Abstract
IP multicast is a promising communication model for group oriented applications. Unfortunately, the strength of multicast is also its security weakness; the anonymous receiver model in multicast is based on a single multicast address, rather than explicitly listing the members, allow multicast to scale to virtually any group size. This complicates confidentiality which requires individual and explicit identification of the members in order to make sure that only legitimate members are able to access the multicast data stream. In this thesis, we concentrate on one of the main areas in multicast security - confidentiality. In centralised design, we focus on the efficiency of the key tree approach. For individual rekeying, we have proposed an algorithm that considers several related multicast sessions as a whole and the balance of the key tree to minimise the communication costs and key storage needed by the group controller and members. In cases where the multicast applications do not require strict secrecy, it is possible to consolidate the joining and departing members and rekey them as a whole. We have proposed three algorithms that maintain the balance of the key tree over time when members join and/or depart the multicast session without adding extra network costs. To avoid performance bottleneck and single point of failure problems, a distributed design that partitions the group members into several areas is preferred over a centralised design. Mobility adds another dimension of complexity to the design by allowing members not only to join or depart the group but also transfer between areas. We have proposed one algorithm that tries to minimise the communication costs when members join the group and members transfer between areas.