Having described a new rekeying protocol partitioning members with respect to their member- ship duration and offering a strongly reliable delivery of the keying material for permanent members, we present in this section two pieces of related work that are somehow similar to ours with regards to some of the strategies that we have taken. We then compare their efficiency with our protocol. We first present a protocol that reduces the number of members losing their keying material and then deal with a second protocol that divides the set of members in two categories based on the observations in [4], in order to reduce the rekeying cost.
3.6.1
Group Rekeying with Limited Unicast Recovery
Description
In [83], as in our hybrid reliability scheme for permanent members, authors investigate how to limit unicast recovery to a small fraction of the user population and guarantee that almost all members of the group receive their updated keying material within a single multicast round. As in our scheme, in order to provide reliability, they propose the use of FEC and analyze the expected ratio of losing members based on the packet loss rate, the duration of the rekeying interval and the number of parity packets defined for each block. As in our proposed protocol, they first analyze this value in the case where the packet loss probability is considered to be independent (namely, the Bernouilli model). They conclude that the expected number of losses decreases by increasing the number of parity packets and the rekeying interval. Moreover, authors also consider Markov losses. Hence, in [80], authors studied about Internet loss patterns and realized that:
• Packet losses are not independent. When a packet is lost, the probability that the next packet will be lost increases, which means that losses in the Internet are oftenbursty; • the majority of bursts are small (from one to six-seven packets);
• there are some very long bursts, lasting up to a few seconds. These bursts could be attributed to network disruption or maintenance [9].
66 3. RELIABLE GROUP REKEYING WITH ACUSTOMER PERSPECTIVE
Thanks to these observations, authors conclude that all the packets should be equally spaced in each rekeying interval. If the key server has multiple blocks to send, the packets belonging to the same block should be equally spaced. However, the packets from different blocks should be sent in an interleaved fashion. That is, the ithpacket from each block should be sent together without spacing. Though these packets are likely to experience burst losses, the effect on the overall key distribution is harmless since each particular user needs packets only from one specific block. Figure 3.5 illustrates how the key server should space packets when there are three blocks of four packets including parity packets. Pi, j denotes a packet number i from block
j.
time
1,1 P1,2 P1,3 P2,1 P2,2 P2,3 P3,1 P3,2 P3,3
P
Figure 3.5: An illustration of the sending strategy of packets
Since the key server cannot indefinitely increase T , authors additionally suggest an adaptive FEC protocol to determine the rekeying interval for any specified loss ratio bound. In order to determine T , the key server collects NACKs from the previous rekeying interval and if this number is greater than the given bounded value, the key server increases the number of parity packets and thus the rekeying interval. Similarly, the key server decreases the number of parity packets based on at least three samples using exponentially weighted average of the expected number of losing members.
Discussion
The proposed protocol which aims at decreasing the number of members losing their keys at the first round of a rekeying interval seems to be similar to our proposed hybrid reliability scheme. However, as in their previous work [77], their packet generation follows the User-oriented Key assignment algorithm which guarantees that all of the encrypted keys needed by any member will be contained in a single packet. In our protocol, a packet contains a single key, and the keying material required by each member can be retrieved from packets of a single block. In addition to this advantage, thanks to our user oriented key assignment algorithm, most of the keys located at high levels in the key tree are replicated in several blocks. Consequently, if a member does not even receive packets required to reconstruct its FEC block, it can complete it using rekeying packets from other blocks.
Moreover, authors conclude that the rekeying interval needs to be increased when the ratio of members losing their keys is low. However the key server cannot indefinitely increase this value since members sending leaving requests should leave the group as soon as possible. In a similar scenario, our protocol behaves much more efficiently, since it treats permanent mem- bers differently from volatile members: the key server grants an additional delay for permanent members and offers a more strongly reliable delivery.
propose and compare two different constructions for the two-partition algorithm where the data structures defined in each partition are different. The key server defines a balanced key tree for the L-partition and the two constructions differ with respect to the data structure defined for the S-partition:
• QT-scheme: in their first scheme called the QT-scheme, the key server uses a linear queue to represent the S-partition. Each member of this set stores only one individual key and the new data encryption key needs to be encrypted with each member’s individual key.
• TT-scheme: This alternative scheme defines a balanced tree for each partition. Conse- quently, in this scheme, each member stores log(N) +1 keys where N denotes the size of the corresponding partition and the key server follows the LKH scheme for group rekey- ing.
From their analytical results, they conclude that the two-partition schemes outperform the classical LKH when a group has a certain degree of dynamics. The authors showed that when
Ns (size of the S-partition) is large, the TT-scheme is more scalable than the QT-scheme in terms of the number of messages to send by the key server for the rekeying.
Discussion
Although this work proposes a partitioning scheme similar to ours, they only focalize on the as- pect of scalability. Hence, the aim of this work only was to optimize the overall communication overhead. We, on the contrary, proposed the partitioning scheme in order to deal with the prob- lems of reliability and customer satisfaction. In addition to the basic partitioning scheme, for each set of members, we set different rekeying intervals and different reliability parameters for each partition. We provide a longer rekeying interval for permanent members during which the data encryption key can be automatically retrieved by these members. However in this related work, authors only provide the definition of the threshold time whereby a member is transfered from the S-partition to the L-partition and the rekeying operations occurs at the same time for both sets.
68 3. RELIABLE GROUP REKEYING WITH ACUSTOMER PERSPECTIVE
3.7
Conclusion
In this chapter, we proposed a new rekeying protocol that separately regroups members into two categories based on their membership duration. Members are first considered as volatile and when their membership duration reaches a predefined threshold value they become permanent. In order to distinguish between the two member categories, the key server defines a separate key tree for each class of members. Higher reliability is offered to permanent members thanks to the proposed hybrid reliability protocol that combines both proactive FEC and proactive replication techniques using a specific user-oriented key assignment algorithm for the definition of the FEC blocks. We then define some bounds with respect to the rekeying intervals and optimize the threshold value tth in order to keep the partitioning of members as perceived by the key server as close as possible to the real categories. In the next chapter, we analyze and validate the efficiency of this protocol with simulations.