Ruidong Li,Jie Li,Hsiao-Hwa Chen

DOI: https://doi.org/10.1109/GLOCOM.2005.1577969

2005-01-01

Abstract:To efficiently and effectively achieve the hierarchical access control for multimedia networks, in this paper we propose a distributed key management scheme whereby each SG (service group) maintains an SG server and give detailed analysis. In the proposed scheme, the server for a SG is utilized to manage the key tree and provide the related session keys for all the users in this SG. A detailed case study is provided, and we show that the communication overhead can be greatly reduced by O (nO · logdnO), where nO is the number of users in a SG, compared with employing an integrated key graph to the hierarchical access control problem. At the same time, the storage overhead for all users can be reduced by O(N), where N is the total number of users.

Ruidong Li,Jie Li,Hsiao-Hwa Chen

DOI: https://doi.org/10.1504/IJSN.2007.012821

2007-01-01

Abstract:Hierarchical access control for group communication providesaccess control which can assure that group members can subscribedifferent data streams or possibly multiples of them in amultimedia network. In this paper, to efficiently and effectivelyachieve this goal, we propose a Distributed Key Management Scheme(DKMS) whereby each Service Group (SG) maintains a SG server andgive detailed analysis. In the proposed scheme, the server for a SGis utilised to manage the key tree and provide the related sessionkeys for all the users in this SG. Detailed analysis is providedand we show that the communication overhead can be greatly reducedby O(n0 logd n0), wheren0 is the number of users in a SG, compared withemploying an integrated key graph to the hierarchical accesscontrol problem. At the same time, the storage overhead for allusers can be reduced by O(N), where N is the total number ofusers.

Lin Yao,Xiangwei Kong,Guowei Wu,Chi Lin,Qingna Fan

DOI: https://doi.org/10.1504/ijahuc.2011.041613

2011-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:A Tree-based Multicast group Key Management (TMKM) protocol for ubiquitous computing is proposed to generate, distribute, and update the group key. The whole group is divided into the server layer and the user layer, and the user layer is further divided into subgroups. Every subgroup is initialised as a balanced binary tree. We employ hierarchical group key management method for the whole topology and centralised group key management method for subgroup, so TMKM takes advantage of centralised and distributed key group management. Compared with some other group key management protocols, TMKM shows higher superiority on security, scalability and computation complexity.

Guojun Wang,Jie Ouyang,Hsiao-Hwa Chen,Minyi Guo

DOI: https://doi.org/10.1016/j.comcom.2007.04.019

IF: 5.047

2007-01-01

Computer Communications

Abstract:Multi-privileged group communications containing multiple data streams have been studied in the traditional wired network environment and the Internet. With the rapid development of mobile and wireless networks and in particular mobile ad-hoc networks (MANETs), the traditional Internet has been integrated with mobile and wireless networks to form the mobile Internet. The multi-privileged group communications can be applied to the mobile Internet. Group users can subscribe to different data streams according to their interest and have multiple access privileges with the support of multi-privileged group communications. Security is relatively easy to be guaranteed in traditional groups where all group members have the same privilege. On the other hand, security has been a challenging issue and is very difficult to handle in multi-privileged groups. In this paper, we first introduce some existing rekeying schemes for secure multi-privileged group communications and analyze their advantages and disadvantages. Then, we propose an efficient group key management scheme called ID-based Hierarchical Key Graph Scheme (IDHKGS) for secure multi-privileged group communications. The proposed scheme employs a key graph, on which each node is assigned a unique ID according to access relations between nodes. When a user joins/leaves the group or changes its access privileges, other users in the group can deduce the new keys using one-way function by themselves according to the ID of joining/leaving/changing node on the graph, and thus the proposed scheme can greatly reduce the rekeying overhead.

Qiuhua Wang,Huifang Chen,Lei Xie,Kuang Wang

DOI: https://doi.org/10.1002/sec.429

IF: 1.968

2012-01-01

Security and Communication Networks

Abstract:The self-healing group key distribution scheme with revocation can deal with the problem of distributing session keys for secure group communication over an unreliable wireless network, with the capability to resist packet loss and collusion attack. However, existing access-polynomial-based self-healing key management schemes have some problems, such as the small number of active group members, much redundancy in the key updating broadcast packet, and limited collusion attack resistance capability. In order to increase the number of active group members and improve the performance of self-healing group key distribution schemes, we propose a self-healing group key distribution scheme based on the access polynomial and one-way hash key chain for resource-constrained wireless networks in this paper. In our proposed scheme, by binding the time at which the user joins the group with the capability of recovering previous group session keys, some novel methods to construct the personal secret, the access polynomial, and the session key updating broadcast packet are presented. Compared with existing schemes under same conditions, analysis and simulation results show that our proposed scheme not only supports much more group members and sessions, but also provides a stronger security, considering that it can deal with more colluding users. Moreover, our proposed scheme is especially suitable to resource-constrained wireless networks in a very bad environment. Copyright © 2012 John Wiley & Sons, Ltd.

Mengyao Zhu,Ming Zhang,Xiaoling Chen,Ding Zhang,ZhiJie Huang

DOI: https://doi.org/10.1007/978-3-540-74377-4_88

2007-01-01

Abstract:A variety of subscriptions in Conditional Access System (CAS) of DTV broadcasting network bring complexity to the key distribution scheme. In this paper, an innovation of hierarchical key distribution scheme for CAS in DTV broadcasting is proposed to reduce the computation of encryption and the number of messages for key refreshment. Compared with the conventional key distribution schemes, no encrypted message is distributed for key refreshment when a subscriber leaves. Further more, our hierarchical tree of key can provide a lot more dynamic management, from which broadcasters can improve efficiency in managing program channels.

Bing-Zhe He,Chien-Ming Chen,Tsu-Yang Wu,Hung-Min Sun

DOI: https://doi.org/10.1155/2014/569397

IF: 1.43

2014-01-01

Mathematical Problems in Engineering

Abstract:The time-bound hierarchical key assignment scheme provides a cryptographic solution for the access control problem in distributed systems (e.g., Pay-TV and cloud computing applications). Most time-bound hierarchical key assignment schemes can be divided into two types: adopting tamper-resistant devices and utilizing public values. Despite the fact that adopting tamper-resistant devices can easily resist to collusion attacks, utilizing public values is much cheaper and more suitable for cloud environment. In this paper, we proposed a new time-bound hierarchical key assignment scheme, which can effectively defeat the collusion attack. Besides, the proposed scheme utilizes public values instead of tamper-resistant devices, which will restrict user's convenience. Compared with the previous works, our scheme requires fewer public values and has better performance.

Shaohua Tang,Xiaoyu Li,Xinyi Huang,Yang Xiang,Lingling Xu

DOI: https://doi.org/10.1109/tc.2015.2479609

IF: 3.183

2016-01-01

IEEE Transactions on Computers

Abstract:Access control is an indispensable security component of cloud computing, and hierarchical access control is of particular interest since in practice one is entitled to different access privileges. This paper presents a hierarchical key assignment scheme based on linear-geometry as the solution of flexible and fine-grained hierarchical access control in cloud computing. In our scheme, the encryption key of each class in the hierarchy is associated with a private vector and a public vector, and the inner product of the private vector of an ancestor class and the public vector of its descendant class can be used to derive the encryption key of that descendant class. The proposed scheme belongs to direct access schemes on hierarchical access control, namely each class at a higher level in the hierarchy can directly derive the encryption key of its descendant class without the need of iterative computation. In addition to this basic hierarchical key derivation, we also give a dynamic key management mechanism to efficiently address potential changes in the hierarchy. Our scheme only needs light computations over finite field and provides strong key indistinguishability under the assumption of pseudorandom functions. Furthermore, the simulation shows that our scheme has an optimized trade-off between computation consumption and storage space.

Jiang Zhang,Xan-Guang Luo,Bin Li,Shi-Qiang Yang

DOI: https://doi.org/10.1109/icme.2006.262753

2006-01-01

Abstract:The increasing popularity of distributed and collaborative applications prompts the need for secure communication in collaborative groups. Some distributed collaborative key management protocols have been proposed to provide group communication privacy and data confidentiality for collaborative groups. However, most of them rekey on each member change, and the costs of group rekeying can be quite substantial for large groups with frequent membership changes. In this paper, we propose a scalable distributed key management scheme using a distributed one-way function tree named SIKAS which can significantly reduce the computation and communication costs of maintaining the group key based upon period-based group rekeying. A comparison with previous work has shown that SIKAS provides scalability and rekeying efficiency while preserving both distributed and collaborative properties.

Shu-Quan Li,Yue Wu,Da-Yong Zhu,Jia Chen

DOI: https://doi.org/10.1109/ICACIA.2009.5361101

2009-01-01

Abstract:With the development of the Internet, Multicast applications are deployed for mainstream use, IP multicasting is critical technology in those applications. The absence of security mechanism has limited the use of multicast. In order to protect communication confidentiality, Traffic in secure multicast is encrypted with a Session Encryption Key which is only to the certificated group members. Key management become essential issue for IP multicast. The aim of key management for multicast is for group members in one multicast session to generate, refresh and transfer keys which are used for encryption and authentication. In this paper, we review some typical schemes and propose a new key management scheme for large and dynamic multicast group. It is shown our scheme is very efficient and scalable to large multicast groups.

Xukai Zou,Yuan-Shun Dai,Xiang Ran

DOI: https://doi.org/10.1016/j.future.2006.12.004

IF: 7.307

2007-01-01

Future Generation Computer Systems

Abstract:Grid computing is a newly developed technology for complex systems with large-scale resource sharing and multi-institutional collaboration. The prominent feature of grid computing is the collaboration of multiple entities to perform collaborative tasks that rely on two fundamental functions: communication and resource sharing. Since the Internet is not security-oriented by design, there exist various attacks, in particular malicious internal and external users. Securing grid communication and controlling access to shared resources in a fine-tuned manner are important issues for grid services. This paper proposes an elegant Dual-Level Key Management (DLKM) mechanism using an innovative concept/construction of Access Control Polynomial (ACP) and one-way functions. The first level provides a flexible and secure group communication technology while the second level offers hierarchical access control. Complexity analysis and Simulation demonstrate the efficiency and effectiveness of the proposed DLKM in both computational grid and data grid. An example is illustrated.

Kai-ping XUE,Pei-lin HONG,Jin-sheng LI,Fu-rong YANG

DOI: https://doi.org/10.3969/j.issn.1000-1220.2007.08.010

2007-01-01

Abstract:According to the characteristics of secure group communication key agreement in P2P. This paper presented a hierarchical key agreement scheme H-IBD based on the analysis of traditional scheme BD and improved scheme IBD. Compared with BD scheme,IBD scheme cuts down the overhead of calculation and communication during re-key process, however it still requires all users join in all of the re-key process. By using a 'like tree' hierarchy, H-IBD scheme further reduces the above overhead. Depth analysis shows that H-IBD scheme is rather appropriate for Secure Group Communication Key agreement in P2P.

Qi Li,Mingwei Xu,Xinwen Zhang

DOI: https://doi.org/10.1109/iscc.2008.4625718

2008-01-01

Abstract:With advances in distributed computing technologies, group communication systems (GCS) have received a lot of attentions. Besides reliable and ordered message delivery services, these applications require plenty of security services, such as data secrecy, data integrity, and user authentication. However, less work has been invested on how to integrate authorization scheme within efficient communication systems, especially for group collaborations. In this paper, we present a flexible and efficient authorization scheme which provides group-level fine-grained access control and can be easily integrated to existing GCS. More specifically, we propose the concept of virtual group (VG) and automatic access control policy generation mechanism to realize secure collaborations between different groups. We implement a prototype with Spread and our experimental results demonstrate the efficiency and scalability of our authorization scheme.

Vinod Kumar,Rajendra Kumar,S. K. Pandey

DOI: https://doi.org/10.1007/978-3-030-30577-2_13

2019-09-24

Abstract:The problem of controlling unauthorized access to group communication requires secure distribution and maintenance of group key. In this paper, we present, implement and analyze an efficient distributed key management scheme using ternary tree for establishing secure communication in large and dynamically updating groups. The computational overhead of proposed protocol is reduced drastically since it requires only one key to transmit and only one encryption at member join. Similarly, at member leave, it requires only one key to transmit and $$ {\mathcal{O}}(log_{3} n) $$ encryptions. The storage and communication costs are also minimized. The proposed protocol is implemented on ternary tree based architecture and results are compared with other reference protocols. From performance analysis it is cleared that our protocol provides much better results in comparison with related protocols.

ZHANG Jiang,ZHANG Meng,CHEN Chunxiao,YANG Shiqiang

DOI: https://doi.org/10.3321/j.issn:1000-0054.2008.01.027

2008-01-01

Abstract:An efficient distributed group key agreement scheme was developed to improve the poor scalability of most existing distributed group key agreement schemes which require each member to maintain the whole key tree structure. In this scheme, each group member maintains only a key tree branch including five element sets, which reduces the storage and communication costs of each member. A distributed tree balancing algorithm is used to keep the whole key tree as balanced as possible for rekeying efficiency, even though each member has only partial information for the whole key tree. Test results demonstrate that the scheme significantly reduces the storage and communication costs for each member for maintaining the key tree, thus, the scheme can be scaled to large groups.

Bao-feng LIU,Lü-ping LI,Wen-jun ZHANG,Shi-bao ZHENG

DOI: https://doi.org/10.3321/j.issn:1006-2467.2006.05.005

2006-01-01

Shanghai Jiaotong Daxue Xuebao/Journal of Shanghai Jiaotong University

Abstract:Based on four-level key hierarchy, a new key distribution scheme based on grouping access control for conditional access system in digital TV (DTV) broadcasting was presented. The key distribution scheme can greatly reduce computation load and complexity while providing higher security. Moreover, the proposed scheme is flexible in processing joining and leaving of subscriber, which makes service provider easy to manage the subscribers dynamically. In the end, the security and performance of the proposed scheme were analyzed and compared with other schemes. It shows that the proposed scheme is very feasible for practical applications.

Sandro Rafaeli,David Hutchison

DOI: https://doi.org/10.1145/937503.937506

IF: 16.6

2003-09-01

ACM Computing Surveys

Abstract:Group communication can benefit from IP multicast to achieve scalable exchange of messages. However, there is a challenge of effectively controlling access to the transmitted data. IP multicast by itself does not provide any mechanisms for preventing nongroup members to have access to the group communication. Although encryption can be used to protect messages exchanged among group members, distributing the cryptographic keys becomes an issue. Researchers have proposed several different approaches to group key management. These approaches can be divided into three main classes: centralized group key management protocols, decentralized architectures and distributed key management protocols. The three classes are described here and an insight given to their features and goals. The area of group key management is then surveyed and proposed solutions are classified according to those characteristics.

computer science, theory & methods

Renuka A.,K. C. Shet

DOI: https://doi.org/10.48550/arXiv.0910.0227

2009-10-01

Cryptography and Security

Abstract:Mobile Ad-hoc Network (MANET) is a collection of autonomous nodes or terminals which communicate with each other by forming a multi-hop radio network and maintaining connectivity in a decentralized manner. The conventional security solutions to provide key management through accessing trusted authorities or centralized servers are infeasible for this new environment since mobile ad hoc networks are characterized by the absence of any infrastructure, frequent mobility, and wireless links. We propose a hierarchical group key management scheme that is hierarchical and fully distributed with no central authority and uses a simple rekeying procedure which is suitable for large and high mobility mobile ad hoc networks. The rekeying procedure requires only one round in our scheme and Chinese Remainder Theorem Diffie Hellman Group Diffie Hellmann and Burmester and Desmedt it is a constant 3 whereas in other schemes such as Distributed Logical Key Hierarchy and Distributed One Way Function Trees, it depends on the number of members. We reduce the energy consumption during communication of the keying materials by reducing the number of bits in the rekeying message. We show through analysis and simulations that our scheme has less computation, communication and energy consumption compared to the existing schemes.

YJ Wang,JH Li,L Tie,Q Li

DOI: https://doi.org/10.1109/dnsr.2004.1344721

2004-01-01

Abstract:Key management for large dynamic groups is a difficult problem because of scalability and security. The SKDC (simple key distribution center) method is very weak in scalability. The logical key hierarchy (LKH) algorithm proposed in 1997 has greatly improved scalability for key management in large dynamic groups. In 1998, the one-way-function tree (OFT) method appeared to obtain more efficiency than LKH. But the OFT method has security breaches in collusion attacks. We present a new method which is more efficient than OFT and resistant to collusion attacks.

Xiaozhuo Gu,Youjian Zhao,Jianzu Yang

DOI: https://doi.org/10.1109/jcn.2012.6292248

2012-01-01

Journal of Communications and Networks

Abstract:With the requirement for providing multiple levels of access control for group members, many group key management schemes designed for hierarchical access control have been put forward. However, most of these schemes focus on the efficiency of group key establishment and rekeying in centralized environments. This paper proposes an integrated group key agreement (IGK) scheme for contributory environments. The IGK scheme employs the integrated key graph to remove key redundancies existing in single key trees, and reduces key establishment and rekeying time while providing hierarchical access control. Performance analyses and simulations conducted with respect to computation and communication overheads indicate that our proposed IGK scheme is more efficient than the independent group key agreement scheme.