Group Key Management (cont.)
- What is a good group key protocol ?
- Key Independence: an attacker knowing any proper subset of group keys cannot discover any other group keys.
- Perfect Forward Secrecy: compromise of one member’s long term key, cannot compromise any short-term group keys.
- Backward/Forward Secrecy: any subset of group keys can not be used to discover previous/subsequent keys.
- When to refresh the group key?
- ‘Secure’ : every time the group changes.
- It is an application policy.