Key Management for Secure Group Communications with Heterogeneous Users in Wireless Networks

Chiang, Yi-tai

25 July 2007

The key update cost is an important parameter of the performance evaluation of the secure group communications in the wireless networks. It is a very public issue to reduce the key update cost. In the tree-based multicast key management scheme, a user is randomly assigned to one of the all leaf nodes. In this thesis, we divide the users into two groups which are new call users and handoff call users. Then, we propose that new call users are assigned to some of the special leaf nodes in the key tree and the handoff call users are assigned to others. This scheme is called class-based multicast key management scheme. We analyze this two multicast key management schemes for secure group communications. This thesis shows that class-based scheme could reduce the key update cost in some special case.

Secure Group Communications

Centralized Key Management

A Framework for Providing Redundancy and Robustness in Key Management for IPsec Security Associations in a Mobile Ad-Hoc Environment

Hadjichristofi, George Costa

23 September 2005

This research investigated key management in a Mobile Ad Hoc Network (MANET) environment. At the time this research began key management schemes provided limited functionality and low service availability in a highly partitioned ad hoc environment. The purpose of this research was to develop a framework that provides redundancy and robustness for Security Association (SA) establishment between pairs of nodes. The key contribution of this research is the Key Management System (KMS) framework and, more specifically, the unique way the various components are integrated to provide the various functionalities. The KMS overcomes the limitations of previous systems by (1) minimizing pre-configuration, (2) increasing service availability, (3) and increasing flexibility for new nodes joining the network. A behavior grading scheme provides the network with a system-wide view of the trustworthiness of nodes and enables the KMS to dynamically adjust its configuration according to its environment. The introduction of behavior grading allows nodes to be less dependent on strict identity verification. This KMS was simulated with Monte Carlo and NS2 simulations and was shown to interoperate with IP Security (IPsec) to enable the establishment of IPsec SAs. The simulations have proven the effectiveness of the system in providing service to the nodes in a highly partitioned environment. / Ph. D.

MANET

Key Management

IP Security

Performance

Técnicas de gerenciamento de chaves compartilhadas em grupos Multicast. / Techniques of group keys management in Multicast network.

Fernando Teubl Ferreira

08 February 2007

Com a popularização da rede global, a Internet, as aplicações colaborativas ganharam destaque, sendo imprescindíveis nas mais diversas atividades pessoais e comerciais. Os avanços tecnológicos modernos trouxeram novas demandas de aplicações, com a inclusão de diversas funcionalidades em ambientes cooperativos como, por exemplo, a distribuição de dados multimídia sobre redes de comunicação. Entretanto, quando estas ferramentas são aplicadas em ambientes coletivos com muitos usuários, o uso das mesmas é deteriorado pelas limitações da rede. Protocolos Multicast possibilitam o uso destas aplicações colaborativas em razão de proporcionarem a redução do uso da rede para atividades coletivas, possibilitando a interação com dezenas, centenas ou milhares de usuários simultaneamente. Na medida em que as ferramentas colaborativas ganham espaço entre os usuários, surge também a necessidade do emprego de segurança entre grupos de usuários. Os grupos devem ser capazes de estabelecer comunicações Multicast seguras em que apenas os membros autorizados sejam hábeis a acessar os conteúdos veiculados pelo grupo. São exemplos de aplicativos que exigem Multicast seguro: videoconferências confidenciais, sincronismo de tabelas financeiras entre matriz e filiais, distribuição de vídeo e áudio para um grupo de assinantes, dentre inúmeras outras utilizações. A proteção do conteúdo do grupo é alcançada por meio de criptografia e as chaves devem ser atualizadas quando do ingresso de novo usuário ou na hipótese de desistência de algum membro do grupo. As técnicas de gerenciamento de chaves devem ser eficientes, tanto no aspecto de segurança, quanto no que pertine ao desempenho. Devem, ainda, possibilitar a sua utilização em grupos com quantidades massivas de usuários. Os objetivos do presente trabalho são, em suma, estudar os esquemas de gerenciamento de chaves de grupo, propor uma nova técnica cujo foco seja a minimização do uso dos recursos de rede em ambientes limitados, simular os modelos avaliados pelo simulador de rede NS-2 e analisar os impactos destes esquemas em aplicações colaborativas. Para tanto, desenvolveu-se um módulo para o NS-2 que permitiu ao simulador prover suporte ao gerenciamento de chaves, e, ainda, construíram-se dois aplicativos auxiliares para a geração de cenários e análise de resultados em simulações NS-2. / With the popularization of the Internet, collaborative applications have been gaining marketshare, becoming intrinsic to a wide range of personal and commercial activities. Modern technological improvement brought new demands for these applications, such as the inclusion of new features in cooperative environments, such as the distribution of multimedia data over communication networks. However, when these tools are applied to collective environments with many users, their usability is hindered by the network limits. Multicast protocols allow the use of these collaborative applications, since they reduce the necessary network bandwidth, allowing the interaction with tens, hundreds or thousands of users simultaneously. As collaborative tools become more popular among users, there comes also the problem of security in user groups. The groups must be able to establish secure multicast communications in which only the authorized members can access the content distributed to the group. Examples of applications which demand secure multicast are confidential videoconferences, synchronization of financial tables between the headquarter and filials, distribution of video and audio to a group of users, among many others. The protection of group contents is achieved by cryptography and the keys must be updated whenever a new users joins or leaves the group. The techniques for key management must be eficient, in terms of security and performance, and also be passible of use in groups with massive amounts of users. The goals of this work are: to study the group key management systems, to propose a new technique whose focus is to minimize the use of network resources in limited environments, to simulate the models evaluated by the network simulator NS-2 and to analyze the impacts of these systems in collaborative applications. For that, a module for NS-2 has been developed that allows the simulator to provide support to key management and, moreover, two auxiliar applications were written to generate the scenarions and analyse the simulations returned by NS-2.

Gerenciamento de chaves de grupo

Multicast

Segurança

Group key management

Multicast

Security

Técnicas de gerenciamento de chaves compartilhadas em grupos Multicast. / Techniques of group keys management in Multicast network.

Ferreira, Fernando Teubl

08 February 2007

Com a popularização da rede global, a Internet, as aplicações colaborativas ganharam destaque, sendo imprescindíveis nas mais diversas atividades pessoais e comerciais. Os avanços tecnológicos modernos trouxeram novas demandas de aplicações, com a inclusão de diversas funcionalidades em ambientes cooperativos como, por exemplo, a distribuição de dados multimídia sobre redes de comunicação. Entretanto, quando estas ferramentas são aplicadas em ambientes coletivos com muitos usuários, o uso das mesmas é deteriorado pelas limitações da rede. Protocolos Multicast possibilitam o uso destas aplicações colaborativas em razão de proporcionarem a redução do uso da rede para atividades coletivas, possibilitando a interação com dezenas, centenas ou milhares de usuários simultaneamente. Na medida em que as ferramentas colaborativas ganham espaço entre os usuários, surge também a necessidade do emprego de segurança entre grupos de usuários. Os grupos devem ser capazes de estabelecer comunicações Multicast seguras em que apenas os membros autorizados sejam hábeis a acessar os conteúdos veiculados pelo grupo. São exemplos de aplicativos que exigem Multicast seguro: videoconferências confidenciais, sincronismo de tabelas financeiras entre matriz e filiais, distribuição de vídeo e áudio para um grupo de assinantes, dentre inúmeras outras utilizações. A proteção do conteúdo do grupo é alcançada por meio de criptografia e as chaves devem ser atualizadas quando do ingresso de novo usuário ou na hipótese de desistência de algum membro do grupo. As técnicas de gerenciamento de chaves devem ser eficientes, tanto no aspecto de segurança, quanto no que pertine ao desempenho. Devem, ainda, possibilitar a sua utilização em grupos com quantidades massivas de usuários. Os objetivos do presente trabalho são, em suma, estudar os esquemas de gerenciamento de chaves de grupo, propor uma nova técnica cujo foco seja a minimização do uso dos recursos de rede em ambientes limitados, simular os modelos avaliados pelo simulador de rede NS-2 e analisar os impactos destes esquemas em aplicações colaborativas. Para tanto, desenvolveu-se um módulo para o NS-2 que permitiu ao simulador prover suporte ao gerenciamento de chaves, e, ainda, construíram-se dois aplicativos auxiliares para a geração de cenários e análise de resultados em simulações NS-2. / With the popularization of the Internet, collaborative applications have been gaining marketshare, becoming intrinsic to a wide range of personal and commercial activities. Modern technological improvement brought new demands for these applications, such as the inclusion of new features in cooperative environments, such as the distribution of multimedia data over communication networks. However, when these tools are applied to collective environments with many users, their usability is hindered by the network limits. Multicast protocols allow the use of these collaborative applications, since they reduce the necessary network bandwidth, allowing the interaction with tens, hundreds or thousands of users simultaneously. As collaborative tools become more popular among users, there comes also the problem of security in user groups. The groups must be able to establish secure multicast communications in which only the authorized members can access the content distributed to the group. Examples of applications which demand secure multicast are confidential videoconferences, synchronization of financial tables between the headquarter and filials, distribution of video and audio to a group of users, among many others. The protection of group contents is achieved by cryptography and the keys must be updated whenever a new users joins or leaves the group. The techniques for key management must be eficient, in terms of security and performance, and also be passible of use in groups with massive amounts of users. The goals of this work are: to study the group key management systems, to propose a new technique whose focus is to minimize the use of network resources in limited environments, to simulate the models evaluated by the network simulator NS-2 and to analyze the impacts of these systems in collaborative applications. For that, a module for NS-2 has been developed that allows the simulator to provide support to key management and, moreover, two auxiliar applications were written to generate the scenarions and analyse the simulations returned by NS-2.

Gerenciamento de chaves de grupo

Group key management

Multicast

Multicast

Security

Segurança

The Quest to Secure Email: A Usability Analysis of Key Management Alternatives

Andersen, Jeffrey Thomas

01 July 2016

The current state of email security is lacking, and the need for end-to-end encryption of email is clear. Recent research has begun to make progress towards usable, secure email for the masses (i.e., novice users without IT support). In this paper, we evaluate the usability implications of three different key management approaches: PGP, IBE, and passwords. Our work is the first formal A/B evaluation of the usability of different key management schemes, and the largest formal evaluation of secure email ever performed. Our results reveal interesting inherent usability trade-offs for each approach to secure email. Furthermore, our research results in the first fully-implemented PGP-based secure email system that has been shown to be usable for novice users. We share qualitative feedback from participants that provides valuable insights into user attitudes regarding each key management approach and secure email generally. Finally, our work provides an important validation of methodology and design principles described in prior work.

secure email

key management

usability testing

Computer Sciences

Mobility-Matching Key Management for Secure Group Communications in Wireless Networks

Liang, Li-ling

28 July 2006

In this thesis, we propose and analyze a multicast key backbone for secure group communications. We also utilize the correlated relationships between the mobile users in the wireless communications networks. When a batch member joins or leaves the group communications, the system has to update and distribute encryption keys to assure that only active members could receive the latest information. In previous tree-based multicast key management schemes, the depth of the key tree is unbounded and analytically deriving the exact value of the corresponding average update cost remains an open problem. And in previous schemes, the different mobile user arrives in and leaves from the system at different time. In contrast, the depth of the proposed multicast key backbone is fixed and the arriving or leaving users are more than one. We utilize these two characteristics and simulate the system to get the average update cost per time unit. We can find that this scheme can improve the efficiency of the system in some special cases when updating the new key.

Secure Group Communications

Key Updating

Correlated Relationships

Key Management

Defense Against Node Compromise in Sensor Network Security

Chen, Xiangqian

15 November 2007

Recent advances in electronic and computer technologies lead to wide-spread deployment of wireless sensor networks (WSNs). WSNs have wide range applications, including military sensing and tracking, environment monitoring, smart environments, etc. Many WSNs have mission-critical tasks, such as military applications. Thus, the security issues in WSNs are kept in the foreground among research areas. Compared with other wireless networks, such as ad hoc, and cellular networks, security in WSNs is more complicated due to the constrained capabilities of sensor nodes and the properties of the deployment, such as large scale, hostile environment, etc. Security issues mainly come from attacks. In general, the attacks in WSNs can be classified as external attacks and internal attacks. In an external attack, the attacking node is not an authorized participant of the sensor network. Cryptography and other security methods can prevent some of external attacks. However, node compromise, the major and unique problem that leads to internal attacks, will eliminate all the efforts to prevent attacks. Knowing the probability of node compromise will help systems to detect and defend against it. Although there are some approaches that can be used to detect and defend against node compromise, few of them have the ability to estimate the probability of node compromise. Hence, we develop basic uniform, basic gradient, intelligent uniform and intelligent gradient models for node compromise distribution in order to adapt to different application environments by using probability theory. These models allow systems to estimate the probability of node compromise. Applying these models in system security designs can improve system security and decrease the overheads nearly in every security area. Moreover, based on these models, we design a novel secure routing algorithm to defend against the routing security issue that comes from the nodes that have already been compromised but have not been detected by the node compromise detecting mechanism. The routing paths in our algorithm detour those nodes which have already been detected as compromised nodes or have larger probabilities of being compromised. Simulation results show that our algorithm is effective to protect routing paths from node compromise whether detected or not.

sensor networks

security

node compromise

secure routing

key management

attack

Zabezpečení vícesměrové komunikace / Security in multicast communication

Jureková, Petra

January 2019

This work deals with the issue of multicast communication, specifically it focuses on group key management. It discusses group key management protocols as well as existing algorithms and algorithm designs for efficient key management and distribution. Based on the knowledge, two solutions were developed. The application for comparing the efficiency of algorithms was created as well. Both existing and proposed schemes were compared using two scenarios. Based on the resulting graphs, the suitability of individual algorithms was evaluated.

Multi-Service Group Key Management for High Speed Wireless Mobile Multicast Networks

Mapoka, Trust T., Shepherd, Simon J., Dama, Yousef A.S., Al Sabbagh, H.M., Abd-Alhameed, Raed

17 July 2015

Yes / Recently there is a high demand from the Internet Service Providers to transmit multimedia services over high speed wireless networks. These networks are characterized by high mobility receivers which perform frequent handoffs across homogenous and heterogeneous access networks while maintaining seamless connectivity to the multimedia services. In order to ensure secure delivery of multimedia services to legitimate group members, the conventional cluster based group key management (GKM) schemes for securing group communication over wireless mobile multicast networks have been proposed. However, they lack efficiency in rekeying the group key in the presence of high mobility users which concurrently subscribe to multiple multicast services that co-exist in the same network. This paper proposes an efficient multi-service group key management scheme (SMGKM) suitable for high mobility users which perform frequent handoffs while participating seamlessly in multiple multicast services. The users are expected to drop subscriptions after multiple cluster visits hence inducing huge key management overhead due to rekeying the previously visited cluster keys. The already proposed multi-service SMGKM system with completely decentralised authentication and key management functions is adopted to meet the demands for high mobility environment with the same level of security. Through comparisons with existing GKM schemes and simulations, SMGKM shows resource economy in terms of reduced communication and less storage overheads in a high speed environment with multiple visits.

Mobile multicast communication

Group key management

Wireless networks

Security

HANDLING SOURCE MOVEMENT OVER MOBILE-IP AND REDUCING THE CONTROL OVERHEAD FOR A SECURE, SCALABLE MULTICAST FRAMEWORK

KAMAT, SIDDESH DEVIDAS

17 April 2003

No description available.

Computer Science

multicast

source movement

IOLUS

security

key management