A comprehensive group key agreement solution must handle adjustments to group secrets subsequent to all membership change operations in the underlying group communication system. The following membership changes are considered:
Join occurs when a prospective member wants to join a group.
Leave occurs when a member wants to leave (or is forced to leave) a group. There might be different reasons for member deletion such as voluntary leave, involuntary disconnect or forced expulsion.
Partition occurs when a group is split into smaller groups. A group
partition can take place for several reasons, two of which are fairly common:
Network failure - this occurs when a network event causes disconnectivity within the group. Consequently, a group is split into fragments.
Explicit partition - this occurs when the application decides to split the group into multiple components or simply exclude multiple members at once.
Merge occurs when two or more groups merge to form a single group:
Network fault heal - this occurs when a network event causes previously disconnected network partitions to reconnect.
Explicit merge - this occurs when the application decides to merge multiple pre-existing groups into a single group.
At first glance, events such as network partitions and fault heals might appear infrequent and dealing with them might seem to be a purely academic exercise. In practice, however, such events are common owing to network misconfigurations and router failures. In addition, in mobile ad hoc (and other wireless) networks, partitions are both common and expected. Moser et al.present compelling arguments in support of these claims [MAMSA94]. Hence, dealing with group partitions and merges is a crucial component of group key agreement.