The VersaKey Framework: Versatile Group Key Management

Marcel Waldvogel, Germano Caronni, Dan Sun, Nathalie Weiler, Bernhard Plattner (1999): The VersaKey Framework: Versatile Group Key Management. In: IEEE Journal on Selected Areas in Communications, 17 (9), S. 1614-1631, 1999.

Abstract

Middleware supporting secure applications in a distributed environment faces several challenges. Scalable security in the context of multicasting or broadcasting is especially hard when privacy and authenticity is to be assured to highly dynamic groups where the application allows participants to join and leave at any time. Unicast security is well-known and has widely advanced into production state. But proposals for multicast security solutions that have been published so far are complex, often require trust in network components or are inefficient. In this paper, we propose a framework of new approaches for achieving scalable security in IP multicasting. Our solutions assure that that newly joining members are not able to understand past group traffic, and that leaving members may not follow future communication. For versatility, our framework supports a range of closely related schemes for key management, ranging from tightly centralized to fully distributed and even allows switching between these schemes on-the-fly with low overhead. Operations have low complexity (O(log N) for joins and leaves), thus granting scalability even for very large groups. We also present a novel concurrency-enabling scheme, which was devised for fully distributed key management. In this paper we discuss the requirements for secure multicasting, present our flexible system, and evaluate its properties, based on the existing prototype implementation.

BibTeX (Download)

@article{Waldvogel1999VersaKey,
title = {The VersaKey Framework: Versatile Group Key Management},
author = {Marcel Waldvogel and Germano Caronni and Dan Sun and Nathalie Weiler and Bernhard Plattner},
url = {https://netfuture.ch/wp-content/uploads/1999/waldvogel99versakey.pdf},
year  = {1999},
date = {1999-09-16},
journal = {IEEE Journal on Selected Areas in Communications},
volume = {17},
number = {9},
pages = {1614-1631},
abstract = { Middleware supporting secure applications in a distributed environment faces several challenges. Scalable security in the context of multicasting or broadcasting is especially hard when privacy and authenticity is to be assured to highly dynamic groups where the application allows participants to join and leave at any time. Unicast security is well-known and has widely advanced into production state. But proposals for multicast security solutions that have been published so far are complex, often require trust in network components or are inefficient. In this paper, we propose a framework of new approaches for achieving scalable security in IP multicasting. Our solutions assure that that newly joining members are not able to understand past group traffic, and that leaving members may not follow future communication. For versatility, our framework supports a range of closely related schemes for key management, ranging from tightly centralized to fully distributed and even allows switching between these schemes on-the-fly with low overhead. Operations have low complexity (O(log \textit{N}) for joins and leaves), thus granting scalability even for very large groups. We also present a novel concurrency-enabling scheme, which was devised for fully distributed key management. In this paper we discuss the requirements for secure multicasting, present our flexible system, and evaluate its properties, based on the existing prototype implementation.},
keywords = {Multicast, Security},
pubstate = {published},
tppubtype = {article}
}

Schreibe einen Kommentar