## Efficient tree-based revocation in groups of low-state devices (2004)

### Cached

### Download Links

- [www.cs.usm.edu]
- [www.cs.brown.edu]
- [www.ics.uci.edu]
- [www.iacr.org]
- [www.iacr.org]
- DBLP

### Other Repositories/Bibliography

Venue: | In Proceedings of Crypto ’04, volume 2204 of LNCS |

Citations: | 36 - 1 self |

### BibTeX

@INPROCEEDINGS{Goodrich04efficienttree-based,

author = {Michael T. Goodrich and Jonathan Z. Sun and Roberto Tamassia},

title = {Efficient tree-based revocation in groups of low-state devices},

booktitle = {In Proceedings of Crypto ’04, volume 2204 of LNCS},

year = {2004},

pages = {511--527},

publisher = {Springer-Verlag}

}

### Years of Citing Articles

### OpenURL

### Abstract

Abstract. We study the problem of broadcasting confidential information to a collection of n devices while providing the ability to revoke an arbitrary subset of those devices (and tolerating collusion among the revoked devices). In this paper, we restrict our attention to low-memory devices, that is, devices that can store at most O(log n) keys. We consider solutions for both zero-state and low-state cases, where such devices are organized in a tree structure T. We allow the group controller to encrypt broadcasts to any subtree of T,evenifthetreeisbasedonanmulti-way organizational chart or a severely unbalanced multicast tree. 1

### Citations

463 | Secure group communications using key graphs
- Wong, Gouda, et al.
- 1998
(Show Context)
Citation Context ...ation techniques, Chang et al. [6] deal with cumulative multi-user revocations and reduces the space complexity of the GC, i.e., the number of keys stored at the GC, from O(n) toO(log n). Wong et al. =-=[27]-=- generalize the results from binary trees to key graphs. In addition, Sherman and McGrew [21] improve the constant factors of the LKH scheme using a technique they call one-way function trees (OFT), t... |

299 |
A data structure for dynamic trees
- Sleator, Tarjan
- 1983
(Show Context)
Citation Context ...can be very unbalanced (we even allow for height that is O(n)), we must take a different approach. In particular, in these cases, we extend the linking and cutting dynamic trees of Sleator and Tarjan =-=[22]-=- to the context of broadcast encryption,sshowing how to do subtree broadcasts in this novel context. This implies some surprisingly efficient performance bounds for broadcast encryption in multicast t... |

263 | Key management for multicast: Issues and architectures
- Wallner, Harder, et al.
- 1998
(Show Context)
Citation Context ...ly for the sake of efficiency, and, in fact, has been the only tree considered in previous related work we are familiar with. For example, it forms the basis of the Logical Key Hierarchy (LKH) scheme =-=[26, 28]-=-, the One-way Function Tree (OFT) scheme [21], the Subset-Difference Revocation (SDR) scheme [16], and the Layered Subset Difference (LSD) scheme [10]. 2. An organizational chart. In this case, the de... |

262 | Broadcast encryption
- Fiat, Naor
- 1994
(Show Context)
Citation Context ...cast tree. 1 Introduction In the group broadcast problem, we have a group S of n devices and a group controller (GC ) that periodically broadcasts messages to all the devices over an insecure channel =-=[8]-=-. Such broadcast messages are encrypted so that only valid devices can decrypt them. For example, the messages could be important instructions from headquarters being sent to PDAs carried by employees... |

208 | Multicast Security: A taxonomy and some efficient constructions
- Canetti, Garay, et al.
- 1999
(Show Context)
Citation Context ...ach node in this tree, and store at each device x the keys stored in the path from x’s leaf to the root. Some improvements of this scheme within the same asymptotic bounds are given by Canetti et al. =-=[4, 5]-=-. Using Boolean function minimization techniques, Chang et al. [6] deal with cumulative multi-user revocations and reduces the space complexity of the GC, i.e., the number of keys stored at the GC, fr... |

190 | Key establishment in large dynamic groups using one-way function trees
- Sherman, McGrew
- 2003
(Show Context)
Citation Context ...been the only tree considered in previous related work we are familiar with. For example, it forms the basis of the Logical Key Hierarchy (LKH) scheme [26, 28], the One-way Function Tree (OFT) scheme =-=[21]-=-, the Subset-Difference Revocation (SDR) scheme [16], and the Layered Subset Difference (LSD) scheme [10]. 2. An organizational chart. In this case, the devices are associated with the leaves of a tre... |

188 | Revocation and tracing schemes for stateless receivers
- Naor, Naor, et al.
- 2001
(Show Context)
Citation Context ...rk we are familiar with. For example, it forms the basis of the Logical Key Hierarchy (LKH) scheme [26, 28], the One-way Function Tree (OFT) scheme [21], the Subset-Difference Revocation (SDR) scheme =-=[16]-=-, and the Layered Subset Difference (LSD) scheme [10]. 2. An organizational chart. In this case, the devices are associated with the leaves of a tree that represents an organizational chart, such as t... |

152 |
Applied cryptography (2nd ed
- Schneier
- 1995
(Show Context)
Citation Context ...isting of biased trees B0, B1 and B2. The ranks of the nodes in B0 and B1 are shown. Broadcast and multicast. Using the above security properties and appropriate signature or authentication mechanism =-=[2, 4, 20, 25]-=-, the GC of each Gi can send a message securely with one key encryption to Gi or any subgroup or super-group of Gi, without any ambiguity. Key update and tree rebalance. As in the LKH scheme, keys sho... |

144 | Digital Signatures for Flows and Multicasts
- Wong, Lam
- 1999
(Show Context)
Citation Context ...ly for the sake of efficiency, and, in fact, has been the only tree considered in previous related work we are familiar with. For example, it forms the basis of the Logical Key Hierarchy (LKH) scheme =-=[26, 28]-=-, the One-way Function Tree (OFT) scheme [21], the Subset-Difference Revocation (SDR) scheme [16], and the Layered Subset Difference (LSD) scheme [10]. 2. An organizational chart. In this case, the de... |

97 | The LSD broadcast encryption scheme
- Halevy, Shamir
- 2002
(Show Context)
Citation Context ...sis of the Logical Key Hierarchy (LKH) scheme [26, 28], the One-way Function Tree (OFT) scheme [21], the Subset-Difference Revocation (SDR) scheme [16], and the Layered Subset Difference (LSD) scheme =-=[10]-=-. 2. An organizational chart. In this case, the devices are associated with the leaves of a tree that represents an organizational chart, such as that of a corporation or university. For example, inte... |

76 | Key management for secure internet multicast using Boolean function minimization techniques
- CHANG, ENGEL, et al.
- 1999
(Show Context)
Citation Context ...the path from x’s leaf to the root. Some improvements of this scheme within the same asymptotic bounds are given by Canetti et al. [4, 5]. Using Boolean function minimization techniques, Chang et al. =-=[6]-=- deal with cumulative multi-user revocations and reduces the space complexity of the GC, i.e., the number of keys stored at the GC, from O(n) toO(log n). Wong et al. [27] generalize the results from b... |

57 | Efficient Trace and Revoke Schemes
- Naor, Pinkas
(Show Context)
Citation Context ...n addition, Sherman and McGrew [21] improve the constant factors of the LKH scheme using a technique they call one-way function trees (OFT), to reduce the size of revocation messages. Naor and Pinkas =-=[17]-=- and Kumar et al. [12] also study multi-user revocations withstanding coalitions of colluding users, and Pinkas [18] studies how to restore an off-line user who has missed a sequence of t group modifi... |

50 |
Biased search trees
- Bent, Sleator, et al.
- 1985
(Show Context)
Citation Context ...atch the best bounds for balanced trees, even for unbalanced high-degree organizational charts, which would not be possible using the natural conversion to a binary tree. Instead, we use biased trees =-=[1]-=- to do this conversion. But this approach is nevertheless limited, under the log-key restriction, to cases where the organizational chart has logarithmic height. Thus, for multicast trees, which can b... |

48 |
Algorithm Design: Foundations, Analysis and Internet Examples
- Goodrich, Tamassia
- 2002
(Show Context)
Citation Context ...crypt this message, but not other user (or groupsof users) can decrypt it. We note as an additional space saving technique, we can name each node in T according to a level-numbering scheme (e.g., see =-=[9]-=-), so that the full structure of any tree Tv,w can be completely inferred using just the names of v and w. Moreover, any leaf x in Tv,w can determine its relative position in Tv,w immediately from its... |

41 | A lower bound for multicast key distribution - Snocyink, Suri, et al. - 2001 |

38 | Lower Bounds for Multicast Message Authentication - Boneh, Durfee, et al. |

26 | Zero side-effect multicast key management using arbitrarily revealed key sequences - MARKS - 1999 |

20 | Using AVL trees for fault-tolerant group key management. J Inform Sec 2002; 1: 84-99. Chia-Hung Wang received the B.S
- Rodeh, Birman, et al.
(Show Context)
Citation Context ...litions of colluding users, and Pinkas [18] studies how to restore an off-line user who has missed a sequence of t group modifications with O(log t) message size. Also of note is work of Rodeh et al. =-=[19]-=-, who describe how to use AVL trees to keep the LKH tree balanced. Thus, the broadcast encryption problem is well-studied for the case of fully-dynamic keys and devices organized in a complete or bala... |

18 | Computational bounds on hierarchical data processing with applications to information security - Tamassia, Triandopoulos - 2004 |

12 | Optimal communication complexity of generic multicast key distribution - Micciancio, Panjwani - 2004 |

9 | Key bundles and parcels: Secure communication in many groups, Computer Networks 50 (11) (2006) 1781–1798. Jin-Hee Cho received the B.A. degree from Ewha Womans University in Seoul, Korea in 1997, and the M.S. degree in Computer Science from Virginia Polyt - Jung, Liu, et al. |

6 | Efficient state updates for key management
- Pinkas
(Show Context)
Citation Context ...ay function trees (OFT), to reduce the size of revocation messages. Naor and Pinkas [17] and Kumar et al. [12] also study multi-user revocations withstanding coalitions of colluding users, and Pinkas =-=[18]-=- studies how to restore an off-line user who has missed a sequence of t group modifications with O(log t) message size. Also of note is work of Rodeh et al. [19], who describe how to use AVL trees to ... |

4 |
Efficient communication - storage tradeoffs for multicast encryption
- Canetti, Malkin, et al.
- 1999
(Show Context)
Citation Context ...ach node in this tree, and store at each device x the keys stored in the path from x’s leaf to the root. Some improvements of this scheme within the same asymptotic bounds are given by Canetti et al. =-=[4, 5]-=-. Using Boolean function minimization techniques, Chang et al. [6] deal with cumulative multi-user revocations and reduces the space complexity of the GC, i.e., the number of keys stored at the GC, fr... |

4 | Efficient Kerberized Multicast in a Practical Distributed Setting - Crescenzo, Kornievskaia - 2001 |

2 |
Goding constructions for blackliting problems without computational assumptions
- Kumar, Rajagopalan, et al.
- 1999
(Show Context)
Citation Context ...d McGrew [21] improve the constant factors of the LKH scheme using a technique they call one-way function trees (OFT), to reduce the size of revocation messages. Naor and Pinkas [17] and Kumar et al. =-=[12]-=- also study multi-user revocations withstanding coalitions of colluding users, and Pinkas [18] studies how to restore an off-line user who has missed a sequence of t group modifications with O(log t) ... |

1 | Key management schemes for stateless receivers based on time varying heterogeneous logical key hierarchy - Mihajevic - 2003 |