A Framework for Secure Group Key Management

The need for secure group communication is increasingly evident in a wide variety of governmental, commercial, and Internet communities. Secure group key management is concerned with the methods of issuing and distributing group keys, and the management of those keys over a period of time. To provide perfect secrecy, a central group key manager (GKM) has to perform group rekeying for every join or leave request. Fast rekeying is crucial to an application\u27s performance that has large group size, experiences frequent joins and leaves, or where the GKM is hosted by a group member. Examples of such applications are interactive military simulation, secure video and audio broadcasting, and secure peer-to-peer networks. Traditionally, the rekeying is performed periodically for the batch of requests accumulated during an inter-rekey period. The use of a logical key hierarchy (LKH) by a GKM has been introduced to provide scalable rekeying. If the GKM maintains a LKH of degree d and height h, such that the group size n ≤ dh, and the batch size is R requests, a rekeying requires the GKM to regenerate O(R × h) keys and to perform O(d × R × h) keys encryptions for the new keys distribution. The LKH approach provided a GKM rekeying cost that scales to the logarithm of the group size, however, the number of encryptions increases with increased LKH degree, LKH height, or the batch size. In this dissertation, we introduce a framework for scalable and efficient secure group key management that outperforms the original LKH approach. The framework has six components as follows. First, we present a software model for providing secure group key management that is independent of the application, the security mechanism, and the communication protocol. Second, we focus on a LKH-based GKM and introduce a secure key distribution technique, in which a rekeying requires the GKM to regenerate O( R × h) keys. Instead of encryption, we propose a novel XOR-based key distribution technique, namely XORBP, which performs an XOR operation between keys, and uses random byte patterns (BPs) to distribute the key material in the rekey message to guard against insider attacks. Our experiments show that the XORBP LKH approach substantially reduces a rekeying computation effort by more than 90%. Third, we propose two novel LKH batch rekeying protocols . The first protocol maintains a balanced LKH (B+-LKH) while the other maintains an unbalanced LKH (S-LKH). If a group experiences frequent leaves, keys are deleted form the LKH and maintaining a balanced LKH becomes crucial to the rekeying\u27s process performance. In our experiments, the use of a B+-LKH by a GKM, compared to a S-LKH, is shown to substantially reduce the number of LKH nodes (i.e., storage), and the number of regenerated keys per a rekeying by more than 50%. Moreover, the B +-LKH performance is shown to be bounded with increased group dynamics. Fourth, we introduce a generalized rekey policy that can be used to provide periodic rekeying as well as other versatile rekeying conditions. Fifth, to support distributed group key management, we identify four distributed group-rekeying protocols between a set of peer rekey agents. Finally, we discuss a group member and a GKM\u27s recovery after a short failure time

GPRKEY - A NOVEL GROUP KEY REKEYING TECHNIQUE FOR MANET

A Mobile Ad hoc Network (MANET) is a collection of autonomous nodes or mobile devices that can arrange themselves in various ways and work without strict network administration. Ensuring security in mobile ad hoc networks is a challenging issue and most of the applications in mobile ad hoc networks involve group oriented communication. Mostly cryptographic techniques are used to provide the security to MANETs. Cryptographic techniques will not be efficient security mechanism if the key management is weak. The issue of packet loss in MANET that is caused due to multi casting and backward and forward secrecy results in mobility. Hence, we investigate on this issue and propose a method to overcome this scenario. On analysing the situation we find that frequent rekeying leads to huge message overhead and hence increases energy utilization. With the existing key management techniques it causes frequent disconnections and mobility issues. Therefore, an efficient multi casting group key management will help to overcome the above problems. In this paper we propose a novel group key rekeying technique named GPRKEY (Group key with Periodic ReKEYing) deal with scalability issue of rekeying and also analyze the performance of the newly proposed key management method using key trees. In this approach we use the periodic rekeying to enhance the scalability and avoid out of sync problems. We use sub trees and combine them using the merging algorithm and periodic re-keying algorithm. The GPRKEY is evaluated through NS-2 simulation and compared with existing key management techniques OFT (One-way Function Tree) and LKH (Logical Key Hierarchy). The security and performance of rekeying protocols are analyzed through detailed study and simulation

A practical key management and distribution system for IPTV conditional access

Conditional Access (CA) is widely used by pay-television operators to restrict access to content to authorised subscribers. Commercial CA solutions are available for structured broadcast and Internet Protocol Television (IPTV) environments, as well as Internet-based video-on-demand services, however these solutions are mostly proprietary, often inefficient for use on IP networks, and frequently depend on smartcards for maintaining security. An efficient, exible, and open conditional access system that can be implemented practically by operators with large numbers of subscribers would be beneficial to those operators and Set-Top-Box manufacturers in terms of cost savings for royalties and production costs. Furthermore, organisations such as the South African Broadcasting Corporation that are transitioning to Digital-Terrestrial-Television could use an open Conditional Access System (CAS) to restrict content to viewing within national borders and to ensure that only valid TV licence holders are able to access content. To this end, a system was developed that draws from the area of group key management. Users are grouped according to their subscription selections and these groups are authorised for each selection's constituent services. Group keys are updated with a key-tree based approach that includes a novel method for growing full trees that outperforms the standard method. The relations that are created between key trees are used to establish a hierarchy of keys which allows exible selection of services whilst maintaining their cryptographic protection. Conditions for security without dependence on smartcards are defined, and the system is expandable to multi-home viewing scenarios. A prototype implementation was used to assess the proposed system. Total memory consumption of the key-server, bandwidth usage for transmission of key updates, and client processing and storage of keys were all demonstrated to be highly scalable with number of subscribers and number of services

Sécurité dans les réseaux mobiles de nouvelle génération

RÉSUMÉ Les réseaux de nouvelle génération visent à converger les réseaux fixes et mobiles hétérogènes afin d’offrir tous les services à travers un réseau coeur tout IP. Faisant parti du réseau d’accès mobile, un des principaux objectifs du réseau 4G est de permettre une relève ininterrompue entre les réseaux cellulaires et WIFI pour ainsi favoriser l’apprivoisement de services vidéo mobiles exigeant des critères de qualité de service très stricts à moindres coûts. Cependant, l’uniformisation du trafic au niveau de la couche réseau favorise sa centralisation à travers un réseau coeur IP partagé par tous les opérateurs, la rendant ainsi comme une cible vulnérable de choix pour les pirates informatiques. La conception de solutions sécuritaires dans un environnement où les entités ne se connaissent pas à priori s’annonce comme une tâche très ardue. La thèse se penche sur quatre problématiques importantes dans les réseaux de nouvelle génération dont chacune est traitée dans un article distinct. Les deux premiers articles touchent à la sécurité dans un contexte décentralisé, à savoir les réseaux mobiles ad hoc (MANETs), alors que les deux derniers proposent des mécanismes innovateurs pour sécuriser des solutions visant à réduire la consommation de bande passante et d’énergie, en conformité avec le virage vert informatique promu par les opérateurs réseautiques. Plus précisément, le troisième article traite de la sécurisation des flots multicast dans un environnement à haut taux de perte de paquet et le dernier propose une solution d’optimisation de route sécuritaire pour mobile IPv6 (MIPv6) utilisant une version améliorée de l’algorithme de genération d’adresses cryptographiques (CGA) et les extensions de sécurité du système de nom de domaine (DNSSEC). Les systèmes de détection d’intrusion (IDS) pour les MANETs basés sur la réputation des noeuds classifient les participants du réseau selon leur degré de confiance. Cependant, ils partagent tous une vulnérabilité commune : l’impossibilité de détecter et de réagir aux attaques complices. Le premier article propose un IDS qui intègre efficacement le risque de collusion entre deux ou plusieurs noeuds malveillants dans le calcul de la fiabilité d’un chemin. L’algorithme propos´e ne se limite pas qu’au nombre et à la réputation des noeuds intermédiaires formant un chemin, mais intègre également d’autres informations pertinentes sur les voisins des noeuds intermédiaires d’un chemin pouvant superviser le message original et celui retransmis. Le IDS proposé détecte efficacement les noeuds malicieux et complices dans le but de les isoler rapidement du réseau. Les simulations lancées dans divers environnements MANETs contenant une proportion variable d’attaquants complices montrent bien l’efficacité du IDS proposée en offrant un gain en débit considérable comparativement aux solutions existantes. À l’instar de prévenir les comportements égoïstes des noeuds par la menace d’être privés de certaines fonctions, voire même isolés du réseau, due à une baisse de réputation, le second article opte pour un incitatif non-punitif en la monnaie virtuelle plus communément appelée nuglets. Plus précisément, l’article présente un cadre de travail issu de la théorie des jeux basé sur la compétition de Bertrand pour inciter les noeuds intermédiaires à retransmettre les messages selon les requis de QoS demandés par la source. Pour qu’un noeud source envoie ou accède à un flot sensible à la QoS comme par exemple les applications en temps réel, il débute par envoyer un contrat qui spécifie les critères de QoS, sa durée et son prix de réserve. Sur réception du contrat, les noeuds intermédiaires formant une route entre la source et la destination partagent les informations sur eux-mêmes et celles recueillies sur les noeuds voisins, anciens et courants pour estimer la probabilité de bris de contrat ainsi que le nombre de compétiteurs actifs. Ces deux paramètres sont cruciaux dans le processus de fixation des prix. Une fois les réponses de route recueillies, la source choisit la route la moins chère. Le cadre de travail multijoueur proposé, basé sur la compétition de Bertrand avec des firmes asymétriques et ayant accès à de l’information imparfaite, possède un équilibre de Nash en stratégies mixtes dans lequel le profit des firmes est positif et baisse non seulement avec le nombre de compétiteurs, mais aussi avec l’impression d’une précision accrue que les compétiteurs ont sur le coût de production du joueur. Les résultats montrent que l’incertitude sur les coûts augmente le taux de la marge brute et la fluctuation des prix tout en diminuant les chances d’honorer le contrat. Dans un autre ordre d’idée, l’intérêt sans cesse grandissant des opérateurs à converger les réseaux fixes et mobiles dans le but d’offrir une relève sans interruption favorise l’utilisation des applications vidéo mobiles qui surchargeront rapidement leurs réseaux. Dans un contexte du virage vert qui prend de plus en plus d’ampleur dans le domaine des télécommunications, la transmission des flots en multidiffusion (multicast) devient essentiel dans le but de réduire la consommation de bande passante et la congestion du réseau en rejoignant simultanément plusieurs destinataires. La sécurisation des flots en multidiffusion a été largement étudiée dans la littérature antérieure, cependant aucune des solutions proposées ne tient compte des contraintes imposées par les liaisons sans fil et la mobilité des noeuds, en particulier le haut taux de perte de paquets. La nécessité d’un mécanisme de distribution de clés régénératrices efficace et pouvant supporter un grand bassin d’abonnés pour les réseaux mobiles n’aura jamais été aussi urgent avec l’arrivée de la convergence fixe-mobile dans les réseaux 4G. Le troisième article présente deux algorithmes de clés régénératrices basés sur les chaînes de hachage bidirectionnelles pour le protocole de distribution de clés logical key hierarchy (LKH). Ainsi, un membre ayant perdu jusqu’à un certain nombre de clés de déchiffrement consécutives pourrait lui-même les régénérer sans faire la requête de retransmission au serveur de clés. Les simulations effectuées montrent que les algorithmes proposés offrent des améliorations considérables dans un environnement de réseau mobile à taux de perte de paquet, notamment dans le percentage de messages déchiffrés. Le souci d’efficacité énergétique est également présent pour les opérateurs de réseaux cellulaires. D’ailleurs, près de la moitié des abonnements sur Internet proviennent présentement d’unités mobiles et il est attendu que ce groupe d’utilisateurs deviennent le plus grand bassin d’usagers sur Internet dans la prochaine décennie. Pour supporter cette croissance rapide du nombre d’utilisateurs mobiles, le choix le plus naturel pour les opérateurs serait de remplacer mobile IPv4 par MIPv6. Or, la fonction d’optimisation de route (RO), qui remplace le routage triangulaire inefficace de MIP en permettant au noeud mobile (MN) une communication bidirectionnelle avec le noeud correspondant (CN) sans faire passer les messages à travers l’agent du réseau mère (HA), est déficiente au niveau de la sécurité. L’absence d’informations pré-partagées entre le MN et le CN rend la sécurisation du RO un défi de taille. MIPv6 adopte la routabilité de retour (RR) qui est davantage un mécanisme qui vérifie l’accessibilité du MN sur son adresse du réseau mère (HoA) et du réseau visité (CoA) plutôt qu’une fonction de sécurité. D’autres travaux se sont attaqués aux nombreuses failles de sécurité du RR, mais soit leur conception est fautive, soit leurs suppositions sont irréalistes. Le quatrième article présente une version améliorée de l’algorithme de génération cryptographique d’adresse (ECGA) pour MIPv6 qui intègre une chaîne de hachage arrière et offre de lier plusieurs adresses CGA ensemble. ECGA élimine les attaques de compromis temps-mémoire tout en étant efficace. Ce mécanisme de génération d’adresse fait parti du protocole Secure MIPv6 (SMIPv6) proposé avec un RO sécuritaire et efficace grâce à DNSSEC pour valider les CGAs qui proviennent d’un domaine de confiance et qui permet une authentification forte plutôt que l’invariance de source. Le vérificateur de protocoles cryptographiques dans le modèle formel AVISPA a été utilisé pour montrer qu’aucune faille de sécurité n’est présente tout en limitant au maximum les messages échangés dans le réseau d’accès. ----------ABSTRACT Next generation networks aim at offering all available services through an IP-core network by converging fixed-mobile heterogeneous networks. As part of the mobile access network, one of the main objectives of the 4G network is to provide seamless roaming with wireless local area networks and accommodating quality of service (QoS) specifications for digital video broadcasting systems. Such innovation aims expanding video-based digital services while reducing costs by normalizing the network layer through an all-IP architecture such as Internet. However, centralizing all traffic makes the shared core network a vulnerable target for attackers. Design security solutions in such an environment where entities a priori do not know each other represent a daunting task. This thesis tackles four important security issues in next generation networks each in distinct papers. The first two deal with security in decentralized mobile ad hoc networks (MANETs) while the last two focus on securing solutions aiming at reducing bandwidth and energy consumption, in line with the green shift promoted by network operators. More precisely, the third paper is about protecting multicast flows in a packet-loss environment and the last one proposes a secure route optimization function in mobile IPv6 (MIPv6) using an enhanced version of cryptographically generated address (CGA) and domain name service security extensions (DNSSEC). Most intrusion detection systems (IDS) for MANETs are based on reputation system which classifies nodes according to their degree of trust. However, existing IDS all share the same major weakness: the failure to detect and react on colluding attacks. The first paper proposes an IDS that integrates the colluding risk factor into the computation of the path reliability which considers the number and the reputation of nodes that can compare both the source message and the retransmitted one. Also, the extended architecture effectively detects malicious and colluding nodes in order to isolate them and protect the network. The simulations launched in various MANETs containing various proportions of malicious and colluding nodes show that the proposed solution offers a considerable throughput gain compared to current solutions. By effectively selecting the most reliable route and by promptly detecting colluding attacks, the number of lost messages is decreased, and therefore, offering more efficient transmissions. Instead of thwarting selfishness in MANETs by threatening nodes to limit their network functions, the second paper opts for a non-punishment incentive by compensating nodes for their service through the use of virtual money, more commonly known as nuglets. The last paper presents a game-theoretic framework based on Bertrand competition to incite relaying nodes in forwarding messages according to QoS requirements. For a source to send or access QoS-sensitive flows, such as real-time applications, it starts by sending a contract specifying the QoS requirements, its duration and a reservation price. Upon receiving a contract submission, intermediary nodes forming a route between the source and the destination share their current and past collected information on themselves and on surrounding nodes to estimate the probability of breaching the contract and the number of active competitors. Both parameters are crucial in setting a price. Once the source gets the responses from various routes, it selects the most cheapest one. This multiplayer winner-takes-all framework based on Bertrand competition with firms having asymmetric costs and access imperfect information has a mixed-strategy equilibrium in which industry profits are positive and decline not only with the number of firms having an estimated cost below the reservation price but also with the perception of a greater accuracy on a player’s cost that competitors have. In fact,results show that cost uncertainty increases firms’ gross margin rate and the prices fluctuation while making the contract honoring much riskier. On another topic, with the growing interest in converging fixed and mobile networks, mobile applications will require more and more resources from both the network and the mobile device. In a social-motivated context of shifting into green technologies, using multicast transmissions is essential because it lowers bandwidth consumption by simultaneously reaching a group of multiple recipients. Securing multicast flows has been extensively studied in the past, but none of the existing solutions were meant to handle the constraints imposed by mobile scenarios, in particular the high packet-loss rate. The need for a low overhead selfhealing rekeying mechanism that is scalable, reliable and suitable for mobile environments has never been more urgent than with the arrival of fixed-mobile convergence in 4G networks. The second paper presents two self-healing recovery schemes based on the dual directional hash chains for the logical key hierarchy rekeying protocol. This enables a member that has missed up to m consecutive key updates to recover the missing decryption keys without asking the group controller key server for retransmission. Conducted simulations show considerable improvements in the ratio of decrypted messages and in the rekey message overhead in high packet loss environments. The concern of energy efficiency is also present for mobile access network operators. In fact, nearly half of all Internet subscribers come from mobile units at the moment and it is expected to be the largest pool of Internet users by the next decade. The most obvious choice for mobile operators to support more users would be to replace Mobile IP for IPv4 with MIPv6. However, the Route Optimization (RO) function, which replaces the inefficient triangle routing by allowing a bidirectional communication between a mobile node (MN) and the corresponding node (CN) without passing through its home agent (HA), is not secure and has a high overhead. The lack of pre-shared information between the MN and the CN makes security in RO a difficult challenge. MIPv6 adopts the return routability (RR) mechanism which is more to verify the MN reachability in both its home address (HoA) and care-of address (CoA) than a security feature. Other works attempted to solve the multiple security issues in RR but either their design are flawed, or rely on unrealistic assumptions. The third paper presents an enhanced cryptographically generated address (ECGA) for MIPv6 that integrates a built-in backward key chain and offers support to bind multiple logically-linked CGAs together. ECGA tackles the time-memory tradeoff attacks while being very efficient. It is part of the proposed secure MIPv6 (SMIPv6) with secure and efficient RO which uses DNSSEC to validate CGAs from trusted domains and provide strong authentication rather than sender invariance. The AVISPA on-the-fly model checker (OFMC) tool has been used to show that the proposed solution has no security flaws while still being lightweight in signalling messages in the radio network

Design and Validation of Automated Authentication, Key and Adjacency Management for Routing Protocols

To build secure network-based systems, it is important to ensure the authenticity and integrity of the inter-router control message exchanges. Authenticating neighbors and ensuring their legitimacy is essential. Otherwise, the routes installed could be erroneous or targeted at causing an attack on the system. Current methods, which are based on manual keying, are error prone, not scalable, and result in keys being changed infrequently (or not at all) due to lack of authorized personnel. These issues can be addressed only by having an automated key management system that can automatically generate, distribute and update keys. The issue can be cast as a group key management problem with a `keying group' defined as the set of all routers that share the same key. A keying group can be as large as an entire administrative domain, or as small as a pair of peer routers. The smaller the scope of the key the less damaging the loss of a single key is likely to be. In this thesis, we propose an automated key management system that will be able to handle different categories of keying groups and also ensure important properties such as adjacency management, protection against replay attacks, confidentiality of messages, smooth key rollover, and robustness across reboots. Although there is some ongoing work with regard to developing automated key management systems, none of the existing methods handles all these cases. We have formally validated the protocol designed, for essential security properties such as authentication, confidentiality, integrity and replay protection, using a formal validation tool called AVISPA

Group Key Management in Wireless Ad-Hoc and Sensor Networks

A growing number of secure group applications in both civilian and military domains is being deployed in WAHNs. A Wireless Ad-hoc Network (WARN) is a collection of autonomous nodes or terminals that communicate with each other by forming a multi-hop radio network and maintaining connectivity in a decentralized manner. A Mobile Ad-hoc Network (MANET) is a special type of WARN with mobile users. MANET nodes have limited communication, computational capabilities, and power. Wireless Sensor Networks (WSNs) are sensor networks with massive numbers of small, inexpensive devices pervasive throughout electrical and mechanical systems and ubiquitous throughout the environment that monitor and control most aspects of our physical world. In a WAHNs and WSNs with un-trusted nodes, nodes may falsify information, collude to disclose system keys, or even passively refuse to collaborate. Moreover, mobile adversaries might invade more than one node and try to reveal all system secret keys. Due to these special characteristics, key management is essential in securing such networks. Current protocols for secure group communications used in fixed networks tend to be inappropriate. The main objective of this research is to propose, design and evaluate a suitable key management approach for secure group communications to support WAHNs and WSNs applications. Key management is usually divided into key analysis, key assignment, key generation and key distribution. In this thesis, we tried to introduce key management schemes to provide secure group communications in both WAHNs and WSNs. Starting with WAHNs, we developed a key management scheme. A novel architecture for secure group communications was proposed. Our proposed scheme handles key distribution through Combinatorial Key Distribution Scheme (CKDS). We followed with key generation using Threshold-based Key Generation in WAHNs (TKGS). For key assignment, we proposed Combinatorial Key Assignment Scheme (CKAS), which assigns closer key strings to co-located nodes. We claim that our architecture can readily be populated with components to support objectives such as fault tolerance, full-distribution and scalability to mitigate WAHNs constraints. In our architecture, group management is integrated with multicast at the application layer. For key management in WSNs, we started with DCK, a modified scheme suitable for WSNs. In summary, the DCK achieves the following: (1) cluster leader nodes carry the major part of the key management overhead; (2) DCK consumes less than 50% of the energy consumed by SHELL in key management; (3) localizing key refreshment and handling node capture enhances the security by minimizing the amount of information known by each node about other portions of the network; and (4) since DCK does not involve the use of other clusters to maintain local cluster data, it scales better from a storage point of view with the network size represented by the number of clusters. We went further and proposed the use of key polynomials with DCK to enhance the resilience of multiple node capturing. Comparing our schemes to static and dynamic key management, our scheme was found to enhance network resilience at a smaller polynomial degree t and accordingly with less storage per node

Security-centric analysis and performance investigation of IEEE 802.16 WiMAX

fi=vertaisarvioitu|en=peerReviewed

IPv6: a new security challenge

Tese de mestrado em Segurança Informática, apresentada à Universidade de Lisboa, através da Faculdade de Ciências, 2011O Protocolo de Internet versão 6 (IPv6) foi desenvolvido com o intuito de resolver alguns dos problemas não endereçados pelo seu antecessor, o Protocolo de Internet versão 4 (IPv4), nomeadamente questões relacionadas com segurança e com o espaço de endereçamento disponível. São muitos os que na última década têm desenvolvido estudos sobre os investimentos necessários à sua adoção e sobre qual o momento certo para que o mesmo seja adotado por todos os players no mercado. Recentemente, o problema da extinção de endereçamentos públicos a ser disponibilizado pelas diversas Region Internet registry – RIRs - despertou o conjunto de entidades envolvidas para que se agilizasse o processo de migração do IPv4 para o IPv6. Ao contrário do IPv4, esta nova versão considera a segurança como um objetivo fundamental na sua implementação, nesse sentido é recomendado o uso do protocolo IPsec ao nível da camada de rede. No entanto, e devido à imaturidade do protocolo e à complexidade que este período de transição comporta, existem inúmeras implicações de segurança que devem ser consideradas neste período de migração. O objetivo principal deste trabalho é definir um conjunto de boas práticas no âmbito da segurança na implementação do IPv6 que possa ser utilizado pelos administradores de redes de dados e pelas equipas de segurança dos diversos players no mercado. Nesta fase de transição, é de todo útil e conveniente contribuir de forma eficiente na interpretação dos pontos fortes deste novo protocolo assim como nas vulnerabilidades a ele associadas.IPv6 was developed to address the exhaustion of IPv4 addresses, but has not yet seen global deployment. Recent trends are now finally changing this picture and IPv6 is expected to take off soon. Contrary to the original, this new version of the Internet Protocol has security as a design goal, for example with its mandatory support for network layer security. However, due to the immaturity of the protocol and the complexity of the transition period, there are several security implications that have to be considered when deploying IPv6. In this project, our goal is to define a set of best practices for IPv6 Security that could be used by IT staff and network administrators within an Internet Service Provider. To this end, an assessment of some of the available security techniques for IPv6 will be made by means of a set of laboratory experiments using real equipment from an Internet Service Provider in Portugal. As the transition for IPv6 seems inevitable this work can help ISPs in understanding the threats that exist in IPv6 networks and some of the prophylactic measures available, by offering recommendations to protect internal as well as customers’ networks