Shaohua Tang,Lingling Xu,Niu Liu,Xinyi Huang,Jintai Ding,Zhiming Yang

DOI: https://doi.org/10.1109/tpds.2013.2297917

IF: 5.3

2014-01-01

IEEE Transactions on Parallel and Distributed Systems

Abstract:Secure group communication systems have become increasingly important for many emerging network applications. An efficient and robust group key management approach is indispensable to a secure group communication system. Motivated by the theory of hyper-sphere, this paper presents a new group key management approach with a group controller (GC). In our new design, a hyper-sphere is constructed for a group and each member in the group corresponds to a point on the hyper-sphere, which is called the member's private point. The GC computes the central point of the hyper-sphere, intuitively, whose "distance" from each member's private point is identical. The central point is published such that each member can compute a common group key, using a function by taking each member's private point and the central point of the hyper-sphere as the input. This approach is provably secure under the pseudo-random function (PRF) assumption. Compared with other similar schemes, by both theoretical analysis and experiments, our scheme (1) has significantly reduced memory and computation load for each group member; (2) can efficiently deal with massive membership change with only two re-keying messages, i.e., the central point of the hyper-sphere and a random number; and (3) is efficient and very scalable for large-size groups.

Qi Cheng,Zhuo Zhao,Chingfang Hsu,Maoyuan Zhang,Qing Yang,Di Wu

DOI: https://doi.org/10.1155/2021/7703466

IF: 1.43

2021-01-01

Mathematical Problems in Engineering

Abstract:Although nowadays lots of group key agreement schemes have been presented, most of these protocols generate a secret key for a single group. However, in the IoT HCS, more and more communications are involved in multiple groups and users can join multiple groups to communicate at the same time. Therefore, applying the conventional public-key-based one-at-a-time group key establishment protocols has heavy computational cost or suffer from security vulnerabilities. At the same time, in an IoT HCS, a trusted KGC is usually not available and so more flexible self-organized multigroup keys generation will be desired by all group members. In order to address this issue, a practical scheme for efficient and flexible KGC-free polynomial-based multigroup key establishments for IoT HCS is proposed. The proposed protocol can generate multiple group keys for all group members at once, instead of generating one key each time for a single group; more importantly, there is no need for a trusted KGC in the process of group keys establishment and each user can join multiple groups at the same time using only one reserved share. Meanwhile, the security of the proposed protocol is discussed in detail. Finally, we compare this protocol with the latest related group key distribution protocols in performance analysis. The results show that this efficient and flexible KGC-free polynomial-based multiple group keys establishment protocol is more suitable for practical group key agreement in IoT HCS.

GE Li-na,TANG Shao-hua

DOI: https://doi.org/10.3969/j.issn.1002-137X.2009.11.024

2009-01-01

Computer Science

Abstract:Many emerging applications are based upon a group communications model.A new group key management scheme for a secure group communication system based on a geometric approach was proposed.The proposed scheme can be divided into three phases:user registration,group key assignment,and group key computation.In the user registration phase,the group manager computes and gives a secret to the new user based on geometric approaches over a secure channel.In the group key assignment phase,the group manager first constructs a secret circle using the group key.Then it computes a shadow of the group key for each member based on the member's private key.Finally,each member obtains an additional secret point based on his private key.The member reconstructs the secret circle by its shadow and the public information,and then obtains the group key in the group key computation phase.Based on simple scheme of group key management,a binary tree of keys is set up to redesign the scheme and demonstrate it.The computation complexity for rekeying decreases from O(m) to O(log(m)).The public information on the note board keeps the same.No a secure channel is needed when the group key is updated.So this scheme is scalable.

Ruixue Sun,Zhiguo Shi,Rongxing Lu,Jian Qiao,Xuemin (Sherman) Shen

DOI: https://doi.org/10.1109/WCSP.2012.6542795

2012-01-01

Abstract:The 60 GHz ultra-high-speed Wireless Personal Area Network (WPAN) has received considerable attention in recent years. Information security, which ensures secure communication within the network, is of particular importance. In this paper, we propose an efficient lightweight key management scheme for 60 GHz WPAN, which deploys secure encryption algorithms and one-way hash function to achieve efficient key exchange and updating managements. Detailed security analysis has shown its security provisions. In addition, performance evaluation is also provided to demonstrate its efficiency in terms of session key distribution and group key updating.

Jintai Ding,Yujun Liang,Shaohua Tang,Guangdong Yang

2009-01-01

Abstract:There is disclosed a group key management access based on linear geometry. The access comprises the following steps: Step 1: a group controller selects a mapping f and a finite field F out; each group member selects an m-dimensional private vector over the finite field F, and sends it over a secure channel to the group controller; Step 2: the group controller selects a mapping parameter in the finite field F randomly and forms the private vectors of all group members using the mapping f in accordance with the imaging parameters on a new set of vectors from; Step 3: the group controller selects a random number k in the finite field F as a group key, and constructed using the new set of vectors and the group key, a linear system of equations; the group controller calculates the central vector and sends the central vector and the imaging parameters via an open channel to all group members; Step 4: after the group members have received the central vector and the imaging parameters, the private vector is ready to each group member in accordance with the imaging parameters on a new vector in a vector space, wherein the group key by calculating the inner product of the new vector and the central vector is obtained. The invention requires a small memory and less calculation, has the property of high security and is effective against crowbar attack.

Guojun Wang,Jie Ouyang,Hsiao-Hwa Chen,Minyi Guo

DOI: https://doi.org/10.1016/j.comcom.2007.04.019

IF: 5.047

2007-01-01

Computer Communications

Abstract:Multi-privileged group communications containing multiple data streams have been studied in the traditional wired network environment and the Internet. With the rapid development of mobile and wireless networks and in particular mobile ad-hoc networks (MANETs), the traditional Internet has been integrated with mobile and wireless networks to form the mobile Internet. The multi-privileged group communications can be applied to the mobile Internet. Group users can subscribe to different data streams according to their interest and have multiple access privileges with the support of multi-privileged group communications. Security is relatively easy to be guaranteed in traditional groups where all group members have the same privilege. On the other hand, security has been a challenging issue and is very difficult to handle in multi-privileged groups. In this paper, we first introduce some existing rekeying schemes for secure multi-privileged group communications and analyze their advantages and disadvantages. Then, we propose an efficient group key management scheme called ID-based Hierarchical Key Graph Scheme (IDHKGS) for secure multi-privileged group communications. The proposed scheme employs a key graph, on which each node is assigned a unique ID according to access relations between nodes. When a user joins/leaves the group or changes its access privileges, other users in the group can deduce the new keys using one-way function by themselves according to the ID of joining/leaving/changing node on the graph, and thus the proposed scheme can greatly reduce the rekeying overhead.

YJ Wang,JH Li,L Tie,Q Li

DOI: https://doi.org/10.1109/dnsr.2004.1344721

2004-01-01

Abstract:Key management for large dynamic groups is a difficult problem because of scalability and security. The SKDC (simple key distribution center) method is very weak in scalability. The logical key hierarchy (LKH) algorithm proposed in 1997 has greatly improved scalability for key management in large dynamic groups. In 1998, the one-way-function tree (OFT) method appeared to obtain more efficiency than LKH. But the OFT method has security breaches in collusion attacks. We present a new method which is more efficient than OFT and resistant to collusion attacks.

Xiaojun Tong,Jie Liu,Zhu Wang,Miao Zhang,Hong Chen,Jing Ma

DOI: https://doi.org/10.1002/sat.1415

2021-01-01

International Journal of Satellite Communications and Networking

Abstract:SummarySpace key management schemes play a critical role in space information network security services. However, the existing space key management schemes are inefficient. To overcome these problems, this paper proposed a cluster group key management scheme, in which the space nodes are divided into different clusters. The ground control center (GCC) is used as a private key generation center. The threshold technique based on low‐density parity‐check code (LDPC) is used in the group key management of the cluster‐heads. The key escrow is transferred to GCC, which is a compromise of efficiency and security. The logical key hierarchy is used to manage the group key of the cluster. Furthermore, the bilinear paring‐based cryptosystem is employed to provide the identification. The formalized security proof of the protocol using the Extended Canetti–Krawczyk (ECK) model is introduced to prove the authentication and security. The consistency, forward secrecy, backward secrecy, ability to against the collusion attack and performance are analyzed and simulated. The result shows that the proposed scheme takes lower storage cost and computational cost.

Rongxing Lu,Xiaodong Lin,Haojin Zhu,Pin-Han Ho,Xuemin (Sherman) Shen,Zhenfu Cao

DOI: https://doi.org/10.1109/wcnc.2008.566

2008-01-01

Abstract:To achieve secure group communications, it is critical to develop a secure group key management strategy to guarantee security of the group keys. In this paper, based on the forward security and secret sharing techniques, we propose a new dynamic group key management scheme to minimize the rekeying cost. The forward security technique reduces the rekeying operations in joining event, while the secret sharing technique ensures the scalability in leaving event. In addition, the proposed scheme can provide anonymous authentication as well as forward and backward confidentiality. Theoretical analysis also confirms the efficiency of the proposed scheme.

Shaohua Tang,Jintai Ding,Yvjun Liang

2012-01-01

Abstract:The present invention discloses a graded group key management method based on line geometry, which comprises the following steps: step 1. a central controller selects a finite field F, a mapping F and a constant for the use of groups and a N-dimension private vector for each sub-group; step 2. the central controller selects a mapping parameter r and maps the private vectors into a group of new vectors in a vector space; step 3. the central controller selects a sub-group key for each sub-group, constructs n linear equations and solves the linear equations, wherein the solutions of the linear equations are public vectors and n groups of public vectors form a public matrix; and the central controller further sends the public matrix and the mapping parameter r to all sub-group controllers viaa public channel broadcast or multicast; and step 4. the sub-group controllers calculate confidential vector thereof and carry out a linear conversion on the confidential vector and the public matrixto obtain a group of key vectors. The graded group key management method is simple and flexible and is capable of avoiding violent attacks.

Zhe Xia,Yu Yang,Fuyou Miao

DOI: https://doi.org/10.1049/ise2.12085

2022-01-01

IET Information Security

Abstract:To ensure private message exchange among the group members, it is desirable to construct secure and efficient group key management schemes. Moreover, these schemes are more versatile if they could support dynamic join or leave of group members. In IET Information Security 2014, Vijayakumar et al. have introduced such a group key management scheme with lightweight overheads in both computation and communication. And this scheme has been used as a building block in many cryptographic protocols afterwards. In this paper, the authors demonstrate that Vijayakumar's scheme suffers some potential security weaknesses. First, after participating in the group communications for some sessions, a group member may still be able to obtain the group key after it leaves the group, and this violates the claimed security property of forward secrecy. Second, some colluding group members may derive another group member's long term secret key, and obviously, this has more serious consequences. One of the main reasons for the existence of these attacks is that the security analyses in Vijayakumar's scheme are informal and they cannot cover the dynamic environment. To address this issue, the authors' suggestion is that heuristic arguments of security are not adequate in the design of cryptographic protocols, but formal security definitions and proofs are required.

Shu-Quan Li,Yue Wu,Da-Yong Zhu,Jia Chen

DOI: https://doi.org/10.1109/ICACIA.2009.5361101

2009-01-01

Abstract:With the development of the Internet, Multicast applications are deployed for mainstream use, IP multicasting is critical technology in those applications. The absence of security mechanism has limited the use of multicast. In order to protect communication confidentiality, Traffic in secure multicast is encrypted with a Session Encryption Key which is only to the certificated group members. Key management become essential issue for IP multicast. The aim of key management for multicast is for group members in one multicast session to generate, refresh and transfer keys which are used for encryption and authentication. In this paper, we review some typical schemes and propose a new key management scheme for large and dynamic multicast group. It is shown our scheme is very efficient and scalable to large multicast groups.

Yajie Yun,Fuyou Miao,Zonghao Xu

DOI: https://doi.org/10.1145/3644523.3644633

2024-01-01

Abstract:With the emergence of diversifie services that cater to groups, efficient and secure distribution schemes for group keys are playing an increasingly important role in group communication technology. Among them, the schemes based on the Chinese Remainder Theorem (CRT) provide a more lightweight solution in terms of structure and efficiency. The existing group key management schemes, however, are not based on known hard problems and lack provable security analysis to demonstrate their security, causing potential security vulnerability. In this paper, we propose a novel provably secure master-key-encryption-based group key management (MKE-GKM) scheme based on Discrete Logarithm Problems. The MKE-GKM scheme utilizes asymmetric keys, a master encryption key, and a corresponding set of decryption keys, which are bound together by the master encryption key generation algorithm and used for the efficient distribution of the group key. Furthermore, in addition to the construction of the scheme, we also provided its provable security analysis, based on the discrete logarithm problem (DLP). The analysis indicates that the MKE-GKM scheme is provably secure and has higher communication efficiency when compared with the existing schemes with equivalent security.

Hung-Min Sun,Shuai-Min Chen,Ying-Chu Hsiao,Yue-Hsun Lin,Frank Chee-Da Tsai

2007-01-01

Abstract:The Relay Task Group of IEEE 802.16 has developed IEEE 802.16j which supports mobile multi-hop relay (MMR). MMR utilizes relay stations (RS) to extend network capability. Since attacks are easy to mount in wireless interface between RSs and BS, security issues seem to be more important. This paper proposes a group key management scheme that agrees with the Security Zone Key (SZK) specified in IEEE 802.16j. The scheme has two features. First, the re-keying mechanism is efficient lightweight. Second, the scheme is flexible to allow new RSs to join the group.

M. Waldvogel,G. Caronni,Dan Sun,N. Weiler,B. Plattner

DOI: https://doi.org/10.1109/49.790485

IF: 16.4

1999-01-01

IEEE Journal on Selected Areas in Communications

Abstract:Middleware supporting secure applications in a distributed environment faces several challenges. Scalable security in the context of multicasting or broadcasting is especially hard when privacy and authenticity is to be assured to highly dynamic groups where the application allows participants to join and leave at any time. Unicast security is well-known and has widely advanced into production state. But proposals for multicast security solutions that have been published so far are complex, often require trust in network components, or are inefficient. In this paper, we propose a framework of new approaches for achieving scalable security in IP multicasting. Our solutions assure that newly joining members are not able to understand past group traffic and that leaving members may not follow future communication. For versatility, our framework supports a range of closely related schemes for key management, ranging from tightly centralized to fully distributed, and even allows switching between these schemes on-the-fly with low overhead. Operations have low complexity [O(log N) for joins or leaves], thus granting scalability even for very large groups. We also present a novel concurrency-enabling scheme, which was devised for fully distributed key management. In this paper, we discuss the requirements for secure multicasting, present our flexible system, and evaluate its properties based on the existing prototype implementation.

telecommunications,engineering, electrical & electronic

Jie Liu,Xiaojun Tong,Zhu Wang,Miao Zhang,Jing Ma

DOI: https://doi.org/10.1109/access.2020.2976753

IF: 3.9

2020-01-01

IEEE Access

Abstract:Constrained by the limited resource, high-latency and high bit error rate, the existing group key management schemes for the space network are inefficient. To solve this problem, we proposed a centralized and identity-based key management scheme by using McEliece public-key cryptosystem (PKC). In this scheme, the node identity is used as the parameter to generate the public key. Therefore, the authentication can be embedded into the verification of the public key without needing the PKI. The group key is distributed with the protection of the public key so that the group key management scheme can be implemented safely. Furthermore, the McEliece public-key cryptosystem can resist the quantum attack and provide error correction capacity. It improves the efficiency of the group key distribution over the noisy channel. The proposed key management scheme is simulated on OPNET. The security of public-key generation, forward secrecy, backward secrecy and performance are analyzed. The results show that our scheme can provide confidentiality, integrity, authentication, non-repudiation, failure tolerance and error correction. In addition, the computation overhead and rounds of interaction are lower than former work.

Xukai Zou,Yuan-Shun Dai,Xiang Ran

DOI: https://doi.org/10.1016/j.future.2006.12.004

IF: 7.307

2007-01-01

Future Generation Computer Systems

Abstract:Grid computing is a newly developed technology for complex systems with large-scale resource sharing and multi-institutional collaboration. The prominent feature of grid computing is the collaboration of multiple entities to perform collaborative tasks that rely on two fundamental functions: communication and resource sharing. Since the Internet is not security-oriented by design, there exist various attacks, in particular malicious internal and external users. Securing grid communication and controlling access to shared resources in a fine-tuned manner are important issues for grid services. This paper proposes an elegant Dual-Level Key Management (DLKM) mechanism using an innovative concept/construction of Access Control Polynomial (ACP) and one-way functions. The first level provides a flexible and secure group communication technology while the second level offers hierarchical access control. Complexity analysis and Simulation demonstrate the efficiency and effectiveness of the proposed DLKM in both computational grid and data grid. An example is illustrated.

Liu Zhiyuan,Fu Yalong

DOI: https://doi.org/10.3969/j.issn.1000-386x.2013.09.249

2013-01-01

Abstract:For the distributed collaborative applications deployed in an open network environment,in some circumstances the users participating in the application may join or leave a group consisting of multi-user at any time,such dynamic nature of membership leads to higher requirements and challenges in security of group communication system for collaborative applications in distributed network environment. Based on identity cryptography mechanism and threshold cryptography,a new secure distributed group key management scheme is proposed. The presented scheme can strongly resist active attacks and the coalition attacks from malicious adversaries,and with the features of robustness and adaptiveness.

Ruidong Li,Jie Li,Hisao Kameda

DOI: https://doi.org/10.1007/11534310_58

2005-01-01

Abstract:Hierarchical access control to ensure multiple levels of access privilege for group members is required in many environments, such as hierarchically managed organizations and multimedia applications. In this paper, to efficiently and effectively achieve this goal, we propose a distributed key management scheme whereby each SG (Service Group) maintains an SG server. This server is utilized to manage the key tree and provide the related session keys for all the users in this SG. Compared with the already existing method employing an integrated key graph to the hierarchical access control problem, there is no complex merging key tree algorithm needed in the proposed scheme, and thus the communication overhead can be greatly reduced. Also the trust and communication burden on one centralized server, KDC (Key Distribution Center), is scattered, and thus better scalability when the number of users increases can be achieved.

Sandro Rafaeli,David Hutchison

DOI: https://doi.org/10.1145/937503.937506

IF: 16.6

2003-09-01

ACM Computing Surveys

Abstract:Group communication can benefit from IP multicast to achieve scalable exchange of messages. However, there is a challenge of effectively controlling access to the transmitted data. IP multicast by itself does not provide any mechanisms for preventing nongroup members to have access to the group communication. Although encryption can be used to protect messages exchanged among group members, distributing the cryptographic keys becomes an issue. Researchers have proposed several different approaches to group key management. These approaches can be divided into three main classes: centralized group key management protocols, decentralized architectures and distributed key management protocols. The three classes are described here and an insight given to their features and goals. The area of group key management is then surveyed and proposed solutions are classified according to those characteristics.

computer science, theory & methods