Yan (Lindsay) Sun and K. J. Ray Liu

IEEE/ACM Transactions on Networking, Dec. 2007.

Presented by Seo Bon Keun, 2008.

Hierarchical Group Access Control for Secure Multicast Communica-

tions

Group key managementMulti-group key management

FormalizationSecurity requirements

Hierarchical multi-group key managementKey treeIntegrated key graph generation

EvaluationConclusion

Contents

Group access control

Group key management

User Resource

Documents

Audio clips

Movie clips

Multi-group key management (1)

User Resource

Drama

Movie

Animation

DG : Data GroupSG : Service Group

capability

Security requirementsIf a user leaves a group and joins other group,

Forward secrecycannot access the future content of the resources

they leaveBackward secrecy

cannot access the previous content of the re-sources they join

Multi-group key management (2)

User Re-sourceForward secrecy

Backward secrecy

K0

Ke

Key tree

Hierarchical multi-group key management

u1

K00

u2 u3

K01

u4

K0

Ke’

KS

u5

K10

u6 u7

K11

u8

K1

KDC knows : every keysUser 1 knows : u1, K00, K0, Ke, KS

K10’

u6

K11

K1’

K10’

K1’

Ke’

KS’

u6(K10’)K10’(K1’), K11(K1’)K1’(Ke’), K0(Ke’)

Ke’(KS’)

Key Update Mes-sage

Integrated key graph

Hierarchical multi-group key management

KS1

KD3

u1

K0

u2 u3

K1

u4 u5

K2

u6 u7

K3

u8

KS2

SK1 SK2

u1 u2

u3 u4

u5 u6

u7 u8

DG1 DG3 DG2

KS1

u1

K0

u1

SG1 SG2

KD3

SK3

Integrated key graph generationGenerate subtree for each SGGenerate subtree for each DGMerge two subtrees

Hierarchical multi-group key management

KS1

u1

K0

u2 u3

K1

u4 u5

K2

u6 u7

K3

u8

KS2

u1 u2

u3 u4

u5 u6

u7 u8

SG1 SG2

DG1 DG3 DG2

Integrated key graph generationGenerate subtree for each SGGenerate subtree for each DGMerge two subtrees

Hierarchical multi-group key management

u1 u2

u3 u4

u5 u6

u7 u8

SG1 SG2

KD3

SK3

KS1 KS2

KD2

SK2

KS2

DG1 DG3 DG2

KD1

SK1

KS1

Integrated key graph generationGenerate subtree for each SGGenerate subtree for each DGMerge two subtrees

Hierarchical multi-group key management

KS1

KD3

u1

K0

u2 u3

K1

u4 u5

K2

u6 u7

K3

u8

KS2

SK1 SK2SK3

KD1 KD2

Storage overhead

Rekey overhead

Evaluation

Independent tree Multi-group tree

Independent tree Multi-group tree

d : tree depth / M : the number of trees / n : the number of users

d : tree depth / j : the number of involved trees / n : the number of users

Simulation configuration

Evaluation : simulation

Markov chain model

User

EvaluationGroup size vs. Storage overhead

KDC

User

EvaluationGroup size vs. Rekey overhead

KDC

Scalability

Evaluation

Rekey overheadStorage overhead

A multi-group key management schemethat achieves hierarchical group access control

Efficient w.r.tStorage overheadCommunicational costScalability

EvaluationConcrete by formalizationConfusing denotations

Conclusion