Group Key Management

There is a growing body of group software being deployed on the Internet and private intranets, where several applications or computers collectively communicate, providing shared access to applications, files, whiteboards, video, and audio. The group members communicate with reflectors (NetMeeting, IRC, CuSeeMe), point-to-point (PVM), or multicast (MBONE tools). Traditional crypto techniques can be used to provide communication privacy and message integrity, but pair-wise key management or even a key distribution center do not provide scalable solutions to group key management.

Design Issues

ORNL research effort

ORNL has had an active research role in group key management since 1995. A simple group key management protocol was implemented as part of the development of secure PVM (tech report, 240KB). In 1996, we did beta testing of ISAKMP in our IP security test bed and acquired the GKMP demonstration code. We then developed our own variations on GKMP (described below).

Papers and RFCs

Related links
IP multicast and firewalls
Pessi's secure multicast or here
UCSB's secure multicast
Ballardie's multicast security
Efficient Collaborative Key Management Protocols for Secure Autonomous Group Communication or Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups
Hitachi's group key management
Security Architecture for the Internet Protocol RFC1825
IPsec key management ( ISAKMP, SKIP, Photuris) Internet drafts
Gong's Enclaves: Enabling Secure Collaboration over the Internet
Just's Authenticated Multi-Party Key Agreement and other papers
Belundo/etal Perfectly-Secure Key Distribution for Dynamic Conferences
Deakin U.'s RHODOS papers conference authentication
Authentication & Key Establishment Protocol Design & Analysis Citations
also look for papers on conference key management/distribution like DiRK

For a gaggle of security links visit Tom Dunigan's security page.
touches:
Last Modified by thd@ornl.gov
back to Tom Dunigan's page or the ORNL home page