Secure group-based instant messenger using key graphs

Abstract

Many services available over the Internet make use of multicasting, such as video conferencing, instant messaging, etc. However multicast services are basically insecure if message integrity and confidentiality are not considered. To secure multicast services in a scalable way, Key Tree Model or Key Graph, a group key management model, can be applied. This report further studies Key Tree Model by introducing Loyal User and investigating the usability of Key Tree Model. Chapter 1 of this report introduces a special type of user called loyal user. The major difference between loyal users and normal users is that loyal users are very unlikely to issue join or leave requests. Due to the fact that loyal users have zero probability to update, all loyal users can be grouped to a special internal node called Loyal Node, which can represent all loyal users under a key tree. It is observed that when p > 0.51, the optimal key tree with a Loyal Node is a key star. Otherwise, every internal node except the root has branching degree at most four. A dynamic programming algorithm is devised to obtain the loyal optimal tree. A series of experiment about the performance of the dynamic programming algorithm is conducted. The experiments show that loyal optimal tree structure works effectively even the percentage of loyal users is as low as 5%. Chapter 2 provides the information of how Key Tree Model can be applied in real applications. To demonstrate the usability of Key Tree Model, a Key Tree API for JAVA is created in this project. The Key Tree API is used to enhance the security of an IM platform called Openfire. The platform comprise an instant messaging server (IM Server) and a client (IM Client). A plug-in is implemented for the platform to enable key tree processes, such as rekeying, message cryptography, etc. The platform prototype is implemented to investigate the traffic overhead incurred by re-keying process and evaluate the security robustness of Key Tree Model. Measures of reducing the actual re-key overhead are also introduced. It is observed that Key Tree Model is more practical on a network with large bandwidth.