IJCSNS International Journal of Computer Science and Network Security, VOL.8 No.4, April 2008 232 Revised Variable Length Interval Batch Rekeying with Balanced Key Tree Management for Secure Multicast Communications Joe Prathap, P.M † and Vasudevan,V † Department of Information Technology, † Arulmigu Kalasalingam Coll. of Engg., KrishnanKoil, 626 190, India . Summary With the evolution of the Internet, multicast communications seem particularly well adapted for large scale commercial distribution applications, for example, the pay TV channels and secure videoconferencing. A key tree approach has been proposed by other authors to distribute the multicast group key in such a way that the rekeying cost scales with the logarithm of the group size for a join or depart request. The efficiency of this key tree approach critically depends on whether the key tree remains balanced over time as members join or depart. So the researchers try to create a balanced tree by applying merging algorithms for batch join requests and to handle the batch depart request they extended and created a batch balanced algorithm. But we found that the algorithm works well only if the number of joining members is greater than the number of departing members. In this paper we analyzed various strategies and extended the Batch balanced algorithm further by utilizing variable length batch rekeying interval. This paper analyses the efficiency of the proposed scheme with the existing schemes and the comparison shows that the proposed scheme performs better than the existing schemes in terms of balanced key tree generation and minimizing the number of key update messages. Keywords : Multicast security, group key management, secure group communication, rekeying 1 INTRODUCTION Multicasting is a type of communication between computers in a network that enables a computer to send one stream of data to many interested receivers without interrupting computers that are not interested. For these reasons, multicasting has become the favored transmission method for most multimedia and triple play applications, which are typically large and use up a lot of bandwidth. Multicasting not only optimizes the performance of your network, but also provides enhanced efficiency by controlling the traffic on your network and reducing the loads on network devices. This technology benefits many group communication applications such as pay-per-view, online teaching, and share quotes [4], [6]. Before these group oriented multicast applications can be successfully deployed, access control mechanisms [7], [9], [13], [22] must be developed such that only authorized members can access the group communication. The only way to ensure controlled access to data is to use a shared group key, known only to the authorized members, to encrypt the multicast data. As group membership might be dynamic, this group key has to be updated and redistributed securely to all authorized members whenever there is a change in the membership in order to provide forward and backward secrecy [5] [8]. Forward secrecy means that a departing member cannot obtain information about future group communication and backward secrecy means that a joining member cannot obtain information about past group communication. We assume the existence of a trusted entity, known as the Group Controller (GC), which is responsible for updating the group key. This allows the group membership to scale to large groups. A number of scalable approaches have been proposed and one in particular, the key tree approach [2], [3], [10], [20], [23], [24], is analyzed in detail and extended in this paper. In short, the key tree approach employs a hierarchy of keys in which each member is assigned a set of keys based on its location in the key tree. The rekeying cost of the key tree approach increases with the logarithm of the group size for a join or depart request [16], [17], [18]. The operation for updating the group key is known as rekeying and the rekeying cost denotes the number of messages that need to be disseminated to the members in order for them to obtain the new group key. Individual rekeying, that is, rekeying after each join or depart request, has two drawbacks [12], [14],[18]. First, it is inefficient since each rekey message has to be signed for authentication purposes and a high rate of join/depart requests may result in performance degradation because the signing operation is computationally expensive. Second, if the delay in a rekey message delivery is high or the rate of join/ depart requests is high, a member may need a large amount of memory to temporarily store the rekey and data messages before they are decrypted. Batch rekeying techniques have been recently presented as a solution to overcome this problem. In such methods, a departed user will remain in the group longer and a new user has to wait longer to be accepted. All join and leave requests received within a batch period are processed together at the same time. A short rekey interval does not provide much batch rekeying benefit, whereas a long rekey