Embed Size (px)
Citation preview
1
A hierarchical key management scheme for secure group communications in
mobile ad hoc networks
Authors: Nen-Chung Wang and Shian-Zhang Fang
Sources: The Journal of Systems and Software, accepted manuscript.
Reporter: Chun-Ta Li (李俊達 )
222
Outline Motivation The hierarchical key management scheme (HKMS) Comments
3
Motivation Key management scheme in a MANET
Improving security Message encryption/decryption Forward secrecy and backward secrecy
Reducing the memory storage of keys Clustering or hierarchical trees
Frequent changes of the network topology (rekeying) Members join or leave a group Manage keys efficiently and reduce the amount of
rekeying
4
The hierarchical key management scheme Notations
Key management (2-hop)
◙ Procedure 1: L1-head selecting
◙ Procedure 2: L2-head selecting
public/private key
5
The hierarchical key management scheme (cont.) The node communications in different subgroups
Subgroup 1
Subgroup 3
Subgroup 4
Subgroup 2
Subgroup 5
Kc(2,3)
Kc(2,5)Kc(3,4)
6
The hierarchical key management scheme (cont.)
Encryption/decryption operation during data transmission
Subgroup 1
Subgroup 2
L2GK1,1,KDH,Data
L1GK1,KDH,Data
L2GK1,2,KDH,Data
Kc,KDH,Data
L2GK2,3,KDH,Data
L1GK2,KDH,Data
L2GK2,1,KDH,DataData
7
The hierarchical key management scheme (cont.) Subgroup key maintenance
New node joining a subgroup
◙ Step1: Sends a join request message
◙ Step2: Sends the join request message to the L2-head
◙ Step3: Sends a reply message
◙ Step4: Allowed to join the L2-subgroup
◙ Step5: L2-head regenerates an L2-subgroup key and sends it to all L2-subgroup nodes
8
The hierarchical key management scheme (cont.) Node leaving a subgroup (Case 1)
The leaving of ordinary nodes Step 1: Sends a leave message to the L2-head Step 2: L2-head regenerates a new L2-subgroup key
and sends it to all remaining nodes
H1
H1,1 H1,2
Subgroup 1
Ordinary node
Ordinary node
Ordinary node
Node leaving
Ordinary node
9
The hierarchical key management scheme (cont.) Node leaving a subgroup (Case 2)
The leaving of L2-headsH1
H1,1 H1,2
Subgroup 1
A
Ordinary node
Ordinary node
Ordinary node
Node leaving
Ordinary node
◙ Step1: Sends a leave message to ordinary nodes and the L1-head
◙ Step2: Selects a new L2-head(A) by comparing the weight values of the ordinary nodes
◙ Step3: Sends the updated L2-subgroup information to the L1-head
◙ Step4: L1-head regenerates a new subgroup key and sends it to all the L2-heads
◙ Step5: L2-head regenerates a new subgroup key and sends it to all the ordinary nodes of L2-subgroup
10
The hierarchical key management scheme (cont.) Node leaving a subgroup
The leaving of L2-heads
H1
H1,2
Subgroup 1
A
Ordinary node
Ordinary node
Ordinary node
Ordinary node
11
The hierarchical key management scheme (cont.) Node leaving a subgroup (Case 3)
The leaving of L1-head
H1
H1,1 H1,2
Subgroup 1
A
Ordinary node
Ordinary node
Ordinary nodeNode leaving
Ordinary node
◙ Step1: Sends a leave message to L2-heads
◙ Step2: Selects a new L1-head from L2-heads
◙ Step3: Selects a new L2-head from ordinary nodes of L2-subgroup
◙ Step4: All L2-heads send their L2-subgroup information to the new L1-head for registration
◙ Step5: L1-head regenerates a new subgroup key and sends it to all L2-heads◙ Step6: L2-heads regenerate a new subgroup key and sends it to all ordinary nodes of L2-subgroup
12
The hierarchical key management scheme (cont.) Node leaving a subgroup
The leaving of L1-head
H1
H1,2
Subgroup 1
A
Ordinary node
Ordinary node
Ordinary node
Ordinary node
13
Comments Rekeying in HKMS
Join: m+1 asymmetric encryption/decryption Leave:
Case 1: m asymmetric encryption/decryption Case 2,3: p asymmetric encryption/decryption
m: number of nodes in L2-subgroupk: number of L2 headsp: total nodes in a subgroup (p=mk+1)
H1
H1,1 H1,2
Subgroup 1
Ordinary node
Ordinary node
Ordinary node
Ordinary node
14
Comments (cont.)
1
2 3
Subgroup 1
Ordinary node
Ordinary node
Ordinary node
Ordinary node
4
5
6 7
8
9L1GK1 = H(1♁2 ♁ 3)
L2GK1,1 = H(L1GK1, H(4♁5 6))♁ L2GK1,2 = H(L1GK1, H(7♁8 9))♁
1,2,3,4,5,6,7,8,9
4,5,6 7,8,9
5,6
4,6
4,5
7,8
7,9
8,9
15
Comments (cont.) Join
1
2 3
Subgroup 1
Ordinary node
Ordinary node
Ordinary node
Ordinary node
4
5
6 7
8
9L1GK1 = H(1♁2 ♁ 3)
new L2GK1,1 = H(L2GK1,1, 10) L2GK1,2 = H(L1GK1, H(7♁8 9))♁
1,2,3,4,5,6,7,8,9,10
4,5,6,10 7,8,9
5,6,10
4,6,10
4,5,10
7,8
7,9
8,9
10
4,5,6
16
Comments (cont.) Leave (Case 1)
1
2 3
Subgroup 1
Ordinary node
Ordinary node
Ordinary node
Ordinary node
4
5
6 7
8
9L1GK1 = H(1♁2 ♁ 3)
new L2GK1,1 = H(L2GK1,1, 4) L2GK1,2 = H(L1GK1, H(7♁8 9))♁
1,2,3,4,5,6,7,8,9,10
4,5,6,10 7,8,9
5,6,10
4,6,10
4,5,10
7,8
7,9
8,9
10
4,5,6
17
Comments (cont.) Leave (Case 2)
1
2 3
Subgroup 1
Ordinary node
Ordinary node
New L2-head
Ordinary node
4
5
6 7
8
9L1GK1 = H(1♁2 ♁ 4’)
1,3,4’,5,6,7,8,9,10
7,8,9
5,6,10
6,10
5,10
7,8
7,9
8,9
10
5,6
L2GK1,1 = H(L1GK1, H(5♁6 10))♁ L2GK1,2 = H(L1GK1, H(7♁8 9))♁
18
Comments (cont.) Leave (Case 3)
1
2 3
Subgroup 1
Ordinary node
Ordinary node
Ordinary node
Ordinary node
4
5
6 7
8
9L1GK1 = H(1♁2 ♁ 3)
new L2GK1,1 = H(L2GK1,1, 4) L2GK1,2 = H(L1GK1, H(7♁8 9))♁
1,2,3,4,5,6,7,8,9,10
4,5,6,10 7,8,9
5,6,10
4,6,10
4,5,10
7,8
7,9
8,9
10
4,5,6
19
Comments (cont.) Leave (Case 3)
2
4 3
Subgroup 1
Ordinary node
Ordinary node
Ordinary node
Ordinary node
10
5
6 7
8
9L1GK1 = H(2’♁3’ 4’)♁
L2GK1,1 = H(L1GK1, H(4♁5 6))♁ L2GK1,2 = H(L1GK1, H(7♁8 9))♁
2’,3’,4’,5’,6’,7’,8’,9’,10’
5’,6’,10’ 7’,8’,9’
5’,6’
6’,10’
5’,10’
7’,8’
7’,9’
8’,9’
