Group key management in wireless and mobile environments

1. Group key management in wireless and mobile environments Lakshminath Dondeti/Nortel ldondeti@nortelnetworks.com IETF-51, London August 2001

2. Hierarchical group key mgmt • All members belong to a “Domain” • Managed by a domain key distributor (DKD) • Domain is divided into several Areas • Areas managed by AKDs • AKDs and DKD belong to a secure grp As in –intraGKM- I-D (Hardjono-Cain)

3. More on Areas • Each Area is independently managed • Geographically or logically defined • AKD may use LKH etc., for rekeying • AKDs are not mobile • is the topic of our ongoing research

4. DKD … … AKD 1 AKD 4 AKD 6 AKD 7 join leave transfer Member mobility model

5. Mobility and rekeying • Movement within an Area DOES NOT cause rekeying • Movement out of the Domain DOES require rekeying • What happens when members move between Areas? • Focus of this talk and the related I-D

6. Rekeying due to mobility • When a member moves • Change area keys • Rekeying overhead at the time of the move • Don’t change area keys • Larger rekeying overhead when member leaves domain • Need to keep track of who holds which keys • Issues other than rekeying • Membership verification by new AKD

7. Baseline rekeying • Transfer implemented as a leave followed by a join • Changes both area keys on each move • Changes domain data key • Inefficient due to unnecessary rekeying of data key(s)

8. Immediate rekeying • Transfer is a new operation • Old AKD and new AKD rekey areas • Domain data key(s) not changed • Better than baseline! • can we do better?

9. Delayed rekeying • Defer rekeying until • A member joins/leaves the domain • A threshold is reached • Number of areas visited • Number of members holding a key • periodic

10. Summary and conclusion • Rekeying due to member mobility in hierarchical grp key mgmt • Three approaches proposed • Analysis shows IR performs best • AKD mobility and further analyses part of future work