Advanced
Group Key Management based on (2, 2) Secret Sharing
Group Key Management based on (2, 2) Secret Sharing
KSII Transactions on Internet and Information Systems (TIIS). 2014. Mar, 8(3): 1144-1156
Copyright © 2014, Korean Society For Internet Information
  • Received : October 28, 2013
  • Accepted : February 09, 2014
  • Published : March 28, 2014
Download
PDF
e-PUB
PubReader
PPT
Export by style
Share
Article
Author
Metrics
Cited by
TagCloud
About the Authors
Lih-Chyau Wuu
Graduate School of Computer Science and Information Engineering, National Yunlin Unviersity of Science and Technology, Yunlin, 640 - Taiwan
Chi-Hsiang Hung
Graduate School of Engineering Science and Technology-Doctoral Program, National Yunlin Unviersity of Science and Technology,Yunlin, 640 - Taiwan
Wen-Chung Kuo
Graduate School of Computer Science and Information Engineering, National Yunlin Unviersity of Science and Technology, Yunlin, 640 - Taiwan

Abstract
In Internet, IP multicast has been used successfully to provide an efficient, best-effort delivery service for group communication applications. However, applications such as multiparty private conference, distribution of stock market information, pay per view and other subscriber services may require secure multicast to protect integrity and confidentiality of the group traffic, and validate message authenticity. Providing secure multicast for group communication is problematic without a robust group key management. In this paper, we propose a group key management scheme based on the secret sharing technology to require each member by itself to generate the group key when receiving a rekeying message multicast by the group key distributor. The proposed scheme enforces mutual authentication between a member and the group key distributor while executing the rekeying process, and provides forward secrecy and backward secrecy properties, and resists replay attack, impersonating attack, group key disclosing attack and malicious insider attack.
Keywords
1. Introduction
T he IP multicast is an efficient protocol to delivering group traffic in a group-based application by requiring a sender to transmit data only once to many receivers along a multicast distribution tree. IP multicast can use the network bandwidth efficiently that it is widely deployed in group-based applications such as televised company meetings, commercial stock exchanges, pay-per-view stream video [7] , chat-room and so on. Some group-based applications require multicast to embed certain security mechanisms to protect the integrity of group traffic from modifications, guard for confidentiality of communication from electronic eavesdrop, and verify message originator. To provide the above security-enhanced services for IP multicast, it is necessary to have a robust group key generation and distribution scheme.
A simple method to generate a group key is to rely on a specific server called as group key distributor (GKD) [19] . Each group member shares a pre-shared key with the GKD. After the GKD generates a new group key, it encrypts the group key by each member’s pre-shared key and sends out the encrypted group key to each member separately. In this way, the rekeying message complexity is O(t) for member joining/leaving a group, where t is the group size.
Many schemes [1 , 3 - 9 , 11 - 13 , 16 - 18] address group key management to reduce the number of the rekeying messages. The schemes [1 , 5 - 9 , 11 - 12 , 16 , 18] establish a key tree for a group. The tree root stores the group key, the internal nodes of the tree store the auxiliary keys used to renew the group key, and each leaf of the tree stored the pre-shared key known by both of the GKD and a group member only. For t members in a group, the GKD must maintain a group key, O( t ) auxiliary keys and O( t ) pre-shared keys. The number of auxiliary keys maintained by a member is dependent on the level of this member (leaf node) on the tree. For a balanced tree, the GKD must send O(log t ) rekeying messages during the rekeying process. If the key tree is a skewed one, the rekeying messages will be O( t ). It is obvious that a balanced tree has better rekeying performance than a skewed one. However, in a highly dynamic group, the overhead to maintain a tree being balanced is heavy. Furthermore, such schemes require that each member must keep O(log t ) auxiliary keys.
Harn and Lin [4] propose an authenticated group key transfer protocol (AGKTP) based on secret sharing scheme that the GKD broadcasts group key information to all group members and only the authorized group members can recover the group key. No auxiliary keys are needed and only two broadcast messages are sent out by the GKD, but the AGKTP protocol requires each member to send a random challenge to the GKD during the rekeying process. That makes the complexity of the rekeying messages to be O( t ).
Naranjo et al. [20] extend the Extended Euclidean algorithm to develop a suite of algorithms for key distribution and authentication (SAKDA) in centralized secure multicast environments. The SAKDA allows the GKD to renew a group key by a single multicast message. However, the security is dependent on the practical difficulty of factoring a private secret value which is the product of t large and different primes. It is not affordable for large groups and it has heavy computation overhead.
In this paper, we propose a secure authenticated group key management based on (2, 2) secret sharing [10] to improve the drawbacks of the above schemes. By our protocol, no key tree is needed, and each member can generate a group key by itself after receiving the rekeying message multicast by the GKD. No message is required to be sent out by members in contrast with the work of Harn and Lin [4] . Only one multicast message is generated at our rekeying scheme. During the self-generation of group key process, each member and the GKD perform mutual authentication implicitly. Our GKD generates a unique polynomial of degree one for each member, and the group key is stored at the constant term of the polynomial. By the secret sharing scheme, the group key can be reconstructed when two shadows of the polynomial are combined together. That using Lagrange interpolation [10] to recover the group key makes our scheme have better computation performance in comparison with the works of AGKTP [4] and SAKDA [20] .
The rest of the paper is organized as follows. Section 2 describes the concept of the proposed protocol. Section 3 illustrates our protocol in detail. Section 4 and Section 5 are security analysis and performance analysis respectively. Finally, the conclusion remark is given in Section 6.
2. Overview
Our system has a trusted GKD to setup all system parameters, generate a pre-shared key when a user registers at the system, and enforce mutual authentication between the GKD and each registered user while executing the rekeying process. Henceforth a registered user is called as a member whenever the user joins a group.
In our protocol, the GKD maintains a pre-shared key Ki with each registered user i and requires each member by itself to generate a group key after receiving a rekeying message. It is assumed that a group is consisted of t members whenever a group key GK is required. The first step for the GKD is to generate t polynomials of degree 1 as the form fi ( x )= aix + GK , where i =1, 2,…, t . Each fi ( x ) is designed as a line passing through the two points (0, GK ) and ( Ki , H ( Ki || T )), where T is a timestamp. Note that the coefficient ai must be computed as
PPT Slide
Lager Image
After that, the GKD selects a random number R and multicasts T , R and fi ( R ) (for i =1 to t ) to the group members.
Fig. 1 illustrated that each member regards the group key GK as a secret of a polynomial of degree one. By (2, 2) secret sharing scheme, the group key GK can be reconstructed by each member only when two shadows of the polynomial are combined together. In our protocol, the GKD generates a unique polynomial fi for each member i , and then reveal one shadow for each polynomial fi , that is, ( R , fi ( R )). Member i by itself can derive another shadow ( Ki , H ( Ki || T )) based on its pre-shared key Ki and the timestamp T from the multicast message sent by the GKD. After having the two shadows of its specific polynomial, each member derives the group key GK by applying Lagrange interpolating polynomial [10] . The detail of our protocol is described at the next section.
PPT Slide
Lager Image
Self-generation of group key GK by (2, 2) secret sharing scheme
3. Our Protocol
Our protocol consists of four processes: system initialization, group creation, member join and member leave. Table 1 illustrates the notations used in this paper.
Notations
PPT Slide
Lager Image
Notations
- 3.1 System Initialization
The GKD announces a prime number p , a one-way hash function H (): {0, 1}*➔ Zp * , and a symmetric encryption algorithm E . Before joining any group, a user i , by presenting his/her real identity IDi , must register to GKD to get his/her pre-shared key Ki through a secure channel. Fig. 2 illustrates the message exchanged between the GKD and user i during the registration process. After that, GKD and user i must keep Ki secretly.
PPT Slide
Lager Image
User registration messages
- 3.2 Group Creation
A member who creates a new group is called as Group Initiator. For the sake of simplicity, we assume that Group Initiator is ID 1 . An Initiator sends a group creation request message, including a timestamp T , group identity gid, a list of group members { ID 1 , ID 2 ,…, IDt } and an authentication code Auth 1 = H T || gid || ID 1 || ID 2 ||…|| IDt || K 1 ), to GKD. Fig. 3 shows the messages exchanged in the group creation process.
PPT Slide
Lager Image
Group creation messages
Upon receiving a group creation request message, GKD executes the following steps:
  • Step 1 : Check the validation of the timestampTandAuth1.
  • Step 2 : Generate a group keyGK∈Zp*and select a random numberR∈Zp*, such thatGK≠H(Ki||T) andR≠Ki, fori=1, 2, …,t.
  • Step 3 : Generate a polynomialfi(x) of degree 1 for each memberi(i=1, 2,…,t).fi(x) can be regarded as a line passing through the two points (0,GK) and (Ki,H(Ki||T)), i.e.modp. Then computeyi=fi(R), wherei=1, 2, …,t. Note that there aretdistinctfipolynomials andtcorrespondingyivalues.
  • Step 4 : ComputeAuthG=H(GK||T||gid||R) and multicast {T,gid,R,y1,y2, …,yt,AuthG} to the group members (ID1,ID2,…,IDt).
Each member i ( i =1, 2,…, t ) derives the shadow ( Ki , H ( Ki || T )) by itself and gets another shadow ( R , yi ) from the multicast message sent by the GKD. After that, each member i can reconstruct the group key GK by applying the equation: GK = fi (0)=(( Ki · yi )-( R · H ( Ki || T )))·( Ki - R ) -1 mod p . The last step for member i is to check whether the AuthG is equal to H ( GK || T || gid || R ) to validate the integrity and authenticity of GK.
- 3.3 Member Join
Suppose that a member j wants to join a group gid which is composed of t group members ( ID 1 , ID 2 ,…, IDt ). The member j sends a join request message containing its identity IDj , a timestamp T , the group identity gid , and an authentication code Authj = H ( T || gid || Kj ) to the GKD. Fig. 4 shows the messages exchanged in the member joining process.
PPT Slide
Lager Image
Member joining messages
Upon receiving a join-requesting message from member j , GKD executes Step 1 and Step 2 of the group creation process at first. The new group key is denoted as GK’ . After that, the GKD only needs to generate one polynomial fj ( x ) of degree 1 passing through (0, GK’ ) and ( Kj , H ( Kj || T )) and compute a corresponding shadows
PPT Slide
Lager Image
(mod p ) for the joining member j . GKD sends a multicast message { T , gid , R , yj , EGK [ GK’ ], AuthG } to the joining member j and member i ( i =1, 2, …, t ), where AuthG = H ( GK’ || T || gid || R ). Note that the new group key GK’ is encrypted by the old group key GK in the multicast message for existing group members. In this way, the multicast message size is smaller than that in the group creation process.
After receiving { T , gid , R , yj , EGK [ GK’ ], AuthG } from GKD, the joining member j generates the new group key by GK’ = fj (0)=(( Kj · yj )-( R · H ( Kj || T )))·( Kj - R ) -1 mod p . As for each existing member i ( =1, 2, …, t ), it executes DGK [ EGK [ GK’ ]] to get the GK’ . After that, each member checks whether the AuthG is equal to H ( GK’ || T || gid || R ) to validate the integrity and authenticity of GK’ .
- 3.4 Member Leave
The member leave process can be treated as the group creation process. It is assumed that the group consists of t members ( ID 1 , ID 2 ,…, IDt ) after a member leaving the group. The first member ID 1 is required to send a group creation request message to the GKD to renew the group key.
4. Security Analysis
In this section, we analyze the security of the proposed protocol. We first show that the protocol enforces mutual authentication between the GKD and each group member while executing the rekeying process, and assures forward secrecy and backward secrecy. Then we describe that the protocol is able to resist from replay attack, impersonating attack, group key disclosing attack and malicious insider attack.
- 4.1 Mutual Authentication between GKD and Group member i:
The proposed protocol requires that each member i must register to GKD to get a pre-shared key Ki , which is shared by the member i and GKD only. During group creation phase, the GKD authenticates a group initiator by validating the authentication code Auth 1 containing the pre-shared key K 1 . For authenticating the other members i in the group, the GKD divides the group key GK into two shadows ( Ki , H ( Ki || T )) and ( R , yi ). Only the legal member i with Ki can recover the group key GK . It indicated that a member i is authenticated by the GKD implicitly, though members authenticate the GKD by AuthG .
At the member join phase, the GKD authenticates the joining member j by validating the authentication code Authj . For authenticating the other existing members, the GKD uses the old group key GK to encrypt the new group key GK’ . Only the legal members with the old GK can decrypt EGK [ GK’ ] to be authenticated by the GKD implicitly. After members get the group key GK , they authenticate the GKD by AuthG .
- 4.2 Forward Secrecy
When a member leaves a group, the group creation process is executed to renew the old group key. The ID of the leaving member is excluded from the group creation request message. Since no shadow of the new group key for the leaving member is generated by the GKD, the leaving member can not recover the new group key even he/she eavesdrops the multicast message.
- 4.3 Backward Secrecy
When a member joins a group, the GKD randomly generates a new group key. It is impossible that the new group key can be inferred from the old group key since they are totally irrelevant.
- 4.4 Replay Attack
In our protocol, the messages are designed to contain a timestamp T and an authentication code Auth to resist replay attacks.
- 4.5 Impersonating Attack
Neither member impersonating attack nor GKD impersonating attack could succeed in our protocol. An attacker can’t impersonate a group member i unless the attacker got the pre-shared key Ki to generate a valid authentication code Authi . The same reason is given for an attacker to impersonate the GKD successfully only if the attacker got all the pre-shared keys of a group.
- 4.6 Group Key Disclosing Attack
In our protocol, the group key is recovered by each member individually. An attacker without knowing any pre-shared key can not recover the group key even eavesdroping the rekeying message { R , y 1 , y 2 , …, yt }. It is shown by the property of the linear underdetermined system. A system of linear equations is called underdetermined if there are fewer equations than unknowns, and an underdetermined system has either no solution or infinitely many solutions. By eavesdroping the rekeying message, the attacker has a system of t equations of the form yi = ai · R + GK mod p . The attacker has t +1 unknows ( a 1,…, at and GK ). In our protocol,
PPT Slide
Lager Image
when p is large enough or p is kept secret, it is infeasible for an attacker to know the GK without any pre-shared key Ki .
- 4.7 Malicious Insider Attack
In this attack, we consider that a member i attempts to find out the pre-shared key Kj of a member j . Since the member i by itself can recover the group key GK , and also knows the yj by the message multicast by the GKD. Recall that fj ( x ) is designed as a line pass through the two points (0, GK ) and ( Kj , H ( Kj || T )). The member i can reconstruct the line fj ( x ) of member j by applying the two points (0, GK ) and ( R , yj ), and then try all possible points under Zp * to figure out the point ( Kj , H ( Kj || T )). To resist such an attack, the size of p must be large enough to make it infeasible for a member to find out the pre-shared key of other member.
5. Performance Analysis
In this section, we compare the performance of the proposed protocol with the GKMP [19] , the AGKTP [4] and the SAKDA [20] , in terms of the number and the size of the rekeying messages, the number of stored keys and the computation overhead during rekeying process.
- 5.1 Rekeying Messages
Table 2 gives the comparison results of the number of the messages and the size of a broadcast/multicast of the works of GKMP [19] , AGKTP [4] , SAKDA [20] and ours.
The compare results of rekeying messages
PPT Slide
Lager Image
t: the number of group members l: bit length of each parameter in a multicast/broadcast message
  • The number of rekeying messages
  • At the rekeying process, the GKD of the GKMP[19]sends outtunicast messages to members. The AGKTP[4]requires each member to send a challenge message to the GKD after receiving a broadcast message, and then the GKD of the AGKTP broadcasts a message containingtpublic points of their polynomialf(x) of degreet. Thus the AGKTP needs 2 broadcasts andtunicasts while a group membership changes. As for the SAKDA[20]and our scheme, the distribution and renewal of a group key can be done in a single multicast message sent by the GKD without any challenge messages of group members.
  • The size of the rekeying messages sent by the GKD
  • The last column ofTable 2gives the size of messages sent by the GKD, and the bit length of each parameter in the rekeying message is assumed to bel. Each unicast message of GKMP[19]contains a group key encrypted by a member’s preshared key. Thus, the size of messages sent by the GKMP ist·l. Recall that the GKD in AGKTP needs 2 broadcasts while a group membership changes. The first broadcast is a list of all group member. The second broadcast contains an authentication code andtpoints (x-coordinate andy-coordinate). Thus, the size of the messages sent by the AGKTP istl+ (2t+1)l=(3t+1)l. In the SAKDA[20], there has a specialLwhich is the product of member tickets of all group members, and then the message contains the modular multiplicative inverse ofL. Thus, the bit length of the modular multiplicative inverse ofList·l. The size of the rekeying message including an authentication code in SAKDA is (2t+3)l. As for our scheme, the message size is (t+4)lfor the group creation process. The message size is reduced to 6lfor our member leaving process. The message size of our scheme is half of the works of the AGKTP[4]and the SAKDA[20].
- 5.2 The Number of Stored Keys
In AGKTP [4] , the GKD shares a pair of secrets ( xi , yi ) with each member i . It means that each group member needs to store 2 keys, and the GKD needs to store 2 t keys for a group with t members. Each member in GKMP [19] , SAKDA [20] and our scheme is required to store only one key and the GKD needs to store t keys for a group with t members. Thus, the GKMP, the SAKDA, and our scheme require less number of keys than the work of the AGKTP. The comparison result is shown in Table 3 .
The number of stored keys
PPT Slide
Lager Image
t: the number of group members
- 5.3 Computation Overhead during Rekeying Process
Table 4 depicts the computation overhead of the GKD and each group member during rekeying process. For simplicity, we only consider the computation overhead for generating a polynomial, restoring the constant term of a polynomial by using Lagrange interpolation, and computing the modular multiplicative inverse of L .
The computation overhead
PPT Slide
Lager Image
t: the number of group members Gen_fd(x): generate a polynomial of degree d [4] Gen_fd(0): restore the constant term of fd(x) [4] inv: modular multiplicative inverse exp: modular exponentiation enc/dec: symmetric encryption/decryption
  • Computation Overhead of GKD
  • In the GKMP, the GKD needs to usetpre-shared keys to encrypt the gorup key for members. The GKD of the AGKTP[4]needs to construct a polynomialft(x) with degreet. In the SAKDA[20], the GKD executes two modular multiplicative inverse operations by using Extended Euclidean Algorithm. In our scheme, the GKD generatestpolynomials with degree 1 for the group creation process. As for the member join process, the GKD generates one polynomial of degree for the joining member and encrypts the new group key by the old group key.
  • Computation Overhead of Each Member
  • In the GKMP, each member must decrypt the received unicast message to get the gorup key. Each member in AGKTP[4]needs to restore the constant term of the polynomialft(x) with degreetby applying Lagrange interpolation[10]to get the group key. In the SAKDA[20], each member executes one modular multiplicative inverse operation and one modular exponentiation to get the group key. In the group creation process of the proposed scheme, since our polynomial is degree 1, each member has less computation overhead than the AGKTP to restore the constant term off1(x) to get the group key. As for the member join process, each member executes the symmetric decryption to get the new group key, and the joining member executes the same operation in the group creation process.
6. Conclusion
In this paper, we design a secure authenticated group key management scheme based on (2, 2) secret sharing technology without maintaining a key tree as the works of Wuu and Chen [12] and Yu et al. [15] to reduce the number of rekeying messages to be one. Each member in our protocol only needs to maintain a pre-shared key safely, and then apply the pre-shared key to recover a group key by itself at the rekeying process. The proposed scheme enforces mutual authentication, forward secrecy and backward secrecy properties, and resists replay attack, impersonating attack, group key disclosing attack and malicious insider attack. In comparison with the works of Harn and Lin, [4] and Naranjo et al. [20] , our protocol has smaller multicast message size, and less key storage requirement as well as the computation overhead.
The proposed member joining protocol uses the current group key to encrypt the new one. An attacker could have all future group keys for this session if the attacker had gotten the currect group key. To overcome the problem, a simple way is to apply the group creation process whenever a member joins. However, the enhanced security of the group key is at the expsense of the efficncy of the member joining process. It would be our future work to improve our protocol to have both efficiency and security.
Acknowledgements
The authors would like to thanks the anonymous reviewers for their valuable comments. The authors would also like to thanks the National Science Council of the Republic of China, Taiwan for financially supporting this research.
BIO
Lih-Chyau Wuu received her B.S. degree in the department of information engineering from National Taiwan University, Taipei, Taiwan, in 1982, and her Ph.D. degree in the department of computer science from National Tsing Hua University, Hsinchu, Taiwan in 1994. She is currently a Professor in the department of computer science and information engineering, National Yunlin University of Science & Technology, Touliu, Taiwan. Her research interests include IP switches /routing, multicast routing, network security and distributed self-stabilizating systems.
Chi-Hsiang Hung received his B.S. and M.S. degrees in the department of electronic engineering from National Yunlin University of Science & Technology (Touliu, Taiwan), in 2003 and 2006, respectively. Then He received the Ph. D. degree from graduate school of engineering science and technology-doctoral program, National Yunlin University of Science & Technology, in 2013. He is an Post-Doctoral Researcher in Department of Electrical and Computer Engineering, National Chiao Tung University. His research interests include network security, information security and software-definded network.
Wen-Chung Kuo He received the B.S. degree in Electrical Engineering from National Cheng Kung University and M.S. degree in Electrical Engineering from National Sun Yat-Sen University in 1990 and 1992, respectively. Then, He received the Ph.D. degree from National Cheng Kung University in 1996. Now, he is an associate professor in the Department of Computer Science and Information Engineering, National Yunlin University of Science & Technology, Touliu, Taiwan. His research interests include steganography, cryptography, network security and signal processing.
References
Adusumilli P , Zou X , Ramamurthy B. 2005 "DGKD: distributed group key distribution with authentication capability" in Proc. of the IEEE Workshop on Information Assurance and Security June 15-17 Article (CrossRef Link). 286 - 293
Ateniese G , Steiner M , Tsudik G. 2000 "New multiparty authentication services and key agreement protocols" IEEE Journal on Selected Areas in Communications Article (CrossRef Link). 18 (4) 628 - 639    DOI : 10.1109/49.839937
Daza V , Herranz J , Saez G. 2008 "On the computational security of a distributed key distribution scheme" IEEE Transactions on Computers Article (CrossRef Link). 57 (8) 1087 - 1097    DOI : 10.1109/TC.2008.50
Harn L , Lin C. 2010 "Authenticated group key transfer protocol based on secret sharing" IEEE Transactions on Computers Article (CrossRef Link). 59 (6) 842 - 846    DOI : 10.1109/TC.2010.40
Kwak DW , Kim J. 2007 "A decentralized group key management scheme for the decentralized P2P environment" IEEE Communications Letters Article (CrossRef Link). 11 (6) 555 - 557    DOI : 10.1109/LCOMM.2007.070037
Ng WHD , Cruickshank H , Sun Z. 2006 "Scalable balanced batch rekeying for secure group communication" Computers and Security Article (CrossRef Link). 25 (4) 265 - 273    DOI : 10.1016/j.cose.2006.02.006
Ng WHD , Howarth M , Sun Z , Cruickshank H. 2007 "Dynamic balanced key tree management for secure multicast communications" IEEE Transactions on Computers Article (CrossRef Link). 56 (5) 590 - 605    DOI : 10.1109/TC.2007.1022
Parvatha Varthini B , Valli S. 2007 "Generation of group key using enhanced one way function tree group rekey protocol" in Proc. of Int. Conf. on Computing: Theory and Applications March 5-7 Article (CrossRef Link). 176 - 181
Pham T , Watters PA. 2007 "The efficiency of periodic rekeying in dynamic group key management" in Proc. of 4th European Conf. on Universal Multiservice Networks February 425 - 432
Shamir A. 179 "How to share a secret" Communications of the ACM Article (CrossRef Link). 22 (11) 612 - 613    DOI : 10.1145/359168.359176
Sun Y , Liu KJR. 2007 "Hierarchical group access control for secure multicast communications" IEEE/ACM Transactions on Networking Article (CrossRef Link). 15 (6) 1514 - 1526    DOI : 10.1109/TNET.2007.897955
Wuu LC , Chen HC. 2001 "A scalable framework for secure group communication" in Proc. of First International Conference on Networking-Part 2 Article (CrossRef Link). 225 - 238
Xu L , Huang C. 2008 "Computation-efficient multicast key distribution" IEEE Transactions on Parallel and Distributed Systems Article (CrossRef Link). 19 (5) 577 - 587    DOI : 10.1109/TPDS.2007.70759
Yi X. 2004 "Authenticated key agreement in dynamic peer groups" Journal of Theoretical Computer Science Article (CrossRef Link). 326 (1-3) 363 - 382    DOI : 10.1016/j.tcs.2004.08.001
Yu W , Sun Y , Liu KJR. 2007 "Optimizing rekeying cost for contributory group key agreement schemes" IEEE Transactions on Dependable and Secure Computing Article (CrossRef Link). 4 (3) 228 - 242    DOI : 10.1109/TDSC.2007.1006
Je DH , Lee JS , Park Y , Seo SW. 2010 "Computation-and-storage-efficient key tree management protocol for secure multicast communications" Computer Communications Article (CrossRef Link). 33 (2) 136 - 148    DOI : 10.1016/j.comcom.2009.08.007
Kulkarni SS , Bruhadeshwar B. 2010 "Key-update distribution in secure group communication" Computer Communications Article (CrossRef Link). 33 (6) 689 - 705    DOI : 10.1016/j.comcom.2009.11.014
Wu W , Li M , Chen E. 2009 "Optimal tree structures for group key tree management considering insertion and deletion cost" Theoretical Computer Science Article (CrossRef Link). 410 (27-29) 2619 - 2631    DOI : 10.1016/j.tcs.2009.02.039
Harney H , Muckenhirn C , Rivers T. 1997 "Group key management protocol (GKMP) architecture" RFC 2094 IETF Article (CrossRef Link).
Naranjo JAM , Antequera N , Casado LG , López-Ramos JA. 2012 "A suite of algorithms for key distribution and authentication in centralized secure multicast environments" Journal of Computational and Applied Mathematics Article (CrossRef Link). 236 (12) 3042 - 3051    DOI : 10.1016/j.cam.2011.02.015