skip to main content
article

Hierarchical group access control for secure multicast communications

Published: 01 December 2007 Publication History

Abstract

Many group communications require a security infrastructure that ensures multiple levels of access control for group members. While most existing group key management schemes are designed for single level access control, we present a multi-group key management scheme that achieves hierarchical group access control. Particularly, we design an integrated key graph that maintains keying material for all members with different access privileges. It also incorporates new functionalities that are not present in conventional multicast key management, such as user relocation on the key graph. Analysis is performed to evaluate the storage and communication overhead associated key management. Comprehensive simulations are performed for various application scenarios where users statistical behavior is modelled using a discrete Markov chain. Compared with applying existing key management schemes directly to the hierarchical access control problem, the proposed scheme significantly reduces the overhead associated with key management and achieves better scalability.

References

[1]
{1} S. Paul, Multicasting on the Internet and Its Applications. Norwell, MA: Kluwer, 1998.
[2]
{2} A. Perrig and J. D. Tygar, Secure Broadcast Communication: In Wired and Wireless Networks. Norwell, MA: Kluwer, 2002.
[3]
{3} M. J. Moyer, J. R. Rao, and P. Rohatgi, "A survey of security issues in multicast communications," IEEE Network, vol. 13, no. 6, pp. 12-23, Nov. 1999.
[4]
{4} C. Wong, M. Gouda, and S. Lam, "Secure group communications using key graphs," IEEE/ACM Trans. Networking, vol. 8, no. 1, pp. 16-30, Feb. 2000.
[5]
{5} D. M. Wallner, E. J. Harder, and R. C. Agee, "Key management for multicast: Issues and architectures," Internet Draft Rep., draft-wallner-key-arch-01.txt, Sep. 1998.
[6]
{6} M. Waldvogel, G. Caronni, D. Sun, N. Weiler, and B. Plattner, "The versakey framework: Versatile group key management," IEEE J. Sel. Areas Commun., vol. 17, no. 9, pp. 1614-1631, Sep. 1999.
[7]
{7} W. Trappe, J. Song, R. Poovendran, and K. J. R. Liu, "Key distribution for secure multimedia multicasts via data embedding," in Proc. IEEE ICASSP'01, May 2001, pp. 1449-1452.
[8]
{8} D. McGrew and A. Sherman, "Key establishment in large dynamic groups using one-way function trees," TIS Labs, Network Associates, Inc., Glenwood, MD, Technical Report 0755, May 1998.
[9]
{9} R. Canetti, J. Garay, G. Itkis, D. Miccianancio, M. Naor, and B. Pinkas, "Multicast security: A taxonomy and some efficient constructions," in Proc. IEEE INFOCOM, 1999, vol. 2, pp. 708-716.
[10]
{10} A. Perrig, D. Song, and D. Tygar, "ELK, a new protocol for efficient large-group key distribution," in Proc. IEEE Symp. Security Privacy, 2001, pp. 247-262.
[11]
{11} G. H. Chiou and W. T. Chen, "Secure broadcasting using the secure lock," IEEE Trans. Softw. Eng., vol. 15, no. 8, pp. 929-934, Aug. 1989.
[12]
{12} S. Mittra, "Iolus: A framework for scalable secure multicasting," in Proc. ACM SIGCOMM, 1997, pp. 277-288.
[13]
{13} S. Banerjee and B. Bhattacharjee, "Scalable secure group communication over IP multicast," IEEE J. Sel. Areas Commun., vol. 20, no. 8, pp. 1511-1527, Oct. 2002.
[14]
{14} I. Ingemarson, D. T. Tang, and C. K. Wong, "Aconference key distribution system," IEEE Trans. Inf. Theory, vol. IT-28, no. 5, pp. 714-720, Sep. 1982.
[15]
{15} D. G. Steer, L. Strawczynski, W. Diffie, and M. Wiener, "A secure audio teleconference system," in Proc. Adv. Cryptology, 1990, pp. 520-528.
[16]
{16} M. Burmester and Y. Desmedt, "A secure and efficient conference key distribution scheme," Adv. Cryptology- Eurocrypt, pp. 275-286, 1994.
[17]
{17} M. Steiner, G. Tsudik, and M. Waidner, "Diffie-hellman key distribution extended to group communication," in Proc. 3rd ACM Conf. Comput. Commun. Security, 1996, pp. 31-37.
[18]
{18} M. Steiner, G. Tsudik, and M. Waidner, "CLIQUES: A new approach to group key agreement," in Proc. 18th Int. Conf. Distributed Comput. Syst., Amsterdam, The Netherlands, May 1998, pp. 380-387.
[19]
{19} M. Steiner, G. Tsudik, and M. Waidner, "Key agreement in dynamic peer groups," IEEE Trans. Parallel Distrib. Syst., vol. 11, no. 8, pp. 769-780, Aug. 2000.
[20]
{20} G. Tsudik, Y. Kim, and A. Perrig, "Simple and fault-tolerant key agreement for dynamic collaborative groups," in Proc. 7th ACM Conf. Comput. Commun. Security, Nov. 2000.
[21]
{21} L. R. Dondeti, S. Mukherjee, and A. Samal, "DISEC: A distributed framework for scalable secure many-to-many communication," in Proc. 5th IEEE Symp. Comput. Communications, 2000, pp. 693-698.
[22]
{22} W. Trappe, Y. Wang, and K. J. R. Liu, "Resource-aware conference key establishment for heterogeneous networks," IEEE/ACM Trans. Netw., vol. 13, no. 1, pp. 134-146, Feb. 2005.
[23]
{23} A. Puri and T. Chen, Multimedia Systems, Standards, and Networks. New York: Marcel Dekker, Mar. 2000.
[24]
{24} D. Balenson, D. McGrew, and A. Sherman, "Key management for large dynamic groups: One-way function trees and amortized initialization," Internet Draft, draft-irtf-smug-groupkeymgmt-oft-00.txt, 2000.
[25]
{25} W. Diffie and M. Hellman, "New directions in cryptography," IEEE Trans. Inf. Theory, vol. IT-22, no. 6, pp. 644-654, Nov. 1976.
[26]
{26} Y. Sun and K. J. R. Liu, "Scalable hierarchical access control in secure group communications," in Proc. IEEE INFOCOM, Mar. 2004.
[27]
{27} K. Almeroth and M. Ammar, "Collecting and modeling the join/leave behavior of multicast group members in the mbone," in Proc. 5th IEEE Int. Symp. High Performance Distributed Comput., Syracuse, NY, 1996, pp. 209-216.
[28]
{28} K. Almeroth and M. Ammar, "Multicast group behavior in the Internet's multicast backbone (MBone)," IEEE Commun., vol. 35, pp. 224-229, Jun. 1999.
[29]
{29} A. Leon-Garcia, Probability and Random Processes For Electrical Engineering , 2nd ed. Reading, MA: Addison-Wesley, 1994.
[30]
{30} Y. R. Yang, X. S. Li, X. B. Zhang, and S. S. Lam, "Reliable group rekeying: A performance analysis," in Proc. 2001 Conf. Applications, Technologies, Architectures, Protocols For Comput. Commun., Aug. 2001, pp. 27-38.
[31]
{31} B. Sun, W. Trappe, Y. Sun, and K. J. R. Liu, "A time-efficient contributory key agreement scheme for secure group communications," in Proc. IEEE Int. Conf. Commun. (ICC), 2002, vol. 2, pp. 1159-1163.
[32]
{32} Y. Mao, Y. Sun, M. Wu, and K. J. R. Liu, "JET: Dynamic joint-exist-tree amortization and scheduling for contributory key agreement," IEEE/ACM Trans. Netw., vol. 14, no. 5, pp. 1128-1140, Oct. 2006.
[33]
{33} Y. Sun, W. Trappe, and K. J. R. Liu, "A scalable multicast key management scheme for heterogeneous wireless networks," IEEE/ACM Trans. Netw., vol. 12, no. 4, pp. 653-666, Aug. 2004.

Cited By

View all

Recommendations

Comments

Information & Contributors

Information

Published In

cover image IEEE/ACM Transactions on Networking
IEEE/ACM Transactions on Networking  Volume 15, Issue 6
December 2007
400 pages

Publisher

IEEE Press

Publication History

Published: 01 December 2007
Published in TON Volume 15, Issue 6

Author Tags

  1. access control
  2. communication system privacy
  3. system design

Qualifiers

  • Article

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • Downloads (Last 12 months)0
  • Downloads (Last 6 weeks)0
Reflects downloads up to 14 Feb 2025

Other Metrics

Citations

Cited By

View all
  • (2021)A Novel Hierarchical Key Assignment Scheme for Data Access Control in IoTSecurity and Communication Networks10.1155/2021/61745062021Online publication date: 6-Dec-2021
  • (2020)UMKESS: user-oriented multi-group key establishments using secret sharingWireless Networks10.1007/s11276-018-1825-x26:1(421-430)Online publication date: 1-Jan-2020
  • (2018)Host mobility key management in dynamic secure group communicationWireless Networks10.5555/3287990.328803324:8(3009-3027)Online publication date: 1-Nov-2018
  • (2018)Attribute Based Encryption for Information Sharing on Tactical Mobile NetworksMILCOM 2018 - 2018 IEEE Military Communications Conference (MILCOM)10.1109/MILCOM.2018.8599802(1-9)Online publication date: 29-Oct-2018
  • (2016)Decentralized group key management for hierarchical access control using multilinear formsConcurrency and Computation: Practice & Experience10.1002/cpe.332828:3(631-645)Online publication date: 10-Mar-2016
  • (2015)New Results on Ideal Multipartite Secret Sharing and its Applications to Group CommunicationsWireless Personal Communications: An International Journal10.1007/s11277-014-2208-y82:1(283-292)Online publication date: 1-May-2015
  • (2014)Identity-based broadcast encryption for multi-privileged groups using Chinese remainder theoremInternational Journal of Information and Computer Security10.1504/IJICS.2014.0666616:3(286-305)Online publication date: 1-Dec-2014
  • (2012)Balanced key tree management for multi-privileged groups using (N, T) policySecurity and Communication Networks10.1002/sec.3515:5(545-555)Online publication date: 1-May-2012
  • (2011)Non-split balancing higher order tree for multi-privileged groupsWSEAS TRANSACTIONS on COMMUNICATIONS10.5555/2064793.206479610:10(308-321)Online publication date: 1-Oct-2011
  • (2011)Keeping group communications privateProceedings of the 4th international conference on Computational intelligence in security for information systems10.5555/2023430.2023452(151-159)Online publication date: 8-Jun-2011
  • Show More Cited By

View Options

Login options

Full Access

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media