The Secure Group Communication

Published Date: 02 Nov 2017

INTRODUCTION

Communication is the platform where one shares their thoughts with others and is an interactive media exchanged between the people through linguistic skills and also a meaningful transformation of idea done through technological gadgets. When communication adds with technology, it magnified as information and communication technology. The communication is said to be effective only if the message sent by the sender is received by the appropriate receiver without any errors and missing of data. Literally, communication refers to the conveying of a message by one person to other for that we need computer Network which is the interconnection of computers with the interfaces like switches, routers, etc., to share information and resources.

The different types of transmission in which information’s are send between sender and receiver is Unicast, Multicast, Broadcast and GC. In unicast a single sender and a single recipient are communicating over a network where as multicast refers to a single sender and multiple receivers in communication and targeted to a predetermined group of hosts which have specific network addresses. Broadcast is the simultaneous transmission of a single message to all hosts on a broadcast domain and it is mainly used in radio and TV transmission. GC is that occurs in an assemblage of persons or objects those are all interconnected and capable of communicating with each and every one that is securely isolated from all other users on the network.

1.2 GROUP COMMUNICATION

Group communication (GC) simplifies and helps in building reliable, efficient and suitable abstraction for distributed system. GC is to share information in a private and secured sharing platform, in this the clients and workers can access the data from anywhere in the world through the internet with proper authorization. Here the authorization needs to be untraceable by the intruders to make the communication a secured one. But the security of the communication is achieved by the Secure Group Communication (SGC) method.

1.3 SECURE GROUP COMMUNICATION

Secure Group Communication (SGC) is a technique of transmitting messages and information securely from one member to many or many to many members through an insecure channel. The communication takes place among the nodes of same cluster (Intra cluster communication) or the nodes of different clusters (Inter cluster communication). and performs joining / leaving of members during dynamic state of group. While joining the cluster, the members are contributing their part in the formation of the group key and their ID is registered with the database so as to authenticate them. The group authentication apart from being able to control which process may become a member of a group, the group members should also be able to prove to the outside world that they belong to a particular group. That means that the group as a whole should be able to prove its authenticity.

Applications such as file sharing pay per view, Mobile users, Multi user online gaming, teleconferencing, meetings and discussion forums are examples of systems which organized as a peer group. The group is governed by set of rules that describes the conditions required to be a part of group. Security in such dynamic and collaborative group is managed by the membership control, authentication, confidentiality, access control and key management. SGC achieves security with proper authentication using the key management techniques. If this SGC is applied on real time applications like a large enterprise that really needs the communication between the members, sharing the data and information in secure manner then this can be the better choice.

The group communication protocols should be protected from outside attackers and by compromised group members. Interplay between the group key establishment and the group membership protocols during the group membership change, SGC using the old group key is impossible, as it is not clear which of the old group members are going to leave the group. On the other hand, it is also impossible to establish a new group key, as the members of the new group membership view are not known yet. Therefore, all messages sent during the group membership protocol should be secured in some other way than by using the group key.

1.3 ROLE OF KEY MANAGEMENT IN SECURE GROUP COMMUNICATION

Protection mechanism in the present network scenario is lacking due to feebly defined secrecy policies and authentication mechanisms. SGC provides a secured way of user authentication by updating the group on addition/deletion of members with the generation of authenticated key. Cryptographic algorithms are often employed to secure multicast transmissions, where multicast packets are encrypted with cryptosystems. Only legitimate group members with the secret key can acquire the communication contents and in the context of SGCs, it is important to prohibit the newcomer/ex-member from accessing past/future communications. This requires renewing the secret key that is shared by the group members. The most important drawback of SGC is its dynamic state and scalability issue. The cost for key establishing and key renewing is depend on the group size and becomes bottleneck in achieving scalability. By using a hierarchical key distribution architecture and load sharing, the key renewing is done by cluster controllers and distribute to the group members and thus this will provide better scalability and is independent of the group size and gives constant computation and communication costs for key renewing also.

1.3.1 Security requirements in Key Management

Forward Secrecy ensures that a member who has left the group should not decrypt the data.

Backward Secrecy ensures that a member who has newly joined to the group should not decrypt previous data.

Collusion freedom ensures that no fraudulent user acquires the group key.

Key Independence is a property of a protocol stating the non compromising nature of the key disclosure.

Minimal Trust ensures that the Key Management scheme should place trust only in a limited number of entities.

It is essential to refresh the keys often dynamically among the existing group members in order to maintain the secrecy of the information for the following cases.

If member(s) joins/join the group, he/they shouldn’t get any information about the communication prior to his/their joining from the group is known as Backward Secrecy

If member(s) leaves/leave the group, he/they shouldn’t receive any information from the group since the time of his/their departure from the group is known as Forward Secrecy.

The process of preserving the backward and forward secrecy by updating the group key when the group is dynamic is known as Group rekeying. This key has to be updated periodically for maintaining secrecy so as to avoid any breach of security aspects.

The broad categories of group key management are as follow:

Centralized key Management

Distributed key Management

Decentralized key Management

The centralized key Management approach uses a single server which is responsible for the generation, distribution and the renewal of the group key. The entire group will be affected when it suffers from the "1 affects n" phenomenon or single point of failure in case of any problem with server.

In distributed Key Management approach, there is no group controller to form a key but the group key is either generated in a contributory fashion or generated by any one of the members and it is fault-tolerance. But the processing time and communication requirements get increased linearly (Yi, 2005; Sundaram Sudha et al., 2009) in terms of the number of members and key distribution is also hectic.

In decentralized Key Management, a large group is split into small subgroups and the subgroup controllers are managing each subgroup thus minimizing the problem of heaping the work on a single location.

The above discussed three approaches have their own pros and cons, depending on the applications in which they are used and any one of the approaches can be selected.

1.4 SECURE GROUP COMMUNICATIONS IN WIRELESS NETWORKS

The development of secure multicast becoming more pertinent in wired networks, its implementation in mobile environments (wireless networks) "anytime, anywhere" is still in its infancy. The current advancements in wireless technologies not only facilitate such as pervasive computing but also provide the omnipresent communication coverage that is popular by mobile device providers. Applications and services which are available in wired networks should also be made available in wireless networks and vice versa will gradually become the primary interface for network communication and main platform of applications and services. There are similar expectations for providing secure and reliable communication in both environments. The major network category is

(a) Fixed-based networks

A collection or a group of wireless mobile nodes communicating or using the services usually provided by corporate enterprise networks over wireless mediums such as wireless local area networks (WLANs), or cellular-based networks such as GSM or UMTS. This kind of group communications operates with the help of fixed infrastructures such as base stations, access points or satellites.

(b) Non Fixed-based networks

Operating without the help of any infrastructure, non fixed-based networks can be further classified into:

1. Adhoc networks. A collection of wireless nodes communicating with each other internally and externally over multi-hop paths, without any infrastructure such as access points or base stations.

2. Sensor networks. A special form of adhoc networks which consists of a collection of individual nodes (usually battery operated), each of which transmits data signals also without the help of any infrastructure. Typical use of an individual sensor is for collecting specific data such as sudden changes in climate across a geographical area.

With the increase in the usage of personal computing devices such as PDA’s, laptops and the substantial development in wireless communication technologies like ad hoc network, sensor network and Mesh network which have gained attention in recent years. Major issues has to be addressed such as routing, multicasting/broadcasting, location service, multiple access, clustering, IP addressing, mobility management, radio interface, bandwidth management, Quality of Service, power management, security and fault tolerance. Currently, the research concentration is much more on routing, radio interface, power management, bandwidth management and security.

1.4.1 User (Host) Mobility

Wireless mobile environments allow user (host) mobility, as group members are allowed to move between areas, the mobility issue exhibits problems that do not occur in wired networks such as:

1. Hand-over operations: When group members move from one area to another, some kind of hand-over operation from the current area to the visited area (the area where the member is moving to) is required.

2. Management of keying material: Problems pertaining to management of cryptographic keys needed during host mobility include deciding who governs the moves and who keeps track of keying material.

3. Network disconnection: Network transmissions between communicating entities may change over time, and be prone to failure.

1.4.2 Additional Key Management to Support Mobility

The generation of new keying material may be required in order to support host mobility. For example:

(a) Moving members may still hold cryptographic keys of the areas they visited even after they leave a multicast group, which may lead to compromise.

(b) Host mobility may require group members to occasionally communicate via a foreign network (the visiting area) that may not be fully trusted. Thus, it is important to ensure that group members that are moving from one area to another are protected (via different sets of keys).

(c) Group members that move between areas may gather the area’s local security information. It is imperative to ensure that the area is protected from members who are moving from one area to another in order to collect the security information (keys) of each area for malicious purposes.

1.5 TYPES OF GROUP COMMUNICATION AND DESIGN CONSIDERSTION

We can classify the methods for group key management for large dynamic groups into two categories:

The first set of schemes typically involves the use of a Logical Key Hierarchy (LKH) which is a set of cryptographic keys organized into a tree structure. On top of the hierarchy is a globally shared common group key and the other keys are employed to assist in the distribution of the common group key. Consider a multicast group consists of g group members. There are in total O (n) keys and each group member stores O (log (n)) keys. To add or remove a user from the group, a new common group key must be generated and the computation cost for key renewing is O (log (n)).

The second set of schemes decomposes large groups into subgroups. This technique deals with the scalability issue by partitioning the group members into many subgroups, which are arranged into create a single multicast group. Scalability is achieved by making each subgroup relatively independent and thus group membership changes can be confined to the respective subgroups. Another essential element that helps it to achieve its scalability is the subgroup agents, which will assist in translating messages among subgroups using different subgroup keys. While improving scalability, this approach introduces extra propagation delays and requires full trust in each subgroup agent.

The several basic design considerations for a scalable group key distribution system are

Only legitimate group members can acquire the communicating message contents. Third parties involved in key distribution should not have access to the cryptographic keys for encrypting/decrypting communications. A newcomer/ex-member must not be able to derive past/new common group keys.

The key distribution mechanisms should be independent of the underlying multicast routing protocol.

The cost of every component that assists in key distribution should be independent of the group size.

No matter how large the group size is, it is required that all the group member can obtain the new common group key in a timely manner. In other words, key distribution must guarantee a certain level of soft real-time property.

1.6 GROUP SECURITY AND AUTHENTICATION

In secure multicast environments, provision of security services such as entity authentication, data confidentiality and data integrity are required. However, secure multicast group communication has some specific requirements in these areas

As hosts may wish to join specific groups, and different groups may have their own security requirements, it is imperative that:

• Group managers verify that the service provided by a multicast group is accessible only to authorized group members.

• Group members verify that the service they participate in is provided by a genuine source.

• Both (group managers and group members) verify each other’s identities.

Different policies (static or dynamic) may require different needs for managing group keys (due to joins and leaves). In a dynamic policy, if backward and forward secrecy are required then re-keying of group keys will have to occur whenever there is a change in group membership.

1.7 NEED OF CLUSTERING

1.10 THESIS ORGANISATION

The thesis is organized as follows

Chapter 1 introduces and explains the need of group key management and the problems associated with it. The chapter closes with a small explanation on the thesis organization.

Chapter 2 reviews the existing group key management schemes both in wired and wireless environment, their advantages, disadvantages and their comparison in terms of cost wise and the clustering algorithms are investigated. The motivation, the objective and the contribution is described in detail in this chapter.

Chapter 3 presents a novel architecture for the formation of Optimal Cluster Hierarchical Tree (OCHT) so as to achieve scalability, reliability, and cost effectiveness for the three different cluster formation schemes for both wired/wireless environments for SGC and their cost effectiveness are also well explained.

Chapters 4 presents group key formation and SGC and also explain the groups’ members’ interaction at the time of intra/inter process communications. The group dynamism and the performance analysis on different operational costs of this approach are also well analyzed and evaluated in this chapter.

Chapter 5 concentrates on security models against multiple attacks on keys with mathematical modeling is discussed in detail.

Chapters 6 summarize the triumph of this thesis and emphasize its contributions and the possible future research is also discussed in this chapter.