  34. Deering (S.E.), “Multicast Routing in Internetworks and Extended LANS”. In proc. of theACM SIGCOMM’88, Stanford, California, August 1988.

  35. Diffie (W.),Hellman (M.), “New Directions in Cryptography”. IEEE Transactions on Information Theory, IT-22(6), pp. 644–654, November 1976.

  36. Dondeti (L. R.),Mukherjee (S.),Samal (A.), “Survey and Comparison of secure Communication protocols”. Technical report, University of Nebraska-Lincoln, 1999.

  37. Dondeti (L. R.),Mukherjee (S.),Samal (A.), “A Dual Encryption Protocol for Scalable Secure Multicasting”. In proc. of the 4th IEEE Symposium on Computers and Communications (ISCC99), Egypt, July 1999.

  38. Dondeti (L. R.),Mukherjee (S.),Samal (A.), “Scalable Secure One-to-many Group Communication using Dual Encryption”. Technical report, UNL-CSE-1999-001, University of Nebraska-Lincoln, February 1999.

  39. Dondeti (L. R.),Mukherjee (S.),Samal (A.), “DISEC: a Distributed Framwork for Scalable Secure Many-to-May Communication”. In proc. of the5 th IEEE Symposium on Computers and Communications (ISCC00), France, July 2000.

  40. Fenner (W.), “Internet Group Management protocol”. Version 2, RFC 2236, November 1997.

  41. Fekete (A.),Lynch (N.),Shvartsman (A.), “Specifying and Using a Partionable Group Communication Service”. In ACM PODC’97, Santa Barbara, CA, August 1997.

  42. Fiat (A.), Naor (M.), “Broadcast encryption”. In Advances in Cryptology-CRYPTO’93, Douglas R. Stinson, Ed. 1993, vol. 773 of Lecture Notes in Computer Science, pp. 480–491,Springer-Verlag, Berlin Germany, 1993.

    Google Scholar 

  43. Ford (W.), “Computer Communication Security: Principles, Standard Protocols and Techniques”.Prentice Hall, 1994.

  44. Garcia-Molina (H.), Spauster (A.), “Ordered and Reliable Multicast Communication”. ACM Transactions on Computer Systems, 9(3), pp.242–271, August 1991.

    Article  Google Scholar 

  45. Gong (L.),Shacham (N.), “Elements of Trusted Multicasting”. In Proc. Of the2 nd ACM Conf. On Computer and Communication Security, 1994.

  46. Gong (L.),Shacham (N.), “Trade-offs in Routing Private Multicast Traffic”. In Proc. ofGLOBECOM95, Singapore, November 1995.

  47. Hardjono (T.),Cain (B.),Doraswamy (N.), “A Framework for Group key Management for Multicast Security”. IETF Internet Draft (work in progress), August 2000.

  48. Hardjono (T.),Cain (B.),Monga (I.), “Intra-Domain Group key Management Protocol”. IETF Internet Draft (work in progress), September 2000.

  49. Harney (H.),Muckenhirn (C.), “Group key Management Protocol” (GKMP) Architecture. RFC 2094, July 1997.

  50. Hardjono (T.),Tsudik (G.), “IP Multicast Security: Issues and Directions”. Annales des Télécommunication, 55, no 7–8, juillet-août, 2000.

  51. Ingemarsson (I.), Tang (D.), Wong (C.), “A Conference Key Distribution System”, IEEE Transactions on Information Theory, 28(5), pp. 714–720, September 1982.

    Article  MATH  MathSciNet  Google Scholar 

  52. Just (M.), “Methods of Multi-party Cryptographic Key Establishment”. Master Thesis, School of Computer Science, Carleton University, Ontario, USA, 1994.

    Google Scholar 

  53. Just (M.),Vaudenay (S.), “Authenticated Multi-Party key Agreement”. In Advances in CryptologyEUROCRYPT’96, May 1996.

  54. Kim (Y.), “Group key Management”. PhD. Dissertation Proposal, Juin, 2001.

  55. Kim (Y.),Perrig (A.),Tsudik (G.), “Simple and fault-Tolerant Key Agreement for Dynamic Collaborative groups”Intl. Conf. on Computer and Communication Security, pp. 235–244, November 2000.

  56. Kim (Y.),Perrig (A.),Tsudik (G.), “Communication-Efficient group Key Agreement”. In Proc. ofheip sec 2001, June 2001.

  57. Kruus (P. S.), “A Survey of Multicast Security Issues and Architectures”. in Proc. ofNational Information System Conference, October 1998.

  58. Li (X. S.),Yang (Y. R.),Gouda (M. G.),Lam (S. S.), “Batch Rekeying for secure group communication”. In proc., of the10th Intl., www Conference, Hong Kong, China, May 2001.

  59. Mittra (S.), “Iolus: A Framework for Scalable Secure Multicasting”. In proc.ACM SIGCOMM, pp. 277–288, Cannes, France, September 1997.

  60. Menezes (A. J.),Van Oorschot (P. C.),Vanstone (S. A.), “Handbook of Applied Cryptography”. CRC press series on Discrete mathematics and its Applications. CRC Press 1997, ISBN 0-8493-8523-7.

  61. Molva (R.),Pannetrat (A.), “Scalable Multicast Security in Dynamic Groups”. In6 th ACM Conference on Computer and Communications Security, Singapore, pp. 101–112, November 1999.

  62. McGrew (D. A.), Sherman (A. T.), “Key Establishment in large dynamic groups Using one-way Function trees”, Technical Report TR-0755, TIS labs at Network Associates, Inc., Glenwood, MD, May 1998.

    Google Scholar 

  63. Poovendran (R.),Ahmed (S.),Corson (S.),Baras (J.), “A Scalable Extension of group Key Management Protocol”. In Proc. of the2nd Annual ATRIP Conference, Maryland, pp. 187–191, February 1998.

  64. Poovendran (R.),Corson (S.),Baras (J.), “A Shared Key Generation procedure Using Fractional Keys”. InIEEE Milcom 98, October 1998.

  65. Perrig (A.), “Efficient Collaborative key Management protocols for Secure Autonomous Group Communication”. InProc. of Intl. Workshop on Cryptographic techniques and E-commerce, 1999.

  66. Perrig (A.),Song (D.),Tygar (J. D.), “ELK, a new protocol for Efficient large-Group Key Distribution”. In Proc. ofIEEE Security and privacy Symposium, S&P2001, May 2001.

  67. Rodeh (O.),Birman (K.),Dolev (D.), “Optimized Group Rekey for Group Communication Systems”. In proc. ofNetwork and Distributed System Security Conference, California, pp. 39–48, 2000.

  68. Rodeh (O.),Birman (K.),Dolev (D.), “A Study of group Rekeying”. Technical Report TR 200-1791, Cornell University, March 2000.

  69. Rodeh (O.),Birman (K.),Dolev (D.), “Using AVL Trees for Fault Tolerant Group Key Management”. Technical Report TR 200-1823, Cornell University, October 2000.

  70. Rodeh (O.),Birman (K.),Dolev (D.), “Optimized Group Rekey for Group Communication Systems”. TR2, Department of Computer Science, Hebrew University, 1999.

  71. Renesse (R. V.),Birman (K. P.),Hayden (M.),Vaysburd (A.),Karr (D.), “Building Adaptative Systems Using Ensemble”. TR 97-1638, Cornell University, July 1997.

  72. Rafaeli (S.),Mathy (L.),Hutchison (D.), “An Efficient One-Way Function Tree Implementation for Group Key Management”. TR, Computing Department, Lancaster University, 2001.

  73. Rafaeli (S.),Mathy (L.),Hutchison (D.), “EHBT: An efficient protocol for group key management”.3rd Intl. Workshop on Networked group Communication, NGC2001, London, November 2001.

  74. Seba (H.),Bouabdallah (A.),Bettahar (H.),Badache (N.),Tandjaoui (D.), “A Hybrid Approach to Group Key Management”. In Proc. of the3 rd International Network Conference inc02, Plymouth, UK, July 2002.

  75. Shields (C.),Garcia-Luna-Aceves (J. J.), “The Ordred Core Based Tree Protocol”. In Proc. of theIEEE INFOCOM97, Japan, April 1997.

  76. Shields (C.),Garcia-Luna-Aceves (J. J.), “KHIP-A Scalable Protocol for Multicast Routing”. In Proc. of theACM SIGCOMM99, USA, September 1999.

  77. Setia (S.),Koussih (S.),Jajodia (S.), “Kronos: A Scalable Group Re-Keying Approach for Secure Multicast”, In Proc. of21 st IEEE Computer Society Symposium on Research in Security and Privacy, 2000.

  78. Sloane (N. J. A.),MacWilliams (F. J.), “The Theory of Error Correcting Codes”. ISBN: 0444851933; 9th reprint 1998 edition North-Holland, New York, 1988.

  79. Steer (D.),Strawczynski (L. L.),Diffie (W.),Weiner (M.), “A Secure Audio Teleconference System”. In CRYPTO88, 1988.

  80. Snoeyink (J.),Suri (S.),Varghese (G.), “A Lower Bound for Multicast Key Distribution”. In proc. ofINFOCOM 2001, 2001.

  81. Stallings (W.), “Network and Internetwork Security”.Prentice Hall, 1995.

  82. Stinson (D.R.), “Cryptography: Theory and Practice”. CRC Press Series on Discrete Mathematics and its Applications.CRC Press, Inc. 1995.

  83. Steiner (M.),Tsudik (G.),Waidner (M.), “key Agreement in Dynamic Peer Groups”.IEEE Transactions on parallel and Distributed Systems, August 2000.

  84. Steiner (M.),Tsudik (G.),Waidner (M.), “Diffie-Hellman Key Distribution Extended to group Communication”.ACM Symposium on Computer and Communication Security, March 1996.

  85. Steiner (M.),Tsudik (G.),Waidner (M.), “Cliques: A New Approach to group key Agreement”. Technical Report RZ 2984,ibm Research, December 1997.

  86. Steiner (M.),Tsudik (G.),Waidner (M.), “Cliques: A New Approach to group key Agreement”. In Proc. ofIEEE Conference on Distributed Computing Systems, May 1998.

  87. Steiner (M.), “Secure Group Key Agreement”. PhD thesis, Saarland University, March 2002.

  88. Tzeng (W.),Tzeng (Z.), “Round-Efficient Conference Key Agreement Protocols with Provable Security”. In Proc. Of Advances in Cryptology.asiacrypt, 2000. LNCS 1976,Springer Verlag, pp. 614–618, 2000.

  89. Tzeng (W.),Tzeng (Z.), “A Practical and Secure Fault-tolerant Conference-Key Agreement Protocol”, In Proc. of Intl. Workshop on Practice and Theory in Public-Key Cryptography (PKC00), LNCS 1751,Springer Verlag, pp. 1–13, 2000.

  90. Vitenberg (R.),Keidar (I.),Chockler (G.),Dolev (D.), “Group Communication Specifications: A Comprehensive Study”.mit Technical report MIT-LCS-TR-790, September 1999.

  91. Waldvogel (M.), Caronni (G.), Sun (D.), Weiler (N.), Plattner (B.), “The Versakey Framework: Versatile Group Key Management”,IEEE Journal on selected Areas in Communications (Special Issue on Middleware), 17(9), pp. 1614–1631, August 1999.

    Article  Google Scholar 

  92. Weiler (N.), “SEMSOMM: A Scalable Multiple Encryption Scheme for One-To-Many Multicast”. In proc. ofIEEE WET ICE Workshop on Enterprise Security, Cambridge, USA, June 2001.

  93. Wong (W.),Gouda (M.),Lam (S.), “Secure group Communication using Key Graphs”. Technical Report TR-97-23, University of Texas at Austin, Department of Computer Sciences, August 1997.

  94. Wong (W.),Gouda (M.),Lam (S.), “Secure group Communication using Key Graphs”. In Proc: of theACM SIGCOMM’98 Conference on Applications, Technologies, Architectures, and Protocols for Computer Communication, pp. 68–79, 1998. Appeared inACM SIGCOMM Computer Communication Review, Vol. 28, No. 4, October 1998.

  95. Wallner (D.),Harder (E.),Agee (R.), “Key management for Multicast: Issues and architectures”. RFC 2627, June 1999.

  96. Wong (C.K.),Lam (S. S.), “Keystone: A Groupe Key Management Service”. In proc. of the Intl.Conf. on telecommunication, Acapulco, Mexico, May 2000.

  97. Yang (Y. R.),Li (X. S.),Zhang (X. B.),Lam (S. S.),Lee (D.), “Reliable Group Rekeying: A Performance Analysis”. In proc. ofACM SIGCOMM 2001, San Diego, August 2001.

  98. Zhang (X. B.),Lam (S. S.),Lee (D.),Yang (Y.R.), “Protocol Design for Scalable and Reliable Group Rekeying”, In proc. ofSPIE Conference on Scalability and Traffic Control in IP Networks, Denver, CO, August 2001.

Download references

Author information

Authors and Affiliations

  1. Heudiasyc-UMR CNRS 6599, UTC, BP 20529, 60205, Compiègne Cedex, France

    Hamida Seba, Abdelmadjid Bouabdallah & Hatem Bettahar

  2. LSI, USTHB, El-Alia, Bab-Ezzoaur, BP 32, 16111, Alger, Algérie

    Nadjib Badache

  3. CERIST, 3 rue des Frères Aissaou, Ben Aknoun, Alger, Algérie

    Djamal Tandjaoui

Authors
  1. Hamida Seba
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Abdelmadjid Bouabdallah
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Nadjib Badache
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Hatem Bettahar
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Djamal Tandjaoui
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Hamida Seba.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Seba, H., Bouabdallah, A., Badache, N. et al. Gestion de clés et sécurité multipoint: étude et perspectives. Ann. Télécommun. 58, 1090–1129 (2003). https://doi.org/10.1007/BF03001873

Download citation

  • Received:

  • Accepted:

  • Issue Date:

  • DOI: https://doi.org/10.1007/BF03001873

Mots clés

Key words

Search

Navigation