By Topic

High-Performance Rekeying Processor Architecture for Group Key Management

Sign In

Cookies must be enabled to login.After enabling cookies , please use refresh or reload or ctrl+f5 on the browser for the login options.

Formats Non-Member Member
$33 $13
Learn how you can qualify for the best price for this item!
Become an IEEE Member or Subscribe to
IEEE Xplore for exclusive pricing!
close button

puzzle piece

IEEE membership options for an individual and IEEE Xplore subscriptions for an organization offer the most affordable access to essential journal articles, conference papers, standards, eBooks, and eLearning courses.

Learn more about:

IEEE membership

IEEE Xplore subscriptions

2 Author(s)
Abdulhadi Shoufan ; Technische Universitaet Darmstadt, Darmstadt ; Sorin A. Huss

Group key management is a critical task in secure multicast applications such as Pay-TV over the Internet. The communication group key must be updated and distributed after every change in the group membership. Many solutions have been proposed in the last years to minimize the cost of this rekeying process on the server side. Most of these solutions are tree-based approaches such as the logical key hierarchy. These approaches suffer from three problems. First, tree-based solutions aim at minimizing rekeying costs only by reducing the number of needed cryptographic operations such as encryption or secure hashing. Second, these solutions do not treat the time-consuming digital signing needed to authenticate rekeying messages. Third, tree-based approaches manage huge amounts of keys by software which compromises security. In this paper, a novel hardware/software architecture is proposed, which optimizes the rekeying performance not only by minimizing the number of cryptographic operations, but also by reducing the execution times of these operations including digital signing with the aid of hardware acceleration. All help-keys are generated, managed, and stored on hardware, which enhances the system security. To keep flexibility, control-intensive tasks such as tree management are performed as software functions on the embedded processor. The presented rekeying processor is designed based on a comprehensive security analysis with the aid of a novel illustration for security threats, requirements, and technical solutions, a so-called security Y-diagram. A performance measurement on a prototype implementation shows that the rekeying processor can join and disjoin members much faster than software solutions besides supporting much larger groups.

Published in:

IEEE Transactions on Computers  (Volume:58 ,  Issue: 10 )