AN OPTIMAL AND COST EFFECTIVE KEY MANAGEMENT SCHEME FOR SECURE MULTICAST COMMUNICATION

Similar documents
Secure Group Key Management Scheme for Multicast Networks

Scalable Secure Group Communication over IP Multicast. Authors:Suman Banerjee, Bobby Bhattacharjee. Speaker: Kun Sun

Decentralized Key Management for Large Dynamic Multicast Groups using Distributed Balanced Trees

Efficient Secured Model For Communication In Dynamic Multicast Groups

Balanced Batch LKH: New Proposal, Implementation and Performance Evaluation.

Mykil: A Highly Scalable Key Distribution Protocol for Large Group Multicast

Public Key Cryptography

Efficient Group Key Management Schemes for Multicast Dynamic Communication Systems. Muhammad Yasir Malik

Public Key Cryptography and RSA

Chapter 9. Public Key Cryptography, RSA And Key Management

Iolus: A Framework for Scalable Secure Multicasting

SECURED KEY MANAGEMENT ALGORITHM FOR DATA TRANSMISSION IN MOBILE ADHOC NETWORKS

Public Key Algorithms

FDLKH: Fully Decentralized Key Management Scheme on Logical Key Hierarchy

A Survey on Multicast rekeying for secure group communication

An Information-Theoretic Approach for Design and Analysis of Rooted-Tree-Based Multicast Key Management Schemes

I Metric I Explanation Robustness

Public-key encipherment concept

Lecture 6: Overview of Public-Key Cryptography and RSA

Group Key Establishment Protocols

Cluster Based Group Key Management in Mobile Ad hoc Networks

Public Key Cryptography

A compact Aggregate key Cryptosystem for Data Sharing in Cloud Storage systems.

Secure Information exchange System

School of Computer Sciences Universiti Sains Malaysia Pulau Pinang

An Information Theoretic Analysis of Rooted-Tree Based Secure Multicast Key Distribution Schemes

Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls

Solutions to exam in Cryptography December 17, 2013

Lecture 2 Applied Cryptography (Part 2)

CSC 774 Advanced Network Security

An Enhanced and Cost Effective Group Key Management Scheme for Multicast Network

Number Theory and RSA Public-Key Encryption

Key Management Techniques for Dynamic Secure Multicasting: A Distributed Computing Approach

Hierarchical Agent-Based Secure and Reliable Multicast in Wireless Mesh Networks

CSE 3461/5461: Introduction to Computer Networking and Internet Technologies. Network Security. Presentation L

A Centralized Key Table based Communication Efficient Group Key Management Protocol

DISCLOSURE PROTECTION OF SENSITIVE ATTRIBUTES IN COLLABORATIVE DATA MINING V. Uma Rani *1, Dr. M. Sreenivasa Rao *2, V. Theresa Vinayasheela *3

Lecture 30. Cryptography. Symmetric Key Cryptography. Key Exchange. Advanced Encryption Standard (AES) DES. Security April 11, 2005

EFFECTIVE KEY GENERATION FOR MULTIMEDIA AND WEB APPLICATION

Lecture III : Communication Security Mechanisms

Improved Delegation Of Computation Using Somewhat Homomorphic Encryption To Reduce Storage Space

Sharing Several Secrets based on Lagrange s Interpolation formula and Cipher Feedback Mode

Collusion-Resistant Group Key Management Using Attributebased

Group Key Rekeying Technique with Secure Data Encryption in MANETs

An effective key distribution for secure internet pay-tv using access key hierarchies

Reflections on Security Options for the Real-time Transport Protocol Framework. Colin Perkins

File text security using Hybrid Cryptosystem with Playfair Cipher Algorithm and Knapsack Naccache-Stern Algorithm

Public Key Encryption. Modified by: Dr. Ramzi Saifan

Chapter 3 Public Key Cryptography

Dynamic Group Key Distribution Using MDS Codes

Routing Protocol Based Shared and Session Key Exchange Protocol for Wireless Mobile Ad-hoc Network

CS669 Network Security

L13. Reviews. Rocky K. C. Chang, April 10, 2015

A Solution Framework for Private Media in Privacy Enhanced RTP Conferencing (draft-jones-perc-private-media-framework-00)

QoS-Aware Hierarchical Multicast Routing on Next Generation Internetworks

Secure Role-Based Access Control on Encrypted Data in Cloud Storage using ARM

Collaborative Multi-Source Scheme for Multimedia Content Distribution

Cryptographic Techniques. Information Technologies for IPR Protections 2003/11/12 R107, CSIE Building

Security. Communication security. System Security

Public Key Algorithms

Volume 3, Issue 9, September 2013 International Journal of Advanced Research in Computer Science and Software Engineering

AN INTEGRATED BLOCK AND STREAM CIPHER APPROACH FOR KEY ENHANCEMENT

CN1047 INTRODUCTION TO COMPUTER NETWORKING CHAPTER 5 OSI MODEL NETWORK LAYER

KEY MANAGEMENT FOR SECURE GROUP COMMUNICATION IN A WIRELESS ENVIRONMENT

Chapter 8: Subnetting IP Networks

The Overlay Multicast Protocol (OMP): A Proposed Solution to Improving Scalability of Multicasting in MPLS Networks

Network System Security

IP Multicast. What is multicast?

P2P Social Networks With Broadcast Encryption Protected Privacy

Internet Engineering Task Force Mark Baugher(Cisco) Expires: April, 2003 October, 2002

Performance Evaluation of Mesh - Based Multicast Routing Protocols in MANET s

A Secure Routing Protocol for Wireless Adhoc Network Creation

Volume 8, No. 3, March April 2017 International Journal of Advanced Research in Computer Science RESEARCH PAPER Available Online at

Keywords Mobile Ad hoc Networks, Multi-hop Routing, Infrastructure less, Multicast Routing, Routing.

Source Anonymous Message Authentication and Source Privacy using ECC in Wireless Sensor Network

Request for Comments: 2536 Category: Standards Track March DSA KEYs and SIGs in the Domain Name System (DNS)

Understanding Cryptography A Textbook for Students and Practitioners by Christof Paar and Jan Pelzl. Chapter 6 Introduction to Public-Key Cryptography

Topics. Number Theory Review. Public Key Cryptography

Prime Field over Elliptic Curve Cryptography for Secured Message Transaction

ENCRYPTION USING LESTER HILL CIPHER ALGORITHM

FPGA Implementation of Optimized DES Encryption Algorithm on Spartan 3E

Dynamic Server Allocation in a Real-Life Deployable Communications Architecture for

Cryptography and Network Security Chapter 10. Fourth Edition by William Stallings

TECHNICAL RESEARCH REPORT

Channel Coding and Cryptography Part II: Introduction to Cryptography

Heuristics for Improving Cryptographic Key Assignment in a Hierarchy

Eradication of Vulnerable host from N2N communication Networks using probabilistic models on historical data

Department of Computer Science and Engineering. CSE 3482 Introduction to Computer Security. Instructor: N. Vlajic Date: Mar 1, 2017

Journal of Global Research in Computer Science A UNIFIED BLOCK AND STREAM CIPHER BASED FILE ENCRYPTION

Introduction to cryptography

CSC 5930/9010 Modern Cryptography: Public Key Cryptography

The Application of Elliptic Curves Cryptography in Embedded Systems

Communication in Broadband Wireless Networks. Jaydip Sen Convergence Innovation Lab Tata Consultancy Services Ltd. Kolkata, INDIA

IP Multicast Technology Overview

HSM: A Hybrid Streaming Mechanism for Delay-tolerant Multimedia Applications Annanda Th. Rath 1 ), Saraswathi Krithivasan 2 ), Sridhar Iyer 3 )

Computers and Security

Multicast Security. a multicast network is a network of users in which it is possible to send messages simultanously to all of the users

Cryptography and Network Security. Sixth Edition by William Stallings

Crypto-systems all around us ATM machines Remote logins using SSH Web browsers (https invokes Secure Socket Layer (SSL))

BCS Higher Education Qualifications. Level 6 Web Engineering Syllabus

Transcription:

AN OPTIMAL AND COST EFFECTIVE KEY MANAGEMENT SCHEME FOR SECURE MULTICAST COMMUNICATION SRIDHAR J K 1, SENTHIL KUMAR R 2, ARUN KUMAR S 3 1,2 Student, School Of Computing, SASTRA University, Thanjavur, India. 3 Assistant Professor, School Of Computing, SASTRA University, Thanjavur, India. Email: jksridhar@gmail.com, dreamtosuccess@yahoo.com.arunkumar@cse.sastra.edu ABSTRACT The recent growth, popularity and extensive need for the deployment of group oriented applications like multiparty video conferencing, multiplayer online gaming and real time push based delivery systems has triggered the demand for secure group communication. These applications require multicast to minimize the volume of network traffic they generate. Multiparty communications have recently become the focus of new developments in the area of applications. The goal of this paper is to establish a secure group communication using multicast key distribution scheme. In general, to meet forward secrecy and backward secrecy, any change in the group membership will induce group rekeying. Here, a novel key management scheme is proposed in which no redistribution of group key (shared key) is required during the group dynamics there by reducing computation and communication complexities considerably. Key words: Multicast, Group Key Management, Rekeying 1. INTRODUCTION Multicast communication has been anticipated as an effective way to disseminate data to potentially large number of receivers [2] (from one sender to multiple receivers or from multiple senders to multiple receivers). If the same data is to be sent to different destinations, multicast is preferred to multiple unicast. The advantage of multicast is that it (i)makes better utilization of bandwidth (saves up to 1/N of the bandwidth compared to N separate unicast clients), (ii)enables the desired applications to service many users without overloading a network and resources in the server and (iii) Reduces host/router processing (if same data is sent to multiple receivers). In multicast networks, users are organized as a group. The popularity of this secure group communication [3] [4] [5] [6] is fuelled by the growing importance of group oriented and collaborative applications. The application includes video/audio broadcast (one sender), video conferencing (many senders), real time news distribution, interactive gaming. Security is an important concern for any communication mechanism- multicasting is no exception. For achieving privacy and integrity of the multicast session, group management becomes an important aspect in secure multicasting environment. The fundamental secure challenge in secure group communication revolves around secure and efficient key management owing to group dynamics. Each user holds a group key (a secret quantity say Gk which is shared by current members of the group) and an individual key (say Uk). In order to send a message to the group, the user encrypts the message with the group key. All the members of the group can now decrypt this message to its original form using the group key. Non-members of the group cannot have access to the message since they do not possess a valid group key. An unbiased authentication agent (say key server) administers all these users. When user(s) join(s)/leave(s) the multicast group, the group key has to be changed to comply with forward (to prevent expelled 202

member from deciphering current and future multicast communication) and backward secrecy (to prevent new joined group members from accessing the past multicast communication).there is a overhead in managing the keys as users enter/leave the group/network. To address this issue, we devise a key management strategy that eliminates the rekeying process by allowing the participants of the group to compute the group key on every membership change. The key server must keep track of member join/leave operation. The rest of the paper is organized as follows: Section 2 presents an overview of existing approaches to key management. Section 3 describes proposed (modulo based) scheme for secure group communication. Section 4 analyses the performance of the proposed scheme, followed by conclusion. 2. RELATED WORK There are various proposed schemes for key management in multicast groups (schemes that use minimal number of keys to complex hybrid tree key distribution scheme). Of these the several techniques, Boolean minimization technique [1] is studied in detail to understand the aspects for incorporating in our proposed technique. 2.1 BOOLEAN MINIMIZATION TECHNIQUE In Boolean minimization technique every user is assigned to a unique key called UserID (UID). The length of the UID is based on the number of users in the group and is calculated as below. Length of UID = log 2 N where N is the number of users in the group. The UID can be represented as X n-1 X n-2 X 0 where X i can take values either 0 or 1. The members receive the following two different keys in order to participate in the group. Group key Used to decrypt or encrypt data intended for the group members. Figure 1: Key tree The implementation of the key management scheme employs a key structure. The sample key tree structure constructed by the group controller with eight users is shown in Figure 1. 2.1.1 Members join and leave operations: 2.1.1.1Individual Member Removal: Whenever a member of a multicast group is to be expelled, new group key needs to be disseminated to every member except the one who departed to make sure that the expelled member can no longer send and receive data addressed to the group. In order to update the new group key GK, the controller has to compute the group key GK new and this is encrypted with the complementary of the auxiliary keys of the departed member. Multiple member removal: In practice, there are number of situations in which many users may leave at a time. Under such situations there must be a way to provide secure multicasting for only the remaining valid users. The multiple removals of users can be dealt with Boolean minimization technique and the same is explained below. Auxiliary keys A set of keys to update the group key in a secure manner. Figure 2: Multiple member removal 203

Let us consider the same example as illustrated in figure where two members c0 and c4 are leaving the group. The membership function for the available members is 1 and for the evicted member is 0. Using the member function, karnaugh map is constructed as shown in figure 3. Each field of the karnaugh map corresponds to a specific minterm and is marked as 0, 1 0r X (for dummy nodes). The next step of the minimization procedure is to identify the largest possible rectangle that contains 1. These rectangles are called prime implicants of the function and by choosing the minimum number of the prime implicants the minimum SOP of the function is obtained. For this example, the minimization function is (k0+k1) and the new group key is multicasted with the minimization function. It is evident that the left users c0 and c4 does not possess either k0 or k1 but all the other users have either k0 or k1 and hence they can decrypt the new group key. The rekeying message now required is only 2 unlike 6 if the leaves are considered separately. In existing key distribution schemes [1] [2], auxiliary keys are employed in forming the group key on a membership change of the group. To update the group key, multiple encryptions of the message by a new session key (formed using auxiliary key) are involved. The following section describes a technique in which no supplementary keys are required for generating the group key reducing the keying cost. This is achieved by employing a scheme which allows participants to compute the group key using a random number generated by the key server during group dynamics. 3. PROPOSED SCHEME FOR KEY MANAGEMENT (MODULO BASED SCHEME) The proposed modulo based architecture is a star-based group key management scheme for secure multicasting. The proposed scheme differs from the previous work as it does not necessitate in maintaining the key tree architecture. In addition, it eliminates the rekeying process when a group member leaves or joins. The proposed scheme includes two main entities: (i)key server, which is responsible for generating and maintaining the keys for the users as well as the group. (ii)members -the individuals/users who actively participate in the group communication. Figure 3: Karnaugh map minimization of membership function 2.1.1.2 Join: Whenever a new member joins the group the centralized server gives the UID to the new member and calculates the new group key. It is first sent to the new member by unicast. It is then encrypted by the old group key and sent to all the remaining members by one multicast. This can be further enhanced by considering the following three scenarios. a) Number of leave request equal to join request b) Number of leave request is less than join request c) Number of leave request is greater than join request. Consider a group with five members (U 1 to U 5 ). The group server allocates a unique number to each member of the group (called as user key (Uk i )) sticking to the condition that they must be relatively prime to each other. Figure 4 sketches the topology of the proposed key management scheme. Figure 4: Star topology of the modulo architecture 204

3.1 KEY ASSIGNMENT If there is only one trusted entity (say key server) that controls the access rights for each group member then N members of the group (U 1, U 2... U N ) must be authenticated and identified by the key server. The key server assigns a secret key to every member of the group. The steps involved for the key assignment in the proposed scheme includes: (i)the key server choose N different relative prime numbers (user key) for each user i.e., The user U 1 will be assigned with p 1, U 2 with p 2 and so on. All numbers from p 1 to p N should be relatively prime i.e., GCD (p i, p i+1 ) =1. (ii)the server generates a random number in such a way that which upon dividing by the user key yields the same remainder for all N members of the group. i.e., RN mod p 1 = RN mod p 2...=RN mod p N. (iii)using the remainder obtained in the previous step, the group key is calculated using the following formulae: Group key=[ RN (REM X )] MOD P+ φ(n) where n=(x-1) (P-1) φ(n)=n-1 (X, P (a very large prime number) are public values known to all members of the group.) 3.2 USERS ENTERING AND LEAVING THE GROUP 3.2.1User(s) entering the group Whenever a new member wants to join the group, the key server assigns a unique user key to that member. To achieve forward and backward secrecy, it is essential to change the group key whenever a new member join or the existing member leave off the group. Key generation process (when user join(s)): The process includes the following steps to be carried for managing the key: (i) The server assigns a unique user key to each registered user of the group. (ii) The server generates a random number (say RN) which yields the same remainder upon division by the user key including the new member s user key and communicates the same through a secured channel to every member of the group. (iii) Using the remainder (that were the same for all the users), the group key is calculated by the participant for deciphering the message using the formulae discussed. For example, there are five members (U 1 U 5 ) in the group. The user keys (Uk) assigned by the server to the members are 3,4,5,7 and11 respectively (Note that the user keys are relatively prime to each other).the server generates a random number using the formulae: RN=M (Uk 1 Uk 2. Uk 5 ) + Remainder, where M >=1. Let M=1 and remainder be 2. The generated RN is 4622 (Since, 1 [3 4 5 7 11] +2=4622). The random number (RN) satisfies the condition that the remainder obtained on dividing each user key by RN is same for all users.the group key is calculated using the formulae stated in this section( taking X=3, P=5 [normally P is a very large prime number]): Group Key= [ 4622 (2 3 )] MOD 5+ φ (n) =[68-8]MOD5+φ(8)[Since, n=(x- 1) (P-1)] =60 MOD 5 +7 [Since, φ(n)=n-1] =7 3.2.2 User(s) leaving off the group Whenever a member of a multicast group leaves, the group key that was in use must be updated (in order to achieve forward secrecy). Generally, leaving process is much complex when compared to the joining process due to the possession of the old group key by the leaving member. Key generation process (when user leave(s)): The process includes the following steps to be carried for managing the key: (i)the server generates the random number in such a way that, when dividing this random number by user key of all the members would result in the same remainder for members who are still in the group (excluding the departing member) and communicates to every 205

member of the multicast group through a secured channel. (ii)the group key calculation is same as the joining process. Say for example, U4 and U5 are leaving the group. The server generates the random number 62 and multicast the number to every member in the group. The random number satisfies the condition i.e., Dividing 62 by 3, 4 and 5 results in remainder-2 (7 and11 yields other than 2 as remainder). The message is transmitted by encrypting the message with the group key. The members of the group obtain the original message by decrypting the cipher message. The proposed scheme ensures that only the members of the group access the original message (Even though the non-members of the group have cipher information, they cannot get original message due to the possession of improper group key). depend upon the position of the existing members in the tree after the left out members. In the proposed model, the communication cost is O (1) for join and leave operation i.e., one message is adequate for the rekeying process (computation of group key) and it does not depend upon the number of members leave/join the group. The complexity of various key management schemes are tabulated (Table -1) to show the reduction in overhead (for keying) in the proposed scheme. Table-1: Comparison of the complexities of various key management schemes 4. PERFORMANCE COMPARISON Experiments were simulated for the various cases discussed in the previous sections and the effectiveness of the proposed key management scheme is evaluated based on the following metrics: (i)storage complexity (ii)communication complexity (iii)computation complexity Storage complexity can be calculated by the amount of space required to store all the keys that were used for multicast communication. It includes the storage requirements of both service provider and users. In modulo arithmetic key management, the server has to store all the user keys with one group key and two public values (random values -X and prime number P used for calculating the group key ) and each member have to store its own private key plus group key. If there are N member in the group then the server stores N+3 and each member stores a user key and a group key. So, the overall complexity is N+5. Communication complexity is measured in terms of number of rekeying messages sent by the service provider and computation complexity by the number of encryptions needed by the service provider. Both complexity metrics 5. CONCLUSION Modulo based key management scheme was developed by studying the security issues (group membership, key management processes and scalability) concerned with secure multicast communication. The proposed strategy has a number of notable features: (1) the star based architecture of the proposed scheme facilitates a way to reduce the complexity beyond log (n). (2) The proposed scheme does not require auxiliary keys for computing the group key, when member join(s)/leave(s) off the group. (3) It is based on de-centralized architecture. Besides the key 206

server, the members of the group also actively participate in forming the group key. Hence the load on the server is much reduced. The proposed scheme also satisfies the cryptographic property namely, group key secrecy which ensures that for anyone who is not the member of existing group, it is computationally infeasible to calculate the group key. This results in a key management scheme that provides an efficient framework for secure group communication at minimal cost. This work can further be extended to reduce the burden placed on the key server for key distribution. Building Blocks, IETF Internet draft (work in progress), November 1999. [7] Gove R. A. (2000), Fundamentals of cryptography and encryption ( In Information Security Management Handbook), 4th Edition by H. F. Tipton and M. Krause. [8] Schneier B. Applied Cryptography: Protocols, Algorithms and source code in C, 2 nd Edition. Addision-Wesley (1995). The proposed scheme was studied and examined in an environment where bulk entry /exit of members into/from multicast group is not involved. The future work regarding this scheme is planned to incorporate bulk join/leave operations. REFERENCES [1] Isabella Chang, Robert Engel, Dilip Kandlur, Dimitnos Pendarakis, Debanjan Saha, Key Management for Secure Internet Multicast using Boolean Function Minimization Techniques, In proceedings of IEEE INFOCOM 99, NewYork,Vol 2,pp. 689-98(1999). [2] Chung Kei Wong, Mohammed Gouda & Simon.S.Lam, Secure Group Communication using Key graphs, IEEE/ACM Transactions on Networking, February 2000. [3] M.J.Moyer, J.R. Rao and P. Rohatgi, A Survey of Security Issues in Multicast Communications, IEEE Network, November-December 1999, pp. 12-23. [4] R. Canetti and B. Pinkas, A taxonomy of multicast security Issues, IETF Internet draft (work in progress), April 1999. [5] R.Canetti, P-C. Cheng, D. Pendarakis, J.R. Rao, P.Rohatgi, and D. Saha, An Architecture for Secure Internet Multicast, IETF Internet draft ( work in progress), February 1999. [6] T. Hardjono, R. Canetti, M. Baugher, and P. Dinsmore, Secure IP Multicast: Problem areas, Framework and 207

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback