Decentralized Group Key Distribution Protocols Clause Samples
Decentralized Group Key Distribution Protocols. Decentralized group key distribution protocols can be preferred to contributory group key agreement protocols, since they rely on inexpensive symmetric key encryption technique. How- ever, all group key distribution schemes assume secure channel that is, in practice, implemented by public key cryptosystem (e.g. ▇▇▇▇▇▇-▇▇▇▇▇▇▇). Furthermore, they require the leader to es- tablish multiple secure two-party channels between itself and other group members in order to securely distribute the new key. Maintaining such channels in dynamic groups can be expensive since setting up each channel involves a separate two-party key agreement. When a group is dynamic, amortized number of secure channel becomes O(n2). Another disadvantage is the reliance on a single entity to generate good (i.e., cryptographically strong, random) keys. First decentralized group key distribution scheme is due to ▇▇▇▇▇▇▇▇▇ et al. [12]. They propose efficient protocols for small-group key agreement and large-group key distribution. Unfortunately, their scheme for autonomous small group key agreement is not collusion resistant. ▇▇▇▇▇▇▇ et al. modified OFT (One-way Function Tree) [20] to provide dynamic server elec- tion [14]. This protocol has same key tree structure and uses similar notations (e.g. keys, blinded keys). Other than expensive maintainence of secure channels described above, this protocol has expensive communication cost: Even for single join and leave, this protocol can take O(h) rounds to complete, when h is the height of the key tree. The authors do not consider merge and partition event, and also implementation. One advantage different from others is that their group key does not depend on a single entity. ▇▇▇▇▇ et al. [24] propose a decentralized group key distribution protocol extended from LKH protocol [30]. It tolerates network partitions and other network events. Even though this approach cannot help incurring basic disadvantages discussed above, authors reduce the communication and computational cost. In addition, authors use AVL tree to provide provable and efficient tree height.
Decentralized Group Key Distribution Protocols. Decentralized group key distribution (DGKD) protocols involve dynamically selecting a group member who generates and distributes keys to other group members. After subtractive membership events, individual partitions can continue operation by electing a new key server. The drawback is that a key server must establish long-term pairwise secure channels (by making use of public key cryptosystem such as ▇▇▇▇▇▇-▇▇▇▇▇▇▇) with all current group members in order to distribute group keys. Consequently, each time a new key server comes into play, significant costs must be incurred to set up these channels. Another disadvantage is the reliance on a single entity to generate good (i.e., cryptographically strong and random) keys. First DGKD protocol is due to ▇▇▇▇▇▇▇▇▇ et al. [16]. They propose efficient protocols for small-group key agree- ment and large-group key distribution. Unfortunately, their scheme for autonomous small group key agreement is insecure (not collusion resistant). ▇▇▇▇▇▇▇ et al. modified OFT (One-way Function Tree) [24] to provide dynamic server election [18]. This protocol has the same key tree structure and uses the notations (e.g. keys, blinded keys) similar to ours. Other than expensive maintenance of secure channels described above, this protocol has a high communication cost: even for single join and leave, this protocol can take rounds. This scheme does not handle merge and partition event. One advantage different from other DGKD protocols is that their group key has a contributory nature: whenever a group member changes its session random, the group key changes. ▇▇▇▇▇ et al. [30] propose a DGKD protocol derived from the LKH protocol [37]. It tolerates network partitions and other network events. Even though this approach does not avoid the disadvantages discussed above, it reduces the communication and computational costs. In addition, it uses AVL tree to provide provable tree height bound.