A Framework for Secure Group Key Management

The need for secure group communication is increasingly evident in a wide variety of governmental, commercial, and Internet communities. Secure group key management is concerned with the methods of issuing and distributing group keys, and the management of those keys over a period of time. To provide perfect secrecy, a central group key manager (GKM) has to perform group rekeying for every join or leave request. Fast rekeying is crucial to an application\u27s performance that has large group size, experiences frequent joins and leaves, or where the GKM is hosted by a group member. Examples of such applications are interactive military simulation, secure video and audio broadcasting, and secure peer-to-peer networks. Traditionally, the rekeying is performed periodically for the batch of requests accumulated during an inter-rekey period. The use of a logical key hierarchy (LKH) by a GKM has been introduced to provide scalable rekeying. If the GKM maintains a LKH of degree d and height h, such that the group size n ≤ dh, and the batch size is R requests, a rekeying requires the GKM to regenerate O(R × h) keys and to perform O(d × R × h) keys encryptions for the new keys distribution. The LKH approach provided a GKM rekeying cost that scales to the logarithm of the group size, however, the number of encryptions increases with increased LKH degree, LKH height, or the batch size. In this dissertation, we introduce a framework for scalable and efficient secure group key management that outperforms the original LKH approach. The framework has six components as follows. First, we present a software model for providing secure group key management that is independent of the application, the security mechanism, and the communication protocol. Second, we focus on a LKH-based GKM and introduce a secure key distribution technique, in which a rekeying requires the GKM to regenerate O( R × h) keys. Instead of encryption, we propose a novel XOR-based key distribution technique, namely XORBP, which performs an XOR operation between keys, and uses random byte patterns (BPs) to distribute the key material in the rekey message to guard against insider attacks. Our experiments show that the XORBP LKH approach substantially reduces a rekeying computation effort by more than 90%. Third, we propose two novel LKH batch rekeying protocols . The first protocol maintains a balanced LKH (B+-LKH) while the other maintains an unbalanced LKH (S-LKH). If a group experiences frequent leaves, keys are deleted form the LKH and maintaining a balanced LKH becomes crucial to the rekeying\u27s process performance. In our experiments, the use of a B+-LKH by a GKM, compared to a S-LKH, is shown to substantially reduce the number of LKH nodes (i.e., storage), and the number of regenerated keys per a rekeying by more than 50%. Moreover, the B +-LKH performance is shown to be bounded with increased group dynamics. Fourth, we introduce a generalized rekey policy that can be used to provide periodic rekeying as well as other versatile rekeying conditions. Fifth, to support distributed group key management, we identify four distributed group-rekeying protocols between a set of peer rekey agents. Finally, we discuss a group member and a GKM\u27s recovery after a short failure time

Group Key Rekeying Technique with Secure Data Encryption in MANETs

A Mobile Ad hoc Network (MANET) is a collection of autonomous nodes or mobile devices that can arrange themselves in various ways and operate without strict network administration. Ensuring security in mobile ad hoc network is a challenging issue and most of the applications in mobile ad hoc networks involve group-oriented communication. In Mobile ad-hoc network, each node treated as a terminal and also acts as an intermediate router. In this scenario, multi-hop occurs for communication in mobile ad hoc network. There may be a possibility of threats and malicious nodes in between source and destination. Providing the security in MANET is entirely different from the traditional wired network. In the present scenario, various applications of the mobile ad hoc network have been proposed and issues are solved by using the cryptographic techniques. Mostly cryptographic techniques are used to provide the security to MANETs. Cryptographic techniques will not be efficient security mechanism if the key management is weak. The purpose of key management is to provide secure procedures for handling keys in the cryptographic technique. The responsibilities of key management include key generation, key distribution, and key maintenance. Several key management schemes have been introduced for MANETs. The Group key management scheme is an efficient method for key management in MANET. In group key management scheme, rekeying is used whenever a new node joins or existing node leaves from the group. In this paper, we propose a periodic rekeying method (PRK) and analyze the performance of LKH rekeying techniques in a group key management schemes. The symmetric encryption techniques are analyzed with different parameters, such as Throughput and Energy consumption. Security and performance of rekeying protocols are analyzed through detailed study and simulation

A practical key management and distribution system for IPTV conditional access

Conditional Access (CA) is widely used by pay-television operators to restrict access to content to authorised subscribers. Commercial CA solutions are available for structured broadcast and Internet Protocol Television (IPTV) environments, as well as Internet-based video-on-demand services, however these solutions are mostly proprietary, often inefficient for use on IP networks, and frequently depend on smartcards for maintaining security. An efficient, exible, and open conditional access system that can be implemented practically by operators with large numbers of subscribers would be beneficial to those operators and Set-Top-Box manufacturers in terms of cost savings for royalties and production costs. Furthermore, organisations such as the South African Broadcasting Corporation that are transitioning to Digital-Terrestrial-Television could use an open Conditional Access System (CAS) to restrict content to viewing within national borders and to ensure that only valid TV licence holders are able to access content. To this end, a system was developed that draws from the area of group key management. Users are grouped according to their subscription selections and these groups are authorised for each selection's constituent services. Group keys are updated with a key-tree based approach that includes a novel method for growing full trees that outperforms the standard method. The relations that are created between key trees are used to establish a hierarchy of keys which allows exible selection of services whilst maintaining their cryptographic protection. Conditions for security without dependence on smartcards are defined, and the system is expandable to multi-home viewing scenarios. A prototype implementation was used to assess the proposed system. Total memory consumption of the key-server, bandwidth usage for transmission of key updates, and client processing and storage of keys were all demonstrated to be highly scalable with number of subscribers and number of services

Distributed and collaborative key agreement protocols with authentication and implementation for dynamic peer groups.

Lee, Pak-Ching.Thesis (M.Phil.)--Chinese University of Hong Kong, 2003.Includes bibliographical references (leaves 80-83).Abstracts in English and Chinese.Chapter 1 --- Introduction --- p.1Chapter 2 --- Related Work --- p.5Chapter 3 --- Tree-Based Group Diffie-Hellman --- p.9Chapter 4 --- Interval-Based Distributed Rekeying Algorithms --- p.14Chapter 4.1 --- Rebuild Algorithm --- p.15Chapter 4.2 --- Batch Algorithm --- p.16Chapter 4.3 --- Queue-batch Algorithm --- p.19Chapter 5 --- Performance Evaluation --- p.22Chapter 5.1 --- Mathematical Analysis --- p.22Chapter 5.1.1 --- Analysis of the Rebuild Algorithm --- p.24Chapter 5.1.2 --- Analysis of the Batch Algorithm --- p.25Chapter 5.1.3 --- Analysis of the Queue-batch Algorithm --- p.30Chapter 5.2 --- Experiments --- p.31Chapter 5.3 --- Discussion of the experimental results --- p.35Chapter 6 --- Authenticated Tree-Based Group Diffie-Hellman --- p.43Chapter 6.1 --- Description of A-TGDH --- p.44Chapter 6.2 --- Security Analysis --- p.47Chapter 7 --- Implementation and Applications --- p.50Chapter 7.1 --- Leader and Sponsors --- p.51Chapter 7.1.1 --- Leader --- p.51Chapter 7.1.2 --- Sponsors --- p.53Chapter 7.1.3 --- Rekeying Operation --- p.56Chapter 7.2 --- System Architecture --- p.57Chapter 7.2.1 --- System Preliminaries --- p.57Chapter 7.2.2 --- System Components --- p.58Chapter 7.2.3 --- Implementation Considerations --- p.64Chapter 7.3 --- SGCL API --- p.65Chapter 7.4 --- Experiments --- p.67Chapter 7.5 --- Applications --- p.72Chapter 7.6 --- Future Extensions --- p.75Chapter 8 --- Conclusions and Future Directions --- p.76Chapter 8.1 --- Conclusions --- p.76Chapter 8.2 --- Future Directions --- p.77Chapter 8.2.1 --- Construction of a Hybrid Key Tree with the Physical and Logical Properties --- p.77Chapter 8.2.2 --- Extended Implementation --- p.79Bibliography --- p.8

Security in Mobile Networks: Communication and Localization

Nowadays the mobile networks are everywhere. The world is becoming more dependent on wireless and mobile services, but the rapid growth of these technologies usually underestimates security aspects. As wireless and mobile services grow, weaknesses in network infrastructures become clearer. One of the problems is privacy. Wireless technologies can reduce costs, increase efficiencies, and make important information more readily and widely available. But, there are also risks. Without appropriate safeguards, these data can be read and modified by unauthorized users. There are many solutions, less and more effective, to protect the data from unauthorized users. But, a specific application could distinguish more data flows between authorized users. Protect the privacy of these information between subsets of users is not a trivial problem. Another problem is the reliability of the wireless service. Multi-vehicle systems composed of Autonomous Guided Vehicles (AGVs) are largely used for industrial transportation in manufacturing and logistics systems. These vehicles use a mobile wireless network to exchange information in order to coordinate their tasks and movements. The reliable dissemination of these information is a crucial operation, because the AGVs may achieve an inconsistent view of the system leading to the failure of the coordination task. This has clear safety implications. Going more in deep, even if the communication are confidential and reliable, anyway the positioning information could be corrupted. Usually, vehicles get the positioning information through a secondary wireless network system such as GPS. Nevertheless, the widespread civil GPS is extremely fragile in adversarial scenarios. An insecure distance or position estimation could produce security problems such as unauthorized accesses, denial of service, thefts, integrity disruption with possible safety implications and intentional disasters. In this dissertation, we face these three problems, proposing an original solution for each one

GPRKEY - A NOVEL GROUP KEY REKEYING TECHNIQUE FOR MANET

A Mobile Ad hoc Network (MANET) is a collection of autonomous nodes or mobile devices that can arrange themselves in various ways and work without strict network administration. Ensuring security in mobile ad hoc networks is a challenging issue and most of the applications in mobile ad hoc networks involve group oriented communication. Mostly cryptographic techniques are used to provide the security to MANETs. Cryptographic techniques will not be efficient security mechanism if the key management is weak. The issue of packet loss in MANET that is caused due to multi casting and backward and forward secrecy results in mobility. Hence, we investigate on this issue and propose a method to overcome this scenario. On analysing the situation we find that frequent rekeying leads to huge message overhead and hence increases energy utilization. With the existing key management techniques it causes frequent disconnections and mobility issues. Therefore, an efficient multi casting group key management will help to overcome the above problems. In this paper we propose a novel group key rekeying technique named GPRKEY (Group key with Periodic ReKEYing) deal with scalability issue of rekeying and also analyze the performance of the newly proposed key management method using key trees. In this approach we use the periodic rekeying to enhance the scalability and avoid out of sync problems. We use sub trees and combine them using the merging algorithm and periodic re-keying algorithm. The GPRKEY is evaluated through NS-2 simulation and compared with existing key management techniques OFT (One-way Function Tree) and LKH (Logical Key Hierarchy). The security and performance of rekeying protocols are analyzed through detailed study and simulation

MULTI-USER SECURITY FOR MULTICAST COMMUNICATIONS

The ubiquity of communication networks is facilitating the development of wireless and Internet applications aimed at allowing users to communicate and collaborate amongst themselves. In the future, group-oriented services will be one of the dominant services that facilitate real-time information exchange among a large number of diverse users. However, before these group-oriented services can be successful deployed, technologies must be developed to guarantee the security of the information and data exchanged in group communications. Among all security requirements of group communication, access control is paramount as it is the first line of defense that prevents unauthorized access to the group communication and protects the value of application data. Access control is usually achieved by encrypting the data using a key that is shared among all legitimated group members. The problem of access control becomes more difficult when the content is distributed to a dynamic group with user joining and leaving the service for a variety of reasons. Thus, Group Key Management is required to achieve key update with dynamic group membership. Existing group key management schemes seek to minimize either the amount of rounds needed in establishing the group key, or the size of the key updating messages. They do not, however, considering the varying requirements of the users, the underlying networks or the applications. Those generic solutions of access control often yield large consumption of communication, computation and storage resources. In addition, the design of existing key management schemes focus on protecting the application data, but introduces vulnerabilities in protecting the statistics of group membership information. This poses severe security concern in various group applications. The focus of this dissertation is to design network-specific and application specific group key management and solve the security vulnerability of key management that reveals dynamic group membership information. This dissertation will present scalable group key management in heterogeneous wireless network, the hierarchical access control for multimedia applications, and a framework of securing dynamic group membership information over multicast. The main contribution of this dissertation is to advance the group key management research to achieve higher level of scalability and security