Topological Key Hierarchy for Energy-Efficient Group Key Management in Wireless Sensor Networks

A sensor network operating in open environments requires a network-wide group key for confidentiality of exchanged messages between sensor nodes. When a node behaves abnormally due to its malfunction or a compromise attack by adversaries, the central sink node should update the group key of other nodes. The major concern of this group key update procedure will be the multi-hop communication overheads of the rekeying messages due to the energy constraints of sensor nodes. Many researchers have tried to reduce the number of rekeying messages by using the logical key tree. In this paper, we propose an energy-efficient group key management scheme called Topological Key Hierarchy (TKH). TKH generates a key tree by using the underlying sensor network topology with consideration of subtree-based key tree separation and wireless multicast advantage. Based on our detailed analysis and simulation study, we compare the total rekeying costs of our scheme with the previous logical key tree schemes and demonstrate its energy efficiency.     

A Multi-service Group Key Management Scheme for Stateless Receivers in Wireless Mesh Networks

Wireless mesh networks facilitate the development of the many group oriented applications by extending the coverage area of the group communication. Group communication in a wireless mesh network is complicated due to dynamic intermediate mesh points, access control for communications between different administrative domains, and the absence of a centralized network controller. In this study, we propose a topology-matching decentralized multi-service group key management scheme for wireless mesh networks. It allows service providers to update and deliver their group keys to valid members in a distributed manner using the identity-based encryption scheme. The analysis result indicates that the proposed scheme has advantages with regard to the rekeying cost and storage overhead for a member and a mesh point in multi-sender group communication environments. The stateless property is also achieved such that a stateless member, who could not be constantly online, can easily decrypt the rekeying messages without recording the past history of transmission.     

Autonomic Group Key Management in Deep Space DTN

In deep space delay tolerant networks rekeying expend vast amounts of energy and delay time as a reliable end-to-end communication is very difficult to be available between members and key management center. In order to deal with the question, this paper puts forwards an autonomic group key management scheme for deep space DTN, in which a logical key tree based on one-encryption-key multi-decryption-key key protocol is presented. Each leaf node with a secret decryption key corresponds to a network member and each non-leaf node corresponds to a public encryption key generated by all leaf node’s decryption keys that belong to the non-leaf node’s sub tree. In the proposed scheme, each legitimate member has the same capability of modifying public encryption key with himself decryption key as key management center, so rekeying can be fulfilled successfully by a local leaving or joining member in lack of key management center support. In the security aspect, forward security and backward security are guaranteed. In the efficiency aspect, our proposed scheme’s rekeying message cost is half of LKH scheme when a new member joins, furthermore in member leaving event a leaving member makes tradeoff between computation cost and message cost except for rekeying message cost is constant and is not related to network scale. Therefore, our proposed scheme is more suitable for deep space DTN than LKH and the localization of rekeying is realized securely.     

LNT: A logical neighbor tree secure group communication scheme for wireless sensor networks

Secure group communication is a paradigm that primarily designates one-to-many communication security. The proposed works relevant to secure group communication have predominantly considered the whole network as being a single group managed by a central powerful node capable of supporting heavy communication, computation and storage cost. However, a typical Wireless Sensor Network (WSN) may contain several groups, and each one is maintained by a sensor node (the group controller) with constrained resources. Moreover, the previously proposed schemes require a multicast routing support to deliver the rekeying messages. Nevertheless, multicast routing can incur heavy storage and communication overheads in the case of a wireless sensor network. Due to these two major limitations, we have reckoned it necessary to propose a new secure group communication with a lightweight rekeying process. Our proposal overcomes the two limitations mentioned above, and can be applied to a homogeneous WSN with resource-constrained nodes with no need for a multicast routing support. Actually, the analysis and simulation results have clearly demonstrated that our scheme outperforms the previous well-known solutions.     

基于LKH混合树模型的新型组播密钥更新方案

安全组播是组播技术走向实用化必须解决的问题。在组成员动态变化时,设计一个高效的密钥管理方案是安全组播研究的主要问题。提出了一种基于新型混合树模型的组播密钥更新方案。该方案将GC的存储开销减小为4,同时,在成员加入或离开组时,由密钥更新引起的通信开销与nm保持对数关系(n为组成员数,m为每一族包含的成员数)。     

On optimal batch rekeying for secure group communications in wireless networks

Advances in wireless communications and mobile computing have led to the emergence of group communications and applications over wireless. In many of these group interactions, new members can join and current members can leave at any time, and existing members must communicate securely to achieve application-specific missions or network-specific functionality. Since wireless networks are resource-constrained, a key challenge is to provide secure and efficient group communication mechanisms that satisfy application requirements while minimizing the communication cost. Instead of individual rekeying, i.e., performing a rekey operation right after each join or leave request, periodic batch rekeying has been proposed to alleviate rekeying overhead in resource-constrained wireless networks. In this paper, we propose an analytical model to address the issue of how often batch rekeying should be performed. We propose threshold-based batch rekeying schemes and demonstrate that an optimal rekey interval exists for each scheme. We further compare these schemes to identify the best scheme that can minimize the communication cost of rekeying while satisfying application requirements when given a set of parameter values characterizing the operational and environmental conditions of the system. In a highly dynamic wireless environment in which the system parameter values change at runtime, our work may be used to adapt the rekeying interval accordingly.     

Efficient solutions to multicast routing in communication networks

An important problem in both wireless and wired communication networks is to be able to efficiently multicst information to a group of network sites. Multicasting reduces the transmission overhead of both wireless and wired networks and the time it takes for all the nodes in the subset to receive the information. Since transmission bandwidth is a scarce commodity especially in wireless networks, efficient and near minimum-cost multicast algorithms are particularly useful in the wireless context. In this paper, we discuss methods of establishing efficient and near minimum-cost multicast routing in communication networks. In particular, we discuss an efficient implementation of a widely used multicast routing method which can construct a multicast tree with a cost no greater than twice the cost of an optimal tree. We also present two efficient multicast tree constructions for a general version of the multicast routing problem in which a network consists of different classes of nodes, where each class can have one or more nodes of the same characteristic which is different from the characteristics of nodes from other classes. Because of their efficient running times, these multicast routing methods are particularly useful in the mobile communication environments where topology changes will imply recomputation of the multicast trees. Furthermore, the proposed efficient and near minimum-cost multicast routing methods are particularly suited to the wireless communication environments, where transmission bandwidth is more scarce than wired communication environments.Partially supported by NSF/LaSER under grant number EHR-9108765, by LEQSF grant number 94-RD-A-39, by NASA under grant number NAG 5-2842.     

安全组播密钥更新机制的研究

组播密钥更新策略的分类有多种，文中从更新消息的依赖性方面总结分析了三种类型的组播密钥更新机制，讨论了各种类型机制的特点，探讨和总结了组播密钥管理的研究现状和发展趋势。     

一种基于时间结构树的多播密钥管理方案

随着Internet的发展,多播通信技术得到了广泛的应用.其中组密钥管理是多播安全的核心问题.文中在分析已有研究的基础上,提出了一种基于时间结构树的密钥管理方案,采用周期性的密钥更新机制,通过安全滤波器分配新的组密钥,大大减少了密钥更新时的传输消息,提高了密钥更新的效率,实现密钥更新的可靠性.     

Self-healing group-wise key distribution schemes with time-limited node revocation for wireless sensor networks

In this article two novel group-wise key distribution schemes with time-limited node revocation are introduced for secure group communications in wireless sensor networks. The proposed key distribution schemes are based on two different hash chain structures, dual directional hash chain and hash binary tree. Their salient security properties include self-healing rekeying message distribution, which features a periodic one-way rekeying function with efficient tolerance for lost rekeying messages; and time-limited dynamic node attachment and detachment. Security evaluation shows that the proposed key distribution schemes generally satisfy the requirement of group communications in WSNs with lightweight communication and computation overhead, and are robust under poor communication channel quality.     

Host mobility key management in dynamic secure group communication

The key management has a fundamental role in securing group communications taking place over vast and unprotected networks. It is concerned with the distribution and update of the keying materials whenever any changes occur in the group membership. Wireless mobile environments enable members to move freely within the networks, which causes more difficulty to design efficient and scalable key management protocols. This is partly because both member location dynamic and group membership dynamic must be managed concurrently, which may lead to significant rekeying overhead. This paper presents a hierarchical group key management scheme taking the mobility of members into consideration intended for wireless mobile environments. The proposed scheme supports the mobility of members across wireless mobile environments while remaining in the group session with minimum rekeying transmission overhead. Furthermore, the proposed scheme alleviates 1-affect-n phenomenon, single point of failure, and signaling load caused by moving members at the core network. Simulation results shows that the scheme surpasses other existing efforts in terms of communication overhead and affected members. The security requirements studies also show the backward and forward secrecy is preserved in the proposed scheme even though the members move between areas.     

An efficient vertical handoff scheme for microcellular and macrocellular interworking

The next generation wireless network environments increasingly become integrated to support anywhere, anytime connectivity for various applications like multimedia, full‐motion video and high data rates with appropriate quality of service (QoS). With these emerging needs, interworking of microcellular and macrocellular networks has been accompanied by service providers. However, these networks have different technologies, which make efficient vertical handoff a challenging issue. In this study, an efficient vertical handoff scheme (EVHS) for interworking between microcellular and macrocellular networks is proposed and analyzed. The handoff decision criteria of the proposed scheme include crucial features like user mobility, network conditions, pricing issues, and user preferences in addition to the received signal strength (RSS). EVHS ensures the selection of the most appropriate network in terms of cost and acceptable QoS according to users' preferences. The results show that EVHS scheme outperforms other proposed schemes in the literature in terms of incompletion probabilities, grade of service (GoS) and cost without causing degradation in system utilization. Besides, although EVHS scheme is mainly intended for user satisfaction, the results show that it does not cause a significant degradation in the revenue of the service provider. Copyright © 2009 John Wiley & Sons, Ltd.     

QoS multicast routing by using multiple paths/trees in wireless ad hoc networks

In this paper, we investigate the issues of QoS multicast routing in wireless ad hoc networks. Due to limited bandwidth of a wireless node, a QoS multicast call could often be blocked if there does not exist a single multicast tree that has the requested bandwidth, even though there is enough bandwidth in the system to support the call. In this paper, we propose a new multicast routing scheme by using multiple paths or multiple trees to meet the bandwidth requirement of a call. Three multicast routing strategies are studied, SPT (shortest path tree) based multiple-paths (SPTM), least cost tree based multiple-paths (LCTM) and multiple least cost trees (MLCT). The final routing tree(s) can meet the user’s QoS requirements such that the delay from the source to any destination node shall not exceed the required bound and the aggregate bandwidth of the paths or trees shall meet the bandwidth requirement of the call. Extensive simulations have been conducted to evaluate the performance of our three multicast routing strategies. The simulation results show that the new scheme improves the call success ratio and makes a better use of network resources.     

An energy-efficient,distributed wireless multicast protocol based on concurrent CTS and <Emphasis Type="Italic">N</Emphasis><Superscript>2</Superscript> connectivity

Media acquisition process in wireless multicast requires that the sender obtains confirmation replies from a set of receivers. If replies are uncoordinated, the process can be much more time consuming than that of wireless unicast due to packet collisions. We propose a wireless multicast scheme that utilizes a novel concurrent Clear-To-Send (CTS) transmission method and a distributed multicast tree construction method. The concurrent CTS based MAC (Media Access Control) layer design can significantly reduce packet collisions and signaling overhead at the local cell level. Built on top of this new MAC layer protocol, we further propose a distributed multicast tree construction algorithm which grows the tree by maximizing the local multicast gain. The uniqueness of our algorithm is that the tree is constructed implicitly during the media access stage and the algorithm requires little additional message overhead. Extensive simulations are conducted to evaluate the performance of the proposed scheme. Our results indicate that the proposed scheme offers considerable improvement in multicast turnaround time and efficiency. The proposed scheme is also robust against network topology changes caused by node movements.     

路径洗牌算法：安全组播中一种高效的组密钥更新算法

安全组播通信使用组内所有成员共享的组密钥来加密通信内容.为了保障安全,密钥服务器需要在组成员关系改变时进行组密钥更新(rekey).由于组内成员关系的动态性和加解密操作的高代价,组密钥更新性能成为衡量组密钥管理性能的主要指标.基于密钥树(key tree)的组密钥更新方法已经被广泛地使用,并达到了对数级的组密钥更新代价.密钥树的结构需要保证平衡,否则最坏情况下组密钥更新的通信代价会达到O(n).该文提出了一种新的基于密钥树的路径洗牌算法PSA(Path Shuffling Algorithm),该算法能够将密钥树的平衡操作分散到一般的更新密钥操作中,减少了结构调整代价,从而提高了算法的性能.理论分析给出了该算法更新组密钥的平均通信代价,模拟实验也验证了这种算法更新组密钥的平均性能要优于其它同类算法.     

A scalable key‐management scheme with minimizing key storage for secure group communications

Recently, many group communication services have become the focus for future developments in the Internet and wireless network applications, such as video‐conferencing, collaborative work, networking games or online videos. In particular, these applications require data delivery from one sender to a large number of authorized receivers. Therefore, secure multicast communication will become an important networking issue in the future. Using a common encryption key only known by authorized members to encrypt transmitted data is a practical approach. But, whenever a group member joins or leaves the group, the common encryption key must be updated to ensure both past and future secrecy. As a result, minimizing key update communication cost and the key storage requirement of a group controller is a critical issue in a scalable and dynamically changing large group. A new key‐management scheme is proposed to reduce the key storage requirement of a group controller to a constant size, which is far better than that of the previously proposed schemes, while retaining the same key update communication cost. In addition, the correlation between the key storage requirement of each group member and key update communication cost are also presented. Copyright © 2003 John Wiley & Sons, Ltd.     

WSN中同构模型下动态组密钥管理方案

研究了同构网络模型的组密钥管理问题,首次给出了一个明确的、更完整的动态组密钥管理模型,并提出了一种基于多个对称多项式的动态组密钥管理方案。该方案能够为任意多于2个且不大于节点总数的节点组成的动态多播组提供密钥管理功能,解决了多播组建立、节点加入、退出等所引发的与组密钥相关的问题。该方案支持节点移动,具有可扩展性,并很好地解决了密钥更新过程中多播通信的不可靠性。组成员节点通过计算获得组密钥,只需要少量的无线通信开销,大大降低了协商组密钥的代价。分析比较认为,方案在存储、计算和通信开销方面具有很好的性能,更适用于资源受限的无线传感器网络。     

Multicast Routing in Wireless Mesh Networks: Minimum Cost Trees or Shortest Path Trees?

There exist two fundamental approaches to multicast routing: shortest path trees (SPTs) and minimum cost trees (MCTs). The SPT algorithms minimize the distance (or cost) from the sender to each receiver, whereas the MCT algorithms minimize the overall cost of the multicast tree. Due to the very large scale and unknown topology of the Internet, computing MCTs for multicast routing in the Internet is a very complex problem. As a result, the SPT approach is the more commonly used method for multicast routing in the Internet, because it is easy to implement and gives minimum delay from the sender to each receiver, a property favored by many real-life applications. Unlike the Internet, a wireless mesh network (WMN) has a much smaller size, and its topology can be made known to all nodes in the network. This makes the MCT approach an equally viable candidate for multicast routing in WMNs. However, it is not clear how the two types of trees compare when used in WMNs. In this article we present a simulation-based performance comparison of SPTs and MCTs in WMNs, using performance metrics, such as packet delivery ratio, end-to-end delay, and traffic impacts on unicast flows in the same network.     

On Integrated Location and Service Management for Minimizing Network Cost in Personal Communication Systems

We investigate the notion of per-user integrated location and service management in personal communication service (PCS) networks by which a per-user service proxy is created to serve as a gateway between the mobile user and all client-server applications engaged by the mobile user. The service proxy is always colocated with the mobile user's location database such that whenever the MU's location database moves during a location handoff, a service handoff also ensues to colocate the service proxy with the location database. This allows the proxy to know the location of the mobile user all the time to reduce the network communication cost for service delivery. We investigate four integrated location and service management schemes. Our results show that the centralized scheme performs the best when the mobile user's SMR (service to mobility ratio) is low and CMR (call to mobility ratio) is high, while the fully distributed scheme performs the best when both SMR and CMR are high. In all other conditions, the dynamic anchor scheme is the best except when the service context transfer cost is high, under which the static anchor scheme performs the best. Through analytical and simulation results, we demonstrate that different users with vastly different mobility and service patterns should adopt different integrated location and service management methods to optimize system performance. Further, the best integrated scheme always performs better than the best decoupled scheme that considers location and service managements separately and management schemes that do not use any service proxy.     

Dynamic key management in sensor networks

Numerous key management schemes have been proposed for sensor networks. The objective of key management is to dynamically establish and maintain secure channels among communicating nodes. Desired features of key management in sensor networks include energy awareness, localized impact of attacks, and scaling to a large number of nodes. A primary challenge is managing the trade-off between providing acceptable levels of security and conserving scarce resources, in particular energy, needed for network operations. Many schemes, referred to as static schemes, have adopted the principle of key predistribution with the underlying assumption of a relatively static short-lived network (node replenishments are rare, and keys outlive the network). An emerging class of schemes, dynamic key management schemes, assumes long-lived networks with more frequent addition of new nodes, thus requiring network rekeying for sustained security and survivability. In this article we present a classification of key management schemes in sensor networks delineating their similarities and differences. We also describe a novel dynamic key management scheme, localized combinatorial keying (LOCK), and compare its security and performance with a representative static key management scheme. Finally, we outline future research directions.