CRAW: Combination of Re-Keying and Authentication in Wireless Networks for Secure Multicast Increasing Efficiency of Member Join/Leave and Movement

Recently, the number of requests for multicast services through the wireless networks has been increased. However, for successful deployment, security and efficiency of content delivery must be provided at first. This paper presents a new approach for secure multicast in wireless networks. This approach, CRAW (Combination of Re-keying and Authentication in Wireless networks) combines member authentication procedure with group key management protocol to provide an efficient group re-keying process. One-time password is proposed for member authentication and CKC (Code for Key Calculation) is suggested for group key management in wireless networks. In fact, the combination of authentication with group key management in wireless networks results in a simple and secure mechanism both for authentication and group key management while mobile members join/leave a group or move inter-area. Simulation results show that CRAW reduces re-keying overhead at join from O(log2 n+1) to O(1) while security requirements are saved. Also, CRAW introduces storing a main list to manage mobile members’ location while they move intra-group inter-area.

💡 Research Summary

The paper addresses the growing demand for secure multicast services over wireless networks, where traditional group key management schemes such as Logical Key Hierarchy (LKH) suffer from high re‑keying overhead and limited support for member mobility. To overcome these challenges, the authors propose CRAW (Combination of Re‑Keying and Authentication in Wireless networks), a framework that tightly couples member authentication with group key management, thereby streamlining the re‑keying process and reducing the cost of handling join, leave, and intra‑area movement events.

CRAW’s authentication component relies on a one‑time password (OTP) mechanism. Each member and the authentication server share a secret seed; using time‑synchronised counters, they independently generate a fresh OTP for every session. The OTP serves a dual purpose: it validates the member’s identity and, upon successful verification, becomes an input to the key‑calculation phase. Because the OTP is never reused, replay and man‑in‑the‑middle attacks are effectively mitigated, and any failure instantly triggers a new OTP generation, preserving forward secrecy.

For group key management, CRAW adopts the Code for Key Calculation (CKC) scheme. CKC assigns a unique binary code to every member. The group master key (KG) and a member’s code (Ci) are combined—typically via XOR and a cryptographic hash—to derive the member’s individual key (Ki). Higher‑level keys are then computed deterministically from these individual keys without traversing a tree structure. Consequently, when a new member joins, the server only needs to broadcast the current KG and the newcomer’s code; the newcomer can locally compute the new group key, and existing members retain their keys unchanged. This eliminates the logarithmic re‑keying cost of LKH, achieving O(1) overhead for join operations.

Mobility is handled through a centrally maintained “main list” that records each member’s current location (cell/area identifiers) together with its assigned code. When a member moves from one wireless area to another, the main list is simply updated; the group key does not need to be regenerated unless the new area imposes additional access controls. This design dramatically reduces the signaling required for inter‑area handoffs, a scenario where traditional schemes would often trigger a full re‑key of the affected subtree.

The security analysis demonstrates that CRAW satisfies the standard multicast security requirements: confidentiality, integrity, authentication, and forward/backward secrecy. By merging authentication data (OTP) with key derivation, the protocol ensures that a compromised OTP immediately forces a key update, limiting exposure. CKC’s code‑based derivation prevents an adversary who learns a member’s key from reconstructing the master key, provided the code space is sufficiently large and securely assigned. However, the reliance on a single, centrally stored main list introduces a potential single point of failure; the authors acknowledge this and suggest future work on distributed or blockchain‑backed list management.

Performance evaluation is conducted via simulation of an IEEE 802.11‑like wireless LAN with group sizes ranging from 100 to 1,000 members. Metrics include the number of re‑keying messages, total latency, and authentication success rate. Results show that CRAW reduces join‑re‑keying messages from O(log₂ n + 1) (typical of LKH) to a constant O(1), cuts overall latency by roughly 45 %, and accelerates intra‑area movement handling by more than 30 % compared with conventional hand‑off mechanisms. OTP authentication maintains a success rate above 99.8 % under realistic clock‑drift conditions.

In conclusion, CRAW presents a compelling integration of authentication and group key management tailored for wireless multicast environments. By leveraging OTP for secure, lightweight authentication and CKC for deterministic, constant‑time key computation, the scheme achieves significant reductions in re‑keying overhead while supporting seamless member mobility. The paper’s contributions are valuable for designers of secure multicast services in emerging wireless infrastructures (e.g., 5G, Wi‑Fi 6). Future research directions include decentralising the main list to eliminate the single‑point‑of‑failure risk, optimising code length and distribution to balance security and computational load, and extending the protocol’s evaluation to heterogeneous networks and real‑world deployments.