GKMPAN: an efficient group rekeying scheme for secure multicast in ad-hoc networks

We present GKMPAN, an efficient and scalable group rekeying protocol for secure multicast in ad hoc networks. Our protocol exploits the property of ad hoc networks that each member of a group is both a host and a router, and distributes the group key to member nodes via a secure hop-by-hop propagation scheme. A probabilistic scheme based on predeployed symmetric keys is used for implementing secure channels between members for group key distribution. GKMPAN also includes a novel distributed scheme for efficiently updating the predeployed keys. GKMPAN has three attractive properties. First, it is significantly more efficient than group rekeying schemes that were adapted from those proposed for wired networks. Second, GKMPAN has the property of partial statelessness; that is, a node can decode the current group key even if it has missed a certain number of previous group rekeying operations. This makes it very attractive for ad hoc networks where nodes may lose packets due to transmission link errors or temporary network partitions. Third, in GKMPAN the key server does not need any information about the topology of the ad hoc network or the geographic location of the members of the group. We study the security and performance of GKMPAN through detailed analysis and simulation.

[1]  Whitfield Diffie,et al.  New Directions in Cryptography , 1976, IEEE Trans. Inf. Theory.

[2]  Adi Shamir,et al.  How to share a secret , 1979, CACM.

[3]  Rolf Blom,et al.  An Optimal Class of Symmetric Key Generation Systems , 1985, EUROCRYPT.

[4]  Silvio Micali,et al.  How to construct random functions , 1986, JACM.

[5]  Moti Yung,et al.  Perfectly Secure Key Distribution for Dynamic Conferences , 1992, Inf. Comput..

[6]  Rainer A. Rueppel,et al.  Message Recovery for Signature Schemes Based on the Discrete Logarithm Problem , 1994, EUROCRYPT.

[7]  Nj Piscataway,et al.  Wireless LAN medium access control (MAC) and physical layer (PHY) specifications , 1996 .

[8]  Douglas R. Stinson,et al.  On Some Methods for Unconditionally Secure Key Distribution and Broadcast Encryption , 1997, Des. Codes Cryptogr..

[9]  Peter S. Kruus,et al.  A Survey of Multicast Security Issues and Architectures , 1998 .

[10]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 1998, SIGCOMM '98.

[11]  Joseph P. Macker,et al.  Techniques and issues in multicast security , 1998, IEEE Military Communications Conference. Proceedings. MILCOM 98 (Cat. No.98CH36201).

[12]  Zygmunt J. Haas,et al.  Securing ad hoc networks , 1999, IEEE Netw..

[13]  Charles E. Perkins,et al.  Multicast operation of the ad-hoc on-demand distance vector routing protocol , 1999, MobiCom.

[14]  Dilip D. Kandlur,et al.  Key management for secure lnternet multicast using Boolean function minimization techniques , 1999, IEEE INFOCOM '99. Conference on Computer Communications. Proceedings. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. The Future is Now (Cat. No.99CH36320).

[15]  Tsutomu Matsumoto,et al.  A Quick Group Key Distribution Scheme with "Entity Revocation" , 1999, ASIACRYPT.

[16]  Ran Canetti,et al.  Efficient Communication-Storage Tradeoffs for Multicast Encryption , 1999, EUROCRYPT.

[17]  Voon Chin Phua,et al.  Wireless lan medium access control (mac) and physical layer (phy) specifications , 1999 .

[18]  Moni Naor,et al.  Issues in Multicast Security: A Taxonomy and E cient Constructions , 1999, IEEE Conference on Computer Communications.

[19]  Eric J. Harder,et al.  Key Management for Multicast: Issues and Architectures , 1999, RFC.

[20]  Amit Sahai,et al.  Coding Constructions for Blacklisting Problems without Computational Assumptions , 1999, CRYPTO.

[21]  Chong-kwon Kim,et al.  Multicast tree construction and flooding in wireless ad hoc networks , 2000, MSWIM '00.

[22]  Reihaneh Safavi-Naini,et al.  Key Management for Secure Multicast with Dynamic Controller , 2000, ACISP.

[23]  Alan T. Sherman,et al.  Key Management for Large Dynamic Groups: One-Way Function Trees and Amortized Initialization , 2000 .

[24]  Gene Tsudik,et al.  Simple and fault-tolerant key agreement for dynamic collaborative groups , 2000, CCS.

[25]  Cem U. Saraydar,et al.  Paging area optimization based on interval estimation in wireless personal communication networks , 2000, Mob. Networks Appl..

[26]  Mohamed G. Gouda,et al.  Secure group communications using key graphs , 2000, TNET.

[27]  Ran Canetti,et al.  Efficient authentication and signing of multicast streams over lossy channels , 2000, Proceeding 2000 IEEE Symposium on Security and Privacy. S&P 2000.

[28]  Jiejun Kong,et al.  Providing robust and ubiquitous security support for mobile ad-hoc networks , 2001, Proceedings Ninth International Conference on Network Protocols. ICNP 2001.

[29]  Moni Naor,et al.  Revocation and Tracing Schemes for Stateless Receivers , 2001, CRYPTO.

[30]  Ran Canetti,et al.  Efficient and Secure Source Authentication for Multicast , 2001, NDSS.

[31]  Stefano Basagni,et al.  Secure pebblenets , 2001, MobiHoc '01.

[32]  Dawn Xiaodong Song,et al.  ELK, a new protocol for efficient large-group key distribution , 2001, Proceedings 2001 IEEE Symposium on Security and Privacy. S&P 2001.

[33]  Virgil D. Gligor,et al.  A key-management scheme for distributed sensor networks , 2002, CCS '02.

[34]  Chang-Jin Suh,et al.  On-Demand Multicast Routing Protocol in Multihop Wireless Mobile Networks , 2002, Mob. Networks Appl..

[35]  Matthew K. Franklin,et al.  Self-healing key distribution with revocation , 2002, Proceedings 2002 IEEE Symposium on Security and Privacy.

[36]  Sushil Jajodia,et al.  A comparative performance analysis of reliable group rekey transport protocols for secure multicast , 2002, Perform. Evaluation.

[37]  Sencun Zhu,et al.  LEAP: efficient security mechanisms for large-scale distributed sensor networks , 2003, CCS '03.

[38]  Dawn Xiaodong Song,et al.  Random key predistribution schemes for sensor networks , 2003, 2003 Symposium on Security and Privacy, 2003..

[39]  Donggang Liu,et al.  Efficient self-healing group key distribution with revocation capability , 2003, CCS '03.

[40]  Shouhuai Xu,et al.  Establishing pairwise keys for secure communication in ad hoc networks: a probabilistic approach , 2003, 11th IEEE International Conference on Network Protocols, 2003. Proceedings..

[41]  Alan T. Sherman,et al.  Key Establishment in Large Dynamic Groups Using One-Way Function Trees , 2003, IEEE Trans. Software Eng..

[42]  Radha Poovendran,et al.  Energy-aware secure multicast communication in ad-hoc networks using geographic location information , 2003, 2003 IEEE International Conference on Acoustics, Speech, and Signal Processing, 2003. Proceedings. (ICASSP '03)..

[43]  Yunghsiang Sam Han,et al.  A pairwise key pre-distribution scheme for wireless sensor networks , 2003, CCS '03.

[44]  Guevara Noubir,et al.  Secure multicast groups on ad hoc networks , 2003, SASN '03.

[45]  Donggang Liu,et al.  Establishing pairwise keys in distributed sensor networks , 2005, ACM Trans. Inf. Syst. Secur..

[46]  Shouhuai Xu,et al.  GKMPAN: An Efficient Group Rekeying Scheme for Secure Multicast in Ad-Hoc Networks , 2006 .