Key Management for Multicast: Issues and Architectures
RFC 2627

Document Type RFC - Informational (June 1999; No errata)
Was draft-wallner-key-arch (individual)
Last updated 2013-03-02
Stream Legacy
Formats plain text pdf htmlized bibtex
Stream Legacy state (None)
Consensus Boilerplate Unknown
RFC Editor Note (None)
IESG IESG state RFC 2627 (Informational)
Telechat date
Responsible AD (None)
Send notices to (None)
Network Working Group                                       D. Wallner
Request for Comments: 2627                                   E. Harder
Category: Informational                                        R. Agee
                                              National Security Agency
                                                             June 1999

         Key Management for Multicast: Issues and Architectures

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   This report contains a discussion of the difficult problem of key
   management for multicast communication sessions.  It focuses on two
   main areas of concern with respect to key management, which are,
   initializing the multicast group with a common net key and rekeying
   the multicast group.  A rekey may be necessary upon the compromise of
   a user or for other reasons (e.g., periodic rekey).  In particular,
   this report identifies a technique which allows for secure compromise
   recovery, while also being robust against collusion of excluded
   users.  This is one important feature of multicast key management
   which has not been addressed in detail by most other multicast key
   management proposals [1,2,4].  The benefits of this proposed
   technique are that it minimizes the number of transmissions required
   to rekey the multicast group and it imposes minimal storage
   requirements on the multicast group.

1.0  MOTIVATION

   It is recognized that future networks will have requirements that
   will strain the capabilities of current key management architectures.
   One of these requirements will be the secure multicast requirement.
   The need for high bandwidth, very dynamic secure multicast
   communications is increasingly evident in a wide variety of
   commercial, government, and Internet communities.  Specifically, the
   secure multicast requirement is the necessity for multiple users who
   share the same security attributes and communication requirements to
   securely communicate with every other member of the multicast group
   using a common multicast group net key.  The largest benefit of the

Wallner, et al.              Informational                      [Page 1]
RFC 2627             Key Management for Multicast              June 1999

   multicast communication being that multiple receivers simultaneously
   get the same transmission.  Thus the problem is enabling each user to
   determine/obtain the same net key without permitting unauthorized
   parties to do likewise (initializing the multicast group) and
   securely rekeying the users of the multicast group when necessary.
   At first glance, this may not appear to be any different than current
   key management scenarios.  This paper will show, however, that future
   multicast scenarios will have very divergent and dynamically changing
   requirements which will make it very challenging from a key
   management perspective to address.

2.0  INTRODUCTION

   The networks of the future will be able to support gigabit bandwidths
   for individual users, to large groups of users.  These users will
   possess various quality of service options and multimedia
   applications that include video, voice, and data, all on the same
   network backbone.  The desire to create small groups of users all
   interconnected and capable of communicating with each other, but who
   are securely isolated from all other users on the network is being
   expressed strongly by users in a variety of communities.

   The key management infrastructure must support bandwidths ranging
   from kilobits/second to gigabits/second, handle a range of multicast
   group sizes, and be flexible enough for example to handle such
   communications environments as wireless and mobile technologies.  In
   addition to these performance and communications requirements, the
   security requirements of different scenarios are also wide ranging.
   It is required that users can be added and removed securely and
   efficiently, both individually and in bulk.  The system must be
   resistant to compromise, insofar as users who have been dropped
   should not be able to read any subsequent traffic, even if they share
   their secret information.  The costs we seek to minimize are time
   required for setup, storage space for each end user, and total number
   of transmissions required for setup, rekey and maintenance.  It is
   also envisioned that any proposed multicast security mechanisms will
   be implemented no lower than any layer with the characteristics of
   the network layer of the protocol stack.  Bandwidth efficiency for
   any key management system must also be considered.  The trade-off
   between security and performance of the entire multicast session
Show full document text