Secure Multicast Key Distribution for Mobile Ad Hoc Networks

(IJCSIS) International Journal o f Comput er Science and Info rmation Security, Vol. 7, No. 2, 2010 Secure Multicast Key Distribution for Mobile Adhoc Networks D.SuganyaDevi Asst.Prof, De partm ent of Com puter Appli cations SNR SONS College Coimbatore, Tamil Nadu, India . Dr.G.Pad mavathi Prof. and Hea d, Dept . of Com puter Scienc e, Avinashilingam University for Women, Coimbatore, Tamil Nadu, India . Abstract — Many emerging applications in mobile adhoc networks involve group-oriented communication. Multicas t is an efficient way of supporting group oriented applications, mainly in mobile environment with limited bandwidth and limited power. For using such applications in an adversarial environment as military, it is necessary to provid e secure multicast communication. Key management is the fundamental challenge in designing secure mu lticast communications. In many multicast interactions, n ew member can join and current membe rs can leave at any time and existi ng members must communicate securely using multicast key distri bution within constrained energy for mobile adhoc networks. This has to overcome the challenging element of “1 affects n” problem which is due to high dynamicity of groups. Thus this pape r shows the spec ific challenges towards multicast key management proto cols for securing multicast key distribution in mobile ad hoc networks, and present relevant multicast key management protocols in mobile ad hoc networks. A comp arison is done against some pertinent perfo rmance criteria . Keywords - Key Management, MANET, Multicast Communication and Security I. I NTRODUCTION A MANET (Mobil e Adhoc Network) i s an autonomou s collection of mobile users th at offers infrastructure -free communication ove r a shared wireless m edium. It is form ed spontaneously without any prep lanning. Multicasting is a fundamental communicati on paradigm for group-ori ented communications suc h as video confe rencing, discus sion forums, freque nt stock updat es, video on d emand (VoD), pay per view progr ams, and adverti sing. The combination of an adho c envi ronment [1, 2] with multicast services induces new challenges towards the security infrastructure to enable acceptance and wide de ployment of multicast communication . Indeed, several sensitive app lications based on mult icast communicati ons have to be secure d within adhoc environm ents. For example military applications such as group comm unication in a bat tlefield and al so public securi ty operations invol ving fire brigades an d policem en have to be secured. To prevent attacks and eaves dropping, basic security services such as authentication , data integrity, an d group confidentiali ty are necessary for collab orative applicat ions. Among which group confid entiality is the most im portant service for military applicatio ns. These security services can be facilitated if g roup members share a common secret, w hich in turn makes key management [ 3] a fundam ental challenge in designing secure m ulticast communicat ion systems. To ensure group confidenti ality during the multicast session, the sender (source) shares a secret symmetric key with all valid group m embers, called Traffic Encry ption Key (TEK). To multicast a secret message, the source encrypts the message with the TEK using a symmetri c encryption algorithm. Upon receiving the encrypted multicast message, each valid m ember that knows the TEK can d ecrypt it with TEK and recove r the original one. Key m anagement includes cr eating, distribu ting and updating the key s then it constitute s a basic block for secure multicast communication applications. Each member holds a key to encrypt and decrypt the multicast data. When a member joins and leaves a group, the key has to be up dated and dist ributed to all gr oup mem bers in order to me et the above requirem ents. The process of updati ng the keys and distributin g them to the group members is called rekeying opera tion [4]. Rekey ing is required in secure m ulticast to ensure that a new m ember cannot decrypt t he stored multicast data (b efore its join ing) and preven ts a leaving member from eavesdropping futu re multicast data. A critical problem with any reke y technique is scalability. The rekey process should be done after each m embership change, and if the membership changes are frequent, key management will require a larg e number of key exchang es per unit time in order t o maintain bot h forward an d backward secrecies. The number of TEK update m essages in the case of frequent join and l eave operations induces “1 affects n” phenomenon [ 5]. To overcome this pr oblem, several appr oaches propose a multicast grou p clustering [ 5,6 and 7] . Clust ering is divi ding the multicast gr oup into sev eral sub-group s. A Local Controller (LC) manages each sub group, wh ich is responsible for local key managem ent within the cl uster. Thus, afte r Join or Leave procedures, onl y members within the concerned cluster are affected by rekeying process, and the local dynam ics of a cluster does not affect the other cl usters of the grou p. Moreover, few solutions for multicast gro up clustering did consider the energy and latency issues to achieve an efficient key distribution p rocess, whereas energy and lat ency constitutes main issue in ad hoc environments. This paper extends and p resents taxonom y of mul ticast key distri bution protocols, dedi cated to operate i n ad hoc ne tworks for secure multicast communication s. 218 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal o f Comput er Science and Info rmation Security, Vol. 7, No. 2, 2010 The remainder of this paper is structured as follo ws. Section 2 emphasizes the cha llenges of securing multicast communications wi thin ad hoc environ ments. Section 3 presents the key m anagement requirem ents. Section 4 describes Taxonomy of Multic ast key management a pproaches. Section 5 discusses the approaches. Finally , Section 6 concludes the paper. II. C HALLENGES AND C ONSTRAI NTS OF S ECURING M ULTICAST K EY D ISTRIBUTI ON FOR M OBILE A D HOC N ETWORKS The principal constraints and challenges i nduced by t he ad hoc enviro nment [ 8] are as fol lows. • Wireless Links : The wireless link s make the network easily prone to passive m alicious attacks like sniffi ng, or active attacks like message replay or message alteration. • Absence of Infrastructure : The absence of infrastructure is one of the main characteristics of ad hoc networks. • Autonomous No centralized administration en tity is available to ma nage the operation of t he different mobile nodes. • Dynamic topology Nodes are mobile and can be connected dynamically in an arbitrary m anner. Links of the network vary tim ely and are based on the proximity of o ne node to anot her node. • Device discovery Identifying relevant newly moved i n nodes and inform ing about their exi stence need dynamic update to facilitate automatic optimal route selection. • Bandwidth optimization Wireless links have significantly lower capacity th an the wired links. • Limited Power : Adhoc networks are composed of l ow powered devices. These devices have l imited energy, bandwidth an d CPU, as well as low memory capacities. • Scalability defined as whether t he network is able to provide an acceptable level of service even in the presence of a large number of nodes. • Self operated Self healing fe ature demands M ANET should realign itself t o blanket any node movi ng out of its range. • Poor Transmission Qual ity This is an inherent problem of wire less communicati on caused by several error sources that result in degradation of the received signal. • Ad hoc addressing Challenges in standard addressing scheme to be implemented. • Network configuration The whole MANET infrastructure is dy namic and is the reason for dynam ic connection and discon nection of the variable links. • Topology maintenance Updating information of dynamic links am ong nodes i n MANETs is a m ajor challenge. Consequently, achievi ng secure multicast comm unications in adhoc networks should take into account additional fa ctors including the energy consumpti on efficiency, the optim al selection of gro up controllers a nd saves the ba ndwidth. III. K EY M ANAGEMENT REQUIR EMENTS Key management includes creating, distribut ing and updating the keys then it constitutes a basi c block for secure multicast communication applications . Group confidentiali ty requires that only va lid users could decryp t the multicast data. Efficient key managem ent protoc ols should take int o consideration of mi scellaneous requirem ents [4]. Figur e 1 summarizes these. Figure 1. Group Key Management Requirements A. Security requirements • Forward secrecy This ensures that a member cannot decrypt data after it leaves the group. To assure forward secrecy, a re-key of the group wi th a new TEK after each leave from the group is the ultim ate solution. • Backward secrecy This ensures that a member cannot decrypt data sent b efore it joins the g roup. To assure backward secrecy, a re-key of the group with a new TEK after each join to th e group is the ultimate solution. • Collusion freedom requires that any set of fraudulent users should not be able to deduce the current t raffic encryption key. • Key independence : This ensures that any subset of a group keys m ust not be able to di scover any other group key. • Trust relationship : In mobile ad hoc groups t here is no trusted cen tral authority that is act ively invo lved in the computatio n of group key that is all p articipants have equal rights du ring com putation proc ess. This is emphasized by defi nition of ve rifiable trust relationship that consists of tw o requirem ents: One as Gr oup members are trusted not to reveal the group key or 219 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal o f Comput er Science and Info rmation Security, Vol. 7, No. 2, 2010 secret values that may lead to its comput ation to any other party, and a nother as gr oup mem bers must be able to verify the computat ion steps of the group key managem ent protocol. B. Quality of service requirement • Low bandwidth overhead : the re-key of the group should not i nduce a high n umber of m essages, especially for dynam ic groups. Ideally, t his should be independent from the group size. • 1-affects-n : a protocol suffers from the 1-affects-n phenomenon if a singl e membershi p change in the group affects all th e other group member s. This happens typical ly when a single mem bership change requires that all grou p members comm it to a new TEK. • Minimal delays : many applications that are bu ilt over the multicast service (t ypically, multimedia applications) are sensitiv e to jitters and d elays in packet delivery. Therefor e, any key management scheme should t ake this into considerat ion and hence minimizes the im pact of key management o n the delays of packet delivery . • Service availability : the failure o f a single entity in th e key management architecture must not prevent the operation of the wh ole multicast session. C. Key server and Group Member requirements The key ma nagement schem e induces high st orage of keys and high c omputatio n overhead at t he key server or group members. Thus securing multicast gro up comm unication in a d hoc network shoul d focus on bot h security and Qos requirem ents. IV. K EY M ANAGEMENT A PPROACHES Key management approaches can be classified into three classes: centralized, distribut ed or decentralized. Figure 2 illustrates this classificat ion. Figure 2. Classification of key manageme nt Approaches A. Centralized Appro aches In centralized approaches, a designated enti ty (e.g., the group leader or a key server) i s responsible for calculat ion and distribution of the group key to all the part icipants. Central ized protocols are further classi fied into three sub-categorie s namely Pairwise key approach; Secure locks and Hierarchy of keys approach. 1.Pairwise key approac h : In this approach, the key server shared pairwise keys with each p articipant. For example, in GKMP [9], apart from pairwise keys and t he group key, al l current group participants know a group k ey encrypti on key (gKEK). If a new participant j oins the group, the serv er generates a new group key and a new gKEK. These keys are sent to the new member usin g the key it shares with k ey server, and to the old g roup mem ber using the old gK EK. 2.Secure Locks : Chiou a nd Chen [10] proposed Secur e Lock; a key managem ent protocol wher e the key server requires only a singl e broadcast to est ablish the group key or to re-key the enti re group in case of a leave. Thi s protocol minimizes the num ber of re-key messages. Ho wever, it increases the computation at th e server due to the Chinese Remainder calculations before sending each message to the group. 3. Hierarchy of Keys Approach : Most efficient approach to rekeying in the centralized cas e is the hierarchy of keys approach. Here, the key server sh ares keys with su bgroups of the participants, in add ition to the pair wise keys. Thus, the hierarchical approach trades off storage for num ber of transmitted messages. Logical key hierarchy was prop osed independently in [11]. The key server maintains a tree with subgroup k eys in the intermediate nodes and t he individual keys i n the leaves. Apart from the individual keys shared with the key server, each node knows all keys on the path to t he root. In root, the group key is stored. As the depth of the balanced binary tree is loga rithmi cal in the number of the leaves, each member stores a logarithmi cal number of key s, and the number of re key messages is also logari thmic in the num ber of gr oup members instead of linear, as in prev iously descri bed approaches. One-way funct ion trees (OFT) [12] ena bles the group members to calculate the new ke ys based on th e previous keys using a one-wa y function, whi ch further redu ces the number of rekey messages. TABLE I. C ENTRALIZED A PPROACHES 220 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal o f Comput er Science and Info rmation Security, Vol. 7, No. 2, 2010 In table 1, the pai r wise key approach exhibits linear complexity. Secure lock, althou gh m ost efficient in num ber of messages, poses serious load on the serve r and can be used only for small groups. All tree-based protocols have logarithmic comm unication and storage compl exity at the members, and linear storage comp lexity at the key server. B. Distributed Key-Agreement Appr oaches With distributed o r contributory key-agreement protocols, the group mem bers cooperate to establi sh a group key. This improves the reliabi lity of the ov erall system and reduces the bottlenecks in the n etwork in comparison to the centralized approach. The protoc ols of this category are classified into three sub-categories nam ely Ring based cooperation, Hierarchical based cooperation and Broadcast based cooperation de pending on the vi rtual topology creat ed by the members for cooperation. Table 2 shows the comparison resul ts of Distri buted Key- Agreement Approaches. TABLE II. D ISTRIBUTED K EY -A GREEMENT A PPROACHE S 1.Ring-Based Cooperat ion : In some protocol s, members are organized in a ring. The CLIQUES protocol suite [5] is an example of ri ng-based coope ration. This protoc ol arranges group members as (M 1 , M n ) and M n as controller. It specifies a role of the control ler that collect s contributions of other group members, adds own cont ribution, a nd broadcasts i nformation that allows all members to com pute the group key. The choice of the controller depe nds on the dynam ic event and the current structure. In additive ev ents new members are app ended to the end of the list CLIQUES do not provide v erifiable trust relationship, because no other member can check whether values forwarded by M i , or the set broadcasted by the cont roller are correctly built. 2.Hierarchical Based Coo peration : In the hierarchical GKA protocols, the m embers ar e organized according to some structure. STR protocol [13] uses t he linear binary tree for cooperation and pr ovides communi cation efficient protocols with especially efficient jo in and merges operations. S TR defines the role of the spo nsor temporaril y and it can be assigned to different members on dy namic events dependi ng on the current tree structure. The sponsor reduces the communication o verhead as it perform ed some operations on behalf of the group. Th e sponsor is not a central au thority. STR provides verifiable trust relati onship because every broadcasted public key can be verifi ed by at least one other partici pant. 3.Broadcast ba sed Cooperatio n : Broadcast based protocol s have constant number of ro unds. For example, in three-round Burmester-Desmedt (BD) prot ocol [14] each participant broadcasts intermed iate values to all o ther participants in each round. The comm unication and computational load is shared equally between all part ies. This protocol does not provide verifiable trust rel ationship, si nce no other group member can verify the correctness of t he broadcasted values. C. Decentralized Approaches The decentralized approach divides the m ulticast group into subgroups or clusters, each s ub-group is managed by a LC (Local Controll er) responsible for securit y manageme nt of members and its subgroup. Tw o kinds of decentral ized protocols are dist inguished as static clustering and dy namic clustering. Table 3 shows the comparison results of Decentralized Approaches. TABLE III. D ECENTRALIZED A PPROACHES In Static clustering app roach, the multicast group is in itially divided into several subgroups. Each su bgroup shares a lo cal session key managed by LC. Exam ple: IOLUS [15] a nd DEP [5] belong to the catego ries, which are more scalable than centralized protocol. Dynamic clustering approach aims to solve the “1 affect n” phenomenon. Thi s approach starts a m ulticast session with centralized key ma nagement and divides t he group dynamically. Exam ple: AKMP [6], SAKM [16] belong t o this approach and are de dicated to wired networks. Enha nced BAAL [17] and OMCT [7,8] proposes dynamic clust ering scheme for m ulticast key distribution i n adhoc networks. OMCT [7,8] ( Optimized Multicast Cluster Tree ) is a dynamic clustering schem e for multicast key distributi on dedicated to operate in ad hoc net works. This schem e optimizes energy consumption and lat ency for key delivery . Its 221 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal o f Comput er Science and Info rmation Security, Vol. 7, No. 2, 2010 main idea is to elect the local c ontrollers of the created clusters [7,8]. OMCT needs the ge ographical locatio n information of all group mem bers in the construction of t he key dist ribution tree. Once the clusters are created withi n the multicast group, the new LC becomes responsibl e for the local key management and distributio n to their local members, and also for the maintenance of the strongly co rrelated cluster property. The election of local controllers is done according to the localization and GPS (Gl obal Positioni ng System ) information of the group mem bers, w hich does not reflect the true connectivity between no des. Optimized Multicast Clu ster Tree with Multipoint Relays (OMCT with MPR) [18], whose main idea is to u se information o f Optimized Li nk State Routing Protocol (OL SR) to elect the local controllers of the created clusters. OMCT with MPRs assumes that routing c ontrol messages ha ve been exchanged before the key di stribution. It does not acknowledge the transmission and hence results in retransmission which consumes m ore energy. Based on the l iterature review ed, OMCT is the efficient dynamic clustering a pproach for secure multi cast distribution in mobile adhoc networks. To enhance its efficiency, it is necessary to overcome the criteria, as OMCT needs geographical location i nformation in the c onstruction of key distribution tree by reflecting true connecti vity between nodes. V. D ISCUSSIONS In centralized protoc ols GKMP achieves an excellent result for storage at the members. Howev er this result is achieved by providing no m ethod for rekeying the gr oup after a member has left, except re-creating the en tire group which i nduces O(n) rekey message overhead where ‘n’ i s the number of t he remaini ng group m embers. Secure Loc k achieves also excellent results for storage and com munication overheads on b oth members and the key server. However, these results are achieved by increasing the computati on overhead at the key server due to the Chines e Remainder calculations. Distributed key agreem ent protocols do not rely on a group leader have an advantage over those wi th a group leader because, without a lead er, all members are treated equally and if one or more members fail to complete the protocol, it will not affect the whole gro up. In the protocol s with a group leader, a leader failure is fata l for creating the group key and the operation has to be restarte d from scratch. The 1-affects-n phenomenon is not considered beca use in distributed protocols all the members are con tributors in the creatio n of the g roup key and hence al l of them shoul d commit to the new key whenever a mem bership cha nge occurs in the group. In Decentralized protocols, pr otocols belong to the static clustering approaches are more scalable than centralized protocol. These prot ocols are dedicated t o operate within wired networks. Dynamic clustering approach aims to solve the “1 affect n” phenomenon. Dy namic clustering schem e are well suited for multicast key distribut ion in adhoc networ ks. OMCT (Optimized Multicast Clu ster Tree) is a dynamic cluster ing scheme for m ulticast key distribut ion dedicated to operate in ad hoc networks. This scheme optimizes energy consumption and latency for key delivery. VI. C ONCLUSION Secure multicast communication is a significant requirement in emerging appl ications in adhoc environment s like military or public emergency network appli cations. Membership dynamism is a major challenge in prov iding complete security in su ch networks. This d ynamicity affects considerably the perf ormance of the key m anagement protocol. Most of the protocol s suffer from 1-affect s-n phenomenon. This paper presents challe nges, constraints and requirements for sec uring multicast key distri bution for m obile ad hoc networks . It also presents t axonomy of key management protocols. Thi s paper suggests OM CT ( Optimized Multicast Cluster Tree ) is a scalable scheme, which provides secure multicast communic ation in mobile adh oc network. This scheme is based on simple t echnique of cluste ring and key management approach. Thus this approach i s scalable and efficient for dynamic multicast groups. R EFERENCES [1] T. Chiang and Y. Huang. Group keys and the multicast security in ad hoc networks. In Proceedings of the 2003 International Conference on Parallel Processing Workshops , 2003. [2] T. Kaya, G. Lin, G. Noubir, and A. Yilmaz. Secure multicast groups on ad hoc networks. In Proceedings of the 1st ACM workshop on security of ad hoc and sensor networks, pages 94–10 2. ACM Press, 2003. [3] D. Huang, D.Medhi, A Secure Group Key M anagement scheme for Hierarchical Mobile Adhoc Netw orks, Adhoc Networks, June 2008. [4] Y. Challal, H. Seba. Group Key Management Protocols: A novel Taxonomy. In International Journal of I nformation Technology 200 5. [5] L . Dondeti, S. Mukherjee, and A. Samal. Secur e one-to many group communication using dual encryption. In ComputCom-mun.23, 17 (November) , 1999. [6] H. Bettahar, A. Bouabdallah, a nd Y. Challal. An adaptive key management pr otocol for secure multicast. In ICCCN , Florida USA, October 2002. [7] M . Bouassida, I. Chrisment, and O. Festor. Efficient Clustering f or Multicast Key Distribution in MANETs. In Networking 2005, Waterloo, CANADA, May 2005. [8] M .S. Bouassida, I. Chrisment and O.Feastor. Gr oup Key Management in MANETs, M a y 2006. [9] H. Harney and C. Muckenhirn. Group key management pr otocol (gkmp) specification. RFC2093, 1997. [10] G. H. Chiou and W. T. Chen. Se cu re Broadcast using Secure Lock. IEEE Transactions on Software Engineer ing, August 1989. [11] Chung KeiWong, Mohamed Gouda, and Sim on S. Lam. Secure group communications using key graphs. IEEE/ACM Trans.2000. [12] Alan T. Sherman and David A. Mc Grew. Key establi shment in large dynamic groups using one- way function trees. 2003. [13] Yongdae Kim, Adrian Perrig, and Gene Tsudik. Tree-based group key agreement. ACM Tr ans. Inf. Syst. Secur., 2004. [14] Mike Burmester and Yvo Desmedt. A secure and scalable group key exchange system. Inform ation Processing Letters, May 2005. [15] S. Mittra. Iolus: A framework for scalable secure multicasting. In SIGCOMM , pages 277–288, 1997. 222 http://sites.google.com/site/ijcsis/ ISSN 1947-5500 (IJCSIS) International Journal o f Comput er Science and Info rmation Security, Vol. 7, No. 2, 2010 [16] Y. Challal, H. Bettahar, and A. Bo uabdallah. SAKM: A Scalable and Adaptive Key Management Approach for Multicast Communications. ACM SIGCOMM , April 2004. [17] M. Bouassida, I. Chrisment, and O. Festor. An Enhanced Hybr id Key Management Protocol for Secur e Multicast in Ad Hoc Networks. In Networking 2004 , Greece, May 2004. [18] M. Bouassida, I. Chrisment, and O. Festor: Efficient Group Key Management Pr otocol in MANETs using the Multipoint Relaying Technique. International Conference on Mobile Communications 20 06. AUTHORS P ROFILE D. Suganya Devi received her B.Sc (Chemistry) and MCA from PSGR Krishnammal College f or Women, Coimbatore in 1996 and 1999 respectively . And, she received her M.Phil degree in Computer Science in the year of 2003 from Manonmaniam Sundaranar University, Thirunelveli. She is pursuing her PhD at Avinashilingam Univ ersity for Women. She is currently working as an Assistant Professor in the Department of computer Applications, SNR Sons College, Coim bator e. She has 10 years of teaching experience. She has presented 15 papers in various national, international conferences and journals. Her research interests Multicast Co mmunication, MANET and Network Security. Dr. Padmavathi Ganapathi is the professor and head of Department of Computer Science, Avinashilingam University for Women, Coim batore. She has 21 years of teaching experience and one y ear Industrial experience. Her areas of interest include Network security and Cryptography and real time communication. She has more than 60 publications at national and International level. She is a life member of many professional organizations like CSI, ISTE, A ACE, WSEAS, IS CA, and UWA. 223 http://sites.google.com/site/ijcsis/ ISSN 1947-5500