Secure Multiple Multicast in Wireless Networks

Secure Multiple Multicast in Wireless Networks

Aiswarya.V Arokiaraj Jovith. A

M Tech ISCF Assistant Professor

Department Of It Department Of It

Srm University Srm University

Abstract With the help of multiple multicast groups, Users can subscribe to multiple groups concurrently. Existing Group key Management Schemes mainly focusing on secure communication within single group are not applicable for multiple multicast environments because of irrelevant use of keys and larger keying overheads. This paper presents a multi-group management scheme which achieves hierarchical group access control .This scheme utilize asymmetric keys i.e. a master key and many slave keys which are wrought from Master key Management algorithm which is used for proficient distribution of group key. It makes less severe of being rekeying overhead by using asymmetry of the master key and multiple slave keys. if one of the slave keys is modified, the remaining keys can be still untouched by mitigating only the master key.

Index TermsGroup key Management Hierarchical group access control, Multicast, Rekeying

1. INTRODUCTION

   Multicast is communication between a single sender and multiple receivers on a network. In other words, Multicast is a delivery of a message or information to a group of destination computers simultaneously in a single transmission from the source. Typical uses include the updating of mobile personnel from a home office and the periodic issuance of online newsletters. Therefore, Multicast in wireless networks is awaited to cover the way for capable group communication by which group based communication such as video conferencing can be popularized.

   The broadcasting channel, still, makes the wireless network exposed in danger to various security attacks then anyone can easily snoop on messages communicated in the air. To contrivance the multicast,i.e The distribution of data only to the members of the group in wireless networks, we require to have an access control mechanism for the broadcasted messages, which guarantees confidentiality, bulwarks digital contents, and facilitates precise accounting. Therefore, it is one of the key requisites for prosperous commercialization of these multicast accommodations in wireless networks.

   The conventional way to provide an access control mechanism for the secure group communication is to employ asymmetric key, kenned as a group key, shared only by group members.

   Messages, encrypted by a member having a group key, can be decrypted by other group member sharing the same group key, which can ensure secure group communication. Albeit this mechanism, utilizing this hared group key, is an proficient way to ensure security, it causes some difficulties in maintaining an proficient key management system since the group key must be updated according to membership changes such as the utilizer leaving or joining, which is referred to as rekeying.

   However, the subsisting Group Key Management schemes still face the constraint of rekeying performance as the number of multicast accommodations increases. However, in the prognostic able future, multiple multicast groups will coexist in a single network due to the emergence of many group-predicated applications. In such a situation, it is likely that the accommodation provider may suffer from considerable key management overhead for fortifying multiple multicast groups.

2. RELATED WORK

   . In the rekeying procedure, the Key Distribution Centre distributes an incipient group key to each member to revoke an old group key so that a leaving (joining) utilizer is not sanctioned to access future (prior) messages, which are referred to as the forward (rearward) secrecy. Forward secrecy implicatively insinuates that a compromise of the current key should not compromise any future key. Rearward secrecy betokens that a compromise should not compromise any earlier key.

   Let us consider a situation where a user tends to leave a multicast group. Before the user leaves, all the members have shared a group key to encrypt/decrypt messages among themselves. After the member leaves, the old group key should be revoked and updated with an incipient group key. This rekeying process may cause an abundance of key management overhead. Since the subsisting members do not have any shared secret keys except for the old group key, the KDC should distribute the incipient group key to these members in a unicast manner. As a result, it is conspicuous that the more the number of users in a multicast accommodation, the more astronomically immense the rekeying overhead would be.

   To resolve this quandary, the authors in [1], [2] proposed a incipient data structure called the logical key hierarchy (LKH). In the LKH scheme, each group member shares a fraction of the key encryption keys (KEKs), the traffic encryption key (TEK),

   and the individual keys (IKs) with the Key Distribution Center. More concretely, all these keys comprise a logical key tree, where the TEK is the root node, an IK is a leaf node, and the KEKs are the rest of the nodes in the key tree; each utilizer has the KEKs along the path from its IK (a leaf node) to the TEK (the root node). It can significantly reduce the amount of rekeying overhead which is a logarithmic function of a group size. In addition, there have been a bunch of variations of the tree-predicated approach such as one-way function tree [4] and one-way key derivation [5].

   To resolve the above quandary, the hierarchical access control (HAC) scheme for Multiple Group Key Management has been proposed by Sun and Liu [6]. The HAC scheme can be visually perceived as an extension of the subsisting GKM scheme. While all users in a group have the same access right to the same data stream in the subsisting GKM scheme, the users in the HAC scheme have sundry access privileges for the different data streams

   Motivated by the HAC scheme, Zhang and Wang [7] proposed an enhanced HAC (E-HAC) scheme. Homogeneous to the HAC scheme, the E-HAC scheme constructs a logical key graph. However, this scheme proposes the utilization of a resource group consisting of opportune data streams. Then, the E-HAC scheme encrypts all data streams in a resource group with a single TEK, which results in fewer TEKs than the HAC scheme. Notice that the rekeying performance of this scheme depends on the way it engenders its resource group. Since it is very arduous to make an efficient resource group for the users with perplexed cognations, its rekeying performance may withal decrease. In fact, the more perplexed cognations the users have, the worse the rekeying performance of both HAC schemes becomes.

3. METHODOLOGY

   The method followed in this paper deals with client server relationship. Each client should register their details and authenticate utilizing their respective username and password. Clients have to cull the accommodations which they like. Clients can update and leave the accommodations at any time. Server can authenticate utilizing username and password. Server will maintain all client details which include Accommodation culls; Key cull etc. Server can access any details at any time, If the client leaves the group, Server will transmute the respective key in the accommodation and transmute the master key simultaneously.

   Fig 1 Methodology

4. MASTER KEY ENCRYPTION SCHEME

   The Master Key Encryption scheme is a RSA-predicated public-key cryptosystem[9] proposed by Koyama [10] where every utilizer in the RSA system has a key pair that consists of a public key and a private key, each of which is utilized for encrypion and decryption in an asymmetric pair wise manner

   .The master key can be acclimated to encrypt messages, which can be decrypted by several different private keys or to decrypt messages encrypted with several different public keys. The most paramount feature of the MKE for MGKM is that one of the key pairs can be facilely transmuted by modifying only the master key, without any transmutations to other users key pairs.

   1 ,

   Fig 2 (a).The ideological diagram of Master Key Encryption (b).When d is updated to d the other private keys are still valid without any changes.

   1. DETAILS OF MASTER KEY ENCRYPTION SCHEME

      Consider r public-private key pairs. Let sj and tj be the jth public and private key pairs respectively. Also let uj and vj be their prime numbers. (i.e.) sjtj1mod (ujvj) where (n) is Eulers totient function. If sM and tM are the master keys used for the encryption and decryption. The following Congruence equations are established for any plaintext P and Cipher text C.

      PsMPsjmod(ujvj) CtMCtjmod(ujvj)

      The sufficient conditions of the above congruence equations are

      sMsj(mod (ujvj)) tMtj (mod (ujvj))

      Obtaining sM and tM satisfying the above condition is not different from finding a solution to a system of congruences through Chinese Remainder Theorem.However,unless the modulus (ujvj) is mutually prime to each other, the existence of solution cannot be guaranteed. Therefore, to make two master keys sM and tM from the public and the private keys, we employ the Generalized Chinese Remainder Theorem (GCRT)[12] where the system of congruences

      xa1modn1 xa2modn2

      .

      .

      xarmodnr has an integrated solution that uniquely determines modulo lcm(n1,n2,….nr)

      if and only if aiajmod gcd(ni,nj) where i and j are different integers in the range [1,r].

   2. ALGORITHM

      uj and vj are chosen from safe primes. A safe prime is a prime number of the form 2u +1 where u is also a prime. If prime number such as uj and vj are used, then sj can be determined much easier. Let u1v1,u2v2,…..urvr be safe prime numbers and let uj=2cj+1,vj=2dj+1 for 1jr. From the definition of safe prime,cj

      . Then there exists a unique master key,sM modulo 4c1d1 c2d2…….crdr where cj=(uj-1)/2 and dj=(vj-1)/2 for j=1, 2……n.

      Proof: To apply the GCRT, the condition must be satisfied, ejek(mod((ujvj),(ukvk)) (1)

      .From the facts that (ujvj)=(uj-1)vj-1)=4cjdj and both cj and djare prime numbers, we can know that gcd((ujvj),(ukvk))=gcd(4cjdj,4ckdk)=4

      if s1s2……sr(mod4) condition(1) must be satisfied. also lcm((u1v1),(u2v2)…..(urvr)) is 4u1v1u2v2…..urvr.

      Master key can be calculated by sM= i=1 to r sjMjkj(mod 4c1d1c2d2…..crdr), where Mj= and Nj is an integer such that MjNj=1(mod4cjdj)

   3. EXAMPLE

   Assume a communication model and whereby, a data source sends encrypted message to two user groups. Also assume there is a Key Distribution Center which takes charge of the key management and each group key is different from others The data source wants to encrypt and transmit the message only once by using a master key.First of all, the KDC generates two public-private key pairs for the two groups. The KDC randomly choose the value of u1,v1,u2 and v2 from safe prime numbers.

   u1=7, v1=47, u2=11 and v2=23

   Then the KDC determines the exponents of the public and private key pairs , s1=53, t1=125, s2=9and t2=49 from lines 3 to 7 of the algorithm. The public-private key pairs of two groups

   become K pub= (s ,u v )=(53,329) ,

   1 1 1 1

   and dj are also prime numbers

   K pri =(t ,u v )=(125,329), K pub=(s ,u v )=(9,523) and

   1 1 1 1 2 2 2 2

   . K pri=(t ,u v )=(49,253).

   1. Determine u1,……ur,v1,……vr of safe prime numbers

      2 2 2 2

   2. for j=1 for 3.j=(uj=1)x(vj-1) 4.cj=(uj-1)/2

   5.dj=(vj-1)/2 6.sj=4x Random +1

   7.tj=s 2(cj-1)(dj-1)-1mod4c d

   From lines 9 t0 22,KDC obtains the master key sM=3,089.It is assumed that KDC distributes The public private key pairs to the corresponding groups and send the master key to the data source in a safe manner. Then if the data source wants to send 13 to two groups securely, it encrypts 13 with sM. The cipher text

   j j j

   8.End for 9.n=1

   10.for j=1 to r 11.n=nx(cjdj) 12 End for

   13 for j=1 to r; 14 M[j]=n/(cjdj);

   will be 13 3.089 mod u1v1u2v2=13,481.Since all the users in group 1 have the private key k pri=(125,329) they can obtain the plaintext as 13,841t1mod u1v1=13.likewise all the users in the group can obtain the plain text in the same manner.

   1

   Then consider the case that the key pair of group 1 should be updated when a user leaves group 1.From line 24 to

   25 of algorithm, the KDC sets the new value of s1 and t1 to 13

   15N[j]=M[j](cj-1)(dj-1)-1mod(cjdj) 16 End for

   1. sM=0

   2. for j=1 to r

   3. sM=(sM+(sj x M[j ]x N[j]))mod n 20 End for

   1. while(sM mod 4!=1)sM=sM+n

      and 85. Therefore, k pub and k pri become (13,329) and (85,329) respectively. After that sM is recalculated as 14,089 from lines 17 to 21.The KDC renews the users key of group 1 except for the leaving user, and the master key of the KDC.

      1

      1

      .At the data source, the plain text 13 is encrypted as 13 14,089 mod u1v1u2v2=54,214.

   2. sleep

   3. Interrupt (when kth 24.sk=4xRandom+1;

   key pair is updated)

   After receiving the ciphertext 54,214, each user of the two groups can decrypt it with its individual private key that as users of group 1 ->54,214 49 mod 253=13 .Although

   25 tj=sj 2(cj-1)(dj-1)-1mod4cjdj

   26 goto 17

   Theorem 1: Let u1u2….ur and v1v2…..vr be safe prime numbers and all public keys must satisfy the following condition.

   .s1s2…..sr (mod 4)

   the user group 1 know the old keys (s1,u1v1)=(125,329) be cannot obtain the correct plain text from the cipher text through the old keys. It is noticed that, even if the key pair changes. ,the remaining key pairs can still be valid through by modifying the master key.

5. CONCLUSION

If client leaves/joins any service .it wont affect any operation in the process. Users can access to multiple groups at same time. Thus, Rekeying overhead is alleviated by means of asymmetry of the master key and slave keys. It makes use of efficient distribution of keys. The process can be untouched if any clients update any service which results in efficient distribution of keys in multicast group communication. By using a set comprising a master key and slave keys, a TEK can be efficiently distributed to multiple S e r vi c e G r o up s ( SGs). . It is expected that this scheme can be a practical solution for various group applications, especially for those requiring many SGs, such as TV streaming services charged on a channel by channel basis

REFERENCES

1. C.K. Wong, M.G. Gouda, and S.S. Lam, Secure Group Communications Using key Graphs, ACM SIGCOMM Computer Comm. Rev., vol. 28, pp. 68-79, 1998.

2. D.M. Wallner, E.J. Harder, and R.C. Agee, Key Management for Multicast: Issues and Architectures, IETF RFC 2627, http:// www.ietf.org/rfc/rfc2627.txt, June 1999.

3. Y. Challal and H. Seba, Group Key Management Protocols: A Novel Taxonomy, Intl J. Information Technology, vol. 2, no. 1, pp. 105-118, 2005.

4. S. McGrew, Key Establishment in Large Dynamic Groups Using One-Way Function Trees, IEEE Trans. Software Eng., vol. 29, no. 5, pp. 444-458, May 2003.

5. J.-C. Lin, F. Lai, and H.-C. Lee, Efficient Group Key Management Protocol with One-Way Key Derivation, Proc. IEEE Conf. Local Computer Networks, pp. 336-343, http://doi.ieeecomputersociety. org/10.1109/LCN.2005.61, 2005.

6. Y. Sun and K.J.R. Liu, Hierarchical Group Access Control for Secure Multicast Communications, IEEE/ACM Trans. Networking, vol 15, no. 6, pp. 1514-1526, Dec. 2007.

7. Q. Zhang and Y. Wang, A Centralized Key Management Scheme for Hierarchical Access Control, Proc. IEEE GLOBECOM, pp. 2067-2071, 2004.

8. D. Wallner, E. Harder, and R. Agee, Key Management for Multicast: Issues and Architectures, IETF RFC 2627, 1999.

9. R.L. Rivest, A. Shamir, and L. Adelman, A Method for Obtaining Digital Signatures and Public-Key Cryptosystems, Comm. ACM, vol. 21, no. 2, pp. 120-126, 1978.

10. K. Koyama, A Master Key for the RSA Public-Key Cryptosystem-tem, IEICE Trans. Information and Systems, pp. 163-170, 1982.

11. A. Kondracki, The Chinese Remainder Theorem, Formalized Math., vol. 6, no. 4, pp. 573-577, 1997.

12. L.R. Yu and L.B. Luo, The Generalization of the Chinese Remainder Theorem, Springer Acta Mathematica Sinica, vol. 18, no. 3, pp. 531-538, 2002.

13. X. Zou, B. Ramamurthy, and S.S. Magliveras, Chinese Remainder Theorem Based Hierarchical Access Control for Secure Group Communication, Proc. Third Intl Conf. Information and Comm. Security, pp. 381-385, 2001.

14. X. Zheng, C.-T. Huang, and M.M. Matthews, Chinese Remainder Theorem Based Group Key Management, Proc. ACM Southeast Regional Conf., D. John and S.N. Kerr, eds., pp. 266-271, 2007.

15. G. Caronni, M. Waldvogel, D. Sun, N. Weiler, and B. Plattner, The VersaKey Framework: Versatile Group Key Management, IEEE J. Selected Areas in Comm., vol. 17, no. 9, pp. 1614-1631, Sept. 1999.

16. Y. Kim, A. Perrig, and G. Tsudik, Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups, Proc.

    Seventh ACM Conf. Computer and Comm. Security (SIGSAC 00), 2000.

17. H. Lu, A Novel High-Order Tree for Secure Multicast Key Management, IEEE Trans. Computers, vol. 54, no. 2, pp. 214-224, Feb. 2005.