A hierarchical key management scheme for secure group communications in mobile ad hoc networks

1. A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The Journal of Systems and Software, accepted manuscript. Reporter: Chun-Ta Li (李俊達)

2. Outline • Motivation • The hierarchical key management scheme (HKMS) • Comments 2 2

3. Motivation • Key management scheme in a MANET • Improving security • Message encryption/decryption • Forward secrecy and backward secrecy • Reducing the memory storage of keys • Clustering or hierarchical trees • Frequent changes of the network topology (rekeying) • Members join or leave a group • Manage keys efficiently and reduce the amount of rekeying

4. The hierarchical key management scheme • Notations • Key management (2-hop) public/private key ◙ Procedure 1: L1-head selecting ◙ Procedure 2: L2-head selecting

5. The hierarchical key management scheme (cont.) • The node communications in different subgroups Subgroup 1 Subgroup 2 Kc(2,3) Subgroup 3 Kc(3,4) Kc(2,5) Subgroup 4 Subgroup 5

6. The hierarchical key management scheme (cont.) • Encryption/decryption operation during data transmission L1GK1,KDH,Data Subgroup 1 L2GK1,2,KDH,Data L2GK1,1,KDH,Data Kc,KDH,Data L1GK2,KDH,Data Subgroup 2 L2GK2,3,KDH,Data Data L2GK2,1,KDH,Data

7. The hierarchical key management scheme (cont.) • Subgroup key maintenance • New node joining a subgroup  ◙ Step1: Sends a join request message ◙ Step4: Allowed to join the L2-subgroup ◙ Step2: Sends the join request message to the L2-head ◙ Step5: L2-head regenerates an L2-subgroup key and sends it to all L2-subgroup nodes ◙ Step3: Sends a reply message

8. The hierarchical key management scheme (cont.) • Node leaving a subgroup (Case 1) • The leaving of ordinary nodes • Step 1: Sends a leave message to the L2-head • Step 2: L2-head regenerates a new L2-subgroup key and sends it to all remaining nodes H1 Subgroup 1 Ordinary node Ordinary node H1,1 H1,2 Ordinary node Node leaving Ordinary node

9. The hierarchical key management scheme (cont.) • Node leaving a subgroup (Case 2) • The leaving of L2-heads ◙ Step3: Sends the updated L2-subgroup information to the L1-head H1 Subgroup 1 Ordinary node Ordinary node H1,1 H1,2 Node leaving A Ordinary node Ordinary node ◙ Step1: Sends a leave message to ordinary nodes and the L1-head ◙ Step4: L1-head regenerates a new subgroup key and sends it to all the L2-heads ◙ Step2: Selects a new L2-head(A) by comparing the weight values of the ordinary nodes ◙ Step5: L2-head regenerates a new subgroup key and sends it to all the ordinary nodes of L2-subgroup

10. The hierarchical key management scheme (cont.) • Node leaving a subgroup • The leaving of L2-heads H1 Subgroup 1 Ordinary node Ordinary node H1,2 A Ordinary node Ordinary node

11. The hierarchical key management scheme (cont.) • Node leaving a subgroup (Case 3) • The leaving of L1-head ◙ Step4: All L2-heads send their L2-subgroup information to the new L1-head for registration Node leaving H1 Subgroup 1 Ordinary node Ordinary node H1,1 H1,2 A Ordinary node Ordinary node ◙ Step1: Sends a leave message to L2-heads ◙ Step5: L1-head regenerates a new subgroup key and sends it to all L2-heads ◙ Step2: Selects a new L1-head from L2-heads ◙ Step6: L2-heads regenerate a new subgroup key and sends it to all ordinary nodes of L2-subgroup ◙ Step3: Selects a new L2-head from ordinary nodes of L2-subgroup

12. The hierarchical key management scheme (cont.) • Node leaving a subgroup • The leaving of L1-head H1 Subgroup 1 Ordinary node Ordinary node H1,2 A Ordinary node Ordinary node

13. Comments m: number of nodes in L2-subgroup k: number of L2 heads p: total nodes in a subgroup (p=mk+1) • Rekeying in HKMS • Join: m+1 asymmetric encryption/decryption • Leave: • Case 1: m asymmetric encryption/decryption • Case 2,3: p asymmetric encryption/decryption H1 Subgroup 1 Ordinary node Ordinary node H1,1 H1,2 Ordinary node Ordinary node

14. Comments (cont.) 1,2,3,4,5,6,7,8,9 1 Subgroup 1 7,8 Ordinary node L1GK1 = H(1♁2 ♁3) 9 Ordinary node 5,6 4 2 3 4,5,6 7,8,9 7,9 5 8 4,6 6 7 4,5 8,9 Ordinary node Ordinary node L2GK1,1 = H(L1GK1, H(4♁5♁6)) L2GK1,2 = H(L1GK1,H(7♁8♁9))

15. Comments (cont.) • Join 4,5,6 1,2,3,4,5,6,7,8,9,10 10 1 Subgroup 1 7,8 Ordinary node L1GK1 = H(1♁2 ♁3) 9 Ordinary node 4 5,6,10 2 3 4,5,6,10 7,8,9 7,9 5 8 4,6,10 6 7 4,5,10 8,9 Ordinary node Ordinary node new L2GK1,1 = H(L2GK1,1, 10) L2GK1,2 = H(L1GK1,H(7♁8♁9))

16. Comments (cont.) • Leave (Case 1) 4,5,6 1,2,3,4,5,6,7,8,9,10 10 1 Subgroup 1 7,8 Ordinary node L1GK1 = H(1♁2 ♁3) 9 Ordinary node 4 5,6,10 2 3 4,5,6,10 7,8,9 7,9 5 8 4,6,10 6 7 4,5,10 8,9 Ordinary node Ordinary node new L2GK1,1 = H(L2GK1,1, 4) L2GK1,2 = H(L1GK1,H(7♁8♁9))

17. Comments (cont.) • Leave (Case 2) 5,6 1,3,4’,5,6,7,8,9,10 10 1 Subgroup 1 7,8 New L2-head L1GK1 = H(1♁2 ♁4’) 9 Ordinary node 4 5,6,10 2 3 7,8,9 7,9 5 8 6,10 6 7 5,10 8,9 Ordinary node Ordinary node L2GK1,1 = H(L1GK1, H(5♁6♁10)) L2GK1,2 = H(L1GK1,H(7♁8♁9))

18. Comments (cont.) • Leave (Case 3) 4,5,6 1,2,3,4,5,6,7,8,9,10 10 1 Subgroup 1 7,8 Ordinary node L1GK1 = H(1♁2 ♁3) 9 Ordinary node 4 5,6,10 2 3 4,5,6,10 7,8,9 7,9 5 8 4,6,10 6 7 4,5,10 8,9 Ordinary node Ordinary node new L2GK1,1 = H(L2GK1,1, 4) L2GK1,2 = H(L1GK1,H(7♁8♁9))

19. Comments (cont.) • Leave (Case 3) 2’,3’,4’,5’,6’,7’,8’,9’,10’ 2 Subgroup 1 7’,8’ Ordinary node L1GK1 = H(2’♁3’♁ 4’) 9 Ordinary node 5’,6’ 10 4 3 5’,6’,10’ 7’,8’,9’ 7’,9’ 5 8 6’,10’ 6 7 5’,10’ 8’,9’ Ordinary node Ordinary node L2GK1,1 = H(L1GK1, H(4♁5♁6)) L2GK1,2 = H(L1GK1,H(7♁8♁9))