SOT: secure overlay tree for application layer multicast

Application layer multicast (ALM) has been proposed to overcome current limitations in IP multicast. We address, for the first time, offering data confidentiality in ALM. To achieve data confidentiality, data encryption keys are shared among the multicast group members. Observe that in this system, a node may need to continuously reencrypt packets before forwarding them downstream. Furthermore, keys have to be changed whenever there is a membership change, leading to rekey processing overhead at the nodes. For a large and dynamic group, these reencryption and rekeying operations incur high processing overhead at the nodes. We introduce a scalable scheme called secure overlay tree (SOT) which clusters ALM peers so as to localize rekeying within a cluster and to limit reencryption at cluster boundaries, thereby minimizing the total nodal processing overhead. We describe the operations of SOT and compare its nodal processing overhead with two other basic approaches, namely, host-to-host encryption and whole group encryption. We show that there exists an optimal cluster size to minimize the total nodal processing overhead. SOT achieves substantial reduction in nodal processing overhead with little cost in network performance in terms of network stress and delay.