A secure group key management framework: design and rekey issues

In many secure group communication models, there exists a group manager that creates the group key and distributes it to every group member. Such group manager is responsible for changing and re-distributing (rekeying) the group key whenever it deems necessary. Many applications will require very fast rekeying so that it is not disruptive to their performance. In this paper, we present a generic software model for secure group key management. We present the main components along with their functionality and interactions. With emphasis on the rekey manager, we discuss two issues that critically impact the rekey time: establishment and maintenance of the logical key hierarchy (LKH), and the key packet construction for a changed key. We show that our novel idea of maintaining balanced LKH as B⁺ search tree greatly reduces the number of changed keys compared to an unbalanced LKH. In addition, we show that a rekey packet construction using simple XOR operations between keys instead of the usual encryption technique substantially reduces rekey time. We preformed experiments that demonstrate the effectiveness and feasibility of our approaches.