ISO/IEC 11770-5:2020
Information security — Key management — Part 5: Group key management
This document specifies mechanisms to establish shared symmetric keys between groups of entities. It defines:
— symmetric key-based key establishment mechanisms for multiple entities with a key distribution centre (KDC); and
— symmetric key establishment mechanisms based on a general tree-based logical key structure with both individual rekeying and batch rekeying.
It also defines key establishment mechanisms based on a key chain with group forward secrecy, group backward secrecy or both group forward and backward secrecy.
This document also describes the required content of messages which carry keying material or are necessary to set up the conditions under which the keying material can be established.
This document does not specify information that has no relation with key establishment mechanisms, nor does it specify other messages such as error messages. The explicit format of messages is not within the scope of this document.
This document does not specify the means to be used to establish the initial secret keys required to be shared between each entity and the KDC, nor key lifecycle management. This document also does not explicitly address the issue of interdomain key management.
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 Requirements
6 Tree-based key establishment mechanisms
6.1 General model
6.2 Joining process
6.3 Leaving process
6.4 Rekeying process
6.5 Logical key structure
6.5.1 General
6.5.2 Star-based structure
6.5.3 d-ary tree-based structure
6.5.4 General tree-based structure
6.6 Symmetric key-based key establishment mechanisms
6.6.1 General
6.6.2 Mechanism 1 — Key establishment mechanism with individual rekeying
6.6.3 Mechanism 2 — Key establishment mechanism with batch rekeying
7 Key chain-based group key management with limited forward key chain
7.1 General model
7.2 Calculations by the key distribution centre
7.2.1 Key chains
7.2.2 Group forward secrecy
7.2.3 Group backward secrecy
7.2.4 Forward and backward secrecy
7.3 Calculations by the client entity
Annex A (normative) Object identifiers
Annex B (informative) Load-balancing mechanism for a general tree-based structure
Bibliography
Keep me up-to-date
Sign up to receive updates when there are changes to this standard
Related Information
Similar Standards
-
AS/NZS ISO/IEC 27001:2023
Information security, cybersecurity and privacy protection – Information security management systems – Requirements
-
AS/NZS ISO/IEC 27001:2023 A1
Information security, cybersecurity and privacy protection - Privacy enhancing data de-identification framework
-
AS/NZS ISO/IEC 27002:2022
Information security, cybersecurity and privacy protection — Information security controls
-
AS/NZS ISO/IEC 27011:2025
Information security, cybersecurity and privacy protection – Information security controls based on ISO/IEC 27002 for telecommunications organizations
Foreword
Introduction
1 Scope
2 Normative references
3 Terms and definitions
4 Symbols and abbreviated terms
5 Requirements
6 Tree-based key establishment mechanisms
6.1 General model
6.2 Joining process
6.3 Leaving process
6.4 Rekeying process
6.5 Logical key structure
6.5.1 General
6.5.2 Star-based structure
6.5.3 d-ary tree-based structure
6.5.4 General tree-based structure
6.6 Symmetric key-based key establishment mechanisms
6.6.1 General
6.6.2 Mechanism 1 — Key establishment mechanism with individual rekeying
6.6.3 Mechanism 2 — Key establishment mechanism with batch rekeying
7 Key chain-based group key management with limited forward key chain
7.1 General model
7.2 Calculations by the key distribution centre
7.2.1 Key chains
7.2.2 Group forward secrecy
7.2.3 Group backward secrecy
7.2.4 Forward and backward secrecy
7.3 Calculations by the client entity
Annex A (normative) Object identifiers
Annex B (informative) Load-balancing mechanism for a general tree-based structure
Bibliography