Group communication is widely used by most of the emerging network applications like telecommunication, video conferencing, simulation applications, distributed and other interactive systems. Secured group communication plays a vital role in case of providing the integrity, authenticity, confidentiality, and availability of the message delivered among the group members with respect to communicate securely between the inter group or else within the group. In secure group communications, the time cost associated with the key updating in the proceedings of the member join and departure is an important aspect of the quality of service, particularly in the large groups with highly active membership. Hence, the paper is aimed to achieve better cost and time efficiency through an improved DC multicast routing protocol which is used to expose the path between the nodes participating in the group communication. During this process, each node constructs an adaptive Ptolemy decision tree for the purpose of generating the contributory key. Each of the node is comprised of three keys which will be exchanged between the nodes for considering the group key for the purpose of secure and cost-efficient group communication. The rekeying process is performed when a member leaves or adds into the group. The performance metrics of novel approach is measured depending on the important factors such as computational and communicational cost, rekeying process and formation of the group. It is concluded from the study that the technique has reduced the computational and communicational cost of the secure group communication when compared to the other existing methods.
With the explosive growth of internet and the increasing power of computers, and communication networks, many new applications are emerging and many of them are based on group communications. Examples of group communications are interest groups, live and on-demand media, video conferences and online distributed games. Secure group communications which is provided by sheer confidentiality, authenticity and integrity of messages communicated between group members is a critical networking issue. In group communications, the usage of efficient protocols such as multicast could reduce network congestion. The rapid progress in the technologies underlying multicast networking has led to the deployment of many multicast services, such as streaming stock quotes and multimedia services. When members of a multicast group need to receive the same information securely or allowed to join or leave the group dynamically, the security entails not only the distribution of secret among many, but may also be concerned with confidentiality of information as the membership changes. Group communication applications use Internet Protocol multicast for the transfer of data to all the group members using minimum resources. Efficiency is achieved because messages need to be transmitted once and they traverse any link between two nodes only once, hence saving bandwidth. This contrasts with unicast-based group communication where the sender has to transmit multiple copies of the same message from one point to another point. However, a scalable IP multicast does not provide mechanisms to limit the access control. The security challenge for a multicast is by providing an effective method for controlling access to the group and its message that is as efficient as the underlying multicast.
Secure group communication is the method that provide privacy, genuineness and truthfulness of the messages communicated between the group members which is a critical network problem. In group communications, the usage of efficient protocols reduce the network congestion. The rapid development in the technologies of basic multicast networking has led to the exploitation of many multicast services, such as stream supply quotes and multimedia services. When the members of a group need to receive the same information securely or allowed to join or leave the group dynamically, the security involves not only the distribution of a secret among many, but may also be concerned with the privacy of information when the membership gets changed. Group communication applications use Internet Protocol to transmit data to all the group members using least amount of the resources. Efficiency is achieved only if the messages are transmitted once and they pass through any link between two nodes only once and saving the bandwidth. In contrast with the unicast-based group communication where the sender has to transmit multiple copies of the same message from one point to another point. The security challenge of the multicast is the process of providing an effective method for controlling access to the group and its key.
In recent days, several applications or computers collectively communicate, providing shared access to the application, files etc. get misused in the internet. Secure multicasting is used in many of these applications. Privacy and authentication must be important in the process of the group key management. Access to the message by the unauthorized users can be restricted by the use of cryptographic encryption and selective distribution of the keys used to encrypt group information. Many secure group communications depend on the secret shared by the group members called as the group key. The encryption of the message using a group key which is known only to the intended recipients ensures its privacy. Although the encryption process will provide a privacy and information protection, a number of security risk associated with the integrity and secrecy of the encryption keys cannot be handled without the effective key management. Hence to ensure the right of entry control in dynamic multicast groups where members join and leave, the group keys need to be updated only then the key won’t get misused by the unauthorized user. Otherwise, it poses a threat on forward and backward secrecy of the multicast communication.
Managing a set of secure group keys and group dynamics are the fundamental building blocks for the secure group communication systems. All the group members can make use of a shared group key to decrypt the communicated information. The Session Encryption Key (SEK) is established either by a server or a key that is more common. The schemes that involve a centralized key server are called as the centralized key management schemes and the centralized key server is called as the Key Distribution Center (KDC). In such schemes, the KDC is the single entity that is employed for controlling the whole group. Hence a group key management protocol aims to minimize in terms of storage requirements, computational complexity on both the sides
The key management plays an important role and it chains the establishment and maintenance of key relationships between valid users as per the security policy enforced on the group. It includes methods and measures that can provide some provisions such as member identification and authentication, access control, generation, distribution and installation of key material. Key storage and key update are two important processes in the key management system. A key management scheme should tackle the overheads due to this process. A successful group-oriented multicast with right access manages the mechanism that can be attained by the appropriate update of the group key if there is a change in the membership. Rekeying is a mechanism that will change the affected keys. As the size of the group grows and/or the rate of membership change get increased, the frequency of rekeying becomes the primary bottleneck. Batch rekeying has been proposed to alleviate the problem of the frequent rekeying, where the key server waits for a period of time called rekeying period and then processes the rekeying procedure.
The use of periodic rekeying batch improves both the efficiency and the out-of-sync problem. Then the time efficiency of the causal key agreement is the important aspect. The time efficiency is calculated by the dispensation of time in group key establishment and update necessarily. In order to participate in the group communications, a joining new user has to wait in anticipation and the group key will need to be updated. Since computing cryptographic primitives and exchanging rekeying messages are still time-consuming processes, the waiting time is not minor in such cases. Similarly, the amount of time wanted to recompute a new group key reflects a tedious task on the other side. Thus, from a quality-of-service perspective, the rekeying time cost is directly related to the satisfaction of the users and the performance of the systems. Traditionally, the rekeying time difficulty is being analyzed only in terms of one join or leaving the event. Whereas, in this study, the perspective has been changed to look into the combination of multiple events and optimize the time cost over the membership. In order to improve the time efficiency, a new key tree topology with join and exit sub-trees are involved. With this key tree topology, an update is made on the member who joins and leaves. The rest of the session in the paper are organized as 2. Related Work, 3. Problem statement, 4. Proposed Methodology, 5. Member Join and member Leave 6. Results and 7. Conclusion.
Appolini [
Sharma et al. [
Engle et al. [
The first main drawback of the group communication is the costing of the key generation and the communication security. Keying relationships need to maintain the confidentiality throughout the process. When a member leaves or joins in a group, the rekeying process should be done. But the cost of the rekeying is also very high. So, there is a need of an efficient method to overcome the cost and the security in the group communication process.
The main aim of this paper work is to design a robust cost-effective secure group communication by Ptolemy decision tree technique. In the study, the star topology was implemented and all the nodes were scattered around the central hub point. By the implementation of the star topology, the group communication could occur in a secure and an efficient way. Due to the employment of routing algorithm, each node could be assigned as a separate core active member. The active and the passive member in the group could be merged depending on the protocol. An efficient algorithm was proposed to construct a group key by using the adaptive Ptolemy decision tree and assigned an individual value for each node in the tree. In addition to that, the adaptive Ptolemy decision tree was constructed. The
Star networks are one of the most common computer network topologies. In its simplest form, a star network is consisted of one central switch, hub or computer, which act as a medium for transmitting the messages. It is also consisted of a central node, to which all the other nodes are connected; this central node provides a common connection point for all nodes through a hub. In star topology, every node is connected to a central node called a hub or a switch. The switch is the server and the peripherals are the clients. Thus, the hub and leaf nodes, and the transmission lines between them, form a graph with the topology of a star
Notations | Descriptions | Type |
---|---|---|
S | Identification of the node | Integer |
ST | Type of the node | CAM,AM,PM |
PATH | List of the path | Integer array |
CK | Contributory key | Integer |
a,b | Key pairs | Integer |
GK | Group key | Integer |
Pkey | Private key | Integer |
Status | Node status | String |
Max hop count | Maximum hop count | Integer |
H count | Hop count | Integer |
In this paper, we assume that the nodes are arranged in the star topology and the nodes are classified into three different categories as Core Active Member, Active Member and a Passive Member using the Node Type algorithm. The
By implementing the DCMP protocol, the joining of an average member will be represented as
Similarly, the leaving time of the user is represented by
Let
The overall processing time is represented by,
Then the weighted average of
The join and the exit of the tree technique are of binary tree technique depending upon the DCMP protocols. whereas, in this study, the new user can be added to join the tree and if the tree reaches its maximum capability, all the users get shifted or relocated to the main tree, The
Moreover, the core active member and the active member will create a join request message and the message can be sent to all one hop neighbors in the network. While receiving the join request message, the core-active members forward the message to the hop neighbors After that, checking process will occur whether the member (node identifier Nid) is already present in the path list or not. The receiving nodes will set the status as ACK or NACK and send the reply message to the source node through the reverse path. If each node append the node id, the R path will start generating the message for the source Sid. The R-path will generate the group key using the Ptolemy decision tree algorithm and it can construct a Ptolemy decision tree.
Each of the individual node can generate the key. Triplets of the nodes are passed to the Ptolemy tree to build a contributory key. In this Adaptive Ptolemy decision tree, the constants a, b, c, and d are considered for the study of Ptolemy theorem (AC.BD=AB.CD+BC.AD). Values are assigned Computation of each node is calculated as Finally, a triplet of key will get exchanged among the nodes.
Blowfish is a symmetric block cipher which is used as a drop-in replacement for DES or IDEA. It takes a variable-length key from 32 bits to 448 bits by making it ideal for encryption and decryption purpose which is distinctly shown in
Assign the value of alphabets as A = −1, B = −2, …, M = −13 and N = 13, O = 12, …, Z = 1. Get the message for Encryption. Let the message be W1,W2, …, Wn where, n is the number of words in the message. Use point 1, assign each character in W1,W2, …, Wn to digit, separated by spaces between the characters and the words. Draw Cyclic Square Matrix with characters in Wi for each i = 1, 2, … n Calculate the number of characters in a word, η(Wi) for each i = 1, 2, …, n Construct diagonal matrix, D(Am), m = 1, 2, …, i with Am values along diagonals and find D(Am) – η(Wi)Iη(Wi) for all i = 1, 2, …, n and m = 1, 2, …, i The key is D(Am) –η(Wi) Iη(Wi)) for all i = 1, 2, …, n and m = 1, 2, …, i separated by commas.
Get the decryption key D(Am) –η(Wi) Iη(Wi) ) for all i =1, 2, …, n and m = 1, 2, …, i separated by commas. Assign b and E. Compute the value ki implying the first digit of Bi which is the kith character of the ith word of the decryption key.
3. Align Ci, i = 1, 2, … , n in the cyclic order along with the value kith order and rephrase to the order from 1st to ith digits.
4. Use point 1 in the Encryption algorithm and assign digits to each character.
5. The decrypted value is obtained. The preliminaries that are chosen are associated in the order of each number to each alphabet as mentioned.
For the purpose of encryption and decryption, the coding of an apple is −1,11#11#−12…−5−
New node will join the group with a new id If newST==CAM or the AM,the new member can perform the group activity New node search for a hop neighbor or the core active member in the network, After joining, the new node can be communicated with any other node by exchanging the triplet of the keys The encryption or the decryption can be performed using the group key securely among the nodes.
It is mainly estimated that the duration of the staying time helps in the reduction of the cost in the method of rekeying operation during the process of leaving. Also, it consists of four parts; 1. Batch Movement, 2. User Insertion in the Exit Tree 3. Optimal Exit Tree Capacity and 4. Activation of Exit Tree
In the batch movement, the users will be generally moved from the main tree to the exit tree. This method does not affect the group key communication and after that, the insertion node should be selected in the exit tree for the maintenance of balance in the exit tree. Then, the parent node and the user node of the leaving user should be deleted. The average leaving time of the user has to be calculated using simple key tree. By comparing the results of the reduction in the average leave of the member, the time should be calculated. If the node wants to leave the group, they can send a leave request message to all the nodes in the group to get the acceptance from all the other nodal members in the group. Leave req (Nid,Path,Type,n) After sending a leave request, the other nodes in the group will send a reply (ACK) to the source node Reply ACK(Nid,RPATH.Status) During the reply process, the reply message should be stored in the Nid, so that the information of the leaver should be removed easily.
In the paper, the Adaptive Ptolemy decision tree technique was represented in a general way for the purpose of secure and cost-efficient key distribution. The performance of the Ptolemy decision tree was evaluated for improving the efficiency of the group communication. In order to prove the results, the comparison was made between the other existing methods.
Whenever a member leaves or joins the group, there is a change in the database which is notified once for each change. Hence, only one message is appropriate for any change in the network
Techniques | Join | Leave |
---|---|---|
OFT | Log n + 1 | |
LKH | 2 |
2 log n |
CEGKMS | 1 | 1 |
APDT(proposed) | Log 1.5 | Log 1.5 |
The
There is a rekeying process in the APDT where the group key remains the same for any change in the number of members ensuring the securities. If there is any change in the group, the rekeying process will take place.
Techniques | Join | Leave |
---|---|---|
OFT | Log n + 1 | |
LKH | 2 |
2 log n |
CEGKMS | 1 | 1 |
APDT(proposed) | Log 1.5 | Log 1.5 |
The
The APDT technique is a suitable choice in reducing the key costing problem whenever a user joins or leaves the group. From the interpretations of the research, it was very clear that the results were proved to be better when compared to the other existing methods. In addition to that, the cost-efficiency of the technique was the main advantage which was observed from the group communication processes. Thus, from the analysis and the comparisons of the study, APDT is proved to be the efficient key management scheme and provided well organized security for the data communications.