An efficient and secure group key management scheme supporting frequent key updates on Pay-TV systems

Pay-TV has become a popular subscribed-based service in recent years. To prevent unauthorized access from non-paid users over a broadcast channel, the TV server usually encrypts TV programs into ciphertexts such that only the legal members can decrypt them. The way of maintaining the common decryption key of a TV program to a dynamic subscription group of members is called the group key management. In this paper, we propose a secure and efficient tree-based group key management scheme that is very suitable for Pay-TV systems. In addition to possessing the advantages of the former tree-based scheme, such as O(log N) communication cost for each group key update and O(log N) secret keys for each member, our scheme has two distinct features, where N is the total number of members. (1) Each member only needs to decrypt one ciphertext or compute one hash value to get the group key from the rekey messages for each member leaving/joining. (2) To handle the key update for reconnected members who have missed the group key updates in his off-line period of time, the server only needs to store O(N) public tokens on the bulletin and each off-line member only needs O(log N) decryptions for getting the newest group key, which are independent of the number of group key updates. In Pay-TV systems, these features not only minimize the delay time for each group key update, but also let the system more practical even if the key update frequency is very high, such as, the Pay-Per-View TV service. Finally, we have a discussion of applying our GKM scheme to a multi-program service.