Resource-efficient delivery of on-demand streaming data using UEP codes

We propose and analyze a new multicast scheme for delivering on-demand streaming data using unequal protection codes. The scheme allows an end user to join only one multicast channel for a data stream at any time to play out the requested data stream from its beginning after a fixed initial playout delay. The scheme tolerates packet loss during transmission, and thus, significantly reduces the cost of implementing a reliable multicast network layer to ensure delivery of all packets. Meanwhile, resource usage of the scheme, including server computing bandwidth, network bandwidth, and client's buffer space, is determined only by the original data stream length and the initial playout delay, but is independent of either the number or the arrival pattern of individual end-user requests. Thus, the scheme is totally scalable with the number of end users, fully utilizing the data delivery efficiency of a multicast network. The scheme also uses resources efficiently, e.g., with an initial playout delays of 30 s and 60 s, multicasting a 2 h video using this scheme needs only about 5.5 and 4.8 times, respectively, the server computing bandwidth and network bandwidth of those for a single unicast delivery of the same original data stream.     

A key management scheme for secure group communication using binomial key trees

Numerous emerging applications, such as teleconferencing, board meetings, pay-per-view and scientific discussions, rely on a secure group communication model. Scalable group rekeying is an important issue in the secure group communication model as the nature of the group is dynamic. The number of encryptions performed and rekey messages constructed should be minimized to carry out updating of the group key, and secure delivery of the group key should be carried out in an efficient manner. In this paper, we propose a new scheme to manage the secure group using the binomial key tree approach. In this scheme, the number of encryptions performed and rekey messages constructed during membership change are fewer compared to the scheme proposed by Wong and others. Further, it is not required to balance the tree after each membership change. We show that, for a large group, the average encryption cost and rekey message cost are independent of the size of the group for join operation and logarithmic in size of the group for leave operation. Hence our scheme is scalable. Copyright © 2010 John Wiley & Sons, Ltd.     

Secure group communications using key graphs

Many emerging network applications are based upon a group communications model. As a result, securing group communications, i.e., providing confidentiality, authenticity, and integrity of messages delivered between group members, will become a critical networking issue. We present, in this paper, a novel solution to the scalability problem of group/multicast key management. We formalize the notion of a secure group as a triple (U,K,R) where U denotes a set of users, K a set of keys held by the users, and R a user-key relation. We then introduce key graphs to specify secure groups. For a special class of key graphs, we present three strategies for securely distributing rekey messages after a join/leave and specify protocols for joining and leaving a secure group. The rekeying strategies and join/leave protocols are implemented in a prototype key server we have built. We present measurement results from experiments and discuss performance comparisons. We show that our group key management service, using any of the three rekeying strategies, is scalable to large groups with frequent joins and leaves. In particular, the average measured processing time per join/leave increases linearly with the logarithm of group size     

Scalable secure group communication over IP multicast

We introduce and analyze a scalable rekeying scheme for implementing secure group communications Internet protocol multicast. We show that our scheme incurs constant processing, message, and storage overhead for a rekey operation when a single member joins or leaves the group, and logarithmic overhead for bulk simultaneous changes to the group membership. These bounds hold even when group dynamics are not known a priori. Our rekeying algorithm requires a particular clustering of the members of the secure multicast group. We describe a protocol to achieve such clustering and show that it is feasible to efficiently cluster members over realistic Internet-like topologies. We evaluate the overhead of our own rekeying scheme and also of previously published schemes via simulation over an Internet topology map containing over 280 000 routers. Through analysis and detailed simulations, we show that this rekeying scheme performs better than previous schemes for a single change to group membership. Further, for bulk group changes, our algorithm outperforms all previously known schemes by several orders of magnitude in terms of actual bandwidth usage, processing costs, and storage requirements.     

Research on Self-Adaptive Group Key Management in Deep Space Networks

Deep space network is a must-have technology to improve communication, navigation, and propulsion in future space missions, a very long physical distance among space entities is difficult to overcome efficiently as a space mission could cover a huge space, some distinguished negative features including long time delay and non-reliable end-to-end link deteriorate channel state seriously, thence the operations of rekey could not be implemented on time due to poor channel state which incurs frequently failure and provides more opportunities for adversary in assaulting group key management consequently. To solve the question, a self-adaption group key management scheme is put forward for long time delay and non-reliable end-to-end link network, multi-decryption keys protocol is designed as a container for involving shared decryption keys, every shared decryption key is divided into a few key fragments with threshold cryptograph whose scale is different to adjust the environment requirement, so different numbers of key fragments are applied to the decryption process according to the channel state, the public key material can be revised by a legitimated entity for rekeying without 1-affect-n problem. Any legitimated entities have capability of cooperating to implement different decryption process with different threshold cryptograph mechanisms, thus a few entities cooperate to withdraw a shared key without the leaving entity’s participation in rekeying, so the reliable end-to-end channel for the leaving entity is not necessary. In security aspect, the decryption keys meet key independence, the backward security and forward security are guaranteed in rekeying, and the probability of selected cipher text attack is negligible for an adversary under hardness assumption. Therefore the suggested scheme provides a less message cost rekeying method, it reduces time delay, and the failure of rekeying is tolerated in order to adapt to the non-reliable end-to-end link. Therefore the suggested scheme is suitable to long time delay and non-reliable end-to-end link deep space networks.

     

路径洗牌算法：安全组播中一种高效的组密钥更新算法

安全组播通信使用组内所有成员共享的组密钥来加密通信内容.为了保障安全,密钥服务器需要在组成员关系改变时进行组密钥更新(rekey).由于组内成员关系的动态性和加解密操作的高代价,组密钥更新性能成为衡量组密钥管理性能的主要指标.基于密钥树(key tree)的组密钥更新方法已经被广泛地使用,并达到了对数级的组密钥更新代价.密钥树的结构需要保证平衡,否则最坏情况下组密钥更新的通信代价会达到O(n).该文提出了一种新的基于密钥树的路径洗牌算法PSA(Path Shuffling Algorithm),该算法能够将密钥树的平衡操作分散到一般的更新密钥操作中,减少了结构调整代价,从而提高了算法的性能.理论分析给出了该算法更新组密钥的平均通信代价,模拟实验也验证了这种算法更新组密钥的平均性能要优于其它同类算法.     

An efficient group key management protocol using code for key calculation: CKC

This paper presents a new group key management protocol, CKC (Code for Key Calculation) for secure IP multicast. In this protocol which is based on logical key hierarchy, only the group key needs to be sent to new member at join. Then, using the group key current members and the new member calculate the necessary keys by node codes and one-way hash function. A?node code is a random number assigned to each node to help users calculate necessary keys. Again, at leave server just sends the new group key to the remaining members. By this key, members calculate necessary keys using node codes and one-way hash function. The security of the keys is based on one-wayness of hash function. The results show that CKC reduces computational and communication overhead, and message size largely at join without increasing them at leave.     

A scalable multicast key management scheme for heterogeneous wireless networks

Secure multicast applications require key management that provides access control. In wireless networks, where the error rate is high and the bandwidth is limited, the design of key management schemes should place emphasis on reducing the communication burden associated with key updating. A communication-efficient class of key management schemes is those that employ a tree hierarchy. However, these tree-based key management schemes do not exploit issues related to the delivery of keying information that provide opportunities to further reduce the communication burden of rekeying. In this paper, we propose a method for designing multicast key management trees that match the network topology. The proposed key management scheme localizes the transmission of keying information and significantly reduces the communication burden of rekeying. Further, in mobile wireless applications, the issue of user handoff between base stations may cause user relocation on the key management tree. We address the problem of user handoff by proposing an efficient handoff scheme for our topology-matching key management trees. The proposed scheme also addresses the heterogeneity of the network. For multicast applications containing several thousands of users, simulations indicate a 55%-80% reduction in the communication cost compared to key trees that are independent of the network topology. Analysis and simulations also show that the communication cost of the proposed topology-matching key management tree scales better than topology-independent trees as the size of multicast group grows.     

A protocol for scalable loop-free multicast routing

In network multimedia applications such as multiparty teleconferencing, users often need to send the same information to several (but not necessarily all) other users. To manage such one-to-many or many-to-many communication efficiently in wide-area internetworks, it is imperative to support and perform multicast routing. Multicast routing sends a single copy of a message from a source to multiple receivers over a communication link that is shared by the paths to the receivers. Loop-freedom is an especially important consideration in multicasting because applications using multicasting tend to be multimedia and bandwidth intensive, and loops in multicast routing duplicate looping packets. We present and verify a new multicast routing protocol, called multicast Internet protocol (MIP), which offers a simple and flexible approach to constructing both group-shared and shortest-paths multicast trees. MIP can be sender-initiated or receiver-initiated or both; therefore, it can be tailored to the particular nature of an application's group dynamics and size. MIP is independent of the underlying unicast routing algorithms used. MIP is robust and adapts under dynamic network conditions (topology or link cost changes) to maintain loop-free multicast routing. Under stable network conditions, MIP has no maintenance or control message overhead. We prove that MIP is loop-free at every instant, and that it is deadlock-free and obtains multicast routing trees within a finite time after the occurrence of an arbitrary sequence of topology or unicast changes     

一种基于时间结构树的多播密钥管理方案

随着Internet的发展,多播通信技术得到了广泛的应用.其中组密钥管理是多播安全的核心问题.文中在分析已有研究的基础上,提出了一种基于时间结构树的密钥管理方案,采用周期性的密钥更新机制,通过安全滤波器分配新的组密钥,大大减少了密钥更新时的传输消息,提高了密钥更新的效率,实现密钥更新的可靠性.     

Enabling Confidentiality of Data Delivery in an Overlay Broadcasting System

In this paper, we present an extensive study of key dissemination schemes in an overlay multicast context, and the first to involve actual implementation, real traces, and performance in Internet environments. Given that rekey traffic has stronger resilience requirements and is burstier than data traffic, we consider whether data and keys must be distributed using the same overlay or using two separate dissemination structures. Our key findings are: (i) a coupled architecture is effective in achieving resilient key dissemination. Using TCP in each hop of the dissemination structure (an opportunity unique to overlays) is effective in achieving resiliency in end-to-end key delivery. The performance can be further enhanced if convergence properties of overlays are considered; and (ii) a coupled architecture optimized for data delivery has high overheads, while a coupled architecture optimized for key delivery may not honor access bandwidth constraints of nodes. Distributing data and keys using separate overlays achieves low overhead for key dissemination while honoring access bandwidth constraints of nodes.     

Exploring the design space of reliable multicast protocols for wireless mesh networks

Many important applications in wireless mesh networks require reliable multicast communication, i.e., with 100% packet delivery ratio (PDR). Previously, numerous multicast protocols based on automatic repeat request (ARQ) have been proposed to improve the packet delivery ratio. However, these ARQ-based protocols can lead to excessive control overhead and drastically reduced throughput. In this paper, we present a comprehensive exploration of the design space for developing high-throughput, reliable multicast protocols that achieve 100% PDR.Motivated by the fact that 802.11 MAC layer broadcast, which is used by most wireless multicast protocols, offers no reliability, we first examine if better hop-by-hop reliability provided by unicasting the packets at the MAC layer can help to achieve end-to-end multicast reliability. We then turn to end-to-end solutions at the transport layer. Previously, forward error correction (FEC) techniques have been proved effective for providing reliable multicast in the Internet, by avoiding the control packet implosion and scalability problems of ARQ-based protocols. In this paper, we examine if FEC techniques can be equally effective to support reliable multicast in wireless mesh networks. We integrate four representative reliable schemes (one ARQ, one FEC, and two hybrid) originally developed for the Internet with a representative multicast protocol ODMRP and evaluate their performance.Our experimental results via extensive simulations offer an in-depth understanding of the various choices in the design space. First, compared to broadcast-based unreliable ODMRP, using unicast for per-hop transmission only offers a very small improvement in reliability under low load, but fails to improve the reliability under high load due to the significantly increased capacity requirement which leads to congestion and packet drop. Second, at the transport layer, the use of pure FEC can significantly improve the reliability, increasing PDR up to 100% in many cases, but can be inefficient in terms of the number of redundant packets transmitted. In contrast, a carefully designed ARQ–FEC hybrid protocol, such as RMDP, can also offer 100% reliability while improving the efficiency by up to 38% compared to a pure FEC scheme. To our best knowledge, this is the first in-depth study of high-throughput, reliable multicast protocols that provide 100% PDR for wireless mesh networks.     

Autonomic Group Key Management in Deep Space DTN

In deep space delay tolerant networks rekeying expend vast amounts of energy and delay time as a reliable end-to-end communication is very difficult to be available between members and key management center. In order to deal with the question, this paper puts forwards an autonomic group key management scheme for deep space DTN, in which a logical key tree based on one-encryption-key multi-decryption-key key protocol is presented. Each leaf node with a secret decryption key corresponds to a network member and each non-leaf node corresponds to a public encryption key generated by all leaf node’s decryption keys that belong to the non-leaf node’s sub tree. In the proposed scheme, each legitimate member has the same capability of modifying public encryption key with himself decryption key as key management center, so rekeying can be fulfilled successfully by a local leaving or joining member in lack of key management center support. In the security aspect, forward security and backward security are guaranteed. In the efficiency aspect, our proposed scheme’s rekeying message cost is half of LKH scheme when a new member joins, furthermore in member leaving event a leaving member makes tradeoff between computation cost and message cost except for rekeying message cost is constant and is not related to network scale. Therefore, our proposed scheme is more suitable for deep space DTN than LKH and the localization of rekeying is realized securely.     

Bandwidth-allocation policies for unicast and multicast flows

Using multicast delivery to multiple receivers reduces the aggregate bandwidth required from the network compared to using unicast delivery to each receiver. However, multicast is not yet widely deployed in the Internet. One reason is the lack of incentive to use multicast delivery. To encourage the use of multicast delivery, we define a new bandwidth-allocation policy, called LogRD, taking into account the number of downstream receivers. This policy gives more bandwidth to a multicast flow as compared to a unicast flow that shares the same bottleneck, without starving the unicast flows, however. The LogRD policy also provides an answer to the question on how to treat a multicast flow compared to a unicast flow sharing the same bottleneck. We investigate three bandwidth-allocation policies for multicast flows and evaluate their impact on both receiver satisfaction and fairness using a simple analytical study and a comprehensive set of simulations. The policy that allocates the available bandwidth as a logarithmic function of the number of receivers downstream of the bottleneck achieves the best tradeoff between receiver satisfaction and fairness     

Network Bandwidth Requirements for Scalable On-Demand Streaming

Previously proposed streaming protocols using broadcast or multicast are able to deliver multimedia files on-demand with required server bandwidth that grows much slower than linearly with request rate, or with the inverse of client start-up delay. The same efficiencies can be achieved for network bandwidth if delivery is over a true broadcast channel. This paper considers the required network bandwidth for on-demand streaming over multicast delivery trees. We consider both simple canonical delivery trees, and more complex cases in which delivery trees are constructed using both existing and new algorithms for randomly generated network topologies and client site locations. Results in this paper quantify the potential savings from use of multicast trees that are configured to minimize network bandwidth rather than the latency to the content server. Further, we determine the network bandwidth usage of particular immediate service and periodic broadcast on-demand streaming protocols. The periodic broadcast protocol is able to simultaneously achieve close to the minimum possible network and server bandwidth usage.     

Distributed servers approach for large-scale secure multicast

In order to offer backward and forward secrecy for multicast applications (i.e., a new member cannot decrypt the multicast data sent before its joining and a former member cannot decrypt the data sent after its leaving), the data encryption key has to be changed whenever a user joins or leaves the system. Such a change has to be made known to all the current users. The bandwidth used for such re-key messaging can be high when the user pool is large. We propose a distributed servers approach to minimize the overall system bandwidth (and complexity) by splitting the user pool into multiple groups each served by a (logical) server. After presenting an analytic model for the system based on a hierarchical key tree, we show that there is an optimal number of servers to achieve minimum system bandwidth. As the underlying user traffic fluctuates, we propose a simple dynamic scheme with low overhead where a physical server adaptively splits and merges its traffic into multiple groups each served by a logical server so as to minimize its total bandwidth. Our results show that a distributed servers approach is able to substantially reduce the total bandwidth required as compared with the traditional single-server approach, especially for those applications with a large user pool, short holding time, and relatively low bandwidth of a data stream, as in the Internet stock quote applications.     

Multipath routing for video delivery over bandwidth-limited networks

The delivery of quality video service often requires high bandwidth with low delay or cost in network transmission. Current routing protocols such as those used in the Internet are mainly based on the single-path approach (e.g., the shortest-path routing). This approach cannot meet the end-to-end bandwidth requirement when the video is streamed over bandwidth-limited networks. In order to overcome this limitation, we propose multipath routing, where the video takes multiple paths to reach its destination(s), thereby increasing the aggregate throughput. We consider both unicast (point-to-point) and multicast scenarios. For unicast, we present an efficient multipath heuristic (of complexity O(|V|/sup 3/)), which achieves high bandwidth with low delay. Given a set of path lengths, we then present and prove a simple data scheduling algorithm as implemented at the server, which achieves the theoretical minimum end-to-end delay. For a network with unit-capacity links, the algorithm, when combined with disjoint-path routing, offers an exact and efficient solution to meet a bandwidth requirement with minimum delay. For multicast, we study the construction of multiple trees for layered video to satisfy the user bandwidth requirements. We propose two efficient heuristics on how such trees can be constructed so as to minimize the cost of their aggregation subject to a delay constraint.     

Analytical evaluation of multicast packet delivery and user-clustering schemes in high-speed cellular networks

Transmission on data-oriented radio interfaces of cellular networks has been primarily designed for unicast applications. Nevertheless, unicast may not optimize the resource usage when the same content has to be transmitted to several users in the same cell. In this context, multicast seems to be an efficient means to convey data. In this paper, we develop an analytical model that allows the computation of the mean bitrate for both multicast and multiple-unicast transmission schemes. Furthermore, we propose a multicast transmission scheme called the equal-bitrate (EB) algorithm that allocates bandwidth to mobiles according to their instantaneous channel quality. We compare it to adaptations of the well-known max-signal-to-noise ratio and round robin to multicast. We propose to group users into clusters. The clustering method combines multicast and unicast transmission schemes according to the user’s average channel conditions. We use the analytical model to evaluate the proposed solutions. We compare the resulting performance against pure multicast and multiple-unicast approaches. We show that the EB algorithm offers a good trade-off between throughput and fairness. Also, we show that mixed clustering achieves good performance compared to conventional clustering methods.     

全双工协作多播业务在NOMA系统中的应用和性能

研究了多播业务在协作非正交多址接入（non-orthogonal multiple access,NOMA）系统中的应用及其性能。在一个单播和多播混合业务的场景中,多播用户组中选择某个信道状态最好的用户作为中继进行解码转发单播用户的信号,并在中继用户支持全双工的模式下,分析和推导了单播用户的中断概率和平均可达速率的闭式表达式。蒙特卡洛仿真结果和理论推导高度一致,表明提出的协作多播应用可以极大改善单播用户的中断性能,且多播用户的容量性能在中继发射功率不是很高的情况下不会受到影响。     

UVoD: An unified architecture for video-on-demand services

Existing video-on-demand (VoD) systems can be classified into two categories: true-VoD (TVoD) and near-VoD (NVoD). TVoD systems allocate a dedicated channel for every user to achieve short latency. NVoD systems make use of multicast technologies to enable multiple users to share a single channel to reduce system cost. This paper proposes a VoD architecture called UVoD that unifies the existing TVoD and NVoD architectures by integrating unicast with multicast transmissions. A performance model of the system is derived and numerical results show that one can achieve significant performance gain over TVoD (over 500%) under the same latency constraints