Efficient Re Keying Mechanism For Dynamic Multicast Groups

Published Date: 02 Nov 2017

Abstract: Multicast refers to the transmissions of any kind of information form source to destination or many sources to destinations. For any multicast group communication, providing security is one of the main issues to be considered. In this multicast group communication, we have to provide an efficient key generation for join/leave or simultaneous join/leave. In this, providing security is very important for transmission to data to be more secured, we should also consider key management. When, any member in the group joins/leaves the group, re-keying is necessary at that point of time. There are many solutions proposed to handle the key in the groups. The key distribution and re-keying is done by the group controller in the group and this can be achieved by the conventional encryption algorithms. In this paper, we propose a new group key management protocol for multicast groups which provides Scalability and reduces the computational complexity.

Key words:

Multicast, Key distribution, Re-keying, Scalable Group Key Management protocol, Scalability.

Introduction:

Multicast refers to sending of messages to different destinations which is originated from the single source. Now-a-days, Multicast applications have greatly influenced our life along the growth of the internet. Examples like video conferencing, e-learning, TV over Internet, interactive gaming. This communication technology uses ICMP (Internet Control Message Protocol) for group membership that allows members to join the group and receive content freely. As a result, open group membership by ICMP leads to eavesdropping. In order to avoid this threat, group key management has been proposed. Group key is a key that is shared by all group members and the sender for encrypting data by the sender and decrypting transmitted data by the group members. The advantage of using multicast is that: (i) Makes better utilization of bandwidth (ii) enables the desired applications for many users to provide better service without overloading a network and resources to the server, (iii) Reduces the effort of host/router processing for sending the same data to multiple servers.

In general, there are three types of multicast key management scheme; first one is centralized management in which group controller is responsible for the rekeying management of the group key and all assistant keys such as key encryption key (KEK), traffic encryption key(TEK). The second one is the distributed management, in which group key management controlled by the group members together without the influence of group controller. The last type is decentralized management, in which group key is managed between centralized and distributed type, the function of group controller is distributed to some other group controller.

The security requirements of secure multicast are forward secrecy and backward secrecy. Forward secrecy means that when a member leaves from group, he/she cannot access the current content successfully. Backward secrecy guarantees that when a member joins the group, he/she cannot access the data that was sent. Because of these requirements, group key needs to be updated every time when a member joins / leaves the group and they are distributed to the valid group members securely. This process is called group re-keying or re-keying in short. The research on multicast address authentication, confidentiality, and access control, among other areas, group key management is key component.

The latest and more efficient centralized group key management protocols are the Local key Hierarchy (LKH) protocols presented by wong et al and wallner et al. They reduces the re-key messages and encryption operations from O (n) to O (log n) when compared to Group key Management Protocol (GKMP) and Secure Lock, where n is the number of group members. However, they are still vulnerable to scalability issues when the group size goes up to millions of members and the re-key messages require strong security protection such as signature.

In this paper, we propose a new scheme i.e., scalable group key management protocol (SGKMP) based on the Chinese Remainder Theorem and a hierarchical graph. The hierarchical graph consists each node as a key and a modulus. The new protocol reduces the hashing operations from O (log n) to 1 when compared to LKH. By using hierarchy modulus graph, the length of the lock varies from O (n) to O (log n) when compared to the secure lock, which makes the length of the secure lock to be more scalable. We demonstrate that the new protocol has the better scalability through the comparison and performance testing.

Related work:

In the Code Key Calculation for simultaneous leave/ join (CKCS), when new member joins the group simultaneously, server sends only group key for those new members. Then they will calculate the necessary keys by node codes and one way hash function for the current members as well as new members. Node codes are random number which is assigned to each key to help the users for calculating the necessary keys for joining of new members. While leaving, the server should send new group key to remaining members. By using, this we can reduce the computational and communication overhead, and also message size in simultaneous join / leave. But, this protocol has some issues like providing security and vulnerable to scalability issues when there is simultaneous leave/ join.

LKH (Logical Key Hierarchy) is a basic method in secure multicast group rekeying. The LKH manages the group key with hierarchical structure called the key-tree. To provide backward and forward confidentiality, the shared key should be updated on every membership change and redistributed to all authorized members securely. When the group key needs to be changed, the cost of updating the group keys is proportional to the height of a node in the key-tree to be deleted or added. This scheme has little capability to control the shape of the key-tree, which means the efficiency of this scheme goes down as the time proceeds. This fatal problem in a commercial-based service in which the group is exists over a long period of time. To overcome this problem, we need to control the shape of key-tree structure in this scheme. This problem was overcome by improved LKH scheme. But it is vulnerable to scalable for large networks.

Several explorations have been done with group key distribution in large group with frequent membership changes. There are two types of key establishment protocols: key transfer protocols and key agreement protocols. Key transfer protocols rely on a mutually trusted key generation center (KGC) for selecting the session keys and the transport all session keys to all communicating entities secretly. Moreover, during registration, KGC encrypts the session keys under another secret key shared with each entity.

In key agreement protocols, all communicating entities are involved in determining session keys.

The most common key agreement protocol used in distributed group key management protocols is Diffie-Hellman (DH) key agreement protocol. Some of the examples, Bresson et al. constructed a generic authenticated group DH key exchange and the algorithm is probably secure. Katz and Yung proposed the first constant-round and fully scalable group DH protocol which is provably secure in the standard model. The main feature of the group DH key exchange is that to establish a secret group key among all group members without relying on mutually trusted KGC.

Proposed System:

In this paper, we are using protocol which is scalable to larger networks. The protocol which we are using is scalable group key management protocol (SGKMP). SGKMP is based on the following: the Chinese Remainder theorem and a hierarchical graph in which each node contains a key and modulus information. The protocol is designed for minimizing the re-key messages, bandwidth usage, encryption, and signature operations.

Chinese Remainder Theorem: Let m1, m2, ... mn be n positive integers, where they are pairwise relatively prime(i.e.,gcd(mi,mj)=1 for i!=j,1<=i,j<=n), R1,R2 …. Rn be any positive integers, and M= m1m2….mn. Then the set of linear congruence equations X≡R1 mod m1, ……X≡Rn mod mn have a unique solution as: X=Σ(i=1ton) RiMiyi mod M, where Mi= M/mi and yi=(Mi)’ mod mi.

In this new protocol, the keys and moduli are constructed as a tree and maintained by the server key. This tree graph is similar to the tree graph in the LKH protocol but each node of the tree in the new protocol is assigned two values: a key and a modulus.

TEK

m11 m12

K12

K11

K38

K37

K36

K35

K34

K33

K32

K31

K23

K21

K22

K24 m21 m22 m21 m22

m31 m32 m31 m32 m31 m32 m31 m32

U1 U2 U3 U4 U5 U6 U7

U8

Figure 1

Figure 1 depicts the key and modulus graph, where TEK is Traffic Encryption Key, kij is a key encryption key, and mij is a modulus.

Moduli Maintenance: The server key needs to store 2log2n moduli and each member needs to store log2n moduli but they do not need to keep the moduli secret. The sibling nodes in the tree graph are assigned with two different moduli (i.e., mi1 and mi2 where i is the depth of the tree) and the nodes in the different level of the tree are assigned with the different moduli but each has a pair of siblings at the same tree depth are assigned with the same two moduli under the different parents as show in the figure 1. This means there are only 2log2n different moduli in the tree graph, i.e., mij(1≤ i≤log2n, j=1,2) where i is the depth of the node in the tree, and the nodes(except the root node) on a path from a leaf to the root and its directly connected children should cover all moduli. For instance, in figure 1, for a path from u1 to the root, the moduli on the path include m11, m21, and m31, and the moduli on the direct children include m12, m22, and m32. In addition, all different moduli in the tree graph should be pairwise relatively prime (i.e., gcd(mij,mst)=1 for( i≠s or j≠t), and each modulus should be bigger than the key encryption value, i.e., mij>Ekil (kst ) where mij and kil belong to the same node and kst belongs to its parent node.

Key Maintenance: The key server needs to store 2n-1 keys, i.e., TEK and kij (1≤i≤log2n, 1≤j≤2i) where i is the depth of the node in the tree graph and j is the ordinal number of the node in the ith depth of the tree, and each member of a tree graph needs to store log2n+1 keys. The server key shares the keys with each member on the path from its leaf to the root. The keys on its path from the leaf to the root need to update in the protocol when a member joins or leaves the group but all moduli must be kept fixed. In order to update the keys on the tree graph, the key server should generate a new key for each update node and encrypts it with children keys on its path from the leaf to the root. For instance, the server key needs to generate a pair of new keys {TEK’,(Kil)’} to update {TEK, Kil) for the arrival of member ud (its leaf key is kwd, w=log2n) to the group, where 1≤i≤log2n-1 and l=[d/2log2n-i] which is the upper limit integer of d/2log2n-i, and encrypts the updated keys using the formula,

Where e= [d/2log2n-i-1] and v= [d/2log2n-1];

Kst = { Ekst(kil’) if i=log2n-1

Where s=log2n, t=2l-1 or 2l

Ekst (kil’) if 1≤i≤log2n-1, t≠e

Where s=i+1, t=2l if e=2l-1

Ek’st(kil’) if 1≤i≤log2n-1, t=e where s=i+1

Ekst(TEK’) if t ≠v, where s=1, t=2 if v=1

Otherwise t=1

Ekst(TEK’) if t=v, where s=1

The server key then calculates a lock L as follows and multicasts the lock with the indices of keys (i.e., st in the following formula) to all valid members in the group.

L=Σ(s=1 to log2n) Σ (t=z to z+1) KstMsjY(sj) mod M

where z={ [d/2logn-s] if [d/2logn-s] is odd

[d/2logn-s] otherwise

j= {1 if t≡ 1 mod 2

2, otherwise

M= π (s=1 to log2n) π (j=1 to2) msj , Msj= M/msj and ysj= Msj’ mod msj.

Each member decrypts the updated traffic encryption key (TEK) and related key encryption keys based on their own moduli and keys.

For the departure of member ud from the group, the process is as same as the above except calculating Kwd(i.e., Kwd=0)

Let us see with the following example for the re=key process in figure 1, where the member u8 requests to join the group. The server key generates new keys {TEK’, K12’, K24’} to update {TEK, K12, K24} and does the following encryption:

K38= Ek38(K24’), K37= Ek37(K24’), K24= E(K24)’(K12’), K23= Ek23(K12’),

K12= E(k12)’(TEK’), K11=Ek11(TEK’).

The server key then calculates a lock as:

L=K38M32y(32)+K37M31y(31)+K24M22y(22)+K23M21y(21)+K12M12y(12)+K11M11y(11) mod m.

Where M= m11m12m21m22m31m32, Mij= M/mij, yij=Mij’ mod mij.

In the protocol, we can see that the server key uses the same modulus (M) and parameters (Mij,yij) to calculate the lock for any re-key process but the key encryption value (i.e., Kst) for calculating the lock are changed based on the re-key requested by the different members. This means the server key can pre-calculate the modulus (M) and parameters (Mij, yij) to be used for later re-key processing steps and only needs to calculate them once for a fixed tree graph.