Lin Yao,Xiangwei Kong,Guowei Wu,Chi Lin,Qingna Fan

DOI: https://doi.org/10.1504/ijahuc.2011.041613

2011-01-01

International Journal of Ad Hoc and Ubiquitous Computing

Abstract:A Tree-based Multicast group Key Management (TMKM) protocol for ubiquitous computing is proposed to generate, distribute, and update the group key. The whole group is divided into the server layer and the user layer, and the user layer is further divided into subgroups. Every subgroup is initialised as a balanced binary tree. We employ hierarchical group key management method for the whole topology and centralised group key management method for subgroup, so TMKM takes advantage of centralised and distributed key group management. Compared with some other group key management protocols, TMKM shows higher superiority on security, scalability and computation complexity.

Ruixue Sun,Zhiguo Shi,Rongxing Lu,Jian Qiao,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/WCSP.2012.6542795

2012-01-01

Abstract:The 60 GHz ultra-high-speed Wireless Personal Area Network (WPAN) has received considerable attention in recent years. Information security, which ensures secure communication within the network, is of particular importance. In this paper, we propose an efficient lightweight key management scheme for 60 GHz WPAN, which deploys secure encryption algorithms and one-way hash function to achieve efficient key exchange and updating managements. Detailed security analysis has shown its security provisions. In addition, performance evaluation is also provided to demonstrate its efficiency in terms of session key distribution and group key updating.

M. Waldvogel,G. Caronni,Dan Sun,N. Weiler,B. Plattner

DOI: https://doi.org/10.1109/49.790485

IF: 16.4

1999-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Middleware supporting secure applications in a distributed environment faces several challenges. Scalable security in the context of multicasting or broadcasting is especially hard when privacy and authenticity is to be assured to highly dynamic groups where the application allows participants to join and leave at any time. Unicast security is well-known and has widely advanced into production state. But proposals for multicast security solutions that have been published so far are complex, often require trust in network components, or are inefficient. In this paper, we propose a framework of new approaches for achieving scalable security in IP multicasting. Our solutions assure that newly joining members are not able to understand past group traffic and that leaving members may not follow future communication. For versatility, our framework supports a range of closely related schemes for key management, ranging from tightly centralized to fully distributed, and even allows switching between these schemes on-the-fly with low overhead. Operations have low complexity [O(log N) for joins or leaves], thus granting scalability even for very large groups. We also present a novel concurrency-enabling scheme, which was devised for fully distributed key management. In this paper, we discuss the requirements for secure multicasting, present our flexible system, and evaluate its properties based on the existing prototype implementation.

telecommunications,engineering, electrical & electronic

Xingfeng Guo,Xiaodong Liu,Qionghai Dai

DOI: https://doi.org/10.1109/ICME.2006.262752

2006-01-01

Abstract:The recent growth of the World Wide Web has sparked new research into using the Internet for novel types of group communication, like multiparty video-conferencing and real-time streaming. Multicast has the potential to be very useful, but it suffers from many problems like security. To achieve secure multicast communications, key management is one of the most critical problems. So far, a lot of multicast key management schemes have been proposed and most of them are centralized, which have the problem of "one point failure" and that the group controller is the bottleneck of the group. In order to solve these two problems, we propose a Decentralized Key Management Scheme (DKMS), using RSA key system as auxiliary keys. We analyze this scheme and find it has appropriate performance in security and scalability.

Gang Yao,Kui Ren,Feng Bao,Robert H. Deng,Dengguo Feng

DOI: https://doi.org/10.1007/978-3-540-45203-4_27

2003-01-01

Abstract:Mobile ad hoc networks offer convenient infrastructureless communications over the shared wireless channel. However, the nature of mobile ad hoc networks makes them vulnerable to security attacks, such as passive eavesdropping over the wireless channel and denial of service attacks by malicious nodes. To ensure the security, several cryptography protocols are implemented. Due to the resource scarcity in mobile ad hoc networks, the protocols must be communication efficient and need as less computational power as possible. Broadcast communication is an important operation for many application in mobile ad hoc networks. To securely broadcast a message, all the members in the network need share a group key so that they can use efficient symmetric encryption, such as DES and AES. Several group key management protocols have been proposed. However, not all of them are communication efficient when applied to mobile ad hoc networks. In this paper, we propose a hierarchical key agreement protocol that is communication efficient to mobile ad hoc networks. We also show how to manage the group efficiently in a mobile environment.

朱文涛,熊继平,李津生,洪佩琳,戴英侠

DOI: https://doi.org/10.3321/j.issn:1001-506X.2005.02.048

2005-01-01

Abstract:To provide communication confidentiality in multicasting applications, traffic data in secure multicast is encrypted with a session key known only by certificated group members. Whenever there is a change in the group membership, the session key must be updated dynamically. Key management is thus indicated as the sticking point in secure multicast research, and the proposed schemes can be mainly classified as flat ones and hierarchical ones. By incorporating the flat scheme with the hierarchical scheme, a hybrid scheme based on the Internet Group Management Protocol Version 3 is presented. The multicast group is divided into a couple of separate areas and thus not only the scalability problem but also the reliability problem involved in secure multicast is effectively solved. Based on this hybrid scheme, a novel key management algorithm based on time synchronization among the agents of those separate areas is proposed. Without any message exchanges between agents after the algorithm initialization, the agents periodically update the session key in a batch style, thus the communication cost of the entire system is observably lowered.

Shu-Quan Li,Yue Wu,Da-Yong Zhu,Jia Chen

DOI: https://doi.org/10.1109/ICACIA.2009.5361101

2009-01-01

Abstract:With the development of the Internet, Multicast applications are deployed for mainstream use, IP multicasting is critical technology in those applications. The absence of security mechanism has limited the use of multicast. In order to protect communication confidentiality, Traffic in secure multicast is encrypted with a Session Encryption Key which is only to the certificated group members. Key management become essential issue for IP multicast. The aim of key management for multicast is for group members in one multicast session to generate, refresh and transfer keys which are used for encryption and authentication. In this paper, we review some typical schemes and propose a new key management scheme for large and dynamic multicast group. It is shown our scheme is very efficient and scalable to large multicast groups.

Sandro Rafaeli,David Hutchison

DOI: https://doi.org/10.1145/937503.937506

IF: 16.6

2003-09-01

ACM Computing Surveys

Abstract:Group communication can benefit from IP multicast to achieve scalable exchange of messages. However, there is a challenge of effectively controlling access to the transmitted data. IP multicast by itself does not provide any mechanisms for preventing nongroup members to have access to the group communication. Although encryption can be used to protect messages exchanged among group members, distributing the cryptographic keys becomes an issue. Researchers have proposed several different approaches to group key management. These approaches can be divided into three main classes: centralized group key management protocols, decentralized architectures and distributed key management protocols. The three classes are described here and an insight given to their features and goals. The area of group key management is then surveyed and proposed solutions are classified according to those characteristics.

computer science, theory & methods

Zhe Xia,Yu Yang,Fuyou Miao

DOI: https://doi.org/10.1049/ise2.12085

2022-01-01

IET Information Security

Abstract:To ensure private message exchange among the group members, it is desirable to construct secure and efficient group key management schemes. Moreover, these schemes are more versatile if they could support dynamic join or leave of group members. In IET Information Security 2014, Vijayakumar et al. have introduced such a group key management scheme with lightweight overheads in both computation and communication. And this scheme has been used as a building block in many cryptographic protocols afterwards. In this paper, the authors demonstrate that Vijayakumar's scheme suffers some potential security weaknesses. First, after participating in the group communications for some sessions, a group member may still be able to obtain the group key after it leaves the group, and this violates the claimed security property of forward secrecy. Second, some colluding group members may derive another group member's long term secret key, and obviously, this has more serious consequences. One of the main reasons for the existence of these attacks is that the security analyses in Vijayakumar's scheme are informal and they cannot cover the dynamic environment. To address this issue, the authors' suggestion is that heuristic arguments of security are not adequate in the design of cryptographic protocols, but formal security definitions and proofs are required.

Qiya Chen,Fuyou Miao

DOI: https://doi.org/10.1109/bigcom57025.2022.00024

2022-01-01

Abstract:Multicast communication is an efficient communication mode in computer networks, where a specific controller sends messages to several receivers. In multicast communication, the key of protecting the session key from being leaked is to construct an efficient and secure key management scheme. In addition, multicast communication takes place in the dynamic environment, that is, group members frequently join or leave, so the scheme needs to satisfy the forward/backward secrecy. In most schemes, it is often difficult to balance between security and efficiency. This paper proposes a centralized group key management scheme, where the session key can be computed by one modular operation for any receiver. Compared with previous schemes, any receiver can verify whether the session key comes from the key centre, and our scheme has lower communication complexity.

Liu Zhiyuan,Fu Yalong

DOI: https://doi.org/10.3969/j.issn.1000-386x.2013.09.249

2013-01-01

Abstract:For the distributed collaborative applications deployed in an open network environment,in some circumstances the users participating in the application may join or leave a group consisting of multi-user at any time,such dynamic nature of membership leads to higher requirements and challenges in security of group communication system for collaborative applications in distributed network environment. Based on identity cryptography mechanism and threshold cryptography,a new secure distributed group key management scheme is proposed. The presented scheme can strongly resist active attacks and the coalition attacks from malicious adversaries,and with the features of robustness and adaptiveness.

Guojun Wang,Jie Ouyang,Hsiao-Hwa Chen,Minyi Guo

DOI: https://doi.org/10.1016/j.comcom.2007.04.019

IF: 5.047

2007-01-01

Computer Communications

Abstract:Multi-privileged group communications containing multiple data streams have been studied in the traditional wired network environment and the Internet. With the rapid development of mobile and wireless networks and in particular mobile ad-hoc networks (MANETs), the traditional Internet has been integrated with mobile and wireless networks to form the mobile Internet. The multi-privileged group communications can be applied to the mobile Internet. Group users can subscribe to different data streams according to their interest and have multiple access privileges with the support of multi-privileged group communications. Security is relatively easy to be guaranteed in traditional groups where all group members have the same privilege. On the other hand, security has been a challenging issue and is very difficult to handle in multi-privileged groups. In this paper, we first introduce some existing rekeying schemes for secure multi-privileged group communications and analyze their advantages and disadvantages. Then, we propose an efficient group key management scheme called ID-based Hierarchical Key Graph Scheme (IDHKGS) for secure multi-privileged group communications. The proposed scheme employs a key graph, on which each node is assigned a unique ID according to access relations between nodes. When a user joins/leaves the group or changes its access privileges, other users in the group can deduce the new keys using one-way function by themselves according to the ID of joining/leaving/changing node on the graph, and thus the proposed scheme can greatly reduce the rekeying overhead.

José Antonio Alvarez-Bermejo,Juan Antonio Lopez-Ramos,Joachim Rosenthal,Davide Schipani

DOI: https://doi.org/10.1080/09720529.2016.1190563

2017-11-17

Journal of Discrete Mathematical Sciences and Cryptography

Abstract:In this paper we propose a new protocol for Group Key Management. The protocol is based on the use of orthogonal systems in vector spaces. The main advantage in comparison to other existing multicast key management protocols consists in small communications overheads, i.e. length and number of messages to be sent, as well as key storage, especially with respect to a comparable security level. This makes the protocol especially attractive when the number of legitimate receivers is large.

Muhammad Yasir Malik

DOI: https://doi.org/10.48550/arXiv.1211.3502

2012-11-15

Abstract:Key management in multicast dynamic groups, where users can leave or join at their ease is one of the most crucial and essential part of secure communication. Various efficient management strategies have been proposed during last decade that aim to decrease encryption costs and transmission overheads. In this report, two different types of key management schemes are proposed. First proposed scheme is based on One-way function tree (OFT). The proposed scheme fulfills the security gaps that have been pointed out in recent years. Second proposed scheme is based on logical key hierarchy (LKH). This proposed scheme provides better performance for, rather inflexible and expensive, LKH scheme.

Cryptography and Security,Networking and Internet Architecture

Keju Meng,Fuyou Miao,Yue Yu

DOI: https://doi.org/10.1007/s10623-018-0554-6

2018-01-01

Abstract:Nowadays, group communications are getting more and more popular. In order to secure the communication, all participating users need to share a common group key in advance. The paper proposes a secure and efficient group key distribution protocol based on Shamir’s secret sharing scheme. In the protocol, (1) each user only needs to send registration message in privacy, while all the other messages can be transported in public. Meanwhile, (2) the scheme supports authentication for group keys without any assumption of hard mathematics problem. Moreover, (3) the protocol introduces the notion of on-line/off-line into group key distribution and thus the speeds of group key response and recovery are greatly improved. Analyses show that our scheme is resistant to passive attack, impersonation attack and reply attack.

XY Li,Y Wang,O Frieder

DOI: https://doi.org/10.1109/icccn.2002.1043099

2002-01-01

Abstract:Secure and efficient communication among a set of mobile nodes is one of the most important aspects in ad-hoc wireless networks. To ensure the security, several cryptography protocols must be implemented. Due to the resource scarcity in wireless networks, the protocols must be communication efficient and need as less computational power as possible. To secure the group broadcasting in wireless networks, often a group key is needed so that efficient conventional encryption, such as DES and AES, can be used. Several group key management protocols have been proposed. However, not all of them are communication efficient when applied to wireless ad-hoc networks. In this paper, we propose a key agreement protocol that is communication efficient by using connected dominating set concept to set up subgroups among all wireless nodes. We also show how to manage the group efficiently in a mobile environment.

Hung-Min Sun,Chien-Ming Chen,Feng-Ying Chu

DOI: https://doi.org/10.1109/iscc.2007.4381607

2007-01-01

Abstract:To support secure group communications in resource-constrained wireless sensor networks, we propose an efficient and scalable key management protocol which only uses symmetric cryptographic algorithms and low cost operations. Our protocol can achieve current, forward and backward secrecy. Furthermore, for scalability, the communication and computation cost for master key renewing can be confined to the affected cluster. Our protocol provides better efficiency and is more suitable than the previous master key management protocols for wireless sensor networks.

Gao Liu,Hao Li,Ning Wang,Tao Xiang,Yining Liu

DOI: https://doi.org/10.1109/tdsc.2024.3359240

2024-01-01

IEEE Transactions on Dependable and Secure Computing

Abstract:Group-based content push can be widely applied in integrated networks, where group key management is crucial for the push's security. Existing group key management methods mainly include symmetric group key agreement, broadcast encryption, asymmetric group key agreement, and attribute-based encryption. However, most of them do not consider user equipment (UE) identity privacy and unlinkability, cannot support flexibility and efficiency due to each UE maintaining group keys, and lack the trustworthiness of UE and group key management, which hinders the widespread adoption of group-based content push in trustless environments like integrated networks. In this paper, we investigate a novel decentralized group key management (DeGKM) scheme for group-based content push in integrated networks, where different operators manage pseudonyms and group keys across domains in a decentralized manner. In particular, our scheme adopts verifiable shuffling to establish a unified and trustworthy inter-domain pseudonym management approach that can preserve UE identity privacy and pseudonym unlinkability without relying on a trusted third party, and introduces a unified inter-domain group key management method based on Chinese remainder theorem and blockchain that significantly guarantees the flexibility, efficiency and trustworthiness. We formally prove the security of DeGKM and show its efficiency through simulations and comparisons with related works.

computer science, information systems, software engineering, hardware & architecture

Yao Zhang,Zhiming Zheng,Pawel Szalachowski,Qi Wang

DOI: https://doi.org/10.1002/sec.1570

IF: 1.968

2016-01-01

Security and Communication Networks

Abstract:The Internet keeps flourishing and enables unexpected possibilities to all aspects of individuals' life. Such distributed networking systems as wireless sensor networks and Internet of things are widely deployed. Yet, in the meantime secure group communication remains a challenging task in these environments. To address this challenge, this paper aims at lightweight group key establishment with strong security properties. We propose a broadcast encryption scheme based on one-way function trees and specify a dual-evolving approach for dynamic group-membership update. Then we complement the scheme by a content-protection protocol and further optimize the protocol in terms of communication efficiency. As with our analysis, our scheme can successfully prevent a key leakage attack, namely, collusion attack. Through our comprehensive evaluations, we confirm the effectiveness and the adequacy of our solution in distributed networking systems. Copyright © 2016 John Wiley & Sons, Ltd.

Shaohua Tang,Lingling Xu,Niu Liu,Xinyi Huang,Jintai Ding,Zhiming Yang

DOI: https://doi.org/10.1109/tpds.2013.2297917

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Secure group communication systems have become increasingly important for many emerging network applications. An efficient and robust group key management approach is indispensable to a secure group communication system. Motivated by the theory of hyper-sphere, this paper presents a new group key management approach with a group controller (GC). In our new design, a hyper-sphere is constructed for a group and each member in the group corresponds to a point on the hyper-sphere, which is called the member's private point. The GC computes the central point of the hyper-sphere, intuitively, whose "distance" from each member's private point is identical. The central point is published such that each member can compute a common group key, using a function by taking each member's private point and the central point of the hyper-sphere as the input. This approach is provably secure under the pseudo-random function (PRF) assumption. Compared with other similar schemes, by both theoretical analysis and experiments, our scheme (1) has significantly reduced memory and computation load for each group member; (2) can efficiently deal with massive membership change with only two re-keying messages, i.e., the central point of the hyper-sphere and a random number; and (3) is efficient and very scalable for large-size groups.