Lightweight and flexible key distribution schemes for secure group communications

Wireless Networks - Key distribution is one of the most fundamental cryptographic primitives that can establish secure group communications in both centralized and distributed networks. A one-time...     

A secure and robust group key distribution and authentication protocol with efficient rekey mechanism for dynamic access control in secure group communications

In today's Internet era, group communications have become more and more essential for many emerging applications. Given the openness of today's networks, efficient and secure distribution of common key is an essential issue for secure communications in the group. To maintain confidentiality during communication in the group, all authorized members require a common key called the group key in advance. This paper proposes a group key distribution and authentication protocol for dynamic access control in secure group communication using Chinese remainder theorem (CRT), which is highly secure and computationally efficient. The proposed protocol (1) has drastically reduced the computation complexity of group controller ( GC ) and members, (2) has provided intense security by means of an additional secret parameter used by GC and members, (3) has minimized storage and communication overheads, (4) has been decentralized for higher scalability so that it can efficiently handle large‐scale changes in the group membership, and (5) is suitable for many practical applications due to intense security along with low computation and storage overheads. Detailed security analysis proves that our protocol can guarantee the privacy and security requirements of group communications. Moreover, performance analysis also verifies the efficiency and effectiveness of the proposed protocol. The proposed protocol has been experimented on star topology‐based key distribution system and observed that the protocol significantly reduces the computation cost and minimizes the communication and storage overheads.     

Key distribution for secure VSAT satellite communications

This paper presents modified Yacobi (1989) scheme that does not use the secret key provided by the key distribution center, but uses instead a random number generated by the user. This paper also presents the modified Diffie-Hellman (1976) and ID (identity) method which has directly mutual authentication between users and is able to defend the network from impostors. The proposed scheme based on the DH was applied to VSAT satellite communications and simulated on a PC using Montgomery (1993) algorithm and MD5 (Message Digest) for a feasible study of secure VSAT satellite communications     

A scalable key‐management scheme with minimizing key storage for secure group communications

Recently, many group communication services have become the focus for future developments in the Internet and wireless network applications, such as video‐conferencing, collaborative work, networking games or online videos. In particular, these applications require data delivery from one sender to a large number of authorized receivers. Therefore, secure multicast communication will become an important networking issue in the future. Using a common encryption key only known by authorized members to encrypt transmitted data is a practical approach. But, whenever a group member joins or leaves the group, the common encryption key must be updated to ensure both past and future secrecy. As a result, minimizing key update communication cost and the key storage requirement of a group controller is a critical issue in a scalable and dynamically changing large group. A new key‐management scheme is proposed to reduce the key storage requirement of a group controller to a constant size, which is far better than that of the previously proposed schemes, while retaining the same key update communication cost. In addition, the correlation between the key storage requirement of each group member and key update communication cost are also presented. Copyright © 2003 John Wiley & Sons, Ltd.     

Scalable secure group communication over IP multicast

We introduce and analyze a scalable rekeying scheme for implementing secure group communications Internet protocol multicast. We show that our scheme incurs constant processing, message, and storage overhead for a rekey operation when a single member joins or leaves the group, and logarithmic overhead for bulk simultaneous changes to the group membership. These bounds hold even when group dynamics are not known a priori. Our rekeying algorithm requires a particular clustering of the members of the secure multicast group. We describe a protocol to achieve such clustering and show that it is feasible to efficiently cluster members over realistic Internet-like topologies. We evaluate the overhead of our own rekeying scheme and also of previously published schemes via simulation over an Internet topology map containing over 280 000 routers. Through analysis and detailed simulations, we show that this rekeying scheme performs better than previous schemes for a single change to group membership. Further, for bulk group changes, our algorithm outperforms all previously known schemes by several orders of magnitude in terms of actual bandwidth usage, processing costs, and storage requirements.     

Secure key agreement for group communications

A secure key agreement protocol for group communications is proposed in this paper, which ensures the authenticity of group members and the privacy of group messages, and provides the properties of perfect forward and backward privacy. In a group session, the common key is collaboratively established by all participants, hence the overhead of key agreement is balanced among group members. Copyright © 2001 John Wiley & Sons, Ltd.     

Scalable and efficient approach for secure group communication using proxy cryptography

Multicast is a scalable solution for group communications. In order to offer security for multicast applications, a group key has to be changed whenever a member joins or leaves the group. This incurs 1-affects-n problem, which is a constraint on scalability. Decentralized approaches solve the scalability problem by dividing a group into several subgroups that use independent group keys. These approaches, however, introduce new challenges: problem of trusting third party and inefficiency of data delivery. Proxy encryption is a good approach to solve the problem of trusting third party. In this paper, we propose a novel secure multicast scheme using the proxy cryptography. The proposed scheme provides not only scalability but also data transmission efficiency by dynamic subgrouping of group members while intermediate data-relaying third parties are not required to be trusted.     

Trust model for secure group leader-based communications in VANET

Wireless Networks - VANET aims to improve safety for all road users. Vehicles exchange safety messages over wireless communication links which are prone to multiple attacks. To enhance the existing...     

Group and hierarchical key management for secure communications in internet of things

Different devices with different characteristics form a network to communicate among themselves in Internet of Things (IoT). Thus, IoT is of heterogeneous in nature. Also, Internet plays a major role in IoT. So, issues related to security in Internet become issues of IoT also. Hence, the group and hierarchical management scheme for solving security issues in Internet of Things is proposed in this paper. The devices in the network are formed into groups. One of the devices is selected as a leader of each group. The communication of the devices from each group takes place with the help of the leader of the corresponding group using encrypted key to enhance the security in the network. Blom's key predistribution technique is used to establish secure communication among any nodes of group. The hierarchy is maintained such that the security can be increased further, but the delay is increased as it takes time to encrypt at every level of hierarchy. Hence, the numbers of levels of hierarchy need to be optimized such that delay is balanced. Hence, this algorithm is more suitable for delay‐tolerant applications. The performance of the proposed Algorithm is evaluated and is proved to perform better when compared with the legacy systems like Decentralized Batch‐based Group Key Management Protocol for Mobile Internet of Things (DBGK).     

Conference key distribution schemes for secure digital mobilecommunications

We propose a new service for digital mobile communication systems. The service enables two or more users to hold a secure conference. Two requirements must be considered: privacy and authentication. Privacy involves ensuring that an eavesdropper cannot intercept the conversations of the parties holding the conference. Authentication involves ensuring that service is not obtained fraudulently in order to avoid usage charges. We present two new conference key distribution schemes for digital mobile communication systems. In these schemes, a group of users can generate a common secret keg over a public channel so that they may hold a secure conference     

Secure group communications using key graphs

Many emerging network applications are based upon a group communications model. As a result, securing group communications, i.e., providing confidentiality, authenticity, and integrity of messages delivered between group members, will become a critical networking issue. We present, in this paper, a novel solution to the scalability problem of group/multicast key management. We formalize the notion of a secure group as a triple (U,K,R) where U denotes a set of users, K a set of keys held by the users, and R a user-key relation. We then introduce key graphs to specify secure groups. For a special class of key graphs, we present three strategies for securely distributing rekey messages after a join/leave and specify protocols for joining and leaving a secure group. The rekeying strategies and join/leave protocols are implemented in a prototype key server we have built. We present measurement results from experiments and discuss performance comparisons. We show that our group key management service, using any of the three rekeying strategies, is scalable to large groups with frequent joins and leaves. In particular, the average measured processing time per join/leave increases linearly with the logarithm of group size     

A key management scheme for secure group communication using binomial key trees

Numerous emerging applications, such as teleconferencing, board meetings, pay-per-view and scientific discussions, rely on a secure group communication model. Scalable group rekeying is an important issue in the secure group communication model as the nature of the group is dynamic. The number of encryptions performed and rekey messages constructed should be minimized to carry out updating of the group key, and secure delivery of the group key should be carried out in an efficient manner. In this paper, we propose a new scheme to manage the secure group using the binomial key tree approach. In this scheme, the number of encryptions performed and rekey messages constructed during membership change are fewer compared to the scheme proposed by Wong and others. Further, it is not required to balance the tree after each membership change. We show that, for a large group, the average encryption cost and rekey message cost are independent of the size of the group for join operation and logarithmic in size of the group for leave operation. Hence our scheme is scalable. Copyright © 2010 John Wiley & Sons, Ltd.     

On optimal batch rekeying for secure group communications in wireless networks

Advances in wireless communications and mobile computing have led to the emergence of group communications and applications over wireless. In many of these group interactions, new members can join and current members can leave at any time, and existing members must communicate securely to achieve application-specific missions or network-specific functionality. Since wireless networks are resource-constrained, a key challenge is to provide secure and efficient group communication mechanisms that satisfy application requirements while minimizing the communication cost. Instead of individual rekeying, i.e., performing a rekey operation right after each join or leave request, periodic batch rekeying has been proposed to alleviate rekeying overhead in resource-constrained wireless networks. In this paper, we propose an analytical model to address the issue of how often batch rekeying should be performed. We propose threshold-based batch rekeying schemes and demonstrate that an optimal rekey interval exists for each scheme. We further compare these schemes to identify the best scheme that can minimize the communication cost of rekeying while satisfying application requirements when given a set of parameter values characterizing the operational and environmental conditions of the system. In a highly dynamic wireless environment in which the system parameter values change at runtime, our work may be used to adapt the rekeying interval accordingly.     

An efficient and attack‐resistant key agreement scheme for secure group communications in mobile ad‐hoc networks

As a result of the growing popularity of wireless networks, in particular mobile ad hoc networks (MANET), security over such networks has become very important. Trust establishment, key management, authentication, and authorization are important areas that need to be thoroughly researched before security in MANETs becomes a reality. This work studies the problem of secure group communications (SGCs) and key management over MANETs. It identifies the key features of any SGC scheme over such networks. AUTH‐CRTDH, an efficient key agreement scheme with authentication capability for SGC over MANETs, is proposed. Compared to the existing schemes, the proposed scheme has many desirable features such as contributory and efficient computation of group key, uniform work load for all members, few rounds of rekeying, efficient support for user dynamics, key agreement without member serialization and defense against the Man‐in‐the‐Middle attack, and the Least Common Multiple (LCM) attack. These properties make the proposed scheme well suited for MANETs. The implementation results show that the proposed scheme is computationally efficient and scales well to a large number of mobile users. Copyright © 2007 John Wiley & Sons, Ltd.     

Practical and secure localization and key distribution for wireless sensor networks

In many applications of wireless sensor networks, sensor nodes are manually deployed in hostile environments where an attacker can disrupt the localization service and tamper with legitimate in-network communication. In this article, we introduce Secure Walking GPS, a practical and cost effective secure localization and key distribution solution for real, manual deployments of WSNs. Using the location information provided by the GPS and inertial guidance modules on a special master node, Secure Walking GPS achieves accurate node localization and location-based key distribution at the same time. We evaluate our localization solution in real deployments of MicaZ. Our experiments show that 100% of the deployed nodes localize (i.e., have a location position) and that the average localization errors are within 1–2 m, due mainly to the limitations of the existing commercial GPS devices. Our further analysis and simulation results indicate that the Secure Walking GPS scheme makes a deployed WSN resistant to the Dolev-Yao, the wormhole, and the GPS-denial attacks, the scheme is practical for large-scale deployments with resource-constrained sensor nodes and has good localization and key distribution performance.     

Computation-efficient key establishment in wireless group communications

Wireless Networks - Efficient key establishment is an important problem for secure group communications. The communication and storage complexity of group key establishment problem has been studied...     

MANET中高效的安全簇组密钥协商协议

针对移动自组网中组密钥管理面临的诸多挑战,提出一种高效的安全簇组密钥协商协议(ESGKAP,effi-cient and secure group key agreement protocol).ESGKAP基于提出的高性能层簇式CCQ_n网络模型,有效地减少了组密钥协商过程中的秘密贡献交互开销,增加了协议的灵活性、可扩展性和容错性.ESGKAP无需控制中心,由秘密分发中心构造门限秘密共享,所有成员通过协商生成簇组密钥,提高了方案的安全性,且基于ECC密码体制提高了簇组密钥生成的效率.同时,提出高效的签密及门限联合签名方案,确保簇组成员能够对接收的簇组密钥份额进行验证,进一步增加了方案的安全性.使用串空间模型对ESGKAP方案进行了形式化分析,证明了其正确性和安全性.最后,通过与BD、A-GDH和TGDH协议比较,表明ESGKAP能有效减少节点和网络资源消耗,很好地适用于特定的移动自组网环境,具有更为明显的安全和性能优势.     

Scalable key exchange transformation: from two-party to group

A modular method which derives a scalable construction of a group key exchange (GKE) scheme from a two-party key exchange (KE) one is presented. By combining the method presented with the compiler by Katz and Yung (see Advances in Cryptology-CRYPTO 2003, Springer-Verlag, LNCS, 2729, p.110-125) a scalable compiler can be obtained that transforms any two-party KE protocol secure against a passive eavesdropper to an authenticated GKE one secure against a stronger active adversary.     

Scalable video transcoding for mobile communications

Mobile multimedia contents have been introduced in the market and their demand is growing every day due to the increasing number of mobile devices and the possibility to watch them at any moment in any place. These multimedia contents are delivered over different networks that are visualized in mobile terminals with heterogeneous characteristics. To ensure a continuous high quality it is desirable that this multimedia content can be adapted on-the-fly to the transmission constraints and the characteristics of the mobile devices. In general, video contents are compressed to save storage capacity and to reduce the bandwidth required for its transmission. Therefore, if these compressed video streams were compressed using scalable video coding schemes, they would be able to adapt to those heterogeneous networks and a wide range of terminals. Since the majority of the multimedia contents are compressed using H.264/AVC, they cannot benefit from that scalability. This paper proposes a technique to convert an H.264/AVC bitstream without scalability to a scalable bitstream with temporal scalability as part of a scalable video transcoder for mobile communications. The results show that when our technique is applied, the complexity is reduced by 98 % while maintaining coding efficiency.