6. Conclusion
In this paper, we propose a secure group key management
protocolbasedonDHkeyagreement.Theproposedkey
management requires only one data communication and one
modular exponentiation at each member for any membership
event. It shows prominent efficiency in renewing the group
keys against dynamic group membership change, member
join/leave and group merging/partition. We proved group
key secrecy, backward/forward secrecy, key independence,
and key authentication. No outsiders can learn the group key
under the DDH assumption. We conclude that CODH can be
adapted efficiently for multicast security in mobile networks.
Notations
n: Number of protocol participants
푀푖: 푖th group member,푖∈[1,푛]
푀푠:Masternode(controller),푠∈[1,푛]
푝: Prime of the form2푞 + 1for a prime푞
푔: Generator inZ∗푝
푥푖: Lock-secret; random number picked by
푀푖such that1<푥푖<푝−1and
gcd(푥푖,푝−1)=1
푦푖: Unlock-secret for푀푖such that
푥푖∗푦푖≡1mod(푝 − 1)
푘: Master-secret randomly selected inZ∗푞,
by푀푠
푋푖:Locker;푔푥푖mod푝
퐶푛:Currentgroupof푛members; #(퐶) = 푛
푋퐿퐶:Lockerlistofgroup
퐶; 푋퐿퐶={푋 1 ,푋 2 ,...,푋푛}\푋푠
푋퐿푘퐶: Key-locks for group
퐶; 푋퐿푘퐶={푋푘 1 ,푋푘 2 ,...,푋푘푛}\푋푘푠
푀푖→푀푗:m: Unicast message(m)from푀푖to푀푗
푀푖⇒퐶푛:m: Broadcast message(m)from푀푖to푛
members of퐶.Conflict of Interests
The authors declare that there is no conflict of interests
regarding the publication of this paper.
Acknowledgments
The authors appreciate anonymous reviewers for their helpful
comments. This research was supported by Basic Science
Research Program through the National Research Founda-
tion of Korea (NRF) funded by the Ministry of Education,
Science and Technology (2011-0011289).
References
[1] R. Canetti, T. Malkin, and K. Nissim, “Efficient communication-
storage tradeoffs for multicast encryption,” inProceedings of
Advances in Cryptology (Eurocrypt ’99),vol.1592ofLecture
Notes in Computer Science, pp. 459–474, Prague, Czech Repub-
lic, May 1999.[2] S.Setia,S.Koussih,S.Jajodia,andE.Harder,“Kronos:ascalable
group re-keying approach for secure multicast,” inProceedings
of the IEEE Symposium on Security and Privacy,pp.215–228,
Berkeley, Calif, USA, May 2000.
[3] M. K. Reiter, “A secure group membership protocol,”IEEE
Transactions on Software Engineering,vol.22,no.1,pp.31–42,
1996.
[4]D.Wallner,E.Harder,andR.Agee,“Keymanagementfor
multicast: issues and architectures,” RFC 2627 Informational,
1999.
[5]C.K.Wong,M.Gouda,andS.S.Lam,“Securegroupcom-
munications using key graphs,”IEEE/ACM Transactions on
Networking,vol.8,no.1,pp.16–30,2000.
[6] S. Mittra, “Iolus: a framework for scalable secure multicasting,”
inProceedings of the ACM (SIGCOMM ’97), pp. 277–288,
Cannes, France, September 1997.
[7] A. T. Sherman and D. A. McGrew, “Key establishment in
large dynamic groups using one-way function trees,”IEEE
Transactions on Software Engineering,vol.29,no.5,pp.444–
458, 2003.
[8] S. Zhu, S. Setia, and S. Jajodia, “LEAP: efficient security
mechanisms for large-scale distributed sensor networks,” in
Proceedings of the 10th ACM Conference on Computer and
Communications Security (CCS ’03), pp. 62–72, Washington,
DC, USA, October 2003.
[9] S.Zhu,S.Xu,S.Setia,andS.Jajodia,“Establishingpairwisekeys
for secure communication in ad hoc networks: a probabilistic
approach,” inProceedingsofthe11thIEEEInternationalConfer-
ence on Network Protocols, pp. 326–335, Atlanta, Ga, USA, 2003.
[10] W. Diffie and M. E. Hellman, “New directions in cryptography,”
IEEE Transactions on Information Theory,vol.22,no.6,pp.
644–654, 1976.
[11] M. Burmester and Y. Desmedt, “A secure and scalable group key
exchange system,”Information Processing Letters,vol.94,no.3,
pp.137–143,2005.
[12] M. Steiner, G. Tsudik, and M. Waidner, “Diffie-Hellman key
distribution extended to group communication,” inProceedings
of the 3rd ACM Conference on Computer and Communications
Security,pp.31–37,NewDelhi,India,March1996.
[13] M. Steiner, G. Tsudik, and M. Waidner, “CLIQUES: a new
approach to group key agreement,” inProceedings of the 18th
International Conference on Distributed Computing Systems,pp.
380–387, May 1998.
[14] Y. Amir, Y. Kim, C. Nita-Rotaru, and G. Tsudik, “On the perfor-
mance of group key agreement protocols,”ACM Transactions
on Information and System Security, vol. 7, no. 3, pp. 457–488,
2004.
[15] Y. Kim, A. Perrig, and G. Tsudik, “Tree-based group key
agreement,”ACM Transactions on Information and System
Security,vol.7,no.1,pp.60–96,2004.
[16] Y. Kim, A. Perrig, and G. Tsudik, “Group key agreement efficient
in communication,”IEEE Transactions on Computers,vol.53,
no.7,pp.905–921,2004.
[17] B.Wu,J.Wu,andD.Yuhong,“Anefficientgroupkeymanage-
ment scheme for mobile ad hoc networks,”International Journal
of Security and Networks,vol.4,no.1-2,pp.125–134,2009.
[18]P.P.C.Lee,J.C.S.Lui,andD.K.Y.Yau,“Distributed
collaborative key agreement and authentication protocols for
dynamic peer groups,”IEEE/ACM Transactions on Networking,
vol. 14, no. 2, pp. 263–276, 2006.