Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization
draft-irtf-smug-groupkeymgmt-oft-00

Abstract

We present and implement a scalable method for establishing group session keys for secure large, dynamic groups such as multicast sessions. Our method is based on a novel application of One-Way Function Trees (OFTs). The number of keys stored by group members, the number of keys broadcast to the group when new members are added or evicted, and the computational efforts of group members, are logarithmic in the number of group members. The method provides perfect forward and backward security: evicted members cannot read future messages, even with collusion by arbitrarily many evicted members, and newly admitted group members cannot read previous messages. In comparison with the Logical Key Hierarchy (LKH) of Wallner et al., our algorithm roughly halves the number of bits that need to be broadcast to members in order to re-key after a member is added or evicted. In addition, and unlike LKH, our algorithm has the option of being member contributory in that members can be allowed to contribute entropy to the group key. Running on a Pentium with 64 MB of RAM, our prototype has handled groups with up to 100,000 members.

Authors

David M. Balenson
David McGrew
Dr. Alan T. Sherman

(Note: The e-mail addresses provided for the authors of this Internet-Draft may no longer be valid.)