We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4
Bonfring International Journal of Research in Communication Engineering, Vol.
1, Special Issue, December 2011 1
ISSN 2250 110X | 2011 Bonfring Abstract--- In order to establish a group communication, a common key must be available with all the members of the group. The group key can be used for encrypting data between the group members or restricting access to the resources intended for group members only. Each member in a group has a unique key referred as member key, used for decrypting data in a group. The group key is distributed by group key server, which changes the group key time to time called as group rekeying. It is mandatory that the group key changes after a new user has joined and an existing user departed periodically. The existing system analyse the Bursty behaviour and operation. Burstiness is an important behavior in Secure Group Communication (SGC). Performing bursty operation, which may accumulate the simultaneous leave and join as a single operation, thus reduces the frequency of key distribution and reduces time complexity. But in the existing system the aggregate operation will occur only in rare condition so it may not perform the key reduction in all cases as well as it perform less scalability and security. To achieve better scalability, security and key reduction a new group key management protocol based on the Chinese Remainder Theorem and a hierarchical tree is proposed, in which each node contains a key and a modulus. The Keys and modulus are constructed as a tree and maintained by the key server. The key server shares the keys with each member on the path from its leaf to the root. The keys on its path from the leaf to the root need to be updated in the protocol, when a member joins or leaves the group but all modulus must be kept fixed. To update the keys on the tree, the key server generates a new key for each update node and encrypts it with its children keys on its path from the leaf to the root. Thus the new scalable protocol increases the security, scalability issues when the group size goes up to millions of members and reduces the key. Keywords--- Re-Keying, Scalability, Group key Management.
I. INTRODUCTION HE advances in communication and networking technologies have paved ways for people to share and disseminate information. Along with the growing exchange of information, the security of communications has drawn increasing attention. An important aspect of communication
M. Rameeya, Assistant Professor, Department of Computer Science and Engineering, Mepco Schlenk College of Engineering. E-mail: [email protected] S. Oswalt Manoj, Assistant Professor, Department of Computer Science and Engineering, Sri Ramakrishna Institute of Technology. E-mail: [email protected] security is content confidentiality. Secure group communication (SGC) is becoming more popular in the Internet. Examples of such applications include video conferencing, interactive group games, TV over internet, e- learning, and public stock quote broadcasting. As an important and mandatory building block for multicast applications, multicast security has been extensively researched in the past decades for protecting multicast communications. The research on multicast security addresses authentication, confidentiality, and access control, among other areas, where group key management is a key component. Even though Internet multicast capability provides an efficient way for secure group communication applications, the security of multicast applications is guaranteed by cryptographic techniques. The most important feature of SGC is group dynamics by which we mean that members can join and/or leave a group at any time. To achieve confidentiality in group communications, a key known to all group members is used to encrypt the communication content. This key is usually referred to as the group key. In a group with dynamic membership, the group key needs to be updated upon each users join to prevent the new user from accessing the past communications. Similarly, upon each users departure, the group key needs to be updated to prevent the leaving user from accessing the future communications. Thus group members need to agree upon the same key management protocol for key establishment and update. The biggest challenge caused by group dynamics is that when member(s) join or leave a group, the group key(s) must be changed in an efficient and scalable way to prevent the joining/leaving member from decrypting the previous/future messages. In existing burstiness is an important behavior in SGC. Performing bursty operation in one aggregate operation is important for reduce the rekeying message. When the frequency of membership changes is high, it becomes necessary to reduce the cost of frequent key distributions. One feasible way is to accumulate the joins and leaves for a certain period of time, thus reducing the frequency of key distributions. This can be considered as another kind of bursty behavior. Performing a bursty operation in one aggregate operation is important for reducing the number of rekeying messages, reducing the frequency of key distributions. This may maximizes key management efficiency in secure, but relatively dynamic, group communication. This technique is based on logical key hierarchy. The aggregation of key updates can reduce the cost of key distribution operations. However, they are still vulnerable to scalability issues when the group size goes up to millions of members and the re-key Tree Based Scalable Secure Group Communication M. Rameeya and S. Oswalt Manoj T Bonfring International Journal of Research in Communication Engineering, Vol. 1, Special Issue, December 2011 2 ISSN 2250 110X | 2011 Bonfring messages require strong security protection such as signature.
Figure 1: A Tree with Nodes Containing Key and Modulus.
In this paper, we propose a new group key based on the Chinese Remainder Theorem and a hierarchical tree graph in which each node contains a key and a modulus. The protocol is designed to minimize re-key messages, bandwidth usage, encryption, and signature operations. In the new protocol, the keys and moduli are constructed as a tree and maintained by the key server. The tree graph is similar to the tree graph in the logical key hierarchy protocol but each node of the tree in the new protocol is assigned two values: a key and a modulus. The key server shares the keys with each member on the path from its leaf to the root. The keys on its path from the leaf to the root need to be updated in the protocol when a member joins or leaves the group but all moduli must be kept fixed. II. RELATED WORK One feasible way is to accumulate the joins and leaves (Chang et al., 1999) for a certain period of time, thus reducing the frequency of key distributions. There has been extensive research focusing on group dynamics in SGC(Burmester & Desmedt, 1999), (Caronni et al., 1998), (Ingemarsson et al., 1982),(Iolus, 1997), (Molva & Pannetrat, 1999), (Noubir, 1998).The Local Key Hierarchy(LKH) protocol(wong et al, 2000) they reduce the re-key message. However most of them place the emphasis on single join and single leave, i.e., reducing the number of rekeying messages when a member joins/leaves. A key tree scheme (Caronni et al, 1998),(Noubir ,1998) processing multiple joins and leaves in aggregation is possible and will reduce the number of rekeying messages.The best time to join a group is when a member leaves, as the new member just need to replace the position previously occupied by the leaving member, and all tha keys held by the latter are updated(zou et al, 2002).Rekeying operation, allowing member to share the keys(wong et al,2000). key-tree key management protocol (Caronni et al., 1998), (Noubir ,1998 ),(Wong et al., 1998) for secure group communication to situations with bursty user arrival and departure patterns, especially when multiple joins and multiple leaves occur at the same time. The typical schemes for SGC with the emphasis on key tree scheme (Caronni et al., 1998), (Noubir ,1998),(Wong et al., 1998) . In other schemes (Burmester & Desmedt, 1995), (Dondeti, 1999),(Tang et al., 1982),(Steer et al, 1990),(Steiner et al., 1996) the group key is generated by uniform contributions from all group members. Based on the structural organization of group members, most schemes do not split members whereas some schemes (Dondeti et al., 1999),(Dondeti, 1999),(Mittra, 1997) divide group members into distinct subgroups, resulting in two levels of key management and increasing the scalability. To achieve confidentiality in group communications, a key known to all group members is used to encrypt the communication content (Judge & Ammar , 2002),(Canetti et al., 1999). III. BURSTY BEHAVIOUR A. Existing Schemes for Secure Group Communication We summarize and classify secure group communication schemes in this section. Based on the number of senders, SGC applications can be divided into two categories: broadcast communication, i.e., one-to-many communication and conference communication, i.e., many-to-many communication. Schemes are suitable for both kinds of applications. Based on how the group key is formed, some schemes require a Group Controller (GC) which generates group key and distributes the key to group members. In other schemes, the group key is generated by uniform contributions from all group members. The bursty operation is based on the tree based key management in which when the frequency of membership changes is high, it become necessary to reduce the cost of frequent key distributions. One feasible way is to accumulate the join and leave for a certain period of time, thus reducing the rekeying process. Based on the structural organization of group members, most schemes do not split members whereas some schemes divide group members into distinct subgroups, resulting in two levels of key management and increasing the scalability. In the later case, the subgroup manager may be a member of the group or not and may be trusted or not. Based on the kind of security, the SGC schemes may be classified as unconditionally secure or computationally secure. The members of the group are placed at leaf nodes of the tree. The nodes in the tree are assigned keys. The key at the root is the traffic encryption key (TEK) Every member is assigned the keys along the path from its leaf to the root. In the new protocol, the keys and moduli are constructed as a tree and maintained by the key server. The nodes in the different level of the tree are assigned with the different moduli but each a pair of siblings at the same tree depth are assigned with the same two moduli under the different Bonfring International Journal of Research in Communication Engineering, Vol. 1, Special Issue, December 2011 3 ISSN 2250 110X | 2011 Bonfring parents. The key server shares the keys with each member on the path from its leaf to the root. The keys on its path from the leaf to the root need to be updated in the protocol when a member joins or leave the group but all moduli must be kept fixed. To update the key, the key server generates a new key and encrypts it with its children key on its path from the leaf to the root. IV. REKEYING STRATEGIES A user who wants to join /leave a secure group sends a join/ leave request to the key server, denoted by s. For a join request from user u, we assume that group access control is performed by server using an access control list provided by the initiator of the secure group. A join request initiates an authentication exchange between u and s. If user is not authorized to join the group, server s sends a join-denied reply to u. If the join request is granted, then a key is distributed as a result of the authentication exchange by the individual key k u of u. Key exchange between server s and user u, and secure distribution of key k u to be shared by u and s. After each join or leave, a new secure group is formed. Server s has to update the group's key graph by replacing the keys of some existing k-nodes, deleting some k-nodes (in the case of a leave), and adding some -nodes (in the case of a join). It then securely sends rekey messages containing new group/subgroup keys to users of the new secure group. V. TREE BASED SCALABILITY OF SGC Our new scalable group key management protocol is based on the following: the Chinese Remainder Theorem and a hierarchical graph in which each node contains a key and a modulus. The protocol is designed to minimize re-key messages, bandwidth usage, encryption, and signature operations. Chinese Remainder Theorem: Let m 1 , m 2 , ...m n be n positive integers where they are pairwise relatively prime (i.e. gcd(m i ,m j )=1 for ij , 1i, jn), R 1 ,R 2 , ...R n be any positive integers, and M=m 1 m 2 ...m n . Then the set of linear congruous equations XR 1 mod m 1 , ...XR n mod m n have a unique solution as: X= M y M R n i i i i mod 1
where M i =M/m i and y i= M 1 i mod m i . In the new protocol, the keys and moduli are constructed as a tree and maintained by the key server. The tree graph is similar to the tree graph in the LKH protocol but each node of the tree in the new protocol is assigned two values: a key and a modulus. Figure 1 depicts the key and modulus graph, where TEK is a traffic encryption key, k ij is a key encryption key, and m ij is a modulus. A. Moduli Maintenance The key server needs to store 2log 2 n
moduli and each member needs to store log 2 n
moduli but they do not need to keep the moduli secret. The sibling nodes in the tree graph are assigned with two different moduli (i.e., m i1 and m i2
where i is the depth of the tree) and the nodes in the different level of the tree are assigned with the different moduli but each a pair of siblings at the same tree depth are assigned with the same two moduli under the different parents .This means there are only 2log 2 n different moduli in the tree graph, i.e. m ij (1ilog 2 n, j=1, 2) where i is the depth of the node in the tree, and the nodes (except the root) on a path from a leaf to the root and its direct children exactly cover all moduli. In addition, all different moduli in the tree graph should be pair wise relatively prime i.e., gcd(m ij ,m st )=1 and each modulus should be bigger than the key encryption value, i.e m ij >E il k (k st ) where m ij and k il belong to the same node and k st belongs to its parent node. B. Key Maintenance The key server needs to store 2n-1 keys, and each member needs to store log 2 n+1 keys. The key server shares the keys with each member on the path from its leaf to the root. The keys on its path from the leaf to the root need to be updated in the protocol when a member joins or leaves the group but all moduli must be kept fixed. To update the keys on the tree graph, the key server generates a new key for each update node and encrypts it with its children keys on its path from the leaf to the root. For instance, the key server needs to generate new keys {TEK, k il } to update {TEK, k il } for the arrival of member to the group. The key server then calculates a lock L as follows and multicasts the lock with the indices of keys to all valid members. L= 1 log 1 mod 2 z z t sj sj st n s M y M k Where,
z= 1 2 / 2 / 2 2 log log s n s n d d if s n d 2 log 2 / is odd
, 2 , 1 j if t 1 mod 2, otherwise M= 2 1 log 1 , 2 j sj n s m M , / sj sj m M y sj sj sj m M mod 1
Each member decrypt the updated traffic encryption key and related key encryption keys based on their own moduli and keys. Bonfring International Journal of Research in Communication Engineering, Vol. 1, Special Issue, December 2011 4 ISSN 2250 110X | 2011 Bonfring For the departure of the member from the group, the process is same as the arrival of the member in the group. VI. SCALABILITY In order to measure the scalability of group key management protocols more accurately, following scalability metrics are required: computational complexity, bandwidth usage, storage, number of re-key messages, and level of processing difficulty. Computational complexity measures the processing time in the central key server. Bandwidth usage accounts for the size of total messages sent out by the key server for a re-key process. Storage measures the total size of keys maintained by the key server. The number of rekey messages is the number of such messages needed to be processed by the key server. The level of processing difficulty indicates applicability for small mobile devices. VII. CONCLUSION In this paper, we have presented a new group key agreement, known as the scalable group key management, for secure group communications. Build upon tree-based group key management in which each node contain a key and a moduli but they do not need to kept the moduli secret and the key needed to update upon each member join/leave in a group. This new group key management protocol has better scalability in term of computational complexity. REFERENCES [1] C.K. Wong, M. Gouda, S.S. Lam, Secure group communications using key graphs, IEEE Transactions on Networking ,2000, pp.16-30. [2] X. Zou, B. Ramamurthy, S. Magliveras, Efficient key management for secure group communication with bursty behaviour in Proc. CIIT, 2002, pp. 148-153. [3] I.Chang, R. Engel, D. Kandlur, D. Pendarakis, and D. Saha, Key management for secure internet multicast using boolean function minimization techniques. Proceedings of INFOCOM99: Conference on Computer Communications, 1999. [4] G. Caronni, K. Waldvogel, D. Sun, and B. Plattner , Efficient security for large and dynamic multicast groups. Proceedings Seventh IEEE International Workshop on Enabling Technologies. Los Alamitos, CA, USA, 1998. [5] P. Judge and M. Ammar, A group access control architecture for secure multicast and anycast. In Proceedings of the IEEE INFOCOM 02, 2002. [6] L. R. Dondeti, Efficient private group communication over public networks.Conference On Computer Communication, 1999. [7] Ingemarsson, D. Tang, and C. Wong, A confernece key distribution system. IEEE Transations on Information Theory, Journal of Computer Communication Reviews, 1982. [8] T. Pham and Paul A. Watters, The Efficiency of Periodic Rekeying in Dynamic Group Key Management. Proceedings of Conference on Universal Multiservice Networks, 2007.
Transformation of Cryptography: Fundamental concepts of Encryption, Milestones, Mega-Trends and sustainable Change in regard to Secret Communications and its Nomenclatura
Making the Key Agreement Protocol in Mobile ad hoc Network More Efficient 1st edition by Gang Yao, Kui Ren, Feng Bao, Robert Deng, Dengguo Feng ISBN 3540202080 9783540202080 pdf download