Adoptable Key Management Technique for Multicast and Broadcast Services

Adoptable Key Management Technique for Multicast and Broadcast Services

D.Nattiya and T.K.Thivakaran

Department of Information Technology, Sri Venkateswara College of Engineering, Chennai, India

Faculty of Information Technology, Sri Venkateswara College of Engineering, Chennai, India

Abstract

The popularity of group-oriented applications, secure and efficient communication among all group members has become a major issue. Another major issue is that to provide dynamic rekeying for all the users that join and leave the group. For the rekeying of the group key all members of the group should agree the rekeying of the key. When keys are distributed dynamically the content should be handled by an authenticated person and safe communication must be enhanced. In this paper we present a solution for dynamic rekeying by optimized rekey method to generate dynamic rekey for the users. This mechanism maintains the key server for frequent updating of key and calculating the key length to minimizing the storage cost as well as computational cost. The devices once found to be authenticated; they start communication by adopting various cryptographic techniques depending on the types of devices. The level may be classified based on the memory capacity and type of processor used. Elliptic curve cryptographic (ECC) schemes for high level devices, advanced encryption standard (AES) for intermediate level devices and hashing schemes with key harning for low level devices are implemented. Thus our proposed system reduces the number of rekeying and provides authenticated and secured group communication.

Key words:

Key management, multicast services, dynamic rekeying, anonymity, adoptability, security.

1. Introduction

   With the new e merging applications like v ideo – conferencing, mu lti-user games etc. getting into the life of an average co mputer user, a mode of communicat ion called mu lt icast has been us ed. The data should be delivered to mu ltip le users and not to every end point alone. Hence, to fu lfill the require ments where the communication is restricted to only a set of participants (a group), the multicast communicat ion eme rged in the computer communicat ions arena. Group co mmunication [1], [2], [3], [4] enabled by multicast techniques is of considerable interest today due to the growth of the internet and the widespread availability of h igh

   bandwidth connections. Members are genera lly allo wed to join and leave groups, and access to mu lticast transmissions must be granted and revoked with minimal system overhead. Multicast provides efficient delivery of data fro m a source to multiple receivers. It reduces sender transmission overhead, network bandwidth require ments, and the latency observed by receivers. This ma kes mult icast an ideal technology for applicat ions based upon a group communicat ions model. One way to imple ment secure mult icast transmissions is through the use of message encryption and rekeying [5], [6], [7], [8]. The multicast host uses the session key for encrypting data packets by using cryptographic schemes [8] before sending them to the group. The datas are encrypted to protect it fro m outside eavesdropping. Many cryptographic schemes are applied for encryption and decryption. When a me mber is evicted fro m the group the session key must be changed in order to ma intain message privacy. All re main ing group me mbers receive the new group key by secure transmission. The message must be indecipherable to the evicted me mber. Th is paper proposes technique like optimized batch algorithm to reduce the rekeys, and adoptable of cryptographic schemes is provided to encrypt/decrypt the content in a secured manner. Thus the proposed method results in we ll authenticated and secure group communicat ion as well as reduced a mount of rekeying results in reduction of key storage.

2. Related works

   In recent years, many authors have investigated the multicast re-keying proble m and have proposed some group key-manage ment schemes. [3] Proposed that Group Multicast is used in many applications. The aim is to deliver mult icasting content as secure and effic ient as possible. Me mbership fluctuation needs to be dealt with in efficient way. That is, eviction/join of the users fro m/to the group. Exc lusion

   basis system is been imple mented along with rekeying. But still the drawback of rekey ing mechanis m has not efficiently reduced. [4] have e xpla ined that in group-oriented applicat ions like conferencing, chat groups and interactive gaming myriad messages are sent from one or more sources to mu ltip le users. Multicasting is the optimu m technique for such group oriented applicat ions with e ffective network resource utilization. But maintain ing security is a crit ical issue in group oriented protocols with frequent me mbership changes. Confidentiality can be achieved through changing the key materia l, known as rekeying every time a new me mber joins the group or e xisting me mber leaves fro m the group. Many techniques have been proposed earlie r for this purpose. But the result concludes that the concept of reducing the rekeying is a challenging factor. [8] have e xpla ined development of Internet multicast techniques results in more and more mu lt icast-based applications, such as pay-per view, v ideo conferencing, real-time delivery of stock quotes, etc.. Anyone can join a mu lticast group to receive data fro m the data source or send data to the group. Therefore, cryptographic techniques have to be emp loyed to prevent eavesdroppers or restrict the access of the multicast co mmunications only to legitimate subscribers. But applying cryptographic schemes should be an adoptable technique based on the devices since each device has a varying feature.

   [9] Exp la in Key manage ment is very crucial in a

   secure mu lticast system. The key storage of the group controller and group me mbe rs, the communicat ion cost and computation cost caused by joining/leaving me mbe rs, are the determining factors for the performance of the key management system. A scheme is high-performed, if it has the optima l rekeying cost and the lower storage require ments. Multicasting using threshold based one way function was used to improve the rekeying para meters. But usage of threshold should be effective since it should not be a restricting factor for the me mbe rs.

3. Proposed Work

   The main design goal of this paper is minimizing the re keying and improving the security of the users. The key is generated first to all the users, and then dynamic re keying is introduced in key generation scenario. When the users are provided with the secured key they start to transfer the data. Secured commun ication is imp le mented by the anonymity manager and diffe rent cryptographic scheme is applied to the users based on their device types. In this fra me work the effic iency of the rekeying is imp roved by optimized batch algorith m. It is done by the imple mentation of optimized rekey

   mechanis m. It is done by dividing the number of users in batches. When the group me mbers are divided into batch, the rekey ing could be done for the batch in which the me mbers join/depart. The entire group has not needed to be rekeyed, only the divided batch that contains the me mber join/depart has to be rekeyed. So it could imp rove the effic iency of the rekeying mechanis m. After d istributing the keys to the me mbers the communicat ion part occurs. In this paper we propose the concept of adoptability of the cryptographic algorithm based on the types of devices for co mmun ication. Then encryption is dne according to the type of users. A profile is c reated for the users. In this profile creation, separate profile is created for each user during the registration. The user profile consists of type of devices, type of processor used, and me mory capacity of the devices. The devices may be a high level devices or intermed iate devices or low leve l devices. For secure communicat ion the low level devices are encrypted with hashing algorithm along with the key harning process. The intermediate devices are communicated with A ES and the high level devices are communicated with Elliptic Curve Cryptographic algorith m. Thus the device adapts the various schemes and effic iently performs since each device captures their encryption method according to their capacity. Hence group communication is performed with secured factors.

4. Components of the proposed sytem

   1. Key management

      Key manage ment for users in the communicat ion networks is dependent upon the security of the keys, it is sometimes appropriate to devise a fairly comple x mechanis m to manage them. In group co mmunicat ion many individuals are involved, with a require ment for unique keys to be sent to each for encryption/decryption of transmitted data. In this case, a number of comp rehensive and proven key manage ment systems must be imp le mented.

      1. Group creation and profile c reation

         Group creation is c reating an environ ment in which the authorized users can communicate with other users in that particular group or doma in. In order to establish a group commun ication a co mmon group key is to be d istributed to all the me mber of the group. The group key is to be changed when a me mbe r leaves or jo ins in the group. When group me mbe rs are changes, new key information is transmitted to all users through re-key ing messages . These re-keying messages must be delivered

         reliability and in a time ly manner. In profile creation, separate profile is created for each user during the registration. The user profile consists of type of devices, type of processor used, and me mory capacity of the devices. The devices may be a high level devices or intermediate devices or lo w level devices. The devices classified based on the processor type and me mory capacity.

      2. Key generation

         The key management scheme induces high storage of keys and high computation overhead at the key server or group members. Key manage ment includes creating, distributing and updating the keys then it constitutes a basic block for secure multicast communicat ion applications. Group confidentiality requires that only valid users could decrypt the mu lticast data. All me mbers can perform access control and the generation of key is contributory. Key Management schemes [1] for mobile Broadcast and Multicast services are typically based on 4 layer architecture. In proposed method another layer is included where Multicast Session key is generated for secured communicat ion.

         1. The client performs mutual authentication with

            the server to establishment of unique session key (SK) between c lient and server.

         2. The client sends a service to join a selected mu lticast broadcast group.

         3. If the service request is validated and processed successfully, the Group manage ment key is provided.

         4. Multicast session key (MSK) is generated and used to protect a certain Mult icast and Broadcasting Service session. It is also used to protect the distribution of traffic encryption key (TEK).

         5. After receiving the MSK fro m the server, the client ca lculates granted number of TEKs and is prepared to deliver mu lticast broadcast contents.

      3. Re keying

         In cryptography, rekeying re fers to the process of changing the group key of an ongoing communicat ion in order to acco mplish forwa rd and backwa rd secrecy. The group is considerably divided into batches. Consider n batches in the group. Each batch can hold up to the me mbers that are specified. This valu e could be varied, wh ich is known as the threshold value. Each batch contains a threshold value which constraints a limited number of users. When rekeying is done the users is distributed with a new group key. But the process of rekey ing should be efficien tly handled because minimizing the rekey ing only reduced the overhead in the system. In proposed system optimized batch algorithm is provided to reduce the rekey. When a user joins or leaves the

         batch rekeying is performed for that particular batch is known as optimized batch algorith m. By imple menting a ne w key only to that batch the other me mbe rs in the group are not disturbed. Since the efficiency of rekey is also enhanced. When we change the group key for all the users in group it involves a high a mount of rekey ing because for n number of users n number of rekey ing should be done. But with this optimized method only limited users are provided with re keying hence other users are not necessary to be rekeyed. We observe that the optimized batch Algorith m has identical re keying costs compared to e xisting algorithms when the number of join ing me mbe rs and the number of departing me mbers are comparable .

         1. Adoptability of Cryptographic schemes

            When the keys are distributed and dynamic rekeying is performed the c lient starts to communicate with other users in the group. The file or data transfer between the clients should be protected content. The client first registers their device types in the profile creat ion part. Based on the user registration in the profile, d ifferent cryptographic schemes are adopted based on their devices. These devices are classified based on their me mory capacity and the processor type. High level devices are imple mented with ECC, intermediate devices are provided with AES and the low level devices are provided with Hashing algorithm with harn ing process. The Intermediate level devices are not possible to use ECC. At the same t ime the lo w level devices are not possible for imp le ments ECC and AES. The ma in reason is the device capacity. The me mo ry of the lo w level processor could not support ECC and if A ES is imple mented the cost will be high. Likewise if hashing is imp le mented in intermed iate or high level device then there is no efficient use of the processor since their capacity is high hence waste of resource utilization will be the result. By adopting these different techniques the devices could provide a secure communication based on their features. So it enables a better commun icating scenario for each device.

            Table.1 Device types

            High Level	Intermediate Level	Low Level
            Tablet	Smart Phones	M obile Phones
            Net book	PDA

            Table.2 Device Properties

            Device Name	Memory	OS	Processor
            Thinkpad X61 Tablet	Up to 4 GB DDR2	Vista Ultimate	Up to Intel Core 2 Duo Processor
            Thinkpad X60 Tablet	Up to 4 GB DDR2	Genuine Windows XP Tablet PC Edition	Up to Intel Core 2 Duo Processor
            Samsung Galaxy ACE Plus	512M iB RAM	Google Android 2.3.5	1000MHz
            ZTE Tania	512 M B	M icrosoft	32bit
            (ZTE Spirit)	RAM	Windows	Qualcomm
            		Phone 7.5	Snapdragon
            			M SM 8255
            Samsung	1024M iB	Google	32bit
            SGH-i717	RAM	Android	Qualcomm
            Galaxy Note		2.3.7	Snapdragon
            LTE			APQ8060,
            			1500MHz
            M otorola	1024M iB	Google	32bit Texas
            DROID	RAM	Android	Instruments
            RAZR		2.3.5	OM AP 4430
            MAXX
            XT912
            (M otorola
            Spyder)
            Nokia 801T	256M iB	Symbian	32bit ARM
            	RAM	OS	1136JF-S,
            		Symbian^3	680MHz
            		PR2 Anna
            		Chinese
            Verizon	1024M iB	Google	32bit ARM
            Samsung	RAM	Android	Cortex-A9
            SCH-i815		3.2	MPCore
            Galaxy Tab
            7.7 LTE

            High level devices adopt ECC. It is a public key encryption technique based on elliptic curve theory that can be used to create faster, sma ller, and more efficient cryptographic keys. It generates keys through the properties of the elliptic curve equation instead of the traditional method of generation as the product of very large prime numbers. ECC scheme is imple mented for high level devices and a public key encryption technique based on elliptic curve theory that can be used to create faster, sma ller, and more efficient cryptographic keys .

            1. Imtermed iate level devices

               This Sche me is used for Intermediate level devices. Smart phones and PDAs are the examp les of intermediate level devices. The intermediate level processors and memo ry capacity can be used. AES is based on a design princ iple known as a substitution – permutation network. AES has a fixed block size of 128 bits and a key size of 128, 192, or 256 b its, whereas Rijndael can be specified with b lock and key sizes in any mult iple of 32 bits, with a min imu m of 128 bits. The blocksize has a ma ximu m of 256 b its, but the keysize has no theoretical ma ximu m. A ES operates on a 4×4 colu mn-ma jor order mat rix of bytes, termed the state (versions of Rijndael with a larger b lock size have additional colu mns in the state).

            2. Low level devices

               This cryptographic hashing scheme is applied for low leve l devices. First one Key Seed is generated. Based on the key seed, the 2 way hash chain scheme is applied. This 2 way hash chaining scheme is weak for low level devices. To overco me this proble m t he harning process is applied. The user should obtain the value of hardened key Hk fro m a key K. It should not be possible for an outside attacker to determine Hk by e xhaustive search. Hence there is a need for the Generation of the Strong Secret for a g iven key.

               1. The user U selects a secret key k.

               2. The Client system computes s = Hash (k), and repeats the process of applying hash function n number of t imes.

               3. Then it chooses a seed q.

               4. It co mputes Hk = s mod q, where Hk is the Hardened Key of the user.

         Thus harning process is used to overcome the

         ineffic iency caused by the hashing algorith m.

         4.2.1 High level devices

5. Performance Evaluation

   1. Experimental results

      We observe that the optimized batch algorith m has an optimized re keying costs compared to existing algorith ms when the number of jo ining me mbers and

      the number of departing me mbe rs are compa rable. For the e xisting system the whole group is being rekeyed whenever the user joins or departs. So all the me mbe rs have to change their group key associated.

      Fig.1 Rekeying for Existing system

      Fig.2 Rekey details for proposed system

      Fig.1 shows the e xa mp le rekeying co mputed for sixty six me mbers. He re hundred percentage of rekeying is done since all the me mbers have to update their key. But in the proposed system the group is divided based on optimized batch a lgorith m so the me mbe rs associated with that particula r batch is a lone rekeyed so the rekeying factor is reduced to a great e xtent. Fig.2 shows the exa mp le of rekey ing performed for the same me mbers with optimized batch algorithm.

      The next important factor is cost evaluation. The table. 3 d isplays exa mp les for cost calculated for each type of device. The proposed system imple ments each type of device with a reasonable cost value. The cost depends on the message length and the device type algorith m used. Each algorith m has a specific cost predefined. The cost factor varies depending on the size of the message sent between the clients. Same

      types of files are transferred with different leve ls of devices and hence the computation cost is compared between them. The file sent in lo w level device cost high than the file sent in other two types. The file sent in intermediate type has a moderate cost and the file transferred in the high level device cost low. If the High level device uses AES or Hashing, the computation cost will high and the performance of the device is degraded. If the Intermediate level device uses Hashing, the computation cost will high and the performance of the device is degraded. If the high level device uses ECC, the co mputation cost is reduced and the performance of the device is improved. Like wise intermediate uses AES to reduce the cost.

      Table.3 Cost of file transfer

      Device	Size	Cost
      High Level	1 Kb	1.056
      Intermediate Level	1 Kb	2.456
      Low Level	1 Kb	3.896

6. Conclusion

Overall, the solution to the problem to get better and faster key manage ment scheme is achieved. To achieve this, the project proposes the optimized batch algorith m which reduces the rekey factor as we ll as reduces the overhead of the system. The para meters used must be dynamic and the changes must be unpredictable to intruders. Moreover the overall life cycle of key manage ment is achieved. Due to the concept of adoptability introduced to different types of devices, security is enhanced. Since devices are separated on their me mory and processor capacity each level could use the better algorith m depending on their property issues. Hence the cost is efficiently reduced.

References

1. Sungoh Hwang, Seleznev, and Jae Yong Lee, New Key M anagement Approach for Broadcast and M ulticast Services, IEEE Communications Letter,

   Vol.15, No.2, Feb 2011

2. E.M univel and J.Lokesh, Design of Secure group Key M anagement Scheme for M ulticast Networks using Number Theory, IEEE Conference on

   Communication System and Networks and Workshop, pp.124-130, M ar.2009.

3. Elham Khabiri , Said Bettayeb Efficient Algorithms for Secure M ulticast key M anagement, IEEE International Conference on M ulticasting, pp 787- 792, Nov 2006.

4. Kumari V.V, NagaRaju, D.V., Soumya K. and Raju

   K.V.S.V.N, Secure Group key Distribution Using Hybrid Cryptosystem, IEEE Second International conference on M achine Learning and Computing at Hawai University, M ay 2010.

5. Wee Hock Desmond N g, M ichael Howarth, Zhili Sun, and Haitham Cruickshank, Dynamic Balanced Key Tree M anagement for Secure M ulticast Communications IEEE Transactions on Computers, Vol.56,No.5,pp590-606, M ay 2007.

6. Xu Yanyan, Xu Zhengquan and Yu Zhanwu, A Scalable De-centralized M ulticast Key M anagement Scheme, Proc.of the First International Conference on Innovative Computing, Information and Control, pp.463-467, Oct.2006.

7. Shu-Quan Li and Yue-We, A Survey on Key M anagement for M ulticast, IEEE Conference on Information Tech. and Computer Science, pp.309- 312, Aug.2010.

8. Wu Tao, Zheng Xue-feng and Bai Li-zhen, A new

   scalable key -management scheme for secure multicast, IEEE International Conference on Computer Science and Service System, pp.57-60, Aug.2011.

9. Fucai Zhou, Jian, M ulticast Key M anagement Scheme Based on TOFT, International Conference on High Performance Computing and Communications, pp. 1030-1038, Oct.2008.

10. N.H Ayachit and Santosh L.Deshpande Evolutionary

    based secure key management Protocol IEEE Conference on Computing communication and Networking technologies, July 2010.

11. S.M .Cheng, W.R. Lai, P.Lin, and K.C.Chen, Key management for UMTS M BM S, IEEE Trans. Wireless Commun., Vol.7, pp. 3619-3628, Nov 2007.

12. K.Luther M artin, Key M anagement Infrastructure for Protecting Stored Data IEEE Computer Society, vol.41, pp. 103-104, June 2008.

13. Patrick P. Tsang, Apu Kapadia, Nymble: Blocking

    M isbehaving Users in Anonymizing Networks, IEEETrans. On Dependable and Scalable Computing, Vol.8, No.2, pp 256-269, Jan 2011.

14. Rahman R.H, Rahman M .L, An effcient group key agreement protocol for Ad-hoc networks, Internation Conference on Electrical and Computer Engineering, pp.478-483, Dec 2008.

15. O.Rodeh and K.Birman, Optimized Group Communication System ACM Transaction on Network and Distributed System Security, 2008.

16. Sato.F, Tsang.S.Y, A push based key distribution and rekeying protocol for secure multicasting, International Conference on Parallel and Distributed Systems, pp.214-219, 2001.