Batch Rekeying in Mykil Key Management System

This paper describes support for batch rekeying in Mykil, a key management system for supporting secure group mul- ticast. Batch rekeying in Mykil allows for substantial re- ductions in the cost and complexity of rekeying operations, arguably the expensive portion of the system. By accumu- lating join and leave operations and utilizing an algorith- mic approach to minimize the number of necessary rekey- ing messages, Mykil can achieve a marked reduction in the total number and size of messages and can signicantly streamline the system's operation. cally, Mykil implements a group structure similar to that of Iolus(6), while using a key structure based on LKH (9) to control the distribution of keys inside each area in the group structure. A multicast group is divided into several areas, each of which is managed by an area controller (AC). Each AC is a member of both its area and another parent area from which it forwards multicast data. An AC manages keys using a tree structure where each node in the tree corresponds to an auxiliary key. Each client in the AC's area is represented by a leaf node. At join, each client receives all of the keys from nodes on the path between its leaf and the root of the tree. If that mem- ber then leaves the group, only the keys it possessed must be updated. To do this, the AC simply creates new ran- dom keys along the path to the leaving client and multi- casts them to the group, encrypting each key by its chil- dren before they are sent. Mykil implements this system using a binary tree of x ed depth. This means that rather than transmit n unicast messages (where n is the number of clients in the area), the AC only needs to transmit a single multicast message consisting of O(logn) keys.