Академический Документы
Профессиональный Документы
Культура Документы
Abstract—Secure group communication is an increasingly entities are responsible for managing the group as opposed to a
popular research area having received much attention in recent single entity. In contrast to both approaches, the distributed key
years. Group key management is a fundamental building block management requires each member to contribute a share to
for secure group communication systems. This paper introduces generate the group key, resulting in more complex protocols.
a new family of protocols addressing cluster based And each member is equally responsible for generating and
communication, and distributed group key agreement for secure maintaining the group key.
group communication in dynamic peer groups. In this scheme,
group members can be divided into sub groups called clusters. In this paper the group key or common key is generated
We propose three cluster based communication protocols with based on distributed key management approach. The group key
tree-based group key management. The protocols (1) provides the is updated on every membership change, and for every session,
communication within the cluster by generating common group for forward and backward secrecy [1, 2, 3], a method called
key within the cluster, (2) provides communication between the group rekeying.
clusters by generating common group key between the clusters
and (3) provides the communication among all clusters by To reduce the number of rekeying operations, Woung.et al
generating common group key among the all clusters. In our [7] proposed a logical data structure called a key tree. And Kim
approach group key will be updated for each session or when a et al [1], proposed a tree-based key agreement protocol, TGDH
user joins or leaves the cluster. More over we use Certificate which is combination of key tree and Diffie-Hellman key to
Authority which guarantees key authentication, and protects our generate and maintain the group key. But it suffers from the
protocol from all types of attacks. impersonation attack because of not regularly updation of keys
and generates unnecessary messages. Based on above two ideas
Keywords- Secure Group Communication; Key Agreement; Key Zhou, L., C.V. Ravishanker and Kim et al [6], proposed an
Tree; Dynamic peer groups,Cluster. AFTD (Authenticated Fault-tolerant Tree-based Diffie-
Hellman key exchange Protocol) protocol, which is the
I. INTRODUCTION combination of key trees and Diffie-Hellman key exchange
As a result of the increased the popularity of group oriented for group key generation.
applications such as pay-TV, distributed interactive games, Assume that the total network topology considered as a
video and teleconference and chat rooms. There is a growing group, which can be divided into subgroups called clusters.
demand for the security services to achieve the secure group Group is divided into clusters based on the location
communication. A common method is to encrypt messages identification number; LID‟s of users, and cluster is assigned
with a group key, so that entities outside the group cannot with cluster identification numbers, CID, which are given by
decode them. A satisfactory group communication system the Certificate Authority, CA at the time of user joining into
would possess the properties of group key security, forward cluster or group. Issuing location identification number and
secrecy, backward secrecy, and key independence [1,2,3]. public key certificate to the new user are the offline actions
In this paper research efforts have been put into the design performed by the certificate authority, CA.
of a group key management and three different cluster based Each cluster member maintains its own cluster key tree and
communication protocols. There are three approaches for generates the cluster group key for secure communication. We
generating such group keys: centralized, decentralized, and assume in every cluster, every node can receive a message
distributed. Centralized key distribution uses a dedicated key broadcasted from the other nodes. Each cluster is headed by a
server, resulting in simpler protocols. However, centralized cluster head or sponsor of cluster and he is responsible for
methods fail entirely once the server is compromised, so that generating cluster group key, who is shallowest rightmost to
the central key server makes a tempting target for adversaries. the user (in cluster key tree) joins or leaves from the cluster.
In addition, centralized key distribution is not suitable for
dynamic peer groups, in which all nodes play the same function Cluster group key or cluster common key is shared by all
and role, thus it is unreasonable to make one the key server, the cluster members and communicates with it. The
placing all trust in it. In the decentralized approach, multiple authentication is provided by certificate authority by issuing the
82 | P a g e
http://ijacsa.thesai.org/
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 2, No.2, February 2011
public key certificate and location identification number, LID Lee et al. [4,5] have designed several tree-based distributed
prior to the time of joining in the cluster or group. key agreement protocols, reducing the rekeying complexity by
performing interval based rekeying. They also present an
The rest of the paper is organized as follows. Section 2 authenticated key agreement protocol. As the success of their
focuses on related work in this field. We present our proposed scheme is partially based on a certificate authority, their
scheme in Section 3, communication protocols and group key protocol will encounter the same problems as centralized trust
management techniques are discussed in Section 4. Dynamic mechanisms.
network peer groups are presented in Section 5, security
analysis in section6. Finally we make a conclusion in Section 7. Nen-Chung Wang, Shian-Zhang Fang [10], have proposed
„A hierarchical key management scheme for secure group
II. RELATED WORK communications in mobile ad hoc networks‟. This paper
involves very complex process to form the cluster and for
Key trees [6] were first proposed for centralized key communications.
distribution, while Kim et al.[1], adapted it to distributed key
agreement protocol TGDH. In TGDH [1] every group member Gouda et al. [11], who describe a new use of key trees.
creates a key tree separately. Each leaf node is associated with They are concerned about using the existing subgroup keys in
a real group member, while each non-leaf node is considered as the key tree to securely multicast data to different subgroups
virtual member. In TGDH, every node on the key tree has a within the group. Unlike their approach, which depends on a
Diffie-Hellman key pair based on the prime p and generator α, centralized key server to maintain the unique key tree and
used to generate the group key. Secret-public key pair for real manage all keys, our paper solves this problem in a distributed
member Mi is as follows. fashion.
83 | P a g e
http://ijacsa.thesai.org/
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 2, No.2, February 2011
{KU ij , BKU ij
KUij
mod p}
{KVij , BKVij
KVij
mod p}
84 | P a g e
http://ijacsa.thesai.org/
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 2, No.2, February 2011
85 | P a g e
http://ijacsa.thesai.org/
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 2, No.2, February 2011
Steps for global key generation and distribution in GC The user Uij+1 broadcast the signed join request to its
(algorithm for global key generation & distribution in GC). cluster Ci.
Each cluster generates its own cluster key trees Cluster Ci‟s members determine the insertion point,
and update their key trees by creating a new
For each cluster key tree there will be generated the intermediate node and promoting it to become the
roots secret keys, which are common keys for all parent of the insertion node and Uij+1.
respective clusters.
Each cluster member adjusts the cluster key tree by
Cluster Ci, Cj and Ck‟s secret keys KCi, KCj and KCk adding Uij+1 to its selected clusters adjacent to the
are calculated respectively from their cluster key trees. insertion point.
With these three clusters, Reduced Global The sponsor Us compute the new cluster group key or
Communication Key tree will be formed as shown in cluster common key.
Figure 5.
Then sponsor Us sends the updated blinded keys of
The root node VCi‟s (from Reduced GC key tree) nodes on its key path to their corresponding clusters.
secret key KVCi is calculated using DH key fashion,
which is common key for all clusters Ci, Cj and Ck. These messages are signed by the sponsor Us.
VCi‟s secret key KVCi is distributed to all clusters and Uij+1 takes the public keys needed for generating the
that will be shared by all members of each cluster for cluster group key, generates group key.
communicating globally.
The cluster group key (for cluster C3) or cluster common
For each session the global key recalculated by key for Figure 6 is generated as follows (steps for group key or
changing their shares of each cluster‟s members and common key generation).
distributed to all members of clusters.
Let U31‟s secret share is KU31, and then secret-public
key pair of U31 (according to DH Key fashion) is as
V. DYNAMIC PEER GROUPS shown below.
The numbers of nodes or clusters in the network are not
necessarily fixed. New node (user) or cluster may join the
network or existing nodes or cluster may leave the network. {KU 31, BKU 31 KU31 mod p}
A. User Joins the Cluster Let U32‟s secret share is KU32 then secret-public key
Assume that a new user Uij+1 wish to join a k-users cluster pair of U32 (according to DH Key fashion) is shown
{U1, U2…. UK}. Uij+1, is required to authenticate itself by below.
presenting a join request signed with SK. Uij+1 may obtain a
signature on its join request by establishing credentials with the
{KU 32 , BKU 32
KU32
offline certificate authority. mod p}
When the users of clusters receive the joining request, they
independently determine Uij+1‟s insertion node in the key tree, Let U33‟s secret share is KU33 then secret-public key
which is defined as in [1], which is the shallowest rightmost pair of U33 (according to DH Key fashion) is shown
node or the root node when the key tree is well-balanced. They below.
also independently determine a real user called join sponsor Us
[1], to take responsible for coordinating the join, which is the
{KU 33 , BKU 33
KU33
rightmost leaf node in the sub tree rooted at the insertion node. mod p}
No keys change in the key tree at a join, except the blinded
keys for nodes on the key path for the sponsor node. The Let U34‟s secret share is KU34 then secret-public key
sponsor simply re computes the cluster group key, and sends pair of U34 (according to DH Key fashion) is shown
updates for blinded keys on its own key path to their below.
corresponding clusters. The join works as shown below.
{KU 34 , BKU 34
KU34
Steps for group key or cluster common key generation and mod p}
distribution when user joins in cluster (algorithm for user joins
in cluster).
Let U35‟s secret share is KU35 then secret-public key
New User Uij+1 takes the LID and public key pair of U35 (according to DH Key fashion) is shown
certificates from the CA. below.
User Uij+1 selects appropriate cluster by comparing its
{KU 35 , BKU 35
KU35
LID with CID (for LID=CID). mod p}
86 | P a g e
http://ijacsa.thesai.org/
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 2, No.2, February 2011
{BKV33
KV33
mod p}
{BKV32
KV32
mod p}
87 | P a g e
http://ijacsa.thesai.org/
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 2, No.2, February 2011
B. Backward Secrecy
A passive hacker (or new joined member) who knows a
contiguous subset of group keys cannot discover how a
previous group key is changed upon a group join or leave.
C. Key Independence
This is the strongest property of the dynamic peer groups. It
guarantees that a passive adversary who knows some previous
group key cannot determine new group keys.
VII. CONCLUSION
In this paper, we have presented three communication
protocols with distributed group key management for dynamic
peer groups using key trees, by dividing group into subgroups
called clusters. We provided the strong authentication with
LID‟s, CID‟s for cluster formations. We provide the source
authentication of user in communication with RSA keys. The
DH secret-public key pairs are used for common key
generations. Certificate Authority provided the RSA keys,
LID‟s for all users and CID‟s for all clusters for all types of
cluster communications.
Figure 7. User U36 leaves the Cluster C3. In future we can extend this application with cluster head
communications, sponsor coordination and cluster merging or
C. Updating Secret Shares &RSA keys cluster disjoining in dynamic network.
In this scheme, each group user is required to update its
Diffie-Hellman keys before each group session, or during a ACKNOWLEDGMENT
session when it is selected as a sponsor on a user‟s leaving. We would like to thank to K Sahadeviah for help full
Source authentication of the updated blinded keys is guaranteed discussion about different key management schemes and
by the sender‟s RSA signature. Further, to ensure the long-term modes of providing authentications. We thank Krishna Prasad
secrecy of the RSA keys, group user to renew its RSA key pair for discussion of effective presentations of concepts. We also
periodically, and send it to its cluster users securely using its thank our friends for designing of network frame work.
current RSA secret key.
REFERENCES
VI. PERFORMANCE ANALYSIS [1] Kim, Y., Perrig, A., Tsudik, G.: Simple and fault-tolerant key
Security Analysis: Users in a network group are usually agreement for dynamic collaborative groups. In: Proceedings of the
considered to be part of the security issue since there are no CCS‟00. (2000).
fixed nodes to perform the service of authentication. The [2] Steiner, M., Tsudik, G., Waidner, M.: Key agreement in dynamic peer
groups. IEEE TRANSACTIONS on Parallel and Distributed Systems 11
Certificate Authority, which may be distributed, is on-line (2000).
during initialization, but remains offline subsequently. During [3] Perrig, A.: Efficient collaborative key management protocols for secure
initialization, the CA distributes key certificates and location automonomous group communication. In: Proceedings of CrypTEC‟99.
IDs, so that the function of key authentication can be realized (1999).
and distributed across appropriate clusters. [4] Lee, P., Lui, J., Yau, D.: Distributed collaborative key agreement
protocols for dynamic peer groups. In: Proceedings of the ICNP‟02.
A. Forward Secrecy (2002).
[5] Lee, P., Lui, J., Yau, D.: Distributed collaborative key agreement
If a hacker (or old member) can compromise any node and protocols for dynamic peer groups. Technical report, Dept. of Computer
obtain its key, it is possible that the hacker can start new key Science and Engineering, Chinese University of Hong Kong (2002).
agreement protocol by impersonating the compromised node. [6] Zhou, L., C.V.Ravishankar: Efficient, authenticated, and fault-tolerant
For our scheme we can conclude that a passive hacker who key agreement for dynamic peer groups. Technical Report 88, Dept. of
knows a contiguous subset of old group keys cannot discover Computer Science and Engineering, University of California, Riverside
(2004).
any subsequent group key. In this way, forward secrecy can be
achieved. [7] Wong, C., Gouda, M., Lam, S.: Secure group communication using key
graphs. In: Proceedings of the ACM SIGCOMM‟98, Vancouver, Canada
(1998).
[8] Steiner, M., Tsudik, G., Waidner, M.: Cliques: A new approach to group
key agreement. In: Proceedings of the ICDCS‟98, Amsterdam,
Netherlands (1998).
88 | P a g e
http://ijacsa.thesai.org/
(IJACSA) International Journal of Advanced Computer Science and Applications,
Vol. 2, No.2, February 2011
[9] Renuka A. and K.C.Shet: Cluster Based Group Key Management in [19] Del Valle Torres Gerardo, Gomez Cardenas Roberto,”Overview the Key
Mobile Ad hoc Networks (2009). Management in Ad Hoc Networks (2004).
[10] Nen-Chung Wang, Shian-Zhang Fang.: A hierarchical key management [20] Rafaeli, S. and Hutchison, D. (2003) A survey of key management for
scheme for secure group communications in mobile ad hoc networks secure group communications, ACM Computing for secure group
(2007). communication, ACM Computing Surveys, Vo. 35, No.3 pp.309-329.
[11] M.G.Gouda, Huang, C., E.N.Elnozahy: Key trees and the security of [21] Bing Wu, Jie Wuand Yuhong Dong,(2008) An efficient group key
interval multicast. In: Proceedings of the ICDCS‟02, Vienna, Austria management scheme for mobile ad hoc networks, Int. J. Security and
(2002). Networks, 2008.
[12] Wallner, D., Harder, E., Agee, R.: Key management for multicast: Issues AUTHORS PROFILE
and architecture. In: Internet Draft, draft-wallner-key-arch-01.txt.
(1998).
Mr. Rajendar Dharavath, currently is a Assistant
[13] Ateniese, G., Steiner, M., Tsudik, G.: New multiparty authentication Professor in the Department of Computer Science
services and key agreement protocols. IEEE Journal of Selected Areas in and Engineering, Aditya Engineering College,
Communications 18 (2000). Kakinada, Andhra Pradesh, India. He completed
[14] Pereira, O., Quisquater, J.: A security analysis of the cliques protocols B.Tech in CSE from CJITS Jangaon, Warangal, and
suites. In: Proceedings of the 14-th IEEE Computer Security M.Tech in CSE from JNTU Kakinada. His research
Foundations Workshop. (2001). interest includes: Mobile ad hoc networks, Network
[15] L.Zhou et Z. J. Haas, “Securing Ad Hoc Networks”, IEEE Network Security and Data Mining & Data Warehouse.
Magazine, 13(6),1999.
[16] Eui-Nam Huh, Nahar Sultana, “Application Driven Cluster Based Group
Key Management with Identifier in Mobile Wireless Sensor Mr. Bhima K, currently is a Associate Professor and
Networks(2007). Head of Department of Computer Science and
[17] D. Balenson, D. Mcgew, and A. Sherman, “Key management for large Engineering,Brilliant Institute of Engineering and
dynamic groups: One way function trees and amortized initializations,” Technology, Hyderabad, Andhra Pradesh, India. He
IETF, Feb 1999. completed B.Tech in CSE from RVR&JC Engg.
[18] Y.Kim,A. Perrig and G.Tsudik, “ A common efficient group key College, Guntur, and M.Tech in SE from NIT
agreement,” Proc. IFTP-SEP 2001, pp,229-244,2001. Alahabad. His research interest includes: Mobile ad
hoc networks, Network Security, Computer
Networks and Software Engineering.
89 | P a g e
http://ijacsa.thesai.org/