Algorithms for Dynamic Multicast Key Distribution Trees

1
Algorithms for Dynamic Multicast Key Distribution
Trees

• Justin Goshi and Richard E. Ladner
• February 26, 2004

2
Secure Multicast Systems

• Typically rely on a group key
• Provide privacy by encrypting group data
• Change group key on membership change to provide
  continued privacy (known as re-keying)
• What makes this challenging?
• Managing the shared group secret for large and
  highly dynamic groups

3
Naive Key Distribution

• Each member u holds 2 keys the group key kG, and
  its own key ku
• Define E(m,k) to mean message m is encrypted with
  key k
• Handling re-key operations
• ADD(u) requires 2 messages E(kG,kG), E(kG,ku)
• DELETE(u) requires a linear number of messages,
  each of the form E(kG,ki )

4
Multicast Key DistributionTypes of Keys

• Group key used to protect group data
• Key-encrypting-keys used to securely distribute
  keys to members
• Auxiliary shared by subset of group members
• Individual held by a single group member

5
Previous Work KeyTrees for Scalable Re-keying

• The Key Tree approach
• C.K. Wong, M. Gouda, S.S. Lam. Secure group
  communications using key graphs. Proceedings of
  SIGCOMM, 1998.
• D. Wallner, E. Harder, R. Agee. Key management
  for multicast issues and architectures. IETF,
  RFC 2627.

6
The Key Tree Approach

• Keys represented as nodes
• Group key is the root
• Auxiliary keys are internal nodes
• Individual keys are leaves
• Member u holds all keys in ancestor nodes
• Example u1 holds keys k1 and kG

7
Scalability of Key Trees

• Reduces DELETE(u) communication costs from O(n)
  to O(log n)
• Example DELETE(u9)
• Must change 2 shared keys kG and k3
• Keys are changed bottom up in the tree
• Change k3 with 2 messages E(k3,u7), E(k3,u8)

8
Scalability of Key Trees

• Change kG with 3 messages E(kG,k1), E(kG,k2),
  E(kG,k3)

9
Online Algorithm Design

• O(log n) communication cost assumes a balanced
  key tree
• Most prior work does not attempt to maintain
  balance (poor worst-case costs)
• We design 3 new online algorithms
• Achieve good worst-case performance
• Achieve a good trade-off between tree structure
  and restructuring costs

10
Online Algorithm Cost

• Cost for re-key broken into two parts
• Tree structure estimate using sum of degrees on
  path to root
• Restructuring cost to maintain a given tree
  structure

11
B-trees of order t

• All leaves have same depth
• Degree of internal nodes
• Root has 2,t children
• All other internal nodes have ?(t/2)?, t
  children
• Use existing algorithm for maintaining B-Trees
• Bayer and McCreight, 1972.

12
Height-balanced 2-k Trees

• All internal nodes have 2,k children
• All nodes are balanced
• Height of all subtrees (children) of a node
  differs by at most one).
• Generalization of AVL trees (height-balanced 2-2
  trees)
• O. Rodeh, K. P. Birman, and D. Dolev, Using AVL
  trees for fault tolerant group key management,
  International Journal on Information Security,
  2001.

13
Weight-balanced Trees

• Define ancestor weight of node i as the sum of
  the degrees of all nodes on its path to the root
• Define node weight of node i as the max ancestor
  weight of leaves in its subtree

14
Weight-balanced Trees

• Define node i to be weight-balanced if the node
  weight of its children differ by at most 1
• A weight-balanced tree is one where all nodes are
  weight-balanced

15
Worst-case Analysis

• Recall that communication cost is composed of two
  parts
• Tree structure costs
• Restructuring costs (do not know how to analyze)
• Settle for analyzing worst-case tree weight
• B-tree of order 4wB(n) 3log2n
• Height-balanced 2-3-4 wH(n) 4logFn, F ?
  1.61803
• Weight-balanced 2-3 or 2-3-4wW(n) logbn, b ?
  1.32472

16
Worst-case Analysis

• Ratio compared to the optimal, w(n) 3log3n

17
Empirical Results

• Question Does it help performance to maintain
  good tree structures?
• Compare against simple degree-k key trees of Wong
  et al.
• Attempt to maintain balance on ADD(u) operations
• No restructuring for DELETE(u) operations
• Plot results for using same maximum degree for
  all of the algorithms

18
(No Transcript)
19
(No Transcript)
20
(No Transcript)
21
(No Transcript)
22
Empirical Results

• Question How do our algorithms perform on
  normal sequences of re-key operations?

23
(No Transcript)
24
Future Work

• Analyze worst-case communication cost
• Tree structure vs. restructuring trade-off
• Key distribution in other scenarios (sensor
  networks, ad-hoc wireless networks)
• Limited resources
• Mobility