Current Trends in Group Key Management

Various network applications require sending data onto one or many members, maintaining security in the large groups is one of the major obstacles for controlling access. Unfortunately, IP multicast is not providing any security over the group communication. Group key management is a fundamental mechanism for secured multicast. This paper presents relevant group key management protocols. Then, we compared them against some pertinent performance criteria. Finally, we discuss the new research directions in group key management. Keywords-Multicast; group key management; security member driven; time driven.


INTRODUCTION
With rapid growth in the internet, people using the group communication in applications such as paying TV, transmission of video and audio, updating software, military applications, video games etc.In recent decades, the focus is mainly on the security issues involved in the group communication.When the group uses the unicast communication, one sender is sending the data stream onto one group member.In multicasting, the group member is sending the data onto other group members.Security is main focused area in group communication.Group key management is the fundamental mechanism provides the security in group communication.In this, security is achieved by sharing a common key among the group members.The message packets, those are going to transmit should be encrypted with the shared key.
Group key management is mainly focusing on the key generation and distribution of key among the group members.All the group members should participate in the secure distribution, creation and revocation of the keys [1].The communication session in group key management is managed by two entities: Group Controller (GC), responsible for key generation, distribution and rekeying for membership change and Key Server (KS), responsible for maintaining the keys and distributing the keys.
The scenario of group communication is shown in the figure 1.Each member in the group is having two keys (TEK and KEK).The TEK (Traffic Encryption Key) is used for encrypt, decrypt and authenticate the data transfer.The TEK for the group member is generated by the local manager.The KEK (Key Encryption Key) is used for encrypt the TEK.To multicast the message (m) secretly the sender encrypts the message with TEK using the symmetric key algorithm.At the receiving side, the receiver decrypts the message (m) with TEK.In the group communication, the members in the group are not fixed, members can join / members can leave the group.So we need to secure the sending message to be received by the group members at that instance.When member is leaving, the KS must generate a new TEK and distribute the key secretly to all other members except leaving one.This process is known as rekeying.From the figure, we observe that Key Server is sharing a secret key called Key Encryption Key (KEKi) with each group member.When the member is leaving, the KS generates a new TEK : TEK1, encrypted with their KEKi and sends it to all other group members except leaving one.So the leaving member does not know the new TEK1, to decrypt the future messages shared in the group.
When a new member is joined in the group, first it must be authenticated by the GC.After that, the KS checks the rights of the new member and adds the member in the future message transformation session.The KS generates a new secret KEKj and shared with the new member mj.In order to restrict the new member form past data access the KS generate the new TEK : TEK1, encrypted with KEKi and then sends to all the group members along with the new joined one.

II. GROUP KEY MANAGEMENT PROTOCOL
As defined by Menezes et al. in [2], Group Key Management is the set of techniques and procedures used for the establishment and maintenance of keys among members to form the group.According to Hutchison [3], group key management can be classified into three categories.
Centralized Group Key Management Protocols-Key distribution is achieved by a single entity i.e Key Distribution Center (KDC), also known as Central Authority (CA).The Central Authority maintains the entire group, allocates the individual KEK to group members.It is also responsible for sharing the common TEK among all the group members.
Decentralized Group Key Management Protocols -In Decentralized Group, the group is splitting into several subgroups.Each subgroup is managed by subgroup controller.In this approach, the hierarchy of sub group controllers shares the labor in transferring TEK to group members.This management will reduce the load on the KDC.Distributed Group Key Management Protocols -In Distributed Group key management either all the group members or only one member is involved in group key generation.No group controller is present; this will improves the reliability of the overall system.www.ijacsa.thesai.org

A. Centralized GKMP
Assume there is a group with n members.The Key server (KS) is the centralized group manager which stores information about all the group members.The KS takes n Key Encryption Keys (KEK) and each of them is shared with one member.The KEK is the secret key used for encrypting the group key (TEK).In the figure, the centralized group key protocols again sub divided into three categories depending on the technique used in distributing the TEK among group members.

a) Pair wise Keys:
In this sub type the KS shares a secret key called Key Encryption Key (KEK) with all the group members.This key is used for establishing the secured channel between the KS and the member for transferring the TEK securely whenever the key is required.[4], [5] proposed Group Key Management Protocol (GKMP), in this KS shares a secret key (KEK) individually with each active member and KS generates a Group Key Packet (GKP) that contains a Group TEK (GTEK) and a group KEK (GKEK).Chu et.al Protocol is proposed by Chu et.al [6], a Group leader shares a secret Key Encryption Key (KEK) with each group member.

b) Broadcast Secrets:
In this protocol, the KS broadcasts the rekey information to all the group members.Chiou and Chen [9] proposed Secure Lock protocol, in this key server uses a single broadcast to establish the group key or for sending rekey to the entire group in the case of join or leave membership.

c) Keys Hierarchy:
In pair wise key approach, the KS establishes individual secure channel with the members and uses this channel for sending the TEK updates.This mechanism increases the update message overhead.In order to reduce message overhead, the Key Server in this approach, shares a secret key with subgroup in addition to individual channel.When the member leaves the group the KS uses the sub group secret key to distribute the new TEK, which are not known by the leaved member.Nemaney et al. [26] proposed hierarchical group key management that increases the efficiency of the key.Following section describes some of the protocols using this re-key mechanism.
Wong et.al and Wallner et.al [11] [14] proposed Logical Key Hierarchy (LKH) protocol.In this protocol, KS is the root of the tree and maintains a tree of keys.In this protocol, each node stores at most 1+log2(n) rekey messages.
McGraw and Sherman proposed One-Way Function Tree (OFT) protocol and this is an improvement over the LKH.Here, node's KEK is calculated by the member rather than attributed by the KS.Each node in this protocol is maintaining its blended sibling keys and its leaf secret key also maintains the blinded secret KEKs of its ancestors.
Canetti et.al proposed One-Way Function Chain Tree (OFCT) protocol [13].This protocol works similar to OFT but, a pseudo random generator is used to generate the new KEKs rather than a one-way function, and it is done only during user removal.
Efficient Large Key distribution (ELK) [15] approach uses the pseudo random function for generating the new KEK when a membership change takes place.Waldvogel et.al [16] proposed Centralized Flat Table Key Management (CFKM) protocol, this approach, uses the flat table concept in order to reduce the number of keys maintained by the KS.Flat table consists of one TEK and 2w entries for KEKs, where w is the number of bits in identifier of a member.Wong et.al protocol is the extension of the LKH protocol [14].The LKH uses the binary tree for key distribution; wong et.al uses the k-ary tree.

Comparison of centralized group key management protocols:
Table I compares the centralized group key management protocols.The efficiency of the protocol can be compared against the following criteria: 1 affect n, forward and backward secrecy, storage requirements at KS and group member, collusion, join re-key overhead and leave rekey overhead.

a) Decentralized Group key Management Protocols
The group members are arranged into some subgroups, and each subgroup has a controller called key manager.The key managers of the subgroup share the labor of distributing the TEK to group members in order to avoid bottle necks and single point of failure.Decentralized group key management is categorized into member ship driven and time driven re-keying.
Ballardie's Scalable Multicast Key Distribution (SMKD) protocol [18] propose a group key distribution method based on the Core Based Tree (CBT) multicast routing protocol.In CBT architecture, the multicast is rooted at main core.In Intra Domain Group Key Management (IGKMP) [17], the network divides into administratively scoped areas.This protocol is having Domain Key Distributor (DKD) and Area Key Distributor (AKD).
Where n: number of group members I: number of bits in a number id The DKD is responsible for generating group TEK and is propagated to the group members through AKD.The DKD and AKDs belong to multicast group called All-KD-Group.
In Hydra protocol [19] the group is organized into sub groups.Each sub group has a server called Hydra Server (His) responsible for controlling the sub group.BAAL protocol has three entities: First is the Group controller (GC), responsible for maintaining the participant List (PL) and creating and sending the group key TEK to member through local controller.Second is Local Controller (LC), responsible for managing the keys in subnet, receives the new TEK and distributes to members connected to subnet.Third is Group member.IOLUS protocol is the frame work of a hierarchy of multicast subgroups to constitute virtual group [20].Each subgroup is managed by a Group Security Agent (GSA), responsible for managing key inside the sub group.
Cipher Sequences is a proposed framework for multicast security [21], based on Reversible cipher sequence.The multicast tree is rooted at source and the leaves are group members.Challel et.al proposed Scalable Adaptive Key Management Scheme (SAKM) protocol.This protocol tackles the scalability issue.SAKM tackles the scalability by organizing the group into clusters.

b) Time Driven Approach
In time driven approach, the TEK is changed after specified amount of time.When the member leaves or joins in the group they will not excluded or appointed immediately, need to wait for the beginning of the new interval of time.
Briscoe proposed MARKS protocol, suggests a slicing the time length into small portions of time and uses a different key for encrypting each slice.The encryption keys occupied at leaves in BST that is generated from a single seed.Setia et al [22] describe a scalable approach based on timedriven called Kronos.In this protocol, Setia denotes the group with a birth and death process model and discussed the model in two occasions: correlation subscriber behavior and independent subscriber.The operation of Kronos is similar to that of IGKMP.In Dual Encryption Protocol (DEP), the group is divided hierarchically into sub groups and the sub group is managed by sub-group manager (SGM).In YANG et.al Protocol [23] approach the multicast group is organized into a set of sub groups, KS manages each subgroup.The KS is responsible for rekeying the members in the subgroup periodically.Scalable Infrastructure For Multicast Key Management (SIM-KM) uses the proxy encryptions.SIM-KM uses the proxy function that converts the cipher text for one key into the cipher text for another key.

c) Comparison of Decentralized Group Key Management Protocols
In this different Group controllers are used to manage the subgroups.Table II compares the decentralized group key management protocols.Attributes that are used for evaluating the performance of decentralized protocols are key independence, decentralized controller, local rekey, key-data transformation, rekey per membership and type of communication.
Both: 1 to n and n to n

d) Distributed Key agreement Protocols
In distributed key agreement protocol, the group members are participated in the establishment of a group key, further classified into three categories: Ring-based, hierarch based and broadcast based.

e) Ring Based
In this, cooperation of group members forms a virtual ring.In Ingemarson Et Al. protocol, all the group members are organized into a virtual ring and the Group Diffie-Hellman (GDH) protocol uses the extension of Diffie Hellman algorithm for group key generation.

f) Hierarchy based cooperation
The group members are arranged in a tree hierarchy for group key generation.In OCTOPUS, the entire group is divided into four sub groups.The leader member in the subgroup is responsible for collecting the intermediate subgroup values and calculates the intermediary DH value.Steer et.al proposed Skinny Tree (STR) protocol, uses the tree structure.The leaves associated in the tree are group members; each leaf is identified by its position.Diffie-Hellman Logical www.ijacsa.thesai.orgKey Hierarchy (DH-LKH), proposed by Perrig et al. [24] is variant of STR and uses binary tree.The binary tree built from bottom to top.Distributed Logical Key Hierarchy (D-LKH) protocol uses the notion of sub-trees, agreeing on a mutual key.Distributed One-way Function Tree (D-OFT) approach using logical key hierarchy in a distributed fashion was proposed by Dondeti et al, uses the one-way function tree proposed by McGrew and Sherman.Every group member is trusted with access control and key generation.In Fiat and Naor protocol, each member broadcast a single message to other participants in order to agree on a common secret.

g) Broadcast based approach
In this approach, group key is generated by broadcasting the secret messages and distributing the computations among the group members.Burmester And Desmedt Protocol is a three round protocol with member generation, broadcasting and group key computations.
Boyd proposed Conference Key Agreement (CKA) protocol, where all the group members contributed to generate the group key.

h) Comparison of Distributed Group Key Management Protocols:
All the members in the group are involved in the computation of group key or generated by one member in the group.Table III

III. CURRENT RESEARCH DIRECTIONS
A group Key Management application in mobile networks, ad hoc networks, e learning, and peer-to-peer networks is prevalent.Many new protocols are proposed as existing key management protocols are no more suitable for these areas.Jiang and Hu [8] classified current group key management protocols as stateless, self-healing, distributive, reliable, adaptive and mobile-based.Among these protocols reliability and distributiveness are by default provided by the group key management protocols.Scalability of stateless group key management protocols is enhanced by reducing the degree of the polynomial functions with the help of the decentralized subgroup managers.Junbeom and Hyunsoo [12] proposed a decentralized multi-group key management scheme for stateless group members.Self-healing and rekeying are becoming target areas in the group key management protocols.Key Server transmits group key updating messages when there are some changes in membership states.A self-healing protocol can recover certain number of existing and/or future group keys.First, self-healing key distribution protocol [8] was proposed by J.Staddon et.al [25] which is based on polynomials and Angelo [10] provided an efficient self-healing scheme for LKH.Challal et al. [7] proposed adaptive group key management protocol and there is need of extensive research should be done in this

IV. CONCLUSION
This paper focused on group key management, secured distribution of session keys and refreshment of the keying material.Reviewed so many group key management protocols and placing them into three main classes: centralized, decentralized and distributed protocols, which try to minimize the requirements of KDC and group members.Centralized key management is easy to implement but more overhead on single member.The decentralized key management follows the hierarchical sub grouping and it is harder to implement.Distributed key management is simply not scalable.From the comparison tables, we analyze that no unique solution that can achieve all the requirements.Hence, it is important to understand fully the requirements of the application before selecting a security solution.A solution for secure group communication should complement a multicast application rather than drive its implementation.The usage of security mechanism for secure group communication should be made transparent to the user and it should also work well with other protocols.

TABLE I :
COMPARISON OF CENTRALIZED GROUP KEY MANAGEMENT compares the distributed group key management protocols.Attributes to evaluate the efficiency of distributed key management protocols are a number of rounds, number of messages, DH key and leader requirement.

TABLE III :
COMPARISON OF DISTRIBUTED GROUP KEY MANAGEMENT