ix

TABLE OF CONTENTS

CHAPTER NO. TITLE PAGE NO.

ABSTRACT v
LIST OF TABLES xiv
LIST OF FIGURES xv
LIST OF SYMBOLS AND ABBREVIATIONS xviii

1 INTRODUCTION 1
1.1 INTRODUCTION TO IPTV 1
1.2 OVERVIEW OF GROUP KEY MANAGEMENT 7
1.3 MOTIVATION AND CONTRIBUTION 9
1.4 IMMEDIATE REKEYING 13
1.4.1 Inefficiency 14
1.4.2 Out-of-sync Problem 14
1.5 BATCH REKEYING 15
1.6 SYSTEM ARCHITECTURE 18
1.7 OPTIMAL REKEY INTERVAL 19
1.8 OPTIMAL BATCH SIZE 20
1.9 SUBGROUP OPTIMIZATION 22
1.10 OUTLINE OF THE THESIS 24

2 STATE OF ART 26
2.1 INTRODUCTION 26
2.2 ARCHITECTURE OF IPTV 27
2.2.1 Content Provision 27
 x

CHAPTER NO. TITLE PAGE NO.

2.2.2 Content Delivery 28

2.2.3 IPTV Control 28
2.2.4 IPTV Transport Functions 28
2.2.5 Subscriber Functions 28
2.2.6 Security 29
2.3 SECURE MULTICAST 29
2.4 SECURITY REQUIREMENTS OF GROUP
COMMUNICATION 31
2.5 TAXONOMY OF KEY MANAGEMENT
SCHEMES 32
2.6 CENTRALIZED KEY MANAGEMENT
SCHEME 33
2.6.1 Group Key Management Protocol 34
2.6.2 Hierarchical Binary Tree 34
2.6.3 One way Function Tree 37
2.6.3.1 Structure of an OFT 38
2.6.3.2 Group initialization 39
2.6.3.3 Insertion into an OFT 40
2.6.3.4 Evicting a member from an
OFT key tree 41
2.6.4 Logical Key Hierarchy 43
2.6.5 Key Graph 45
2.6.5.1 Rekeying 46
2.6.5.2 Join operation 46
2.6.5.3 Leave operation 49
2.6.6 Key Management using Boolean
Function Minimization 52
2.6.7 Recent Approaches 54
 xi

CHAPTER NO. TITLE PAGE NO.

2.7 DISTRIBUTED GROUP KEY MANAGEMENT 56

2.7.1 Diffie- Hellman Key Exchange 57
2.7.2 CLIQUES Protocol 58
2.7.3 Tree Based Group Diffie-Hellman 59
2.7.4 Block Free Tree Based Group
Diffie-Hellman 61
2.7.5 Recent Approaches 62
2.8 DECENTRALIZED GROUP KEY
MANAGEMENT 64
2.8.1 Scalable Multicast Key Distribution 65
2.8.2 Iolus 65
2.8.3 Dual Encryption Protocol 67
2.8.4 MARKS Protocol 68
2.8.5 Kronos 69
2.8.6 Intra Domain Group Key Management
Protocol 71
2.8.7 Hydra Protocol 72
2.8.8 Efficient Key Agreement Protocol 73

3 OPTIMIZATION OF BATCH REKYING INTERVAL

FOR NEXT GENERATION NETWORK 75
3.1 CONTENT MANAGEMENT
NETWORK OF IPTV 75
3.2 NEED FOR ORI SCHEME 80
3.3 DESCRIPTION OF THE MODEL 81
3.3.1 Basics of Queuing Theory 81
3.3.2 System Setup 83
3.3.3 Markov Chain 84
 xii

CHAPTER NO. TITLE PAGE NO.

3.3.4 Birth Death Process 85

3.3.5 Performance Measures 86
3.3.6 88
3.4 HIGH LEVEL ARCHITECTURE OF SESSION
MANAGEMENT IN IPTV 89
3.4.1 Multicast Session Set Up Procedure 90
3.5 CALCULATION OF ORI 92
3.6 PERFORMANCE ANALYSIS 97
3.6.1 Arrival Rate Analysis 97
3.6.2 Service Rate Analysis 99
3.6.3 Rekeying Interval Analysis 99

4 BATCH SIZE OPTIMIZATION FOR IPTV 103

4.1 BATCH REKEYING PARAMETERS 104
4.1.1 Trustworthiness of a System 107
4.1.2 Secrecy Violation 107
4.2 DELAYS IN BATCH REKEYING 108
4.2.1 Delayed Batch Join 109
4.2.2 Delayed Batch Leave 110
4.3 ARRIVAL RATE CALCULATION 112
4.4 IDENTIFICATION OF OPTIMAL
BATCH SIZE 116

5 OPTIMIZATION OF SUB GROUP SIZE 120

5.1 INTRODUCTION 120
5.2 ARCHITECTURE OF IPTV
BROADCAST SYSTEM 122
 xiii

CHAPTER NO. TITLE PAGE NO.

5.3 IDENTIFICATION OF OPTIMAL SUB

GROUP SIZE 125
5.3.1 System Model Description 129
5.3.2 Poisson Arrivals See Time Average
Property 130
5.3.4 Cost of Computation 132
5.4 PERFORMANCE ANALYSIS 133

6 CONCLUSION AND FUTURE ENHANCEMENT 135

6.1 CONCLUSION 135
6.2 FUTURE ENHANCEMENT 138

REFERENCES 139

LIST OF PUBLICATIONS 149

 xiv

LIST OF TABLES

TABLE NO. TITLE PAGE NO.

2.1 Comparison of various decentralized frameworks 73

3.1 Performance measures used in queuing model 87
4.1 Characteristics of sessions in IPTV 118
5.1 Computation cost for varying number of subscribers
without sub group 127
5.2 Computation cost for varying number of subscribers
with sub group 128
5.3 Sub group communication cost 133
 xv

LIST OF FIGURES

FIGURE NO. TITLE PAGE NO.

1.1 High level architecture of IPTV 3

1.2 IPTV transmissions through IP Multicast 4
1.3 Functional components of DRM system 5
1.4 Performance evaluation parameters of SGC 7
1.5 Structure of a transmission system in IPTV 11
1.6 Out-of-sync problem in immediate rekeying 15
1.7 Vulnerability window 17
1.8 Architecture of secure content delivery network 18
1.9 Three state Markovian model 21
1.10 Overview of thesis structure 25
2.1 Functional architecture of IPTV service 27
2.2 Elements of IP Multicast 30
2.3 Multicast security threat and solutions 31
2.4 Categories of group key management 32
2.5 Hierarchical key tree of group size of 8 35
2.6 Essential encryptions when a member joins
into the tree 36
2.7 Essential encryptions when a member leaves
from the tree 37
2.8 Structure of OFT 38
2.9 Before inserting a new member into an OFT tree 40
2.10 After inserting a new member into an OFT tree 41
2.11 Before evicting a member from an OFT tree 42
 xvi

FIGURE NO. TITLE PAGE NO.

2.12 After evicting a member from an OFT tree 42

2.13 Key assignments to the members in LKH 44
2.14 Structure of Key graph 45
2.15 Key trees join and leave 47
2.16 Server processing time per request vs group size
(key degree 4) 51
2.17 Server processing time per request vs key tree degree
(initial group size 8192) 52
2.18 Key distribution in Boolean function minimization 53
2.19 Departure of C5 54
2.20 Tree based group Diffie Hellman key distribution tree 60
2.21 IOLUS Hierarchy 66
2.22 MARKS key generation tree 68
2.23 Intra domain group key management
protocol architecture 72
2.24 Hydra architecture 73
3.1 Functional architecture of IPTV systems 77
3.2 Internal structure of broadcast servers of IPTV 78
3.3 Basic queuing process 82
3.4 Architecture of rekey server 84
3.5 Markov chain model of request and service 86
3.6 Steps of establishing multicast session in IPTV 92
3.7 Expe 98
3.8 Expected arrival rate of 98
3.9 Expected service rate by the rekey server 99
3.10 Batch wise waiting time analysis 100
3.11 Optimal rekeying interval when k=4,6, 8 101
3.12 Average waiting time when µ=2,5,9 101
 xvii

FIGURE NO. TITLE PAGE NO.

4.1 Batch rekeying process 105

4.2 Batch rekeying intervals 105
4.3 Batch size vs. probability of secrecy violation 108
4.4 Batch join at the start of an interval 109
4.5 Batch join at the end of an interval 110
4.6 Batch leave at the start of an interval 111
4.7 Batch leave at the end of an interval 111
4.8 Inter arrival time of subscribers during 9.00-10.00 pm 112
4.9 Average number of active subscribers 116
4.10 Batch size vs. delay 118
5.1 Subscribers subscription scenario in IPTV 122
5.2 Structure of a secured broadcast server 123
5.3 Structure of subscriber group in IPTV 124
5.4 Structure of group size 15 126
5.5 Computation complexity without sub group 127
5.6 Computation complexity with sub group 128
5.7 Subscribers inter arrival time 129
5.8 State of a system 131
5.9 Encryption Rate 133
 xviii

LIST OF SYMBOLS AND ABBREVIATIONS

AKD - Area Key Distributor

- Arrival Rate
ASM - Authentication and Session Management
BF-TGDH - Block Free Tree Based Group Diffie-Hellman
BS - Broadcast Server
CV - Coefficient of Variation
CDN - Content Delivery Network
CBT - Core Base Tree
DBJ - Delayed Batch Join
DBL - Delayed Batch Leave
DRM - Digital Rights Management
DKD - Domain-wide Key Distributor
DEP - Dual Encryption Protocol
FCFS - First Come First Served
GD - General queue Discipline
GC - Group Controller
GKMP - Group Key Management Protocol
HRM - Hierarchical Binary Tree
k - Hourly Arrival Effect
IGMP - Internet Group Message Protocol
IPTV - Internet Protocol TeleVision
IGKMP - Intra-domain Group Key Management Protocol
LCFS - Last Come First Served
LKH - Logical Key Hierarchy
NDVR - Network Digital and Video Recording
 xix

NTP - Network Time Protocol

NGN - Next Generation Network
OFT - One-way Function Tree
ORI - Optimal Rekey Interval
PASTA - Poisson Arrivals See Time Average
Psv - Probability of Secrecy Violation
Pt - Probability of Trustworthiness
ik - Random Error
ROP - Random Observer Property
RTP - Real Time Protocol
RTSP - Real Time Streaming Protocol
RI - Rekey Interval
SMKD - Scalable Multicast Key Distribution
SIRO - Service In Random Order
µ - Service Rate
TEK - Traffic Encryption Key
- Traffic Intensity
TGDH - Tree based Group Diffie-Hellman
VoD - Video on Demand