The Optimal Cluster Hierarchical Tree

Published Date: 02 Nov 2017

The rapid increase in the downloading of information, games, chatting, and audio/video conferencing from the Internet demands an effective communication and secured information exchange between different networks among one to many or many to many members. The Secure Group Communication (SGC) may be achieved by the transfer of messages / data between the sender and receiver endowed with the confidentiality by encrypting the message with a common Secure Group Key (SGK) known to all members in the group. Since the group is dynamic in nature, the group key must be renewed and distributed to the members without affecting the communication among the existing members. Security for a collaborative group is governed by membership control, authentication, access control and key management. The Key Management is a technique for handling a set of keys, used to access among authorized parties by maintaining an amicable relationship between them in order to prevent from active and passive attacks.

In group dynamics, it is mandatory to change the keys for the multicast group members for the following three reasons

A departed or evicted member should not be allowed to receive any further messages intended for the group. This is referred as ensuring forward secrecy

The previous transactions should not be disclosed to a newly joined member. This is referred as ensuring backward secrecy and

Even though there is no join or leave, keys are to be periodically refreshed

The process of preserving the backward and forward secrecy by updating the group key when the group is dynamic is known as Group Rekeying.

The broad categories of group key management are as follows:

Centralized key Management

Distributed key Management and

Decentralized key Management

The centralized key Management approach [1] uses a single server which is responsible for the generation, distribution and the renewal of the group key. The entire group will be affected when it suffers from the "1 affects n" phenomenon or single point of failure. In distributed Key Management approach [1], there is no group controller to form a key but the group key is either generated in a contributory fashion or generated by any one of the members and it is fault-tolerance. But the processing time and communication requirements get increased linearly (Yi, 2005; Sundaram Sudha et al., 2009) in terms of the number of members, and key distribution is also hectic. In decentralized Key Management [1] , a large group is split into small subgroups and the subgroup controllers are managing each subgroup by minimizing the problem of heaping the work on a single location. The above discussed three approaches have their own pros and cons, depending on the applications in which they are used and any one of the approaches can be selected in accordance with the application. In order to handle the larger groups and avoid single point of failure, the decentralized architecture is preferred over others.

The proposed architecture overcomes the certain problems faced by the following decentralized protocols. The IGKMP (Thomas Hardjono et al., 2000) has a common group key for the whole group and in IOLUS (Suro Mittra ., 1997) the GSA will become bottleneck whenever the group data is sent from one subgroup to another. In KRONOS (Sanjeev Setia et al., 2000) the new group key will be formed after certain period irrespective of the group membership and also it generates the new key based on the previous one. Here, the server’s clocks must perfectly be synchronized to exchange the keys exactly at the same time. In HYDRA (Rafaeli., 2002) a longer time is needed to rekey the whole group after a membership change occurs.

In order to handle the large group of members in wired/wireless environment, the whole group is divided into so many subgroups using Divide-and-Conquer algorithm [2]. Here the group of ‘N’ members is divided into clusters with size M, where N = Ma and ‘a’ is the degree of the tree. The Figure 1 shows the Optimal Cluster Hierarchical Tree (OCHT) with degree 2 and 8 cluster controllers to handle maximum of 64 members. To obtain an optimal tree, there are [N/M] clusters with the height of . Each subgroup is headed by a Cluster Controller (CC) and all CCs will be controlled by a head called Cluster Controller Head (CCH). The distances between the member to CC and CC to CCH is one hop or multi hop, if the depth of the tree is increased.

Figure 1 Optimal Cluster Hierarchical Tree (OCHT)

2 MOTIVATION AND CONTRIBUTION

In the current scenario, the applications involving key management for SGC such as TV pay channel, Military, Mobile, Collaborative work and Stock quote are more attractive. To achieve SGC, the constraints such as providing authentication, confidentiality and integrity of messages delivered among the members need to be addressed. In addition to them, other aspects to be considered are that the method by which group key is formed; key distribution, the numbers of keys held by each and every member, if the group becomes dynamic, the number of rekey messages is needed to update the group key and the time needed for rekeying. In wireless environment, the issues such as clustering, mobility management, and energy consumption [3] in a critical networking are also to be considered.

An optimal hierarchical key tree has to be designed so as to achieve scalability, reliability, and cost effectiveness. In order to achieve confidentiality and integrity, the messages have to be encrypted and sent to the receiver. The sender is encrypting with their private keys to maintain authentication and this will be achieved with digital signature. A key is needed to encrypt the message so that the message will be converted into an unintelligent form and the recipient alone can decrypt and read it. Since SGC is to be achieved, the members involving in the group alone have to know the group key. In order to form a group key, group key agreement has to be done priory with the members. After forming the group key, it has to be distributed securely among the group members for further communication. If the group becomes dynamic, the costs of communication, computation, key storage and time should also be optimal.

2.1 Contributions

A solution to the scalability problem of group and multicast key management is achieved by designing an Optimal Cluster Hierarchical Tree (OCHT) with decentralized supporting architecture combined with the contributory group key management algorithm. The proposed OCHT is designed so as to be supported by the algorithm. The group key is not formed by any one of the group members, but it is the contributory effort of each group member. A novel architecture has been proposed to offer the following contributions. The proposed architecture consecrate the notion of a secure group as a triple {N, IK, T} where N denotes number of users, IK denotes a set of keys held by the users when the intra /inter communication takes place and T denotes the type of clustering chosen by the user based on the application concerned. The OCHT is introduced to handle three different types of clustering techniques for maintaining group communication applications such as mobile, military and teleconferencing networks. The contributions can be accomplished through following three-phases with four modules :

A Hierarchical Secure Multicast Architecture (HSMA) supported by both wired and wireless networks is proposed. In the first phase, an Optimal Cluster Hierarchical Tree (OCHT) is designed so as to implement the HSMA supporting the decentralized key management approach with contributory key in order to achieve better scalability, reliability, and cost effectiveness for handling three different types of clustering schemes namely Time Based Clustering (TBC), Position Based Clustering (PBC), and Key Based Clustering (KBC), which support any kind of applications in wired / wireless environment. The parameters such as Memory Overhead, Throughput, Packet Delivery Ratio, End to End Latency and Energy Consumption are compared with existing scheme LKH and the results show that these parameters get effectively improved.

The second phase deals with Effective Key formation and Distribution (EKFD) module for SGC during the period of dynamic state among the members of the group when intra and inter process communications take place. The keys formed for intra (Group session Key) and inter process (Domain Key) communications with Elliptic Curve Group Diffie-Hellman (ECGDH) key agreement help SGC during the period of group dynamic state to preserve the secrecy of the data/messages of the group members. The OCHT is also an energy-efficient key distribution tree for secure wireless multicast, besides preserving the bandwidth and storage efficiency exhibited by the key in wired/wireless networks. The cost analyses of communication, computation, time, key storage, encryption/decryption overhead are also carried out with frequent joins and leaves of different nodes and compared with those of the existing approaches of different Hierarchical trees such as LKH, OFT, OFCT, Key Graphs [4], IOLUS and LKT [5] resulting in better improvements.

The third phase deals with how confidentiality, integrity and authentication are achieved by the proposed EKFD for SGC proposed in OCHT during dynamic state and how the two different keys are used to tackle active and passive attacks, and it is proved by the mathematical models.

3 METHODOLOGY AND RESULTS

INITIALIZATION AND UPDATION ON CLUSTER

The three different types of clustering schemes are proposed as follow:

Time Based Clustering (TBC)

Position Based Clustering (PBC) and

Key Based Clustering (KBC)

The above clustering schemes have been designed in such a way that they will

support both wired and wireless environment, supporting contributory key algorithm using combined metrics to improve the different lower level parameters and Communication, Computation Overhead, Storage Overhead of Key, Time for rekeying with members/CCs/CCH and the encryption/decryption overhead in decentralized environment.

Time Based Clustering

In order to form a OCHT based on time, a database is used to store the time related entities like the member joining time and leaving time, and the contributory key from the member for forming cluster. The proposed algorithm which takes member’s joining time in forming the cluster and the contribution of each member in forming the secure group key for group communication. The TBC is well suited for the time related applications such as prepaid mobile users, pay per view in TV.

Position Based Clustering

The groups of Position Based Clustering (PBC) is formed by analyzing the exact position of the members like (x, y) coordinate of each member with Global Positioning System (GPS) and computing the Euclidian distance formula between the joining members. The degree difference of the members is calculated using Constant Value (Cv) – Moving nodes Mobility (Mv) and transmission range is calculated by Tr = / coverage area where ndd = desired node degree and ndc = current node degree. Each member sends his willingness to join the group with the current location, velocity, energy and his key contribution. Based on this, the neighbor list will be updated and the process of messages/data forwarding is carried out. This type of clustering is well suited for Military applications where Military troop contains different levels of hierarchy such as Captain, Lieutenant, Sergeant, Corporal and Soldier. Using GSK, soldiers can communicate with other soldiers and with DK, soldiers can communicate with their higher authorities.

Key Based Clustering

Along with the position based entities, this clustering is performed based on similarities of the public keys {x1, y1}, {x2, y2) …. given by the members. For example if the public keys(points) are (1,1),(1,2),(1,9), (2,4),(2,6),(2,17), (3,2), (3,7), (3,9), the members with the public keys (1,1),(1,2),(1,9) have to be placed under cluster 1, (2,4),(2,6),(2,17) have to be placed under cluster 2 and (3,2), (3,7), (3,9) have to be placed under cluster 3 and so on. The application like teleconferencing is well suited for this type of clustering. Here the members in any cluster will share information of common interest and provide a way for individuals to step out of the mass audience and take an active role in the process by which information is transmitted. General Pseudo code for the proposed clustering schemes is as follows:

Step 1: The total number of members in a cluster is equal to the number of CCs

in a group.

Step 2: The member who wants to join the group will send the hello message

with its ID to any one of the CCs and the timestamp (joining (in) /

leaving (out) time) for TBC, location for PBC and key for KBC will be

considered based on applications.

Step 3: Threshold values are set and they are compared with the joining time of

member in case of TBC, distance between member and CC in case of

PBC and x coordinate of the contributory key and the CCs key in case of

KBC. After the formation of clusters, CC/CCH calculates GSK/DK and

distributes to the members/CCs.

Performance Analysis

The performance is analyzed using NS2 tool with 8 cluster controllers and

one cluster controller head with 64 members arranged in hierarchical way, compared to existing LKH scheme, the proposed TBC, PBC and KBC schemes show better performances in End-to-End latency of 35%, 42.6% and 59.6% improvement respectively as shown in Table 1. The packet delivery Ratios of the aforementioned schemes get improved by 2%, 3.4% and 6% respectively, Throughputs with 4.98KB, 36.09KB and 42.5KB of packets received are better than that of LKH. The Energy Drain consumption of the proposed schemes are 11.73%, 6.83% and 3.46% with initial energy of 100 J rather than that of LKH with 13.73%. The memory overhead can be calculated as the ratio of sum of total number of root request packets and the control root reply packets to the total number of control packets. The proposed schemes bring 8%, 19% and 48% of improvements over the existing LKH in terms of memory overhead.

Table 1 The sample results of various lower level parameters

Schemes

Parameters

LKH

TBC

PBC

KBC

END TO END LATENCY (ms)

1.57

1.02

0.901

0.634

PACKET DELIVERY RATIO (%)

92.89

94.89

96.09

98.89

THROUGHPUT(KB)

27.45

32.43

63.54

69.54

ENERGY DRAIN RATE (Joules)

15.725

10.725

6.825

3.46

MEMORY OVERHEAD (bytes)

5952

5474

4769

3072

Cluster Head Formation

Cluster head is selected using the minimal spanning tree algorithm

called Kruskal algorithm. The Steps needed for selecting a Cluster head is

Broadcast Hello message to all nodes. Each node (u) has its own unique identifier ID and a time stamp which describes the time of joining

Calculate neighboring nodes of each ‘u’ in N (Using Kruskal). N consists of all nodes in same transmission range

Find a node V in N with a list of large neighbors and put the node in set N’

Choose a node with high E as a cluster head

Calculate ‘E’ for all nodes in N where E = Max {Transmission Range + Tamper resistance + residual battery power + neighbor list} where Battery power, transmission range and tamper resistance have threshold values. When a new node wants to join the group, the corresponding new node ‘u’ has to broadcast its ID to cluster head. When a cluster head fails / leaves the group, a new cluster head ‘U’ has to be elected with high E in the set of nodes N. The threshold value has to be updated for calculating ‘E’ and now the elected cluster head ‘U’ will have the highest priority to maintain the secrecy. The reaffiliation times of TBC, PBC and KBC schemes for selecting the head of the clusters take up only 43.9%, 47.7% and 42.4% of the time of existing LKH scheme respectively.

3.2 EFFECTIVE KEY FORMATION AND DISTRIBUTION FOR SGC

A public key is constructed by each member in the cluster and given to their

respective CCs and GSK is formed which will help in Intra Group Communication and CC will send the GSK to CCH to form another key called DK for Inter Process communication. The Group Member database is used to store the Time, Location and Key based entities, which are controlled by the CCH. This process is controlled by Cluster Key Formation (CKF) and Cluster Controller Formation (CCF) and the group key is formed using the powerful Elliptic Curve Cryptography (ECC). The Key Exchange Protocol (KEP) enables the secured and effective key exchange process between the members, CCs and CCH involved in communication. The key exchange is performed using ECC. The Group key formation consists of the following steps

Identify the number of members present in the group.

Cluster controllers retrieve all the public keys(P1 ,P2,P3,……Pn )

After getting all the public keys, the cluster controller will calculate the GSK using GSK = nCC (P1 + P2 + P3+……+ Pm) and DK using DK = nCCH (GSK1 + GSK2 + GSK3 + ……+ GSKm). It can be written as

GSK/DK = nCC/CCH where m is an Integer.

After completion of this process, the CC/CCH will distribute GSK/DK to the members/CCs. The GSK and the DK must be updated during dynamic state in the group for maintaining the forward and the backward secrecy.

SGC is a technique of transmitting messages and information securely from one member to many or many to many members through an insecure channel and performs joining / leaving of members during dynamic state of group. The communication takes place among the nodes of same cluster (Intra cluster communication) or the nodes of different clusters (Inter cluster communication). The member ID is registered with the database so as to authenticate them and should be protected from the attackers and by the compromised group members. Only legitimate group members with the secret key can acquire the communication contents and in the context of secure group communications, it is important to prohibit the newcomer/ex-member from accessing past/future communications, which requires renewing the secret key. By the proposed hierarchical key distribution architecture and load sharing, the key renewing is performed by CCs/CCH and distributed to the group members/CCs and this system will provide better scalability and is independent of the group size.

In real time applications, many member(s) may join/leave at any time, so joins/leaves of single/multiple member(s) has to be handled carefully. This may be achieved by applying the Massive Member Join and Removal Algorithm (MMJRA). This algorithm is used by the CCs to batch process, to avoid the collision attacks while the join and leave requests and rekeying will be done with cost effectiveness. A separate algorithm is implemented and explained in detail in this regard. After the updation on the cluster is performed, the secure key should be distributed to the members securely. Key Distribution [6] system is focused on the construction of a scalable key distribution scheme where group members can globally assign a common group key and the encrypted secret message packets can be delivered to the authenticated group members via multicast data delivery system. In the proposed schemes, the CC and CCH have two servers namely Authentication server (AS) and Key Server (KS). The AS provides authentication to every group members and the KS provides the GSK for intra-cluster communication and DK for Inter-cluster communication. The cost such as Communication, Computation, Storage Overhead of Key [5], message size, encryption/decryption overhead are well analyzed.

4 SECURITY MODEL AGAINST MULTIPLE ATTACKS

The main goal is to protect the data from eavesdroppers of both active and passive attacks, who are not the members of the group. The confidentiality relies on the secrecy of the secure group key, if any malicious inside attacker reveals the group key (GSK/DK), it results in compromising of the communication. The authentication is achieved during the member joining the group and the new member’s identity is authenticated based on the member public/private key pair by applying the challenge/response mechanism and source authentication is ensured during GSK and group key (DK) generation. Forward and backward secrecy properties are preserved by means of rekeying to change the group key (GSK/DK) whenever there is a membership change and it is tackling the Brute force attack, Sybil and Worm hole attacks. The keys GSK and DK are tackling the aforementioned attacks and they are proved by the mathematical models.

5 CONCLUSION

The rapid usage of emerging network applications are based on group communications, in which the security has to be provided in terms of confidentiality, integrity of messages delivered between the group members, and authenticity. In this thesis, a novel solution is proposed for multicast key management to ensure the scalability and reliability in a cost effective manner. The architecture HSMA with three different clustering schemes namely Time, Position and Key based clustering is handling different kinds of applications with OCHT which supports decentralized key management approach. The End to End latency, Packet Delivery Ratio, Throughput, Energy consumption and the Memory Overhead of the above mentioned three schemes are compared with Logical key hierarchy and the results are comparable. Two different keys GSK and DK are formed by CCs/CCH and it helps the group members in intra / inter group communication. The key management is performed by ECC and it is more secure even with smaller key length. The various costs such as communication, computation, storage of key with members, CCs and CCH and the encryption/decryption, message size have been well analyzed and compared with the existing protocols. The result shows that the proposed clustering schemes with key management are granting reliable group communication service in a cost effective manner for wired / wireless environment.