A Scalable Key Management Scheme for Secure IP Multicast over DVB-S Using Chaos Kassem Ahmad¹², Bassem Bakhache² ¹IETR: Institut d’Electronique et de Télécommunications de Rennes, UMR CNRS 6164, Site de Nantes, Ecole polytechnique de l’université de Nantes, B.P 50609 Nantes Cedex 3, France Kassem.ahmad@univ-nantes.fr Safwan El Assad¹, Samar Sindian¹ ²LASTRE: Laboratoire des Systèmes électroniques, Télécommunications et Réseaux, Azm Center, EDST, Lebanese University, Tripoli, Lebanon bbakhache@ul.edu.lb Abstract—Secure IP multicast over satellite is very important for applications such as pay per view. These applications need a key management scheme to distribute a shared group key to all group members for encrypting the data. LKH has been proposed to distribute the group key in a way that scales efficiently for large group’s size. However, the proposed schemes do not take into account the dynamicity of members. In fact, when the members of a large group are very dynamic, this leads to a massive load on the network resources and create performance deterioration, due to the high rekeying load. This paper addresses a new scalable key management scheme for encrypted multicast data by chaos. This scheme is proposed to reduce the rekeying cost and the dynamicity impact, especially on the satellite link. As a novel approach for keys transmission, we propose a new type of packet to transport a set of encrypted keys which minimizes the bandwidth consumption. The analysis of the proposed scheme shows that it can handle a very large multicast system effectively with more than tenfold reduction in the rekeying cost compared to some widely known and used protocols. Keywords- Secure Multicast; Key Management; DVB-S; Logical Key Hierarchy (LKH); Chaos. I. INTRODUCTION In the last few years, the study and the contribution of chaos have attracted many interests by researchers in various scientific fields. One of the fields where the theory of chaos finds practical implementation is the telecommunications field. In fact, the important characteristics of chaos such as the good cryptographic properties, the very high sensitivity to initial conditions and the non linear dynamic behavior of chaotic maps, encourage their use in crypto-systems or in new communication protocols for data security. Multicast communications over satellite is the best way to provide the pay per view, video conference and other communication services on a large geographic area, including isolated places. These services need to be secured and must use a key management to maintain security. On the other hand, the DVB-S (Digital Video Broadcasting-Satellite) [1] is a part of the DVB standards. These latter were initially proposed to offer audio and video services. Later, some encapsulation methods were proposed to enable IP links over DVB. IP multicast over DVB-S uses the MPEG-2 transport stream (TS) for the transport of multicast frames on the satellite link. Providing scalability is one of the main challenges in satellite multicast systems. A security system must take this problem into account, in particular the need for confidentiality and efficient usage of the satellite resources. The key management used in the multicast system is the particular issue that limits scalability, it is complicated and expensive (consumes bandwidth and processing power) [2] due to the rekeying process. When the number of members of multicast group is large and when these members are very dynamic (high ‘join/leave’ frequency), the cost becomes very high and it limits the network resources. In fact when a new member joins a group or when an existing member departs from a group, the group key has to be updated and redistributed with a large number of keys to all the authorized members to maintain security. Thus, it is particularly important to minimize the key management traffic costs. Different key management schemes have been proposed [3] for secure multicast, including a Flat system, LKH, Iolus and Kronos. It has been proven that Logical Key Hierarchy (LKH) is the most suitable key management system that can handle large groups successfully [4]. It is used by many applications since it has the best properties. In this paper, we firstly propose a new security system for IP multicast transmissions over DVB-S. Secondly, for solving the frequent rekeying problem, we propose a new key management scheme of two independent LKH key distribution layered architecture: a satellite-layer and a terrestrial layer. In both levels, and for more security, the keys are generated by chaotic sequences and are transmitted in particular packets defined for this purpose. Data and keys encryption is also provided by chaotic algorithms. This paper is organized as follows. In Section II we present the Internet multicast transmission over GEO satellite. In Section III we propose a new multicast security system based on two key management LKH layers. The analysis of the proposed key management system is detailed in Section IV. In Section V we evaluate the performance of our proposed key management system in terms of bandwidth consumption. In section VI we present our conclusion. 978-1-4673-0784-0/12/$31.00 ©2012 IEEE 736