Open Access  Subscription or Fee Access

With the emergence of many group-oriented distributed applications such as tele / video-conferencing and multiplayer games, there is a need for providing group-oriented communication privacy and data integrity. For this members of the group can establish a common secret key for encrypting group communication data. Traditional secure group communication problems differ from the distributed group key agreement on the characteristics such as distributed, collaborative and dynamic nature. Instead of performing individual rekeying operations, an interval-based approach of rekeying is adopted i.e., Rebuild algorithm, Batch algorithm and the Queue-batch algorithm. The interval-based approach provides rekeying efficiency for dynamic peer groups while preserving both distributed and contributory properties. The work presented in this paper, concentrated on authenticated group key agreement protocol incorporated into the interval-based algorithms and evaluate the performance to prove its security properties. The Secure Communication Library implemented realizes the interval-based algorithms with a programming interface for the development of secure group-based applications. Performance of these three interval-based algorithms under different settings, such as different join and leave probabilities, is analyzed. The simulation conducted on NS-2 show that the interval-based algorithms significantly outperform the individual rekeying approach. The Queue-batch algorithm performs the best among the three interval-based algorithms. The Queue-batch algorithm can substantially reduce the computation and communication workload in a highly dynamic environment.

Diffie–Hellman protocol,NS-2

Y. Amir, Y. Kim, C. Nita-Rotaru, J. L. Schultz, J. Stanton, and G. Tsudik, ―Secure group communication using robust contributory key agreement,‖ IEEE Trans. Parallel Distrib. Syst., vol. 15, no. 5, pp. 468–480, May 2004.

Y. Amir and J. Stanton, The SpreadWide Area Group Communication System. Johns Hopkins Univ., Baltimore, MD, CNDS-98-4, 1998.

G. Ateniese, M. Steiner, and G. Tsudik, ―Authenticated group key agreement and friends,‖ in Proc. 5th ACM Conf. Computer and Communication Security, Nov. 1998, pp. 17–26.

S. Blake-Wilson and A. Menezes, ―Authenticated Diffie-Hellman key agreement protocols,‖ in Proc. 5th Annu. Workshop on Selected Areas in Cryptography (SAC’98), 1998, vol. LNCS 1556, pp. 339–361.

M. Burmester and Y. Desmedt, ―A secure and efficient conference key distribution system,‖ in Proc. Advances in Cryptology—EUROCRYPT’ 94, 1995, vol. LNCS 950, pp. 275–286.

W. Diffie and M. Hellman, ―New directions in cryptography,‖ IEEE Trans. Inf. Theory, vol. 22, no. 6, pp. 644–654, 1976.

A. Fekete, N. Lynch, and A. Shvartsman, ―Specifying and using a partionable group communication service,‖ in Proc. 16th ACM Symp. Principles of Distributed Computing (PODC), Aug. 1997, pp.53–62.

C. G. Günther, ―An identity-based key exchange protocol,‖ in Proc. Advances in Cryptology—EUROCRYPT’89, 1989, vol. LNCS 434, pp. 29–37.

M. Just and S. Vaudenay, ―Authenticated multi-party key agreement,‖ in Proc. Advances in Cryptology—ASIACRYPT’96, 1996, vol. LNCS 1163, pp. 36–49.

Y. Kim, A. Perrig, and G. Tsudik, ―Communication-efficient group key agreement,‖ in Proc. 17th IFIP Int. Information Security Conf. (SEC’01), Nov. 2001, pp. 229–244.

―Tree-based group key agreement,‖ ACM Trans. Inf. Syst. Security, vol. 7, no. 1, pp. 60–96, Feb. 2004.

P. P. C. Lee, ―Distributed and collaborative key agreement protocols with authentication and implementation for dynamic peer groups,‖ M.Phil. thesis, The Chinese University of Hong Kong, , Jun. 2003.

P. P. C. Lee, J. C. S. Lui, and D. K. Y. Yau, Distributed collaborative key agreement and authentication protocols for dynamic peer groups The Chinese University of Hong Kong, CS&E Tech. Rep., Jul. 2005.

X. S. Li, Y. R. Yang, M. G. Gouda, and S. S. Lam, ―Batch rekeying for secure group communications,‖ in Proc. 10th Int. World Wide Web Conf. (WWW10), Orlando, FL, May 2001, pp. 525–534.

A. Perrig, ―Efficient collaborative key management protocols for secure autonomous group communication,‖ in Int. Workshop on Cryptographic Techniques and E-Commerce (CrypTEC ’99), Jul. 1999, pp.192–202.

S. Setia, S.Koussih, and S. Jajodia, ―Kronos: a scalable group re-keying approach for secure multicast,‖ in Proc. IEEE Symp. Security and Privacy, May 2000, pp. 215–228.

A. T. Sherman and D. A. McGrew, ―Key establishment in large dynamic groups using one-way function trees,‖ IEEE Trans. Software Eng., vol. 29, no. 5, pp. 444–458, May 2003.

B. Song and K. Kim, ―Two-pass authenticated key agreement protocol with key confirmation,‖ in Proc. IndoCrypt, Dec. 2000, vol. LNCS 1977, pp. 237–249.

M. Steiner, G. Tsudik, and M. Waidner, ―Key agreement in dynamic peer groups,‖ IEEE Trans. Parallel Distrib. Syst., vol. 11, no. 8, pp. 769–780, Aug. 2000.

M. Waldvogel, G. Caronni, D. Sun, N. Weiler, and B. Plattner, ―The versakey framework: versatile group key management,‖ IEEE J. Sel. Areas Commun., vol. 17, no. 9, pp. 1614–1631, Sep. 1999.

D. M. Wallner, E. J. Harder, and R. C. Agee, Key management for multicast: issues and architectures. IETF, Internet draft draft-wallnerkey-arch-00.txt, Jul. 1997.

C. K.Wong, M. Gouda, and S. S. Lam, ―Secure group communications using key graphs,‖ IEEE/ACM Trans. Netw., vol. 8, no. 1, pp. 16–30, Feb. 2000.

Y. R. Yang, X. S. Li, X. B. Zhang, and S. S. Lam, ―Reliable group rekeying: a performance analysis,‖ in Proc. ACM SIGCOMM, San Diego, CA, Aug. 2001, pp. 27–38.