Performance Evaluation
for Group Key Rekeying
S1080014
Tsukasa Igarashi
Supervised Prof.Hiroshi Toyoizumi
Purpose

To evaluate the performance for group
key rekeying that is important for
computer security.
According to the condition,
changing rekeying processes.
Realizing effective group key rekeying !
Public Key Cryptosystem
Generate 2 keys
P
Public Key
Receiver
P
Sender
Secret Key
S
Data
Encrypted
Data
Encrypted
Data
Data
Group Key


Group key is an encryption key that is
used among particular group members.
A group key is used on 1 to many
communications.
Rekey


Rekey is changing an from old group key to a
new one.
Without rekey, illegal access increase by exgroup members.
Illegal Access
Group Key 1
Join
Leave
Group Key 2
GK1
Group Key 3
Where group key is used?
TV Pay programs
(Ex. Wowow, SkyPerfecTV, or for etc.)
 Particular Conferences in a company

Rekeying Processes
According to purpose of use, we need to separate 3 rekeying process.

Immediate
Once someone joins or leaves a group, rekey is done.
(Ex. Conference, military communication)

In fact, if particular number of members gather, rekey is done.
Batch
But on analysis reason, according to the probability of α,
rekey is done. (Ex. Internet, TV pay program)

Periodic
Rekey is done in the constant period.
(Ex. Internet, TV pay program)
Pollaczek-Khinchin Formula

With this formula, we can lead the expression
of M/G/1 in waiting line theory. Below
expression means M/G/1 queue expression.
   s
E[ N ]    (
)
2(1   )
2


s
2
2
With this expression, we can
Calculate the expression of
:the arrival time in the system.
Rekeying processes.
:the variance of the service time in the system.
:the utilization in the system.
Immediate Rekeying(Image)
Rekey
Finish
S1
Rekey
Finish
S2
Y1
W2
Y2
Join
Leave
#3
#1
#2
S:Service Time(Constant)
W:Waiting Time
#:New Comer of a Group
Y:The time from a customer arrives
to leaves in the system.
W3
S3
Y3
Immediate Rekeying
(Performance)
S (1   S )
E[Y ] 
1  2 S
With Pollaczek-Khinchin Formula
and use E[Y ] 
1

E[ N ]
S
Time of spending rekey

rate of join or leave
Assumption
1
S<
2
When S is small, E[Y] is small.
If not, E[Y]  ∞
Batch Rekeying(Image)
1
 
3
Rekey
Rekey
Rekey
Start
Start
Start
is the probability of rekey
#1 Y1 #3
Join
#4
#7
Y4
Y3
Y8
Y6
Leave
#2 Y2
#:New Comer
of a Group
#8
Y7
#5
Y5
#6
Y9
#9
Batch Rekeying
(Performance)
n S (1   S )
E[Y ]   (1   ) { 
}
 1  2 S
n
●n:how many members behind a group member
until the rekey starts.
Assumption
S<
When α is small, E[Y] is small.
1
2
If not, E[Y]  ∞
Periodic Rekeying(Image)
Rekey
Rekey
Rekey
Start
Start
Start
T
#3
Y3
#5
Y5
T
#6
#8
#10 Y10#11
Y6
Y8
Join
Leave
Y4
#1
#2
Y2
Y1
Y11
Y12
Y7
#4
#:New Comer of a Group
#7
#9 Y9
#12
Periodic Rekeying
(Performance)
T
E[Y ]  S 
2
T
Constant Period
Assumption
S <= T
If not, E[Y]  ∞
When T is small, E[Y] is small.
3 Rekeying Processes
Comparison
<When λ is small>
1. Immediate Rekeying
2. Batch Rekeying
3. Periodic Rekeying
Assumption
T = 0.0011
S = 0.001, α = 1/10, n = 10
<When λ is big>
1. Periodic Rekeying
2. Batch Rekeying
3. Immediate Rekeying
Out-of-Sync Problem

In batch rekeying, the problem that a
group member may receive a data
encrypted with an old group key, or the
group key it has not get yet is occurred.
Why ?
My partner is #1 !
GK0
#1
GK1
Join
Leave
Why ?
My partner is #2 !
GK2
#2 GK3
Conclusion


According to the number of group
members and the purpose of use, the
server’s administrator will need to think
changing the rekeying processes.
In Batch rekeying, we must think outof-sync problem.