The following are notes applicable to the issue of multicast IPSec key management.
Approaches to Multicast Key Management Protocols
secret is used as a key encrypting key (KEK), which is then used to distribute the shared group key to individual members.
each member retains knowledge of the shared secret with the key distributor, but the key distributor must retain knowledge of all keys it shares with the group members.
key acquisition latency is too high in large groups.
revoking/rekeying latency also remains high in the event that a member needs to be forcibly removed.
The addition of a Complimentary Variable to the shared key:
IOW, each member knows the complimentary variable of every other member but does not know his own.
For forcibly removing a member b, the group owner issues a message to all group members specifying the generation of a new key using the existing key and the complimentary variable for member b (possibly by hashing the two together). Being that member b does not have his own complimentary variable, he is unable to recompute the new key and is effectively out of the group.
limitations of cv: each time a new member joins the group, the members new complimentary variable needs to be redistributed to established group members. Also, for large groups, storing complimentary variables for every other member becomes cumbersome.
At the root of the tree is the main group key.
Each member is a leaf on the tree and is given the set of keys from the root, through all intermediate nodes, to the leaf that represents itself.
The root key and the keys of the leaf's parent nodes are transmitted to it encrypted with the KEK.
Addition of a new member requires only establishing of a KEK and then a single message containing all the keys of its parent nodes encrypted in that KEK. For a group of n members, the group owner must do 2 * log n key encryptions to rekey the group. For a tree of depth d, each user must store d + 1 keys while the group owner must keep all keys.
..next post, Multicast Key Distribution with CBT and/or MKMP