Multicast is an efficient technique for delivering data to a large group of users in multimedia applications such as the Internet stock quote, Internet radio, audio/music delivery, video surveillance, etc. Many of these applications require data confidentiality. One of the critical problem of data confidentiality is key management for backward and forward secrecy (i.e., a new member cannot decrypt the multicast data sent before its joining and a former member cannot decrypt the data sent after its leaving). In order to offer backward and forward secrecy for some multicast applications, data encryption key has to be changed whenever a user joins or leaves the system, and made known to the current users. The bandwidth used for such re-key messaging can be high when the user pool is large...[ Read more ]

Multicast is an efficient technique for delivering data to a large group of users in multimedia applications such as the Internet stock quote, Internet radio, audio/music delivery, video surveillance, etc. Many of these applications require data confidentiality. One of the critical problem of data confidentiality is key management for backward and forward secrecy (i.e., a new member cannot decrypt the multicast data sent before its joining and a former member cannot decrypt the data sent after its leaving). In order to offer backward and forward secrecy for some multicast applications, data encryption key has to be changed whenever a user joins or leaves the system, and made known to the current users. The bandwidth used for such re-key messaging can be high when the user pool is large and the group is highly dynamic.

In this thesis, we propose a distributed server approach to minimize the overall system bandwidth (and hence complexity) by splitting the user pool into multiple groups each served by a (logical) server. After presenting a simple model for the system based on a hierarchical key tree, we show that there is an optimal number of servers to achieve minimum system bandwidth. As the underlying user traffic fluctuates, we propose a simple dynamic scheme with low overhead in which the servers adaptively split and merge user groups according to user traffic to maintain such an optimum. Our results show that a distributed server approach is able to substantially reduce the total bandwidth required (by more than 30%) as compared to the traditional single-server approach, especially for those applications with large user pool and short holding time, relatively low bandwidth of a data stream, and widely fluctuating user traffic (e.g., an Internet stock quote application).