Research Article
Effective Rekeying Architecture for Dynamic Multicast Group
Department of CSE, Sona College of Technology, Salem-636 005, India
R.S.D. Wahidabanu
Department of CSE, Govt. College of Engineering, Salem-636 011, India
Secure group communication is an increasingly popular research area, which has been receiving much attention in recent years. As a rapid growth of the internet, the need for simultaneous delivery of data to multiple recipients also increases. The scalable solution for this is multicast communication. Multicast (Judge and Ammar, 2003; Yacine et al., 2005) is a set of technologies which is used to deliver data to multiple recipients in an efficient manner. The lightweight join model, which is advantageous for many applications, also influences several security issues. As the group membership is open, any interested host can join the multicast session without any interference which provides many possibilities for eavesdropping. Furthermore, any malicious host can occupy the resources by joining the group, which may degrade the performance. Group key management and multicast receiver access control (Judge and Ammar, 2002a) are the solutions proposed to guard against these attacks. Another serious problem is multicast model can transfer any amount of data delivered to the multicast address to the entire group. This indicates that any host can send data to the multicast group which leads to the following vulnerabilities. The group members must verify that the message is from intended source. This functionality is very well proposed by multicast source authentication (Perring et al., 2001) solutions and the next issue is unauthorized data must be eventually avoided from being delivered to the multicast group members. Thus denial of service attacks may be restricted by implementing multicast sender access control. The directive and beneficiary feature of multicast is that all members receive all packets send to the group which makes no individualization of the received data. Sometimes individualization can be used to provide security with the help of fingerprinting. Fingerprinting (Judge and Ammar, 2000b) is the technique in which receiver information is embedded along with the data to prevent unauthorized duplication and propagation of data. However fingerprinting used in unicast environment do not efficiently work in multicast environment because multiple user share the same identity. So the proposed multicast fingerprinting techniques aim at providing a unique fingerprinting in a multicast environment which ensures the efficiency of the technique.
The focus of this study is to propose a viable key management protocol for highly dynamic groups. The proposed protocol considers the following constrains, work well in both small and large groups, as well as static and dynamic groups. Achieve better efficiency compared to the existing protocols, in terms of the number of rekey operations while joining to or leaving from the group. Reduce overhead on the central server of the group and distribute key computing responsibilities across the group. Compute the new keys and transmit them only when ever required. It reduces the number of times a new key is generated such that the network is not overloaded with keys.
KEY MANAGEMENT
The notion of key management is secure distribution of secret key between legitimate users. Because of the unique property of multicast the same solution applied for unicast cannot be applied for multicast. The important property of key management is dynamics and scalability. Key has to be updated whenever any change in the membership to assure forward and backward secrecy. Once the member has left the group, probability of revealing the key is high. To ensure secrecy, group key needs to be updated. Also single change in membership should not affect the entire group, which assures scalability. There are several architectures existing for key management. Each one serves for different applications. In centralized (Blundo et al., 1998; Harney and Muckenhirn, 1997) architecture, a single server generates the secret key and distributes them to all the members of the group, but it fails to address the issue availability. As it depends on single node, protocol can not be used if the node fails. The problem of distributed (Caronni et al., 1998) architecture is to trust all the nodes. Trusting all the members is vulnerable to security attacks inside the group. In dynamic groups, providing scalability is very difficult, this also increases computational overhead whenever there is a change in group. The goals of the key management (Steiner et al., 1998) are to ensure that the knowledge of group key is restricted to group members only and secret keys are updated regularly to avoid key compromises from prior session keys. Lastly reduces the utilization of resources, like storage overhead and bandwidth utilization. To achieve these goals the proposed architecture uses tree based key hierarchy architecture (Wallner et al., 1999; Wong et al., 1997).
PROPOSED ARCHITECTURE
As the members join and leave the group at their will without any explicit information to other group members, the process of key management become very complex. In order to maintain forward and backward secrecy (group members are only able to read the content) secret key has to be updated whenever any change in the group, which leads to significant computational overhead. To reduce that, proposed subgroup approach uses two keys by intermediate nodes as it participates in two subgroups. One key is used to commune with its parent and another key is to commune with its children. Key sharing problem is eliminated by using Diffie-Hellman key agreement protocol. Every subgroup member distributes their share to generate the secret keys using this protocol. If there is any change in the group, it is enough to change the secret key of few subgroups.
Fig. 1: | Subgrouping key structure |
Fig. 2: | Key structure for member join event |
In this proposed architecture tree structure is used for key distribution. Each node in the tree represents a secret key share and the members are associated with the leaf nodes. To reduce the rekeying update, subgrouping approach is used. Figure 1 shows U1, U2 and I1 form a subgroup S1, similarly two more subgroups S2, S3 are formed. Each node will contribute their share to generate the secret for that subgroup. Diffie-Hellman protocol is used to compute the secret key. For the subgroup S1 using the contribution of k4, k5 and k21 secret key of the subgroup is generated. For subgroup S3 shares k22, k32 and k1 are used. I1 has two keys k, k1 one is commune with root and another is used to commune with its leaf node.
The advantage is if any change in the membership, it is enough to change secret key of few subgroups only.
Key structure for member join event: If any new member joins the group, it sends the request to the server. The server finds a proper place for new member in the tree. If the insertion point is the right most node, only that particular subtrees secret key needs to be updated. Otherwise if the tree is balanced the new member creates intermediate node and join as its leaf node. Figure 2 shows new member U5 wants to join in the tree, it creates intermediate node I3 and new subgroup is formed. Now secret key of subgroup S1 need to be updated using the shares k21, k81 and k5, secret key of the subgroup S11 has to be generated using the shares k82, k4 and k8 and rest of the tree remains unaltered.
Key structure for member leave event: It is the simplest process when compared to member joins. The user contacts the server when he decided to leave the group. The server may remove the existing parent node of the user who decided to leave and deletes his leaf node. Then it generates the rekey message and updates its parent. In Fig. 3 the member U4 wants to leave. Therefore, the node U4 and its parent are removed from the tree. The Sibling node U3 is attached to the root. Now the secret key of S31 is updated using the shares k1, k22 and k6.
Fig. 3: | Key structure for member leave event |
PERFORMANCE ANALYSIS
Table 1 shows comparison of different key management schemes. It indicates that the proposed protocol combines the advantage of both the methods hierarchical and Iolus (Mittra 1997).
Table 1: | Comparison of different key management schemes |
Fig. 4: | Join delay comparison |
Fig. 5: | Leave delay comparison |
As it uses symmetric key management the encryption overhead is also considerably reduced, where as the key sharing problem is eliminated by Diffie-Hellman protocol (Schneier 1996). Also the table shows that the existing method has less rekeying overhead. The analysis of the communication cost in terms of delay between the proposed protocol and other group key agreement protocols including Group Diffie- Hellman (Steiner et al., 2000) (GDH) and Brumester-Desmedt (BD) (Burmester and Desmedt, 1998) is made. The results are shown in the graph for join and leave events. Delay is calculated as the time required by the node to join the group and to compute the secret key.
Join operation: Figure 4 shows the comparison for the member join operation for different protocols. In our protocol as the key updation need not be propagated to the entire tree, it has less delay. As the Group Diffie-Hellman involves many modular exponentiations, the delay is very high. Brumester-Desmedt also has more delay, as the hidden cost is of major concern.
Leave operation: Figure 5 shows the delay required by different protocols for leave operation. As BD needs to restart whenever, there is a change in membership, delay is significantly high. GDH also involve considerable delay. But in the proposed method delay is very minimal as it needs to update only few subgroups.
The proposed key management protocol is secure, scalable and efficient. Subgrouping approach is used to reduce the key updation overhead. By using two keys at the intermediate nodes, key updation is restricted only to the specific subgroups where the membership change occurred. This multicast key management protocol has less computational and communication cost of group rekeying than the previous schemes and also it is effective for large and highly dynamic multicast group.