Skip to main content
SpringerLink
Log in

Design of Self-Healing Key Distribution Schemes

  • Published:
Designs, Codes and Cryptography Aims and scope Submit manuscript

Abstract

A self-healing key distribution scheme enables dynamic groups of users of an unreliable network to establish group keys for secure communication. In such a scheme, a group manager, at the beginning of each session, in order to provide a key to each member of the group, sends packets over a broadcast channel. Every user, belonging to the group, computes the group key by using the packets and some private information. The group manager can start multiple sessions during a certain time-interval, by adding/removing users to/from the initial group. The main property of the scheme is that, if during a certain session some broadcasted packet gets lost, then users are still capable of recovering the group key for that session simply by using the packets they have received during a previous session and the packets they will receive at the beginning of a subsequent one, without requesting additional transmission from the group manager. Indeed, the only requirement that must be satisfied, in order for the user to recover the lost keys, is membership in the group both before and after the sessions in which the broadcast messages containing the keys are sent. This novel and appealing approach to key distribution is quite suitable in certain military applications and in several Internet-related settings, where high security requirements need to be satisfied. In this paper we continue the study of self-healing key distribution schemes, introduced by Staddon et al. [37]. We analyze some existing constructions: we show an attack that can be applied to one of these constructions, in order to recover session keys, and two problems in another construction. Then, we present a new mechanism for implementing the self-healing approach, and we present an efficient construction which is optimal in terms of user memory storage. Finally, we extend the self-healing approach to key distribution, and we present a scheme which enables a user to recover from a single broadcast message all keys associated with sessions in which he is member of the communication group.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. J. Anzai, N. Matsuzaki and T. Matsumoto, A quick group key distribution scheme with entity revocation, Advances in Cryptology-Asiacrypt '99, Lecture Notes in Computer Science, Vol. 1716 (1999) pp. 333–347.

    Google Scholar 

  2. S. Berkovits, How to broadcast a secret, Advances in Cryptology-Eurocrypt '91, Lecture Notes in Computer Science, Vol. 547 (1991) pp. 536–541.

    Google Scholar 

  3. C. Blundo and A. Cresti, Space requirements for broadcast encryption, Advances in Cryptology-Eurocrypt '94, Lecture Notes in Computer Science, Vol. 950 (1995) pp. 287–298.

    Google Scholar 

  4. C. Blundo, P. D'Arco and M. Listo, A new self-healing key distribution scheme, Proceedings of the IEEE Symposium on Computers and002Communications (ISCC 2003)it, (2003) pp. 803–808.

  5. C. Blundo, P. D'Arco and M. Listo, A flaw in a self-healing key distribution scheme, Proceedings of the 2003 Information Theory Workshop (ITW 2003), (2003) pp. 163–166.

  6. C. Blundo, P. D'Arco and A. De Santis, Definitions and Bounds for Self-Healing Key Distribution, to appear in the Proceedings of the 31st International Colloquium on Automata, Languages and Programming (ICALP 2004) Lecture Notes in Computer Science, 2004.

  7. C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro and M. Yung, Perfectly-secure key distribution for dynamic conferences, Information and Computation, Vol. 146, No. 1 (1998) pp. 1–23.

    Google Scholar 

  8. C. Blundo, L. A. Frota Mattos and D. R. Stinson, Generalised Beimel-Chor schemes for broadcast encryption and interactive key distribution, Theoretical Computer Science, Vol. 200 (1998) pp. 313–334.

    Google Scholar 

  9. D. Boneh, The decision Diffie-Hellman problem, Proceedings of the Third Algorithmic Number Theory Symposium, Lecture Notes in Computer Science, Vol. 1423 (1998) pp. 48–63.

    Google Scholar 

  10. R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor and B. Pinkas, Issue in multicast security: A taxonomy and efficient constructions, Infocom '99 (1999) pp. 708–716.

  11. R. Canetti, T. Malkin and K. Nissim, Efficient communication-storage tradeoffs for multicast encryption, Advances in Cryptology-Eurocrypt '99, Lecture Notes in Computer Science, Vol. 1592 (1999) pp. 459–474.

    Google Scholar 

  12. B. Chor, A. Fiat, M. Naor and B. Pinkas, Traitor tracing, IEEE Transactions on Information Theory, Vol. 46, No. 3 (May 2000) pp. 893–910.

    Google Scholar 

  13. T. M. Cover and J. A. Thomas, Elements of Information Theory, John Wiley & Sons (1991).

  14. P. D'Arco and D. R. Stinson, Fault tolerant and distributed broadcast encryption, Proceedings of the Cryptographers' Track RSA Conference 2003 (CT-RSA 2003), Lecture Notes in Computer Science, Vol. 2612 (2003) pp. 262–279.

    Google Scholar 

  15. G. Di Crescenzo and O. Kornievskaia, Efficient multicast encryption schemes, Security in Communication Network (SCN02), Lecture Notes in Computer Science, Vol. 2576 (2003) pp. 119–132.

    Google Scholar 

  16. C. Dwork, J. Lotspiech and M. Naor, Digital signets: Self-enforcing protection of digital information, Proceedings of the 28th Symposium on the Theory of Computation, (1996) pp. 489–498.

  17. T. ElGamal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Transactions on Information Theory, No. 31 (1985) pp. 469–472.

    Google Scholar 

  18. P. Feldman, A practical scheme for non-interactive secret sharing, Proceedings of the 28th IEEE Symposium on Foundations of Computer Science, (1987) pp. 427–437.

  19. A. Fiat and M. Naor, Broadcast encryption, Proceedings of Crypto '93, Lecture Notes in Computer Science, Vol. 773 (1994) pp. 480–491.

    Google Scholar 

  20. A. Fiat and T. Tessa, Dynamic traitor tracing, Journal of Cryptology, Vol. 14 (2001) pp. 211–223.

    Google Scholar 

  21. E. Gafni, J. Staddon and Y. L. Yin, Efficient methods for integrating traceability and broadcast encryption, Advances in Cryptology-Crypto '99, Lecture Notes in Computer Science, Vol. 1666 (1999) pp. 372–387.

    Google Scholar 

  22. J. Garay, J. Staddon and A. Wool, Long-lived broadcast encryption, Advances in Cryptology-Crypto 2000, Lecture Notes in Computer Science, Vol. 1880 (2000) pp. 333–352.

    Google Scholar 

  23. D. Halevy and A. Shamir, The LSD broadcast encryption scheme, Advances in Cryptology-Crypto '02, Lecture Notes in Computer Science, Vol. 2442 (2002) pp. 47–60.

    Google Scholar 

  24. A. Kiayias and M. Yung, Traitor tracing with constant transmission Rate, Advances in Cryptology-Eurocrypt '02, Lecture Notes in Computer Science, Vol. 2332 (2002) pp. 450–465.

    Google Scholar 

  25. A. Kiayias and M. Yung, Self protecting pirates and black-box traitor tracing, Advances in Cryptology-Crypto '01, Lecture Notes in Computer Science, Vol. 2139 (2001) pp. 63–79.

    Google Scholar 

  26. R. Kumar, S. Rajagopalan and A. Sahai, Coding constructions for blacklisting problems without computational assumptions, Advances in Cryptology-Crypto '99, Lecture Notes in Computer Science, Vol. 1666 (1999) pp. 609–623.

    Google Scholar 

  27. H. Kurnio, R. Safani-Naini and H. Wang, A secure re-keying scheme with key recovery property, ACISP 2002, Lecture Notes in Computer Science, Vol. 2384 (2002) pp. 40–55.

    Google Scholar 

  28. A. K. Lenstra and E. R. Verheul, Selecting cryptographic key sizes, Journal of Cryptology, Vol. 14, No. 4 (2001) pp. 255–293.

    Google Scholar 

  29. M. Luby and J. Staddon, Combinatorial bounds for broadcast encryption, Advances in Cryptology-Eurocrypt '98, Lecture Notes in Computer Science, Vol. 1403 (1998) pp. 512–526.

    Google Scholar 

  30. D. Naor, M. Naor and J. Lotspiech, Revocation and tracing schemes for stateless receivers, Advances in Cryptology-Crypto '01, Lecture Notes in Computer Science, Vol. 2139 (2001) pp. 41–62.

    Google Scholar 

  31. M. Naor and B. Pinkas, Efficient trace and revoke schemes, Financial Cryptography 2000, Lecture Notes in Computer Science, Vol. 1962 (2000) pp. 1–21.

    Google Scholar 

  32. D. Liu, P. Ning and K. Sun, Efficient self-healing key distribution with revocation capability, Proceedings of the 10–th ACM Conference on Computer and Communications Security, October 27–31, 2003, Washington, DC, USA.

  33. A. Perrig, D. Song and J. D. Tygar, ELK, a new protocol for efficient large-group key distribution, Proceedings of the IEEE Symposium on Security and Privacy (2000).

  34. B. Pfitzmann, Trials of traced traitors, information hiding, Lecture Notes in Computer Science, Vol. 1174 (1996) pp. 49–64.

    Google Scholar 

  35. R. Safavi-Naini and H. Wang, New constructions for multicast re-keying schemes using perfect hash families, 7th ACM Conference on Computer and Communication Security, ACM Press (2000) pp. 228–234.

  36. R. Safavi-Naini and Y. Wang, Sequential traitor tracing, Lecture Notes in Computer Science, Vol. 1880 (2000) pp. 316–332.

    Google Scholar 

  37. J. Staddon, S. Miner, M. Franklin, D. Balfanz, M. Malkin and D. Dean, Self-healing key distribution with revocation, EEE Symposium on Security and Privacy, May 12–15, 2002, Berkeley, California.

  38. J. N. Staddon, D. R. Stinson and R. Wei, Combinatorial properties of frameproof and traceability codes, IEEE Transactions on Information Theory, Vol. 47 (2001) pp. 1042–1049.

    Google Scholar 

  39. D. R. Stinson, On some methods for unconditionally secure key distribution and broadcast encryption, Designs, Codes and Cryptography, Vol. 12 (1997) pp. 215–243.

    Google Scholar 

  40. D. R. Stinson and T. van Trung, Some new results on key distribution patterns and broadcast encryption, Designs, Codes and Cryptography, Vol. 15 (1998) pp. 261–279.

    Google Scholar 

  41. D. R. Stinson and R. Wei, Key preassigned traceability schemes for broadcast encryption, Proceedings of SAC'98, Lecture Notes in Computer Science, Vol. 1556 (1999) pp. 144–156.

    Google Scholar 

  42. D. R. Stinson and R. Wei, Combinatorial properties and constructions of traceability schemes and frameproof codes, SIAM Journal on Discrete Mathematics, Vol. 11 (1998) pp. 41–53.

    Google Scholar 

  43. D. R. Stinson and R. Wei, An application of ramp schemes to broadcast encryption, Information Processing Letters, Vol. 69 (1999) pp. 131–135.

    Google Scholar 

  44. D. M. Wallner, E. J. Harder and R. C. Agee, Key management for multicast: Issues and architectures, Internet Draft available from http://www.ietf.org/rfc/rfc2627.txt

  45. C. Wong and S. Lam, Keystone: A group key management service, Proceedings of the International Conference on Telecommunications, ICT 2000.

Download references

Author information

Authors and Affiliations

  1. Dipartimento di Informatica ed Applicazioni, Università di Salerno, 84081, Baronissi (SA), Italy

    Carlo Blundo, Paolo D’Arco, Alfredo De Santis & Massimiliano Listo

Authors
  1. Carlo Blundo
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Paolo D’Arco
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Alfredo De Santis
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Massimiliano Listo
    View author publications

    You can also search for this author in PubMed Google Scholar

Rights and permissions

Reprints and permissions

About this article

Cite this article

Blundo, C., D’Arco, P., De Santis, A. et al. Design of Self-Healing Key Distribution Schemes. Designs, Codes and Cryptography 32, 15–44 (2004). https://doi.org/10.1023/B:DESI.0000029210.20690.3f

Download citation

  • Issue Date:

  • DOI: https://doi.org/10.1023/B:DESI.0000029210.20690.3f

Search

Navigation