RFC 2627 (rfc2627) - Page 1 of 23


Key Management for Multicast: Issues and Architectures



Alternative Format: Original Text Document



Network Working Group                                       D. Wallner
Request for Comments: 2627                                   E. Harder
Category: Informational                                        R. Agee
                                              National Security Agency
                                                             June 1999


         Key Management for Multicast: Issues and Architectures

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (1999).  All Rights Reserved.

Abstract

   This report contains a discussion of the difficult problem of key
   management for multicast communication sessions.  It focuses on two
   main areas of concern with respect to key management, which are,
   initializing the multicast group with a common net key and rekeying
   the multicast group.  A rekey may be necessary upon the compromise of
   a user or for other reasons (e.g., periodic rekey).  In particular,
   this report identifies a technique which allows for secure compromise
   recovery, while also being robust against collusion of excluded
   users.  This is one important feature of multicast key management
   which has not been addressed in detail by most other multicast key
   management proposals [1,2,4].  The benefits of this proposed
   technique are that it minimizes the number of transmissions required
   to rekey the multicast group and it imposes minimal storage
   requirements on the multicast group.

1.0  MOTIVATION

   It is recognized that future networks will have requirements that
   will strain the capabilities of current key management architectures.
   One of these requirements will be the secure multicast requirement.
   The need for high bandwidth, very dynamic secure multicast
   communications is increasingly evident in a wide variety of
   commercial, government, and Internet communities.  Specifically, the
   secure multicast requirement is the necessity for multiple users who
   share the same security attributes and communication requirements to
   securely communicate with every other member of the multicast group
   using a common multicast group net key.  The largest benefit of the



Wallner, et al.              Informational