Group rekeying based on member join history

This paper presents GREP, a novel group rekeying scheme that leverages the history of join events in order to achieve efficiency and high scalability. GREP rekeys the group with only two broadcast messages, hence displaying an overhead which is small, constant and independent of the group size. Also, GREP efficiently recovers the group from collusion attack with no recourse to total member reinitialization. Even in the very unlikely worst case, collusion recovery displays a smooth impact on performance that gradually increases with the attack severity. We implemented GREP for the Contiki OS and tested it on different resource-constrained platforms. Our analytical and experimental evaluation confirms that GREP is efficient, highly scalable and deployable also on constrained nodes. The paper extends a previous version of this work, especially through additional security analysis, treatise of probabilities for worst case collusion, and experimental evaluation of performance.

[1]  Mostafa H. Ammar,et al.  HySOR: group key management with collusion-scalability tradeoffs using a hybrid structuring of receivers , 2002, Proceedings. Eleventh International Conference on Computer Communications and Networks.

[2]  Gianluca Dini,et al.  HISS: A HIghly Scalable Scheme for Group Rekeying , 2013, Comput. J..

[3]  Ross J. Anderson Security engineering - a guide to building dependable distributed systems (2. ed.) , 2001 .

[4]  Qijun Gu,et al.  KTR: An Efficient Key Management Scheme for Secure Data Access Control in Wireless Broadcast Services , 2009, IEEE Transactions on Dependable and Secure Computing.

[5]  Xinyi Huang,et al.  Provably Secure Group Key Management Approach Based upon Hyper-Sphere , 2014, IEEE Transactions on Parallel and Distributed Systems.

[6]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[7]  Elfed Lewis,et al.  FPGA based Real time 'secure' body temperature monitoring suitable for WBSN 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing , 2015 .

[8]  Gianluca Dini,et al.  LARK: A Lightweight Authenticated ReKeying Scheme for Clustered Wireless Sensor Networks , 2011, TECS.

[9]  Elisa Bertino,et al.  Privacy Preserving Policy-Based Content Sharing in Public Clouds , 2013, IEEE Transactions on Knowledge and Data Engineering.

[10]  Mohamed Eltoweissy,et al.  Combinatorial Optimization of Group Key Management , 2003, Journal of Network and Systems Management.

[11]  Elisa Bertino,et al.  Attribute Based Group Key Management , 2014, Trans. Data Priv..

[12]  Adam Dunkels,et al.  Contiki - a lightweight and flexible operating system for tiny networked sensors , 2004, 29th Annual IEEE International Conference on Local Computer Networks.

[13]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[14]  Lein Harn,et al.  Authenticated Group Key Transfer Protocol Based on Secret Sharing , 2010, IEEE Transactions on Computers.

[15]  Adam Dunkels,et al.  Software-based on-line energy estimation for sensor nodes , 2007, EmNets '07.

[16]  Yee Wei Law,et al.  Survey and benchmark of block ciphers for wireless sensor networks , 2006, TOSN.

[17]  Selim G. Akl,et al.  Adaptive Cryptographic Access Control , 2010, Advances in Information Security.

[18]  Wen-Guey Tzeng,et al.  Group key management with efficient rekey mechanism: A Semi-Stateful approach for out-of-Synchronized members , 2017, Comput. Commun..

[19]  Giovanni Vigna,et al.  Hi-DRA: Intrusion Detection for Internet Security , 2005, Proceedings of the IEEE.

[20]  Ingrid Moerman,et al.  Maximum Throughput and Minimum Delay in IEEE 802.15.4 , 2005, MSN.

[21]  B. Gladman,et al.  Security Engineering: a Guide to Building Dependable Distributed Systems Physical Tamper Resistance 14.1 Introduction , 2022 .

[22]  Alfred Menezes,et al.  Handbook of Applied Cryptography , 2018 .

[23]  Mohamed Eltoweissy,et al.  SECK: survivable and efficient clustered keying for wireless sensor networks , 2005, PCCC 2005. 24th IEEE International Performance, Computing, and Communications Conference, 2005..

[24]  Leslie Lamport,et al.  Password authentication with insecure communication , 1981, CACM.

[25]  Raja Datta,et al.  Collaborative techniques for intrusion detection in mobile ad-hoc networks , 2008, Ad Hoc Networks.

[26]  Luca Veltri,et al.  A novel batch-based group key management protocol applied to the Internet of Things , 2013, Ad Hoc Networks.

[27]  Ralf Steinmetz,et al.  Detection of Colluding Misbehaving Nodes in Mobile Ad Hoc and Wireless Mesh Networks , 2007, IEEE GLOBECOM 2007 - IEEE Global Telecommunications Conference.

[28]  K. V. Arya,et al.  Intrusion Detection System Against Colluding Misbehavior in MANETs , 2018, Wirel. Pers. Commun..

[29]  Imed Romdhani,et al.  A Decentralized Batch-Based Group Key Management Protocol for Mobile Internet of Things (DBGK) , 2015, 2015 IEEE International Conference on Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing.

[30]  Daojing He,et al.  Analyses of several recently proposed group key management schemes , 2015, Secur. Commun. Networks.

[31]  Eric B. Cole,et al.  Network Security Bible , 2005 .

[32]  David Hutchison,et al.  A survey of key management for secure group communication , 2003, CSUR.

[33]  Mohamed Elhoucine Elhdhili,et al.  Security analysis of existing IoT key management protocols , 2016, 2016 IEEE/ACS 13th International Conference of Computer Systems and Applications (AICCSA).

[34]  Mohamed F. Younis,et al.  Location-Aware Combinatorial Key Management Scheme for Clustered Sensor Networks , 2006, IEEE Transactions on Parallel and Distributed Systems.

[35]  Donald E. Eastlake,et al.  Randomness Requirements for Security , 2005, RFC.

[36]  W LampsonButler,et al.  Hints for computer system design , 1983 .

[37]  Tao Jiang,et al.  An Improved Authenticated Group Key Transfer Protocol Based on Secret Sharing , 2013, IEEE Transactions on Computers.

[38]  Butler W. Lampson,et al.  Hints for Computer System Design , 1983, IEEE Software.

[39]  Thomas F. La Porta,et al.  A Flexible Privacy-Enhanced Location-Based Services System Framework and Practice , 2009, IEEE Transactions on Mobile Computing.

[40]  Mohamed Eltoweissy,et al.  Key management for long-lived sensor networks in hostile environments , 2007, Comput. Commun..

[41]  Hsiao-Hwa Chen,et al.  Selecting key management schemes for WSN applications , 2012, Comput. Secur..

[42]  Sasikanth Avancha,et al.  Security for Sensor Networks , 2004 .

[43]  Vipul Gupta,et al.  Energy analysis of public-key cryptography for wireless sensor networks , 2005, Third IEEE International Conference on Pervasive Computing and Communications.

[44]  Gianluca Dini,et al.  GREP: A group rekeying protocol based on member join history , 2016, 2016 IEEE Symposium on Computers and Communication (ISCC).

[45]  Yacine Challal,et al.  SAKM: a scalable and adaptive key management approach for multicast communications , 2004, CCRV.

[46]  Mohamed F. Younis,et al.  Key management in wireless ad hoc networks: collusion analysis and prevention , 2005, PCCC 2005. 24th IEEE International Performance, Computing, and Communications Conference, 2005..

[47]  Cristina Alcaraz,et al.  A Survey of Cryptographic Primitives and Implementations for Hardware-Constrained Sensor Network Nodes , 2007, Mob. Networks Appl..