Received 28 February 2005 Copyright © 2006 John Wiley & Sons, Ltd. Accepted 18 April 2005 Scalable and fault-tolerant key agreement protocol for dynamic groups A. Abdel-Hafez 1 , A. Miri 1 and L. Orozco-Barbosa 2, * ,† 1 School of Information Technology & Engineering, University of Ottawa, Ottawa, Ontario, Canada. 2 Instituto de Investigación en Informatica, Universidad de Castilla-La Mancha, Albacete, Spain. SUMMARY With the widespread use of the Internet, the popularity of group communication-based applications has grown con- siderably. Since most communications over the Internet involve the traversal of insecure networks, basic security ser- vices are necessary for these collaborative applications. These security services can be facilitated if the authorized group members share a common secret. In such distributed applications, key agreement protocols are preferred to key dis- tribution protocols. In the past two decades, there have been many proposals for key agreement protocols. Most of these protocols are not efficient and limit the size of the underlying group. In this paper, we consider the scalability problem in group key agreement protocols. We propose a novel framework based on extension of the Diffie–Hellman key exchange protocol. The efficiency of our protocol comes from the clustering of the group members, where the common session key is established collaboratively by all participants. We present the auxiliary protocols needed when the mem- bership changes. We show that our protocol is superior in complexity in both communication and computation over- heads required to generate the session key. Copyright © 2006 John Wiley & Sons, Ltd. 1. INTRODUCTION With the widespread use of the Internet, the popularity of group communication- based applications has grown considerably. Group communication is a means of providing multi-point to multi-point commu- nication by organizing processes in groups. Current group-oriented applications include live multi-party conferences, online video games, collaborative workspaces, remote consultation and diagnosis systems for medical applications, contract negotiation and distributed interactive simulation and much more. Many of these applications disseminate and exchange sensitive and/or classified information. In prac- tice most of these applications use the Internet as the underlying communications network, so basic secu- rity services—such as traffic integrity, entity authentication, and confiden-tiality—are necessary for these collaborative applications. These security services can be facilitated if the authorized group members share a common secret (known in the literature as a group or session key. Thus one of the main design challenges in secure and reliable group communication systems is the group key management. A key management protocol is a process whereby a shared secret key becomes available to two or more authorized parties, for subsequent cryptographic use. Key management protocols can be subdivided broadly into: INTERNATIONAL JOURNAL OF NETWORK MANAGEMENT Int. J. Network Mgmt 2006; 16: 185–201 Published online 9 February 2006 in Wiley InterScience (www.interscience.wiley.com) DOI: 10.1002/nem.592 *Correspondence to: L. Orozco-Barbosa, Instituto de Investigación en Informática, Universidad de Castilla–La Mancha, Campus Universitavio s/n, 02071 Albacete, Spain. † E-mail: luis.orozco@uclm.es Contract/grant sponsor: NSERC. Contract/grant sponsor: Council of Science and Technology of Castilla–La Mancha; contract/grant number: PBC-03-001.