[1]: <br>
- Provides a rigorous definition of join/leave methods and key generation
in the context of a binary tree architecture.<br>
- Assumes the availability of a PKI.<br>
- An excellent paper to implement in the case of distributed group management
function.<br>
<br>
[2]:<br>
- Assumes PKI.<br>
- Central group authority and group controller<br>
- &nbsp;Suggests scheme for multicast emulation if it is not available (which
it generally isn't)<br>
- &nbsp;Rekey done periodically and in response to joins<br>
- &nbsp;Nice resource because it gives concrete examples of header implementations
and message formats.<br>
<br>
[3]:<br>
- CBT accounting method.<br>
- Distributed key multicasting.<br>
- Necessitates CBT multicasting protocol support (which is non-existent)<br>
- Claims a more simplified approach when compared to GKMP; a more distributed
approach<br>
- Details the join procedure, but not the leave procedure.<br>
<br>
[4]:<br>
- Provides some well-thought guidelines against which to check various proposed
security architectures.<br>
- Point out some drawbacks of key trees on pg 12.<br>
<br>
[5]:<br>
- Contains enhancements to their first paper, [6], including definition of
the transitions between Tree, Centralized Flat, and Distributed Flat methods<br>
- Not within the scope of this project.<br>
<br>
[6]:<br>
- Assumes Reliable IP Multicast support (or else soft-state approach).<br>
- Perfect forward secrecy; no 3rd party group key manager.<br>
- Provides 3 schemes (centralized, c-flat, and distributed-flat).<br>
- Join and leave operations described in sufficient detail to implement them
in all schemes.<br>
- Nice idea with the key revision to avoid some key distribution during joins.<br>
- Intuitive proofs of forward and backward secrecy provided. <br>
<br>
[7]:<br>
- Again uses binary trees for key management.<br>
- Aims at making joins and leaves more efficient in terms of number of messages
sent.<br>
- Perhaps implement as an optimization.<br>
- Strictly a theoretical paper, no implementation presented.<br>
<br>
[8]:<br>
- Another summary of principles suggested for group security, similar to RFC
1949, but with more abstract terminology<br>
- Doesn't really add anything to the discussion at this point.<br>
- Nice list of desired properties.<br>
<br>
[9]:<br>
- Rigorous proofs/definitions for both a centralized and distributed approach.<br>
- Instead of a physical key manager its proposal is a cooperative approach
to maintaining a complete key graph.<br>
- Has been implemented and tested, but the steps to get there are not as clear
here as in other papers.<br>
<br>
[10]:<br>
- For curiosity only, is out of the scope of this project.<br>
<br>
[11]:<br>
- Commercial offering<br>
- Uses "trusted" third party: the SCIM server through which messages initially
pass<br>
- Connect to the server using RSA, send TEK with this public information,
then optionally set up P2P TEK to bypass the server.<br>
<br>
[12]:<br>
- Interesting early paper, but proposes to implement security functions at
the network layer instead of the application layer. &nbsp;Therefore it is
clearly not applicable to this project.<br>