Balancing Revocation and Storage Trade-Offs in Secure Group Communication

In this paper, we focus on trade-offs between storage cost and rekeying cost for secure multicast. Membership in secure multicast groups is dynamic and requires multiple updates in a single time frame. We present a family of algorithms that provide a trade-off between the number of keys maintained by users and the time required for rekeying due to revocation of multiple users. We show that some well-known algorithms in the literature are members of this family. We show that algorithms in this family can be used to reduce the cost of rekeying by 43-79 percent when compared with previous solutions while keeping the number of keys manageable. We also describe a scheme to reduce the number of secrets further when revocations are periodic. Furthermore, we describe techniques to provide preferential treatment for long standing members of the group without affecting the performance of the algorithms. Using our techniques, as the group size increases, long standing members need to store smaller number of keys than short-lived members. This property is useful for adapting to the variable storage requirements of users in current day heterogeneous networks.