Reliable group rekeying: A performance analysis

In secure group communications, users of a group share a common group key. A key server sends the group key to authorized new users as well as perform s group rekeying for group users whenever the key changes. In this paper, w e investigate scalability issues of reliable group rekeying, and provide a performance analysis of our group key management system (called keygem) bas ed upon the use of key trees. Instead of rekeying after each join or leave, we use periodic batch rekeying to improve scalability and alleviate out-of -sync problems among rekey messages as well as between rekey and data messa ges. Our analyses show that batch rekeying can achieve large performance ga ins. We then investigate reliable multicast of rekey messages using proacti ve FEC. We observe that rekey transport has an eventual reliability and a s oft real-time requirement, and that the rekey workload has a sparseness pro perty, that is, each group user only needs to receive a small fraction of t he packets that carry a rekey message sent by the key server. We also inves tigate tradeoffs between server and receiver bandwidth requirements versus group rekey interval, and show how to determine the maximum number of group users a key server can support.