Abstract
Controlling a large number of devices such as sensors and smart end points, is always a challenge where scalability and security are indispensable. This is even more important when it comes to periodic configuration updates to a large number of such devices belonging to one or more groups. One solution could be to take a group of devices as a unit of control and then manage them through a group communication mechanism. An obvious challenge to this approach is how to create such groups dynamically and manage them securely. Moreover, there need to be mechanisms in place by which members of the group can be removed and added dynamically. In this paper, we propose a technique that has been recently standardized in IEEE 802.21 (IEEE Std 802.21d™-2015) with the objective of providing a standard-based solution to the above challenges. The approach relies on Logical Key Hierarchy (LKH) based key distribution mechanism but optimizes the number of encryption and decryption by using “Complete Subtree”. It leverages IEEE 802.21 framework, services, and protocol for communication and management, and provides a scalable and secure way to manage (e.g., add and remove) devices from one or more groups. We describe the group key distribution protocol in details and provide a security analysis of the scheme along with some performance results from a prototype implementation.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
The complete binary tree T with N leaf nodes has (2N-1) nodes.
- 2.
If the guess is correct, i.e., Hit occurs, no \( U^{*} \) assigned \( (I^{ *} ,dk^{ *} ) \) is corrupted at the end of Game 3 since \( {{\Pi }}_{U}^{*} \) who receives Test query must be fresh.
- 3.
Disclaimer: Any mention of commercial products or organizations is for informational purposes only; it is not intended to imply recommendation or endorsement by the National Institute of Standards and Technology (NIST), nor is it intended to imply that the products identified are necessarily the best available for the purpose.
References
IEEE Standard for Local and Metropolitan Area Networks- Part 21: Media independent handover services- IEEE Std 802.21™-2008, January 2009
IEEE Standard for Local and Metropolitan Area Networks- Part 21: Media independent handover; amendment 1: security extensions to media independent handover services and protocol, IEEE Std 802.21a™-2012, May 2012
IEEE Standard for Local and Metropolitan Area Networks- Part 21: Media independent handover; amendment 4: multicast group management, IEEE Std 802.21d™-2015, July 2015
Wallner, D., Harder, E., Agee, R.: Key management for multicast: issues and architectures request for comments 2627, June 1999
Wong, C.K., Gouda, M., Lam, S.S.: Secure group communications using key graphs. IEEE/ACM Trans. Netw. 8(1), 16–30 (2000)
ISO/IEC 11770-5 Information Technology – Security techniques - key management – Part 5: Group key management (2011)
Fiat, A., Naor, M.: Broadcast encryption. In: Stinson, D.R. (ed.) CRYPTO 1993. LNCS, vol. 773, pp. 480–491. Springer, Heidelberg (1994). doi:10.1007/3-540-48329-2_40
Weis, B., Rowles, S., Hardjono, T.: The group domain of interpretation IETF, Request for comments 6407, October 2011
IEEE Standard for Information Technology—Telecommunications and information exchange between systems—Local and metropolitan area networks—Specific requirements Part 11: Wireless LAN Medium Access Control (MAC) and Physical Layer (PHY) Specifications (2015)
Naor, D., Naor, M., Lotspiech, J.: Revocation and tracing schemes for stateless receivers. In: Kilian, J. (ed.) CRYPTO 2001. LNCS, vol. 2139, pp. 41–62. Springer, Heidelberg (2001). doi:10.1007/3-540-44647-8_3
Diffie, W., van Oorschot, P.C., Wiener, M.J.: Authentication and authenticated key exchanges. Des. Codes Cryptogr. 2(2), 107–125 (1992)
Burmester, M.: On the risk of opening distributed keys. In: Desmedt, Y.G. (ed.) CRYPTO 1994. LNCS, vol. 839, pp. 308–317. Springer, Heidelberg (1994). doi:10.1007/3-540-48658-5_29
Kim, Y., Perrig, A., Tsudik, G.: Simple and fault-tolerant key agreement for dynamic collaborative groups. In: CCS 2000, Proceedings of the 7th ACM Conference on Computer and Communications Security, Athens, Greece, 1–4 November 2000, pp. 235–244 (2000)
Günther, C.G.: An identity-based key-exchange protocol. In: Quisquater, J.-J., Vandewalle, J. (eds.) EUROCRYPT 1989. LNCS, vol. 434, pp. 29–37. Springer, Heidelberg (1990). doi:10.1007/3-540-46885-4_5
Brecher, T., Bresson, E., Manulis, M.: Fully robust tree-diffie-hellman group key exchange. In: Proceedings of Cryptology and Network Security, 8th International Conference, CANS 2009, Kanazawa, Japan, 12–14 December 2009, pp. 478–497 (2009)
Gennaro, R., Halevi, S.: More on key wrapping. In: Jacobson, M.J., Rijmen, V., Safavi-Naini, R. (eds.) SAC 2009. LNCS, vol. 5867, pp. 53–70. Springer, Heidelberg (2009). doi:10.1007/978-3-642-05445-7_4
Shoup, V.: Sequences of games: a tool for taming complexity in security proofs. IACR Cryptology ePrint Archive, p. 332 (2004)
Valgrind. http://valgrind.org/
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2016 Springer International Publishing AG
About this paper
Cite this paper
Hanatani, Y., Ogura, N., Ohba, Y., Chen, L., Das, S. (2016). Secure Multicast Group Management and Key Distribution in IEEE 802.21. In: Chen, L., McGrew, D., Mitchell, C. (eds) Security Standardisation Research. SSR 2016. Lecture Notes in Computer Science(), vol 10074. Springer, Cham. https://doi.org/10.1007/978-3-319-49100-4_10
Download citation
DOI: https://doi.org/10.1007/978-3-319-49100-4_10
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-319-49099-1
Online ISBN: 978-3-319-49100-4
eBook Packages: Computer ScienceComputer Science (R0)