Self-healing group key distribution with time-limited node revocation for wireless sensor networks

A novel key distribution scheme with time-limited node revocation is proposed for secure group communications in wireless sensor networks. The proposed scheme offers two important security properties: the seal-healing re-keying message distribution which features periodic one-way re-keying with implicitly authentication, efficient tolerance for the lost re-keying messages, and seamless Traffic Encryption Key (TEK) switch without disrupting ongoing data transmissions; and the time-limited dynamic node attachment and detachment, so that both forward and backward secrecy is assured by dual directional hash chains. It is shown that the communication and computation overhead of the proposed protocol is light, and the protocol is robust under poor communication channel quality and frequent group node topology change.     

On optimal batch rekeying for secure group communications in wireless networks

Advances in wireless communications and mobile computing have led to the emergence of group communications and applications over wireless. In many of these group interactions, new members can join and current members can leave at any time, and existing members must communicate securely to achieve application-specific missions or network-specific functionality. Since wireless networks are resource-constrained, a key challenge is to provide secure and efficient group communication mechanisms that satisfy application requirements while minimizing the communication cost. Instead of individual rekeying, i.e., performing a rekey operation right after each join or leave request, periodic batch rekeying has been proposed to alleviate rekeying overhead in resource-constrained wireless networks. In this paper, we propose an analytical model to address the issue of how often batch rekeying should be performed. We propose threshold-based batch rekeying schemes and demonstrate that an optimal rekey interval exists for each scheme. We further compare these schemes to identify the best scheme that can minimize the communication cost of rekeying while satisfying application requirements when given a set of parameter values characterizing the operational and environmental conditions of the system. In a highly dynamic wireless environment in which the system parameter values change at runtime, our work may be used to adapt the rekeying interval accordingly.     

A cost‐effective attack matrix based key management scheme with dominance key set for wireless sensor network security

To guarantee the proper functionality of wireless sensor network even in the presence of the potential threats, a well‐designed key management scheme is very important. The assumptions about attackers critically influence the performance of security mechanisms. This paper investigates the problem of node capture from adversarial view point in which the adversary intelligently exploits the different vulnerabilities of the network to establish a cost‐effective attack matrix. To counteract such attacks, the defender or the network designer constructs similar attack matrix. The defender will identify a set of critical nodes and use the key compromise relationship to assign a key dominance rank to each node of the network. The key dominance rank quantifies the possibility of attack on a particular node. It is used to determine the hash chain length. It is also used to improve the security of path key establishment as well as rekeying of the proposed scheme. The performance of the proposed scheme is analyzed with other existing schemes, and it is shown that it outperforms with increased resilience against node capture, reduced number of hash computations, reduced key compromise probability of proxy nodes, and reduced number of revoked links during rekeying process.     

One-way hash chain-based self-healing group key distribution scheme with collusion resistance capability in wireless sensor networks

In order to resolve the collusion resistance problem in the one-way hash chain-based self-healing group key distribution schemes and improve the performance of previous self-healing group key distribution schemes, we propose a self-healing group key distribution scheme based on the revocation polynomial and a special one-way hash key chain for wireless sensor networks (WSNs) in this paper. In our proposed scheme, by binding the time at which the user joins the group with the capability of recovering previous group session keys, a new method is addressed to provide the capability of resisting the collusion attack between revoked users and new joined users, and a special one-way hash chain utilization method and some new methods to construct the personal secret, the revocation polynomial and the key updating broadcast packet are presented. Compared with existing schemes under same conditions, our proposed scheme not only supports more revoked users and sessions, but also provides a stronger security. Moreover, our proposed scheme reduces the communication overhead, and is especially suited for a large scale WSN in bad environments where a strong collusion attack resistance capability is required and many users will be revoked.     

LNT: A logical neighbor tree secure group communication scheme for wireless sensor networks

Secure group communication is a paradigm that primarily designates one-to-many communication security. The proposed works relevant to secure group communication have predominantly considered the whole network as being a single group managed by a central powerful node capable of supporting heavy communication, computation and storage cost. However, a typical Wireless Sensor Network (WSN) may contain several groups, and each one is maintained by a sensor node (the group controller) with constrained resources. Moreover, the previously proposed schemes require a multicast routing support to deliver the rekeying messages. Nevertheless, multicast routing can incur heavy storage and communication overheads in the case of a wireless sensor network. Due to these two major limitations, we have reckoned it necessary to propose a new secure group communication with a lightweight rekeying process. Our proposal overcomes the two limitations mentioned above, and can be applied to a homogeneous WSN with resource-constrained nodes with no need for a multicast routing support. Actually, the analysis and simulation results have clearly demonstrated that our scheme outperforms the previous well-known solutions.     

Topological Key Hierarchy for Energy-Efficient Group Key Management in Wireless Sensor Networks

A sensor network operating in open environments requires a network-wide group key for confidentiality of exchanged messages between sensor nodes. When a node behaves abnormally due to its malfunction or a compromise attack by adversaries, the central sink node should update the group key of other nodes. The major concern of this group key update procedure will be the multi-hop communication overheads of the rekeying messages due to the energy constraints of sensor nodes. Many researchers have tried to reduce the number of rekeying messages by using the logical key tree. In this paper, we propose an energy-efficient group key management scheme called Topological Key Hierarchy (TKH). TKH generates a key tree by using the underlying sensor network topology with consideration of subtree-based key tree separation and wireless multicast advantage. Based on our detailed analysis and simulation study, we compare the total rekeying costs of our scheme with the previous logical key tree schemes and demonstrate its energy efficiency.     

Predistribution and local collaboration-based group rekeying for wireless sensor networks

When a sensor network is deployed in a hostile environment, an adversary may launch such attacks as eavesdropping the communications and compromising sensor nodes. Using the compromised nodes, he may inject false sensing reports or modify the reports sent by other nodes. To defend against these attacks, researchers have proposed symmetric group key-based schemes. In these schemes, however, if a large number of nodes are compromised, many (sub)group keys will be revealed. This greatly endangers the filtering schemes, making them very ineffective or even useless. To address this problem, we propose a family of predistribution and local collaboration-based group rekeying (PCGR) schemes, which update the compromised group keys to prevent the compromised nodes from understanding the communications between noncompromised nodes or injecting false data. These schemes are designed based on a simple while controversial idea – preload future group keys into sensor nodes before their deployment. To protect the preloaded keys from being disclosed by compromised nodes, we propose a novel technique that requires neighboring nodes to collaborate to derive the future group keys. To the best of our knowledge, our schemes are the first set of distributed group rekeying schemes for sensor networks without involving online key servers. Extensive analysis and simulations are conducted to evaluate the proposed schemes, and the results show that the proposed schemes can achieve a good level of security, outperform several previous group rekeying schemes, and significantly improve the effectiveness of false data filtering.     

Autonomic Group Key Management in Deep Space DTN

In deep space delay tolerant networks rekeying expend vast amounts of energy and delay time as a reliable end-to-end communication is very difficult to be available between members and key management center. In order to deal with the question, this paper puts forwards an autonomic group key management scheme for deep space DTN, in which a logical key tree based on one-encryption-key multi-decryption-key key protocol is presented. Each leaf node with a secret decryption key corresponds to a network member and each non-leaf node corresponds to a public encryption key generated by all leaf node’s decryption keys that belong to the non-leaf node’s sub tree. In the proposed scheme, each legitimate member has the same capability of modifying public encryption key with himself decryption key as key management center, so rekeying can be fulfilled successfully by a local leaving or joining member in lack of key management center support. In the security aspect, forward security and backward security are guaranteed. In the efficiency aspect, our proposed scheme’s rekeying message cost is half of LKH scheme when a new member joins, furthermore in member leaving event a leaving member makes tradeoff between computation cost and message cost except for rekeying message cost is constant and is not related to network scale. Therefore, our proposed scheme is more suitable for deep space DTN than LKH and the localization of rekeying is realized securely.     

An Enhanced Hierarchical Key Management Scheme for MANETs

Security is one of the major issues in Mobile Ad-hoc Networks (MANETs). Their natural characteristics make them vulnerable to numerous severe attacks. In this paper, we present an enhanced hierarchical key management scheme for secure group communications in MANETs. The proposed approach primarily aims at improving security and complexity, especially complexity in the level of ordinary members for joining or leaving processes to achieve the most possible dynamic characteristic of MANETs without neglecting network security. The proposal scheme is designed with the potential of developing an efficient model interested in keying applied on hierarchical structure to increase the security and make no need to apply rekeying of all group members in different sub-levels as made by hierarchical key management scheme (HKMS). Also, it reduces complexity of processing load, memory usage and improves resources. In the proposed model, each communication between two nodes have a unique key to make it more secure with encrypting messages by different keys for more than one time and support node flexibility. Experiments are carried out on the proposed scheme to show the effect of complexity on each node in different grades and results are compared with traditional HKMS.     

一种改进的TLCH组播密钥管理方案

TLCH协议是一个适用于安全组播通信且可扩展性较好的组播密钥管理协议。它基于LKH的思想,采用双层的控制者的层次结构,并使用单向函数进行密钥更新,达到了较低的计算开销。使用hash函数对TLCH组播密钥管理方案中成员加入时的密钥更新算法进行改进。与原来的TLCH相比,改进后的TLCH可以进一步降低了通信开销。     

A scalable multicast key management scheme for heterogeneous wireless networks

Secure multicast applications require key management that provides access control. In wireless networks, where the error rate is high and the bandwidth is limited, the design of key management schemes should place emphasis on reducing the communication burden associated with key updating. A communication-efficient class of key management schemes is those that employ a tree hierarchy. However, these tree-based key management schemes do not exploit issues related to the delivery of keying information that provide opportunities to further reduce the communication burden of rekeying. In this paper, we propose a method for designing multicast key management trees that match the network topology. The proposed key management scheme localizes the transmission of keying information and significantly reduces the communication burden of rekeying. Further, in mobile wireless applications, the issue of user handoff between base stations may cause user relocation on the key management tree. We address the problem of user handoff by proposing an efficient handoff scheme for our topology-matching key management trees. The proposed scheme also addresses the heterogeneity of the network. For multicast applications containing several thousands of users, simulations indicate a 55%-80% reduction in the communication cost compared to key trees that are independent of the network topology. Analysis and simulations also show that the communication cost of the proposed topology-matching key management tree scales better than topology-independent trees as the size of multicast group grows.     

High Performance Group Merging/Splitting Scheme for Group Key Management

The group merging/splitting event is different to the joining/leaving events in which only a member joins or leaves group, but in the group merging/splitting event two small groups merge together into a group or a group is divided into two independent parts. Rekeying is an importance issue for key management whose target is to guarantee forward security and backward security in case of membership changes, however rekeying efficiency is related to group scale in most existing group key management schemes, so as to those schemes are not suitable to the applications whose rekeying time delay is limited strictly. In particular, multiple members are involved in the group merging/splitting event, thus the rekeying performance becomes a worried problem. In this paper, a high performance group merging/splitting group key management scheme is proposed based on an one-encryption-key multi-decryption-key key protocol, in the proposed scheme each member has an unique decryption key that is corresponding to a common encryption key so as to only the common encryption key is updated when the group merging/splitting event happens, however the secret decryption key still keeps unchanged. In efficiency aspect, since no more than a message on merging/splitting event is sent, at time the network load is reduced since only a group member’s key material is enough for other group members to agree a fresh common encryption key. In security aspect, our proposed scheme achieves the key management security requirements including passive security, forward security, backward security and key independence. Therefore, our proposed scheme is suitable to the dynamitic networks that the rekeying time delay is limited strictly such as tolerate delay networks.     

A Multi-service Group Key Management Scheme for Stateless Receivers in Wireless Mesh Networks

Wireless mesh networks facilitate the development of the many group oriented applications by extending the coverage area of the group communication. Group communication in a wireless mesh network is complicated due to dynamic intermediate mesh points, access control for communications between different administrative domains, and the absence of a centralized network controller. In this study, we propose a topology-matching decentralized multi-service group key management scheme for wireless mesh networks. It allows service providers to update and deliver their group keys to valid members in a distributed manner using the identity-based encryption scheme. The analysis result indicates that the proposed scheme has advantages with regard to the rekeying cost and storage overhead for a member and a mesh point in multi-sender group communication environments. The stateless property is also achieved such that a stateless member, who could not be constantly online, can easily decrypt the rekeying messages without recording the past history of transmission.     

基于(t, n)门限和划分树的可再生Hash链构造方案

针对可再生hash链解决了其资源受限的缺点,但现有构造方案在安全性和复杂性等方面存在缺陷这一问题,提出“重复”、“划分”和“划分树”的定义,以及基于(t, n)-Mignotte’s门限的中国剩余定理秘密共享方案,设计了一种新的可再生hash链构造方法。从明文空间、双重认证和可证明安全3方面论证了新构造方案能确保新链中种子值的安全再生并有效抵制中间人攻击。同时仿真实验表明新构造方案在通信、计算和存储开销等方面相比于传统方案具有相同甚至更佳的性能。     

Host mobility key management in dynamic secure group communication

The key management has a fundamental role in securing group communications taking place over vast and unprotected networks. It is concerned with the distribution and update of the keying materials whenever any changes occur in the group membership. Wireless mobile environments enable members to move freely within the networks, which causes more difficulty to design efficient and scalable key management protocols. This is partly because both member location dynamic and group membership dynamic must be managed concurrently, which may lead to significant rekeying overhead. This paper presents a hierarchical group key management scheme taking the mobility of members into consideration intended for wireless mobile environments. The proposed scheme supports the mobility of members across wireless mobile environments while remaining in the group session with minimum rekeying transmission overhead. Furthermore, the proposed scheme alleviates 1-affect-n phenomenon, single point of failure, and signaling load caused by moving members at the core network. Simulation results shows that the scheme surpasses other existing efforts in terms of communication overhead and affected members. The security requirements studies also show the backward and forward secrecy is preserved in the proposed scheme even though the members move between areas.     

Scalable secure group communication over IP multicast

We introduce and analyze a scalable rekeying scheme for implementing secure group communications Internet protocol multicast. We show that our scheme incurs constant processing, message, and storage overhead for a rekey operation when a single member joins or leaves the group, and logarithmic overhead for bulk simultaneous changes to the group membership. These bounds hold even when group dynamics are not known a priori. Our rekeying algorithm requires a particular clustering of the members of the secure multicast group. We describe a protocol to achieve such clustering and show that it is feasible to efficiently cluster members over realistic Internet-like topologies. We evaluate the overhead of our own rekeying scheme and also of previously published schemes via simulation over an Internet topology map containing over 280 000 routers. Through analysis and detailed simulations, we show that this rekeying scheme performs better than previous schemes for a single change to group membership. Further, for bulk group changes, our algorithm outperforms all previously known schemes by several orders of magnitude in terms of actual bandwidth usage, processing costs, and storage requirements.     

Efficient Group Key Management for Non-reliable Link Networks

Some multi communication networks don’t provide a reliable link for group key management, so as to implementing rekeying is failure frequently. To deal with the question, this paper presents a novel group key management scheme for non-reliable link networks, a ciphertext encrypted a secret shared key can be decrypted with any legitimate members whose scale is more than the threshold value, even if part of members’ links aren’t reliable. In rekeying process, each key fragment is divided into two parts with he shared production mechanism, so as to the member’s independent key fragments still keep unchanged, but imperative updated key belongs to the group manager. Therefore, in efficient aspect, the message and computation cost of rekeying is reduced, and the dependence of the reliable channel is reduced; in the security aspect, our proposed scheme can guarantee forward security and backward security, and secure against collusion attack even if the number of leaving member is more than the threshold value. Therefore, our proposed scheme is suitable to the non-reliable link networks.     

An identity-based key agreement scheme for large scale sensor networks

To solve the problems of high memory occupation, low connectivity and poor resiliency against node capture, which existing in the random key pre-distribution techniques while applying to the large scale Wireless Sensor Networks （WSNs）, an Identity-Based Key Agreement Scheme （IBKAS） is proposed based on identity-based encryption and Elliptic Curve Diffie-Hellman （ECDH）. IBKAS can resist man-in-the-middle attacks and node-capture attacks through encrypting the key agreement parameters using identity-based encryption. Theoretical analysis indicates that comparing to the random key pre-distribution techniques, IBKAS achieves significant improvement in key connectivity, communication overhead, memory occupation, and security strength, and also enables efficient secure rekcying and network expansion. Furthermore, we implement IBKAS for TinyOS-2.1.2 based on the MICA2 motes, and the experiment results demonstrate that IBKAS is feasible for infrequent key distribution and rekeying for large scale sensor networks.     

Combinatorial Design of Key Distribution Mechanisms for Wireless Sensor Networks

Secure communications in wireless sensor networks operating under adversarial conditions require providing pairwise (symmetric) keys to sensor nodes. In large scale deployment scenarios, there is no priory knowledge of post deployment network configuration since nodes may be randomly scattered over a hostile territory. Thus, shared keys must be distributed before deployment to provide each node a key-chain. For large sensor networks it is infeasible to store a unique key for all other nodes in the key-chain of a sensor node. Consequently, for secure communication either two nodes have a key in common in their key-chains and they have a wireless link between them, or there is a path, called key-path, among these two nodes where each pair of neighboring nodes on this path have a key in common. Length of the key-path is the key factor for efficiency of the design. This paper presents novel deterministic and hybrid approaches based on Combinatorial Design for deciding how many and which keys to assign to each key-chain before the sensor network deployment. In particular, Balanced Incomplete Block Designs (BIBD) and Generalized Quadrangles (GQ) are mapped to obtain efficient key distribution schemes. Performance and security properties of the proposed schemes are studied both analytically and computationally. Comparison to related work shows that the combinatorial approach produces better connectivity with smaller key-chain sizes     

路径洗牌算法：安全组播中一种高效的组密钥更新算法

安全组播通信使用组内所有成员共享的组密钥来加密通信内容.为了保障安全,密钥服务器需要在组成员关系改变时进行组密钥更新(rekey).由于组内成员关系的动态性和加解密操作的高代价,组密钥更新性能成为衡量组密钥管理性能的主要指标.基于密钥树(key tree)的组密钥更新方法已经被广泛地使用,并达到了对数级的组密钥更新代价.密钥树的结构需要保证平衡,否则最坏情况下组密钥更新的通信代价会达到O(n).该文提出了一种新的基于密钥树的路径洗牌算法PSA(Path Shuffling Algorithm),该算法能够将密钥树的平衡操作分散到一般的更新密钥操作中,减少了结构调整代价,从而提高了算法的性能.理论分析给出了该算法更新组密钥的平均通信代价,模拟实验也验证了这种算法更新组密钥的平均性能要优于其它同类算法.