The VersaKey framework: versatile group key management
read more
Citations
[서평]「Applied Cryptography」
Revocation and Tracing Schemes for Stateless Receivers
A survey of key management for secure group communication
Key agreement in dynamic peer groups
Simple and fault-tolerant key agreement for dynamic collaborative groups
References
A method for obtaining digital signatures and public-key cryptosystems
Security Architecture for the Internet Protocol
[서평]「Applied Cryptography」
A security architecture for the Internet protocol
RSVP: a new resource ReSerVation Protocol
Related Papers (5)
Frequently Asked Questions (13)
Q2. What are the future works mentioned in the paper "The versakey framework: versatile group key management" ?
Some considerations deserve further studies. Although two preliminary implementations are available and working, the authors still lack experiments using real-world large, distributed groups ; to this end, the integration of their experimental software into currently available IPsec platforms is planned. At the same time, efforts are going on to extend their approach of the continous consensus protocol used for reconcilation of key changes in distributed environments, and to develop a distributed scheme that is more collusion resistant. Enhanced and efficient admission control is a challenge on its own and requires further studies.
Q3. How many decryptions will be required to process a multicast message?
Processing this multicast message will require at most % decryption operations from the participants, with an average of less than 2 decryptions.
Q4. How many decryptions does it take to process a multicast message?
Processing this multicast message will require at most % decryption operations from the other participants, with an average of less than two decryptions.
Q5. What is the way to use a single message for multiple leaves?
Using a single message for multiple leaves takes advantage of path overlaps, so several keys will only need to be created and sent out once per message instead of once per leave operation.
Q6. What is the keying function used to send the new key to the joining participant?
The Group Manager increases the revision of all the keys along the path from the new leaf to the root (Key Encryption Keys &-, , &.' ,/ ' , and the Traffic Encryption Key /10 ), puts them through the one-way function and sends the new revision of the keys to the joining participant, together with their associated version and revision numbers.
Q7. What are the key management schemes proposed for IP multicast security?
For IP multicast security, several key management schemes are proposed, e.g. the Group Key Management Protocol (GKMP) [13], [14], the Simple Key-Management for Internet Protocols (SKIP) [15], the Internet Key Exchange (IKE) [16], making use of the Internet Security Association and Key Management Protocol (ISAKMP) [17] and the the Oakley Key Determination Protocol [18], and the Scalable Multicast Key Distribution Scheme (SMKD) [19].
Q8. What is the way to ensure perfect forward secrecy?
As soon as all parties have thrown away their keying material, perfect forward secrecy covering all traffic against third party opponents is guaranteed.
Q9. How can a group of participants be excluded?
Colluding participants can be reliably excluded by either sequential exclusions of them, or by grouping them together into a multiple leave operation.
Q10. Why is the symmetric nature of the used mechanism not required?
Due to the symmetric nature of the used mechanism, receivers will not be able to prove the receipt of an authentic message to third parties – but that is not a requirement for the present application.
Q11. What are some of the schemes that can be enumerated as centralized dynamic approaches?
A few schemes can be enumerated as centralized dynamic approaches, like Key Pre-distribution [20], Fiat-Naor Broadcast Encryption, [21], Secure Lock [22], the spanning tree-based scheme [23] and [24].
Q12. What can be done to split a group into two separate trees?
If the above group is to be split again into it’s original subgroups, the top layer with the common TEK can be removed, resulting in two separate trees.
Q13. What are the common protocols for secure multicasting?
As summarized in Table 1, most existing protocols for secure multicasting are limited to distribute session keys in static and/or small groups.