Conference Paper

GKMPAN: an efficient group rekeying scheme for secure multicast in ad-hoc networks

Center for Secure Inf. Syst., George Mason Univ., Fairfax, VA, USA
DOI: 10.1109/MOBIQ.2004.1331709 Conference: Mobile and Ubiquitous Systems: Networking and Services, 2004. MOBIQUITOUS 2004. The First Annual International Conference on
Source: IEEE Xplore

ABSTRACT We present GKMPAN, an efficient and scalable group rekeying protocol for secure multicast in ad hoc networks. Our protocol exploits the property of ad hoc networks that each member of a group is both a host and a router, and distributes the group key to member nodes via a secure hop-by-hop propagation scheme. A probabilistic scheme based on predeployed symmetric keys is used for implementing secure channels between members for group key distribution. GKMPAN also includes a novel distributed scheme for efficiently updating the predeployed keys. GKMPAN has three attractive properties. First, it is significantly more efficient than group rekeying schemes that were adapted from those proposed for wired networks. Second, GKMPAN has the property of partial statelessness; that is, a node can decode the current group key even if it has missed a certain number of previous group rekeying operations. This makes it very attractive for ad hoc networks where nodes may lose packets due to transmission link errors or temporary network partitions. Third, in GKMPAN the key server does not need any information about the topology of the ad hoc network or the geographic location of the members of the group. We study the security and performance of GKMPAN through detailed analysis and simulation.

1 Bookmark
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: The rapid proliferation of smartphones has led to the emergence of mobile social sensing applications, spanning sharing of health data, location-based encounters, and transportation. A major concern for such applications is selective sharing, i.e., how does a user publish a sensor data stream confidentially to only authorized members in his/her social network? The needs of mobile sensing applications, such as dynamic communities and data dissemination from resource-constrained handhelds, make this problem more challenging than apparent. The novelty of this paper lies in the use of a cryptographic scheme called broadcast encryption to enable selective sharing for mobile social sensing. This is in contrast to unicast or pairwise encryption that is commonly used today. We evaluate state-of-art broadcast encryption schemes and note that they provide either efficiency, or adaptation to dynamic group sizes, but not both. We propose ECS (Extended Complete Subtree), a resource-aware broadcast encryption scheme that can efficiently support dynamic groups. We implement each encryption scheme on the Nokia N800 handheld device and demonstrate that ECS is more feasible than other schemes in terms of key storage, code size, and encryption and decryption efficiency.
    Intelligent Sensors, Sensor Networks and Information Processing, 2013 IEEE Eighth International Conference on; 01/2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Most ad hoc networks do not implement any network ac-cess control, leaving these networks vulnerable to packet in-jection attacks where a malicious node injects a large num-ber of packets into the network with the goal of depleting the resources of the nodes relaying the packets. To prevent such attacks, it is necessary to employ authentication mech-anisms that ensure that only authorized nodes can inject traffic into the network. We design a Lightweight Inter-layer Protocol (LIP) for network access control based on efficient local broadcast authentication mechanisms. In addition to preventing attacks by unauthorized nodes, LIP can also de-tect and minimize the impersonation attacks by compromised insider nodes. Through detailed simulation study, we show that LIP incurs small bandwidth overhead and has little im-pact on the traffic delivery ratio even in the case of high node mobility. Moreover, the transparency and independence prop-erties of LIP allows it to be turned on/off as desired and to be integrated seamlessly with secure routing protocols, pro-viding stronger security services for ad hoc networks.
  • Source

Preview (2 Sources)

Available from