article

A survey of key management for secure group communication

Authors:

Sandro Rafaeli,

David HutchisonAuthors Info & Claims

ACM Computing Surveys (CSUR), Volume 35, Issue 3

Pages 309 - 329

https://doi.org/10.1145/937503.937506

Published: 01 September 2003 Publication History

Abstract

Group communication can benefit from IP multicast to achieve scalable exchange of messages. However, there is a challenge of effectively controlling access to the transmitted data. IP multicast by itself does not provide any mechanisms for preventing nongroup members to have access to the group communication. Although encryption can be used to protect messages exchanged among group members, distributing the cryptographic keys becomes an issue. Researchers have proposed several different approaches to group key management. These approaches can be divided into three main classes: centralized group key management protocols, decentralized architectures and distributed key management protocols. The three classes are described here and an insight given to their features and goals. The area of group key management is then surveyed and proposed solutions are classified according to those characteristics.

References

[1]

Ballardie, A. 1996. Scalable Multicast Key Distribution. RFC 1949.]]

Digital Library

[2]

Ballardie, A. and Crowcroft, J. 1995. Multicast specific security threats and counter-measures. In Proceedings of the Symposium on Network and Distributed System Security. (San Diego, Calif., Feb.).]]

Digital Library

[3]

Becker, C. and Wille, U. 1998. Communication complexity of group key distribution. In Proceedings of the 5th ACM Conference on Computer and Communications Security. (San Francisco, Calif., Nov.). ACM, New York.]]

Digital Library

[4]

Boyd, C. 1997. On key agreement and conference key agreement. In Proceedings of the Information Security and Privacy: Australasian Conference. Lecture Notes in Computer Science, vol. 1270. Springer-Verlag, New York, 294--302.]]

Digital Library

[5]

Briscoe, B. 1999. MARKS: Multicast key management using arbitrarily revealed key sequences. In Proceedings of the 1st International Workshop on Networked Group Communication. (Pisa, Italy, Nov.).]]

Digital Library

[6]

Burmester, M. and Desmedt, Y. 1994. A secure and efficient conference key distribution system (extended abstract). In Advances in Cryptology---EUROCRYPT 94, A. D. Santis, Ed., Lecture Notes in Computer Science, vol. 950. Springer-Verlag, New York, pp. 275--286.]]

[7]

Canetti, R., Garay, J., Itkis, G., Micciancio, D., Naor, M., and Pinkas, B. 1999a. Multicast Security: A Taxonomy and Some Efficient Constructions. In Proceedings of the IEEE INFOCOM. Vol. 2. (New Yok, N.Y., Mar.). 708--716.]]

[8]

Canetti, R., Malkin, T., and Nissim, K. 1999b. Efficient communication-storage tradeoffs for multicast encryption. In Advances in Cryptology---EUROCRYPT '99, J. Stem, Ed. Lectures Notes in Computer Science, vol. 1599. Springer-Verlag, New York, pp. 459--474.]]

[9]

Chang, I., Engel, R., Kandlur, D., Pendarakis, D., and Saha, D. 1999. Key management for secure internet multicast using boolean function minimization techniques. In IEEE INFOCOM. Vol. 2. (New York, March 1999), 689--698.]]

[10]

DeCleene, B., Dondeti, L., Griffin, S., Hardjono, T., Kiwior, D., Kurose, J., Towsley, D., Vasudevan, S., and Zhang, C. 2001. Secure group communications for wireless networks. In Proceedings of the MILCOM. (June).]]

[11]

Deering, S. 1989. Host Extensions for IP Multicasting. RFC 1112.]]

Digital Library

[12]

Diffie, W. and Hellman, M. E. 1976. New directions in cryptography. IEEE Trans. Inf. Theory IT-22, 6 (Nov.), 644--654.]]

Digital Library

[13]

Dondeti, L., Mukherjee, S., and Samal, A. 1999a. A distributed group key management scheme for secure many-to-many communication. Tech. Rep. PINTL-TR-207-99, Department of Computer Science, University of Maryland.]]

[14]

Dondeti, L., Mukherjee, S., and Samal, A. 1999b. Scalable secure one-to-many group communication using dual encryption. Comput. Commun. 23, 17 (Nov.), 1681--1701.]]

[15]

Fenner, W. 1997. Internet Group Management Protocol, Version 2. RFC 2236.]]

Digital Library

[16]

Goldreich, O., Goldwasser, S., and Micali, S. 1986. How to construct random functions. J. ACM 33, 4 (Oct.), 792--807.]]

Digital Library

[17]

Hardjono, T. and Tsudik, G. 2000. IP multicast security: Issues and directions. Ann. Telecom. 324--340.]]

[18]

Harney, H. and Muckenhirn, C. 1997a. Group Key Management Protocol (GKMP) Specification. RFC 2093.]]

Digital Library

[19]

Harney, H. and Muckenhirn, C. 1997b. Group Key Management Protocol (GKMP) Architecture. RFC 2094.]]

Digital Library

[20]

Kim, Y., Perrig, A., and Tsudik, G. 2000. Simple and fault-tolerant key agreement for dynamic collaborative groups. In Proceedings of the 7th ACM Conference in Computer and Communication Security, (Athens, Greece Nov.). (S. Jajodia and P. Samarati, Eds.), pp. 235--241.]]

Digital Library

[21]

Li, M., Poovendran, R., and Berenstein, C. 2001. Optimization of key storage for secure. In Proceedings of the 35th Annual Conference on Information Sciences and Systems (CISS). (John Hopkins, Mar.).]]

[22]

McDaniel, P., Prakash, A., and Honeyman, P. 1999. Antigone: A flexible framework for secure group communication. In Proceedings of the 8th USENIX Security Symposium. (Washington, D.C. Aug.). 99--114.]]

Digital Library

[23]

McGrew, D. A. and Sherman, A. T. 1998. Key establishment in large dynamic groups using one-way function trees. Tech. Rep. No. 0755 (May), TIS Labs at Network Associates, Inc., Glenwood, Md.]]

[24]

Meyer, D. 1998. Administratively Scoped IP Multicast. RFC 2365.]]

Digital Library

[25]

Mills, D. L. 1992. Network Time Protocol (Version 3) Specification, Implementation and Analysis. RFC 1305.]]

Digital Library

[26]

Mittra, S. 1997. Iolus: A framework for scalable secure multicasting. In Proceedings of the ACM SIGCOMM. Vol. 27, 4 (New York, Sept.) ACM, New York, pp. 277--288.]]

Digital Library

[27]

Molva, R. and Pannetrat, A. 1999. Scalable multicast security in dynamic groups. In Proceedings of the 6th ACM Conference on Computer and Communications Security. (Singapore, Nov.). ACM, New York, 101--112.]]

Digital Library

[28]

Moyer, M. J., Rao, J. R., and Rohatgi, P. 1999. A survey of security issues in multcast communications. IEEE Netw. Mag. 13, 6 (Nov./Dec.), 12--23.]]

Digital Library

[29]

Perrig, A. 1999. Efficient collaborative key management protocols for secure autonomous group communication. In Proceedings of the International Workshop on Cryptographic Techniques and E-Commerce (CrypTEC'99). (Hong Kong, China, July). M. Blum and C H Lee, Eds. City University of Hong Kong Press, Hong Kong, China, pp. 192--202.]]

[30]

Perrig, A., Song, D., and Tygar, J. D. 2001. ELK, A new protocol for efficient large-group key distribution. In Proceedings of the IEEE Symposium on Security and Privacy. (Oakland, Calif., May). IEEE Computer Society Press, Los Alamitos, Calif.]]

Digital Library

[31]

Rafaeli, S. and Hutchison, D. 2002. Hydra: A decentralised group key management. In Proceedings of the 11th IEEE International WETICE: Enterprise Security Workshop, A. Jacobs, Ed. (Pittsburgh, Pa., June). IEEE Computer Society Press, Los Alamitos, Calif.]]

Digital Library

[32]

Rafaeli, S., Mathy, L., and Hutchison, D. 2001. EHBT: An efficient protocol for group key management. In Proceedings of the 3rd International Workshop on Networked Group Communications. (London, U.K., Nov.). Lecture Notes in Computer Science, vol. 2233. Springer-Verlag, New York, pp. 159--171. Springer-Verlag.]]

Digital Library

[33]

Rivest, R. 1992. The MD5 Message-Digest Algorithm. RFC 1321.]]

Digital Library

[34]

Rodeh, O., Birman, K., and Dolev, D. 2000. Optimized group rekey for group communication systems. In Network and Distributed System Security. (San Diego, Calif., Feb.).]]

[35]

Schneier, B. 1996. Applied Cryptography Second Edition: protocols, algorithms, and source code in C. Wiley, New York. ISBN 0-471-11709-9.]]

Digital Library

[36]

Setia, S., Koussih, S., and Jajodia, S. 2000. Kronos: A scalable group re-keying approach for secure multicast. In Proceedings of the IEEE Symposium on Security and Privacy. (Oakland Calif., May). IEEE Computer Society Press, Los Alamitos, Calif.]]

Digital Library

[37]

Steiner, M., Tsudik, G., and Waidner, M. 1996. Diffie-Hellman key distribution extended to group communication. In SIGSAC Proceedings of the 3rd ACM Conference on Computer and Communications Security. (New Delhi, India, Mar.). ACM, New York, pp. 31--37.]]

Digital Library

[38]

Waldvogel, M., Caronni, G., Sun, D., Weiler, N., and Plattner, B. 1999. The VersaKey framework: Versatile group key management. IEEE J. Sel. Areas Commun. (Special Issue on Middleware) 17, 9 (Aug.), 1614--1631.]]

[39]

Wallner, D., Harder, E., and Agee, R. 1999. Key Management for Multicast: Issues and Architectures. RFC 2627.]]

Digital Library

[40]

Wegener, I. 1987. The Complexity of Boolean Functions. Wiley, New York. ISBN: 0-471-91555-6.]]

Digital Library

[41]

Weiler, N. 2001. SEMSOMM---A scalable multiple encryption scheme for one-to-many multicast. In Proceedings of the 10th IEEE International WETICE Enterprises Security Workshop, (Cambridge, Mass., June). IEEE Computer Society Press, Los Alamitos, Calif.]]

Digital Library

[42]

Wong, C. K., Gouda, M. G., and Lam, S. S. 2000. Secure group communications using key graphs. IEEE/ACM Trans. Netw. 8, 1 (Feb.), 16--30.]]

Digital Library

Cited By

Hillmann PKnüpfer MGuggemos TStreit K(2024)CAKE: An Efficient Group Key Management for Dynamic GroupsSSRN Electronic Journal10.2139/ssrn.4864047Online publication date: 2024
https://doi.org/10.2139/ssrn.4864047
Xiao MHuang QChen WLyu CSusilo W(2024)Domain-Specific Fine-Grained Access Control for Cloud-Edge Collaborative IoTIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.341971619(6499-6513)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3419716
Lu RXie GLi RXu WLei J(2024)TrinitySec: Trinity-Enabled and Lightweight Security Framework for CAN-FD CommunicationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.331490821:4(2704-2719)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3314908
Show More Cited By

Index Terms

A survey of key management for secure group communication

Recommendations

Secure receiver access control for IP multicast at the network level

The classical service model of IP multicast is open; anyone can receive multicast data. When using this model, it is impossible to ensure that receivers are authorized to receive the data, or (if appropriate) to generate any revenue from a service based ...
A Survey of Group Key Management
CSSE '08: Proceedings of the 2008 International Conference on Computer Science and Software Engineering - Volume 03

Group-oriented applications are urgent in network communications for bandwidth economizations. The security issues in multicast are also urgent to be addressed. And the group key management is the foundation stone of multicast security. It has been ...
A New Model for Reliable and Secure Multicast
ICCIS '13: Proceedings of the 2013 International Conference on Computational and Information Sciences

In computer network, multicast is an efficient scheme for one-to-many and many-to-many communication. Although research on multicast has begun as early as the rise of Internet, multicast is still not widely deployed in the current backbone Internet. ...

Comments

Information & Contributors

Information

Published In

cover image ACM Computing Surveys

ACM Computing Surveys Volume 35, Issue 3

September 2003

107 pages

ISSN:0360-0300

EISSN:1557-7341

DOI:10.1145/937503

Issue’s Table of Contents

Copyright © 2003 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 September 2003

Published in CSUR Volume 35, Issue 3

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

564
Total Citations
View Citations
9,736
Total Downloads

Downloads (Last 12 months)163
Downloads (Last 6 weeks)4

Reflects downloads up to 12 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

Hillmann PKnüpfer MGuggemos TStreit K(2024)CAKE: An Efficient Group Key Management for Dynamic GroupsSSRN Electronic Journal10.2139/ssrn.4864047Online publication date: 2024
https://doi.org/10.2139/ssrn.4864047
Xiao MHuang QChen WLyu CSusilo W(2024)Domain-Specific Fine-Grained Access Control for Cloud-Edge Collaborative IoTIEEE Transactions on Information Forensics and Security10.1109/TIFS.2024.341971619(6499-6513)Online publication date: 2024
https://doi.org/10.1109/TIFS.2024.3419716
Lu RXie GLi RXu WLei J(2024)TrinitySec: Trinity-Enabled and Lightweight Security Framework for CAN-FD CommunicationIEEE Transactions on Dependable and Secure Computing10.1109/TDSC.2023.331490821:4(2704-2719)Online publication date: Jul-2024
https://doi.org/10.1109/TDSC.2023.3314908
Kose BCoskun VCapa MUluoz H(2024)Security Mechanisms in Hybrid Environments: The Case of Token Online Application2024 International Congress on Human-Computer Interaction, Optimization and Robotic Applications (HORA)10.1109/HORA61326.2024.10550745(1-5)Online publication date: 23-May-2024
https://doi.org/10.1109/HORA61326.2024.10550745
Guttmann-Beck NStern M(2024)Decomposing the feasibility of Clustered Spanning Tree by PathsDiscrete Applied Mathematics10.1016/j.dam.2022.11.009354(160-180)Online publication date: Sep-2024
https://doi.org/10.1016/j.dam.2022.11.009
Cai JZhang ZLi MLi N(2024)A group authenticated key agreement protocol for secure communication between distributed power terminal devicesComputers and Electrical Engineering10.1016/j.compeleceng.2024.109214118(109214)Online publication date: Sep-2024
https://doi.org/10.1016/j.compeleceng.2024.109214
Prantl TBauer AEngel SHorn LKrupitzer CIffländer LKounev S(2024)Benchmarking of Secure Group Communication schemes with focus on IoTDiscover Data10.1007/s44248-024-00010-62:1Online publication date: 23-May-2024
https://doi.org/10.1007/s44248-024-00010-6
Pathak SBaurasi JDas M(2024)Addressing Single Point of Failure in Group Communication of Constrained EnvironmentsApplied Soft Computing and Communication Networks10.1007/978-981-97-2004-0_19(265-274)Online publication date: 28-Jul-2024
https://doi.org/10.1007/978-981-97-2004-0_19
Vinitha KThirumoorthy PHemalatha S(2023)Data Storage, Data Forwarding, Data Retrieval With Big Data Deepfakes in Secure Cloud StorageHandbook of Research on Advanced Practical Approaches to Deepfake Detection and Applications10.4018/978-1-6684-6060-3.ch009(106-119)Online publication date: 3-Jan-2023
https://doi.org/10.4018/978-1-6684-6060-3.ch009
Liu JXie JZhang JLiu BChen XFeng H(2023)A Secure Secret Key Agreement Scheme among Multiple Twinning Superlattice PUF HoldersSensors10.3390/s2310470423:10(4704)Online publication date: 12-May-2023
https://doi.org/10.3390/s23104704
Show More Cited By

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Article

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Issue’s Table of Contents