Advantages - This scheme supports for identification of the sender by using certificates, which will improve the security, as the receiver will know who is sending this message.
To support this a group controller is created so that the sender will know the receivers and visa versa.
Disadvantages - This scheme relies on a group controller to function as a controller of access and is also responsible for key management. This could provide for a single point of failure if the controller fails. It will also put a lot of responsibility on a single node, which requires a lot of processing for large dynamic groups. The group controller also has to contact each member in the group when a rekey event occurs which results in lots of traffic for large groups.
4.9 Broadcast Encryption
As we have seen from the previous sections, the use of key management and dis-tribution in group communication requires a lot of communication to distribute the keys and also computational resources to generate these keys. Broadcast Encryption [48] has received a lot of attention and has become a growing field of research lately [49, 50, 51, 52, 53, 54]. Broadcast encryption is somewhat related to key management that is why we have chosen to include this description in this section.
4.9.1 Broadcast encryption explained
The main goal of broadcast encryption is to reduce the messages transferred between the content provider and the content consumer. This is done, by removing the two-way dialog, which is normally done in the common public private key encryption scenario.
The goal of Broadcast Encryption is to provide a security scheme that does not require a two way handshake process, but rather have the content encrypted once and provide content consumers with a key to decrypt the content. This kind of scheme has been seen applied in cable television and through satellite dish, where the content consumer possesses a smartcard, which contains the identity of the cardholder (a unique number).
The encryption key is broadcasted with the content, so that authorized user can decrypt the message if the user possess an id that has not been revoked. The general scheme for broadcast encryption works as follows:
• The broadcaster creates a session key to be used for decryption of content sent by the broadcaster.
• This session key is encrypted using a broadcast encryption algorithm in which only non-revoked user can decrypt the key.
• The encrypted session key is sent as header information with the content in the broadcast network.
• Non-revoked user can take use their private key (id) to decrypt the session key, this is done using a pre known encryption algorithm.
• The session key is used by the content consumer to decrypt the content sent by the broadcaster.
As we see from this scheme, the clients become a stateless device in the network; there is no two-way communication between the content provider and the content consumer.
The keys private keys (id’s) are distributed to the user through postal services or through
4.10: Comparison 48
a local distributor. Most of these are presented to the user as a smartcard to be fit into a set top box and as the content gets to this box the session key is decrypted with the key on the card and the set top box can decrypt the message.
4.9.2 Evaluation
As we now described this broadcast encryption we will now look at some of the advan-tages and disadvanadvan-tages with this scheme.
Advantages - The advantages of using broadcast encryption are that there is no need to have a separate key management scheme as the keys are distributed as part of the content. By this the number of messages exchanged between the content provider and the content producer are reduce for such scheme.
Disadvantages - For broadcast encryption it is required that the user possesses a set of keys to decrypt the decryption key from the content. This is, as mentioned, often stored in a smartcard or similar. So to support such scheme the user will have to possess such card. Also, if this scheme is adapted to a personal computer it will enable the user to get control of the content and this could result in the key getting compromised. We have seen this for the DreamBox [55] where the keys are compromised by advanced software or keys are downloaded of the Internet which enables users to decrypt the content without an subscription to the service.
4.10 Comparison
We have in the previous section described several key management schemes, including broadcast encryption, all of this with some advantages and disadvantages. The main trend in finding the better scheme is to look at performance in key distribution. How-ever, this is not the only attribute a key management scheme must provide, it should provide for an appropriate security as well. By this we mean if it is possible to join a distribution chain and look at previous messages or if it is possible to leave and still be able to decrypt using the keys in possession. As we have seen from the evaluation of the schemes discussed above, most of them support both forward and backward se-crecy. The one obvious exception to this is broadcast encryption. As for this scheme, the key is distributed with the content and if you get the key you will be able to decrypt the content, and if the content is stored at a local drive you are always capable of de-crypting the content. With the key management schemes the key is always changing when the membership changes by this it will not be possible to decrypt content that is not intended to a member outside the current group. If we look at the performance of key management schemes we argue that broadcast encryption is the one scheme that performs the best. This is due to the key being distributed as part of the content and no extra messages will have to be sent. Still the keys to decrypt the decryption key is required at the users device so this will make it harder to manage as these keys will have to be provided through another channel. Usually this is done, by sending a smartcard per mail. And if such a scheme is adapted to a personal computer it re-quires a smartcard reader to be installed. Some of these schemes are only a theory of how group management could be done not all have created an implementation to really measure the performance of their schema. So to really figure out what is the best of these alternatives, a simulation with a deeper study should be done. There is one scheme, Iolus, which has been implemented. As we see from the discussion of these scheme is that it fits well into a multicast infrastructure. This is also the case for SMKD which is uses the core routers as intermediates that controls the its members. Many of
4.10: Comparison 49
the schemes described uses unicast communication to distribute keys. This provides for a lot of peer communication for large dynamic groups. It is hard to point out the best of these schemes it depends on the underlying infrastructure and what content is to be distributed. If the content is large, as for movies, and it has to be streamed in real time it will require the content to be encrypted in real-time and the key management will have to be fast to support this. As it is to many factors that comes into play to find the best key management scheme we does not point out the one scheme that is the best, as this depends on more than just the scheme.
5: Content Protection 50
5 Content Protection
When distributing content in an open network such as the Internet there are, if the con-tent is sensitive, needed some sort of protection. Known techniques as HTTPS (HTTP [56] over SSL [57] ) has been used to protect content on the Internet. This section will explain some of the common techniques used to protect content and copyrights for digital content. In other words this section describes the application of some of the previously introduced sections.