Conference Paper

GKMPAN: an efficient group rekeying scheme for secure multicast in ad-hoc networks

Center for Secure Inf. Syst., George Mason Univ., Fairfax, VA, USA
DOI: 10.1109/MOBIQ.2004.1331709 Conference: Mobile and Ubiquitous Systems: Networking and Services, 2004. MOBIQUITOUS 2004. The First Annual International Conference on
Source: IEEE Xplore

ABSTRACT We present GKMPAN, an efficient and scalable group rekeying protocol for secure multicast in ad hoc networks. Our protocol exploits the property of ad hoc networks that each member of a group is both a host and a router, and distributes the group key to member nodes via a secure hop-by-hop propagation scheme. A probabilistic scheme based on predeployed symmetric keys is used for implementing secure channels between members for group key distribution. GKMPAN also includes a novel distributed scheme for efficiently updating the predeployed keys. GKMPAN has three attractive properties. First, it is significantly more efficient than group rekeying schemes that were adapted from those proposed for wired networks. Second, GKMPAN has the property of partial statelessness; that is, a node can decode the current group key even if it has missed a certain number of previous group rekeying operations. This makes it very attractive for ad hoc networks where nodes may lose packets due to transmission link errors or temporary network partitions. Third, in GKMPAN the key server does not need any information about the topology of the ad hoc network or the geographic location of the members of the group. We study the security and performance of GKMPAN through detailed analysis and simulation.

1 Follower
  • [Show abstract] [Hide abstract]
    ABSTRACT: One of the key challenges in operational trust management is to continually monitor the behavior of a node and update its trust score accordingly - evidently, both speed and accuracy is of great importance here. To achieve these goals, several papers have explored the concept of mutual revocation (sometimes termed suicide) wherein the trust value of both the accuser and the accused node are temporarily set to zero without involving a quorum. In this paper we explore a partial mutual revocation approach wherein we design a class of trust update functions to temporarily punish both the accuser and accused node (without involving a quorum) - however, the trust update function does not essentially set their trust values to zero; instead it partially lowers the trust values of both the accuser and the accused. In addition, we allow a trusted authority or a quorum may (periodically) review such partial mutual revocations and update the trust values of the accuser and the accused nodes accordingly (e.g., reward the accuser and punish the accused if the accusation was deemed true). We present a detailed design of the trust update functions for partial mutual revocation. Through both analysis and simulations, we evaluate the effectiveness of partial revocation under different attack strategies and report its performance in terms of revocation immediacy, revocation accuracy and abuse resistance.
    Sensor, Mesh and Ad Hoc Communications and Networks (SECON), 2013 10th Annual IEEE Communications Society Conference on; 01/2013
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Key distribution is one of the major issues in secure ad hoc multicast group communication. There has been an extensive research on rekeying, to reduce cost. In this study, we propose an efficient and scalable batch rekeying for dynamic ad hoc multicast group, with variable interval and key path reduction techniques. The proposed scheme overcomes the major existing issues like inefficiency in using the keys that are generated and distributed, the sync issue in which a user tries to decrypt a data using an irrelevant key, imbalance in network traffic and latency in the key server response to the user request, for leaving and joining at once. Generally, a central key server is used to govern all the above issues. The proposed scheme excludes the usage of a central key server by generating the group key in the individual nodes, which minimizes the communication overhead and the number of keys that each user possesses. The proposed scheme also reduces the depth of the tree very effectively, when a user joins or leaves the group, using key path reduction technique and ensures forward and backward secrecy. The simulation result shows better performance when compared to individual, regular batch and periodic rekeying.
    Journal of Computer Science 02/2014; 10(8):1281-1290. DOI:10.3844/jcssp.2014.1281.1290
  • Source
    [Show abstract] [Hide abstract]
    ABSTRACT: Most ad hoc networks do not implement any network ac-cess control, leaving these networks vulnerable to packet in-jection attacks where a malicious node injects a large num-ber of packets into the network with the goal of depleting the resources of the nodes relaying the packets. To prevent such attacks, it is necessary to employ authentication mech-anisms that ensure that only authorized nodes can inject traffic into the network. We design a Lightweight Inter-layer Protocol (LIP) for network access control based on efficient local broadcast authentication mechanisms. In addition to preventing attacks by unauthorized nodes, LIP can also de-tect and minimize the impersonation attacks by compromised insider nodes. Through detailed simulation study, we show that LIP incurs small bandwidth overhead and has little im-pact on the traffic delivery ratio even in the case of high node mobility. Moreover, the transparency and independence prop-erties of LIP allows it to be turned on/off as desired and to be integrated seamlessly with secure routing protocols, pro-viding stronger security services for ad hoc networks.