Research On Key Management For Secure Group Communication

Since anyone can participate in group communication as long as he knows themulticast address due to the wide-openness of the standard IP multicast, it is necessaryto prevent non-authorized users accessing group communication. Encrypting multicasttraffic with a shared group key is a common way to achieve secure multicast. Inaddition, forward and backward secrecy properties should be provided, as most groupcommunication scenarios involve dynamic membership events, such as member joiningand member leaving. Since group key management is the crux of solving the securityproblems in multicast, how to update the group key efficiently and securely is the majorconcern in the recent secure multicast research.This thesis aims at the analysis and reserch on the theory and technologies of groupkey management. According to the performance insufficiency of exsiting technologies,we present some optimized group key management schemes, including a probabilisticunbalanced key tree management scheme and its self-healing mechanism, a signalattenuation-aware clustering scheme for wireless mobile ad hoc networks and a clusterbased distributed key agreement scheme. More precisely, the main contributions of thispaper are listed as follows:I. An unbalanced key tree management scheme based on member probabilisticmodel is proposed. Most existing centralized group key management technologiesforcable network assume that the group members follow the same behavior pattern ingroup communication.Therefore, the member probabilistic model is proposed todescribe the probability distribution of members’ departure in different multicastapplication scenarios. The quasi-HUFFMAN key tree hierarchy is proposed by usingthe members’ leaving probability as the nodes’ weight of the key tree. By fusing thequasi-HUFFMAN key tree hierarchy a novel Probabilistic Batch Rekeying Algorithm(PBA) is proposed. Performance analysis and simulation results show that our algorithmcan reduce the rekeying cost significantly.II. The self-healing mechanism of unbalanced key tree management scheme hasbeen studied in view of the potential performance deterioration problem of PBA innon-terminated scearios. The rekeying cost of PBA under continuous specificmembership events is analyzed theoretically;the results showthat PBA has self-healingability and flexibility. The results of performance deterioration experiment show that the rekeying efficiency of PBA can be recovered promptly even in the worst-case. It provesthat PBA has good reliability and scalability.III. A novel weighted clustering scheme using received signal strength as animportant clustering criterion is proposed.By fusing the energy, connectivity andmobility of each node, a signal attenuation-aware weighted clustering algorithm calledSignal Efficient Clustering Algorithm(SECA)is proposed. To restrict the structure of thecluster, the conception of the Strong Link and the Weak Link is introduced.Furthermore,we offer an efficient event driven mechanism to handle the dynamic topology ofnetwork. Simulation results show that SECA is an efficient approach for clustering inthe realistic network environment and has a good performance in comparison with thetraditional schemes.IV. A clustering based distributed group key agreement scheme for MANETs isproposed. Unlike most distributed secret key negotiation mechanisms in MANETs, thisthesis proposes a tripartite key agreement for intra-cluster by blending the bilinearpairing based key agreement with ternary key tree for clustered network. This thesisalso proposes a continuous Diffie-Hellman(DH) agreement for inter-cluster by adoptingClustered-Tree based Group Diffie-Hellman(C-TGDH). The analysis results of securityand complexity show that the proposed group key agreement scheme has highefficiency both on communication and computation, and is suitable for large scaleMANETs.