06-06-2010, 10:13 PM
[attachment=3694]
ROBUST AND SECURE AUTHENTICATION PROTOCOL BASED ON
COLLABORATIVE KEY AGREEMENT FOR PEER TO PEER OF DYNAMIC
GROUP
Presented By:
J. Armstrong Joseph 1
P. Arockia Jansi Rani 2
Lecturer, St. Peterâ„¢s Engineering College, Avadi, Chennai, India,
Lecturer, Manonmaniam Sundaranar University, Tamilnadu, India,
ABSTRACT
There is a need for security services to provide group
oriented communication privacy and data integrity in
many group-oriented distributed applications. To provide
this form of group communication privacy, it is important
that members of the group can establish a common secret
key for encrypting group communication data. Consider a
group of people in a peer-to-peer or ad-hoc network
having a closed and confidential meeting. Since they do
not have a previously agreed upon common secret key,
communication between group members is susceptible to
eavesdropping. To solve the problem, we need a secure
distributed group key agreement and authentication
protocol so that people can establish and authenticate a
common group key for secure and private communication.
In this project modified Tree-based Group Diffie-Hellman
protocol has been proposed for a dynamic communication
group in which members are located in a distributed
fashion and can join and leave the group at any time. Any
communication in the group can be encrypted based on
the secret key. To provide both backward confidentiality
(i.e., joined members cannot access previous
communication data) and forward confidentiality (i.e., left
members cannot access future communication data),
rekeying, which means renewing the keys associated with
the nodes of the key tree, is performed whenever there is
any group membership change including any new member
joining or any existing member leaving the group. For
rekeying operations Queue-batch algorithm has been
proposed because Queue-batch algorithm performs the
best among the three interval-based algorithms such as
rebuild, batch and Queue-batch algorithms. More
importantly, the Queue-batch algorithm can substantially
reduce the computation and communication workload in a
highly dynamic environment. To demonstrate the strength of the system instance messaging has been proposed for implementation.
.
1. INTRODUCTION
Cause of increased popularity of group oriented
applications and protocols, security services are needed to
provide communication privacy and integrity in group
communications. Secure group communication is not only
a simple extension of secure two party communications,
there are two important differences. Firstly, protocol
efficiency is major concern due to the number of
participants and distances among them. The second
difference is due to group dynamics (i.e., members join
and leave). Two-party communication can be viewed as it
starts, lasts for a while and ends but, group
communication is more complicated since it starts, the
group mutates such as member join and leave. This
complicates presentment security services among key
agreement in members of group. We focus dynamic group
since they are common in many layer of network protocol
stack and applications. In contrast to large multicast
groups, dynamic group tend to be small size. Larger
member groups are unable to control on peer to peer basis
and organized in a hierarchy sort. Dynamic group assume
that many “many communication pattern.
We consider the dynamic communication group in wh ich
members are located in a distributed fashion. The
membership of the communication is dynamic so that
members can leave and new members can join the group
at any time. The contributions our work is
The agreement protocol is distributed in nature
and does not require a centralized key server.
The key agreement is contributively - each
member contributes its part to the overall group
We use an interval-based approach using queue
batch algorithm to significantly reduce the
computation and communication costs of
maintaining the group key.
To demonstrate the strength of the system such
as Secure, robust and efficient key management
is critical for secure group communication;
instance messaging has been proposed for
implementation.
The rest of this paper is organised as follows.
Section 2 introduces our notation and terminology.
Section 3 explains TGDH protocols and tree
management. Section 4 explains about analysis of queue
batch algorithm based on performance and experimental
analysis. The actual protocols described in section 5 and
implemented in section 6 for instance messaging. The
paper concludes the summary of previous work in section
2. NOTATION AND DEFINITIONS
One of the key features is adaptation of key trees for the
use in collaborative key agreement.
Figure 1. Notation for tree
Figure shows an example of key tree. The root is located
at level 0 and the lowest leaves of tree are at height Ëœhâ„¢.
Since we use the binary trees,[1] ever node is either a leaf
or a parent of two nodes. The nodes are denoted <l,v>,
where 0 v 2l “l. Since each level l hosts at most 2l
nodes[2]. The key tree is balanced for node numbering.
Thus a nodeâ„¢s <l,v> left and right children have indexes
<l+1,2v> and <l+1, 2v+1>, respectively. Each node <l,v>
exponentiation in prime order groups, i.e, f(k) = a k mod p
[ p is prime integer]. Assuming a leaf node <l,v> assigns
the member Mi, then the node <l,v> has Mâ„¢s session
random key K<l,v>. Moreover, the member M i at node <l,v>
knows every key along the path from <l,v> to <0,0>. In
fig, If member M2 owns the tree T2, then M2 knows every
key{ K<3,1> , K<2,0>, K<1,0>, K<0,0> } of KEY 2 and every
blind key { BK<0,0> , BK<1,0> ¦ BK<3,7> }on T2. Every key
K<l,v> is computed recursively as follows.
K<l,v> = ( BK<l+1><2v+1> ) K<l+1,2v>mod p
= ( BK<l+1><2v> ) K<l+1,2v+1>mod p
= a K<l+1,2v> K<l+1,2v+1> mod p
K<0,0> at the root node is the group secret shared by all
members. This value is never used as a cryptographic key
for the purpose of encryption, authentication or integrity.
In turn, such keys are derived from group secret, e.g., by
setting
Kgroup = h(K<0,0>) where h is the cryptographically strong
hash function.
3. TGDH PROTOCOLS
Three basic protocols forms the TGDH protocol suite
such as join, leave and merge. These protocols all share a
common framework with the following notable features.
Each group member contributes its share to the
group key, which is computed as a function of all
shares of current group members.
New member shares are factored into the group
key and changed the group key at regular
interval.
Departing member shares are removed from the
new key and at least one remaining member
changes its share
All the protocol messages are assigned by the
sender by DSA for security.
In our protocol, one of group member involves to
compute keys and broadcast the blinded keys to the group
at regular intervals. For instance, any member in this
group can take this responsibility, we call this member is
called Ëœsponsorâ„¢. The sponsor who handles the
membership change is determined by each membership
event. The ËœLeader is the single member that is
responsible for periodically notifying all group members
to start rekeying operation synchronously at regular
rekeying intervals.
3.1. TGDH Membership events
is associated with the key K<l,v> and the blinded key
BK<l,v> = f(K<l,v>) where the function is modular
Proceedings of the International Conference on Network Security and Workshop 2007 (ICONS 2007)
Erode Sengunthar Engineering College, Tamil Nadu, India, 29-31 January 2007
A group of key agreement scheme needs to provide key
adjustment protocols stemming from membership
changes. TGDH includes protocols in supporting of the
following operations
Join : a new member is added to the group
Figure 3. Tree T3
Tree T5
We have n members and a member Mw leaves the group.
In this case, the sponsor is the rightmost leaf node of the
sub tree rooted at the leaving memberâ„¢s sibling node.
Every member updates its key tree by deleting the leaf
node corresponding to Mw. The former sibling of Mw is
Figure 2. Tree update:- Join
Assume that the group pf n users {M 1,¦Mn}. The new
member Mn+1 indicates the protocol by sending a join
request that contains its own blinded key BK<0,0>.
When current group members receive this message, they
first determine the insertion node in the tree. The insertion
node is the rightmost node, where the join does not
increase height of the key tree. If the key tree is well
balanced, the new member joins to the root node. The
sponsor is the right most of the leaf node in the sub tree
rooted at the insertion node. Next the sponsor creates a
new intermediate node and a new member node, and
promotes the new intermediate node to be the parent of
both insertion node and the new member node. After
updating the tree, the sponsor computes the new group
key, since it knows all the necessary blinded keys. After
computing the group key, the sponsor broadcasts the new
tree which contains all blinded keys. All other members
update their trees accordingly and compute the new group
key.
Example of member M4 is joining to a group, where the
promoted to replace Mwâ„¢s parent node. The sponsor picks
a new secret share, compute all keys on its key path up to
the root, and broadcasts the new set of blinded keys to the
group key. In figure, if member M leaves the group,
every member deletes node <1,1> and <2,2>. After
updating the tree, the sponsor M5 picks a new key K<2,3>,
recomputed K<1,1>, K<0,0>,BK<2,3> and BK<1,1> and
broadcasts the updated tree T5 with its BK*. After
receiving the broadcast message, all members compute
the group key. Note that M cannot compute the group
key, though it knows all the blinded keys, because its
shares in no longer part of the group key.
Merge:- a subgroup is added to the group
sponsor M 3 performs the following actions.
Figure 4. Tree T5
TreeT7
Tree T5
renames node <1,1,> to <2,2>
generates a new intermediate node <1,1> and a
new member node <2,3>
promotes <1,1> as the parent node of <2,2> and
<2,3>
Since all members know BK<2,3> and BK<1,0>, M3 can
compute the new group key k<0,0>. Every other member
performs step1 and 2, but cannot compute the group key
in first round. After receiving the blinded keys, every
member can compute the group key.
Leave:- A member is removed from the group.
Each sponsor is the right most member of each group
broadcasts its tree information with blinded keys to other
group. After receiving this message, all members can
independently determine the merge position of the two
sub trees. If the sub trees have same height, we join one
tree to the root node (insertion node) of the other tree. To
impose an ordering on the two trees, we compare the
identifiers of the sponsors. In turn, the trees are different
heights and we join the shallower tree to the deeper tree.
The insertion node can be either the right shallowest node
(not necessarily a leaf node), where the join does not
increase the height of the tree or the root node, if join to
any other node increases the height of the key tree. The
right most member of the sub tree rooted at the joining
location becomes the sponsor of the key update operation.
The sponsor computes every key on the key path and the
corresponding blinded key. Then, broadcasts the tree with
blinded key to the other members. All the members now
have the complete set of blinded keys, which allows them
to compute all keys on their key path.
Figure shows an example, the sponsors M2 and M7 broad
cast their trees (T2 and T ) containing all blinded keys,
along with BK*2and BK*7. After receiving these broad
cast messages, every member in both groups merges two
trees, and then M2, the sponsor in this example updates
the key tree and computes and broadcasts blinded keys
3.2. Tree management
The number of exponentiations for membership events
varies, depending on the tree structure. For instance, if a
single member or a sub tree merges to the root node of
current tree, then exactly two modulations are required. If
a key tree is balanced, and a member joins to leaf node,
then the number of exponentiations is [log2n] where n is
the current number of users. Hence, joining to root always
requires the minimal number of exponentiations for the
additive membership operations. If n members join to the
root, however, the resulting tree becomes unbalance
(similar to linked list). If a member in the deepest node
leaves the group, n-1 exponentiations are required to
update the group key. However, if a key tree is fully
balanced, the number of exponentiations is [log2n].
4. Analysis Of Queue -Batch Algorithm
We consider two performance measures, namely:
the number of new members wish to join the
communication group. Let T denote the existing tree
which contains N members. The level of node v is L =
[log2(v+1)]. , where v is the node ID, and the maximum
level of T is h. Based on this first assumption, we know
that N=2h. Also let Ralg be the number of renewed nodes
and ?alg be the number of exponentiations for the particular
algorithm alg. The performance measure ?alg is composed
of two part: ?salg s and ?balg, which represent the number of
exponentiations of calculating the secret keys (which is
done by all members) and the number of exponentiations
of calculating the blinded keys (which is done by sponsors
only). We have
?alg = ?salg + ?balg,
Based on the last assumption, we know the number of
blinded key computation is
?alg = Ralg
So, we consider the number of secret key computations
?salg.
Queue batch algorithm exploits the idle rekeying interval
to preprocess some rekeying operations. When j=0,
Queue-batch algorithm is equivalent to Batch in pure
leave scenario. For J>0 the number of renewed nodes in
the queue-batch during the queue-merge phase is
equivalent to that batch when J = 1. Thus the expected
number of renewed nodes is
Also, the expected number of exponentiations when J>0
for queue-batch is given by
Average number of renewed nodes: a node is
said to be renewed if it is a non-leaf node
and its associated keys are renewed. This
metric provides a measure of the
communication cost since new blinded keys
of the renewed nodes have to be broadcast to
the whole group.
2.
Average
number
of
exponentiation
For J>0 and L>0, assume the new subtree is attached to a
operations:
This metric provides a measure of the computation load
for all members in the communication group.
node at some level d. we first decrement d from
E[?Batch,J=1, and L>0] to exclude the secret key computations
of the leaf node which is now replaced by the root node of
the new sub tree. Then we add dJ to account for the secret
key computations done by these new J members.
For mathematical analysis, let N be the number of
members originally in the system, L (where L = N) be the
number of members wis h to leave the system, and J>0 be
The value d is the level of the highest node that has all its
descendents departed; we can find the upper bound of the
value d, which occurs when the leaving leaf nodes are
evenly distributed in the key tree. Thus d is given by
the group members. Each member holds two types of
keys: short-term secret and blinded keys as well as long-
term private and public keys. Short-term keys are
d = [log2(N-1)]+1
d=0
if N>L ;
if N=L;
randomly generated when a member joins the group and
become expired when the member leaves, while long-term
keys remain permanent across many sessions and are
4.1 Analysis of Queue -Batch at different reset
intervals
Queue-batch does not reconstruct the whole key tree as
Rebuild during rekeying. Thus, the key tree may become
unbalanced after some rekeying intervals. In this
experiment, we consider how Queue-batch performs if we
reconstruct the key tree using the Rebuild algorithm every
rekeying intervals, where is called the reset interval. Fig
depicts that the performance of Queue-batch remains
approximately constant even at high reset intervals,
meaning that Queue-batch can still preserve its
performance without reconstructing the key tree after a
long period of rekeying. This shows the robustness of the
Queue-batch algorithm in maintaining a relatively
balanced tree. This property is important because it can
reduce the average costs of exponentiations and renewed
nodes in the system.
4.2 Analysis in terms of number of rounds
We define a round as the period during which the group
members compute the secret keys as far up the key tree as
they can. At the end of each round, all sponsors have to
broadcast the blinded keys of the renewed nodes that have
their secret keys computed so that other members can
proceed with the secret key computations. In the analysis,
we assume that rekeying is performed in lock-step,
meaning that the two steps of secret key computations and
blinded key broadcasts are carried out alternately. Fig.
illustrates the average numbers of rounds required for
Batch and Queue-batch. At high leave probabilities,
Queue-batch saves three to four rounds as compared to
Rebuild and Batch. The savings are due to the
preprocessing of join requests at the Queue-subtree stage.
A fewer number of rounds is preferred as less message
overhead is involved in processing rekeying messages and
storing message headers.
5. MODIFIED TGDH
We propose the Modified Tree-Based Group Diffie“
Hellman (M -TGDH) protocol that provides key
authentication and robustness for our interval-based
algorithm. The idea is to couple the session-based group
key with the certified permanent private components of
certified by a trusted CA. Our protocol seeks to satisfy
several requirements that are crucial for key establishment
[3]: (i) perfect forward secrecy (i.e., the compromise of
long-term keys does not degrade the Secrecy of past short-
term keys); (ii) known -key security (i.e., the compromise
of past short-term keys does not degrade the secrecy of
future short-term keys); and (iii) key authentication (i.e.,
all group members are assured that no outsiders can
identify the group key). Also, our protocol can be
implemented in a way that satisfies key confirmation (i.e.,
all group members are assured that every other member
holds the same group key). (iv)Cryptography (i.e., the
sender uses this key and Digital Signature
Algorithm(DSA) to encrypt data; the receiver uses the
same key and corresponding decryption algorithm to
decrypt data.
The Digital Signature Algorithm (DSA) is used to give an
authentication for resultant key.
Key generation is done by
Choose a 160-bit prime q.
Choose an L-bit prime p, such that p=qz+1 for
some integer z and such that 512 = L = 1024 and
L is divisible by 64.
Choose h, where 1 < h < p - 1 such that g = hz
mod p > 1.
Choose x by some random method, where 0 < x
< q.
Calculate y = g x mod p.
Public key is (p, q, g, y). Private key is x.
Note that (p, q, g) can be shared between different users of
the system, if desired. There exist efficient algorithms for
computing the modular exponentiations hz mod p and
gxmod p. Signing is obtained by
Generate a random per message value k where 0
< k < q
Calculate r = (gk mod p) mod q
Calculate s = (k -1(SHA-1(m) + x*r)) mod q,
where SHA-1(m) is the SHA-1 hash function
applied to the message m
Recalculate the signature in the unlikely case that
r=0 or s=0
The signature is (r,s)
The extended Euclidean algorithm can be used to compute
the modular inverse k -1 mod q.
Verifying is done by
Since the blinded keys of leaf nodes are , for
i=1,2,3 and 4, the secret keys of nodes 1 and 2
are computed as
and
Reject the signature if either 0<r<q or 0<s<q is
K2=
The sponsor M 1
not satisfied.
Calculate w = (s)-1 mod q
Calculate u1 = (SHA-1(m)*w) mod q
Calculate u2 = (r*w) mod q
Calculate v = ((gu1*yu2) mod p) mod q
The signature is valid if v = r
broadcasts and , and the sponsor
M3 broadcasts and .
M1 and M2 can retrieve from and
respectively. Similarly, M3 and M4 can
retrieve .Therefore, the members can
compute the resulting group key as
DSA is similar to the ElGamal signature scheme.
The DSA used for decryption is the reverse of the
algorithm used for encryption (i.e., encryption algorithm
uses a combination of addition and multiplication, the
decryption algorithm uses a combination of division and
subtraction.
Fig shows that the key agreement using M-TGDH. In
which every node v in the key tree is associated with a
secret key and a blinded key BKv. We construct the
blinded key set BKâ„¢v, which refers to a number of copies
BKv â„¢s respectively encrypted by the long-term private
component of every descendant member of the sibling of
node v. The set of the descendant memb ers of node is
given by Mv. The ith member, Mi , holds a short -term
secret key rMi and the corresponding blinded key
, as well as a long-term private key Mi and
We compare the non modified and modified Queue-batch
algorithms for a population of size 1024 with a fixed join
probability P J=0.25.
the corresponding public key
, where all
arithmetic operations are to be performed on the cyclic
group of prime order with generator a . For brevity, we
omit the term mod p in the following description. We
assume that each member has acquired the certificates of
all other members and hence their long-term public keys
from a trusted CA prior to the key agreement process.
We consider a possible key tree formed after the rekeying
process as shown in Fig.
Fig. plots the average number of exponentiations of
computing Kv and BKv as well as the average number of
blinded key copies BKV broadcast to the group for all
renewed nodes . It shows that the authenticated version
Example for 4 members in a group
Nodes 0, 1, and 2 are renewed nodes. Also, and are
requires about twice the exponentiations and more than 10
times the blinded key copies as compared to the non-
modified one. All protocols messages are signed by the
sender by DSA encryption.
chosen to be the sponsors. Hence, the members perform
the following steps.
Thus, the use of modified is subject to the tradeoff
between security and performance.
alone. At least one secret key is needed to compute all
secret keys from K up to the root key. Hence we can show
that the joining member M cannot obtain any keys of the
previous key tree. First, M picks its secret share r, blinds it
and broadcast a r as par of its join request. Once M
receives all blinded key on its co-path, it can compute all
secret keys on its key path. Clearly, all keys will contain
6. IMPLEMENTATION
TREE_API is a group key agreement API implementing
the cryptographic primitives of TGDH. The underlying
communication system is assumed to deal with group
communication and network events such as merges,
partitions, failures and other abnormalities. TREE_API is
small and it contains only the following three function
tree_new_user generates a group context for
a new group member (including its secret share).
tree_merge_req is called by each sponsor
when a merge occurs. The output (new key tree)
is then broadcast to the merging group. This
function performs no cryptographic operations.
tree_cascade is the core function of
TREE_API. Every group member calls this
function following a membership event. The
function is called repeatedly until the group key
is computed
tree_cascade provides robustness against cascaded
network events. Since TREE_API does not provide its
own communication facility, the robustness of the API
was tested by simulating random events on a single
machine running all group members.
7. DISCUSSION
7.1 Security
Group key secrecy means that even an attacker who
knows all blind keys cannot derive the group key. This
property has been explained in the random-oracle model
[5]. The proof of Becker and Willie[4] shows that group
key secrecy is reducible to the decision Diffie-Hellman
problem [10]. We now give an informal argument that
TGDH satisfies the weak forward and backward secrecy.
Weak backward secrecy states that a new number who
knows the current group key cannot derive any previous
group key. The group key secrecy property implies that
the group keys cannot be derived from the blinded keys
Mâ„¢s contribution®. Hence, they are independent of
previous secret keys on that path. Therefore M cannot
derive any previous keys.
In case of weak forward secrecy, when member M leaves
the group, the right most member of sub tree rooted at the
sibling node changes its secrets share, Mâ„¢s leaf node is
deleted and its parent node is replaced with its sibling
node. This operation causes all of Mâ„¢s contribution
removed from each key on Mâ„¢s former key path. Hence,
M only knows all blinded keys, and the group key secrecy
property prevents M from deriving the new group key.
7.2 Robustness
Robustness is possible that a group member leaves the
group or encounters system failures during the execution
of a rekeying operation. Depending on the type of leaving
member, we consider the two cases. First, if the leaving
member is neither the leader nor one of the sponsors, or if
it is the sponsor but has broadcast all necessary blinded
keys for the current rekeying operation, the
communication group continues with the existing
rekeying operation without being affected and leave event
is reflected in the next rekeying operation. Second, if the
leaving member is the leader or sponsor that has not yet
broadcast all required blinded keys, the communication
group first selects a new leader. Then the broadcasts a
rekeying message to start a new rekeying operation which
reflects the current leave event. Any renewed nodes
whose blinded keys have not yet been broadcast remain
renewed in the new rekeying operation. Also, the nodes
are on the key path of the leaving member become the
renewed nodes. Given the set of renewed nodes, new
sponsors are selected to broadcast the updated blinded
keys.
8. RELATED WORK
Wong et al. [11] and Wallner et al. [10] independently
proposed the key tree approach to secure group
communications. They suggested to associate keys in a
hierarchical tree and rekey at every join or leave event.
Later, the authors in [6, 7, 12] introduced the concept of
batch rekeying to enhance system efficiency since the
rekeying workload is independent of membership
dynamics. All the above approaches rely on a centralized
key server, which is responsible for generating and
distributing new keys. The authors in [1, 9, 3, 4] extended
the Diffie-Hellman protocol [2] to group key agreement
schemes for secure communications in a peer-to-peer
network. [3] proposed the Tree-Based Group Diffie-
Hellman (TGDH) to arrange keys in a tree structure.
Every member only needs to hold the keys along its key
path, implying that the rekeying workload is distributed to
all members. All the above schemes are contributory,
meaning that key generation is performed by all members
and hence avoids the single-point-of-failure problem in
the centralized approach. While the scheme in [1] is
independent of membership change, the rest of the
schemes [9, 3, 4] suggest to perform rekeying at single
join, leave, merge or partition events. Our paper enhances
the scheme in [3] to support rekeying involving a batch of
join and leave events. Rather than emphasize the rekeying
efficiency, [13], [14], and [15] focus on the security issues
and develop authenticated group key agreement schemes
based on the Burmester-Desmedt model, Cliques, and
TGDH, respectively. For instance, the AGKA-G protocol
[15] is an extension of the two-party Günther scheme [8]
to the TGDH protocol. Our M-TGDH protocol is an
9. CONCLUSION
We have considered several distributed collaborative key
agreement protocols for dynamic peer groups. The key
agreement setting is performed herein there is no
centralized key server to maintain or distribute the group
key. We show that one can use the Tree-Based Group
Diffie-Hellman protocol to achieve such distributive and
collaborative key agreement. To reduce the rekey
complexity, we propose to use an interval-based rekey
approach so that we can group multiple join/leave
requests and process them at the same time. In particular,
we show that the Queue-batch algorithm can significantly
reduce both computational and communication costs. This
reduction enables a more efficient way to manage secure
group communication. We also address both
authentications with robustness and implementation for
the interval-based key agreement algorithms.
References
[1] M. Burmester and Y. Desmedt. A secure and efficient
conference key distribution system. In Advances in
in Proc. Advances in Cryptology EUROCRYPTâ„¢89, 1989,
vol. LNCS 434, pp.29“37.
Notes in ComputerScience, pages 275“286. Springer-
Verlag, 1995.
[2] W. Diffie and M. Hellman. New directions in
cryptography. IEEE Transactions on Information Theory,
IT-22(6):644“ 654, 1976.
[3] Y. Kim, A. Perrig, and G. Tsudik. Simple and fault-
tolerant key agreement for dynamic collaborative groups.
Proc. Of 7th ACM Conference on Computer and
Communications Security,pages 235“244, November 2000.
[4] Y. Kim, A. Perrig, and G. Tsudik. Communication-
efficient group key agreement. Information Systems
Security, Proceedingsof the 17th International Information
Security Conference IFIP SECâ„¢01, November 2001.
P. P. C. Lee, J. C. S. Lui, and D. K. Y. Yau. Distributed
collaborative key agreement protocols for dynamic peer
groups. IEEE/ACM Transactions on networking, vol.14,
No.2, April 2006.
[6] X. S. Li, Y. R. Yang, M. G. Gouda, and S. S. Lam. Batch
rekeying for secure group communications. Proceedings
ofTenth International World Wide Web Conference
(WWW10), May 2001.
[7] S. Setia, S. Koussih, and S. Jajodia. Kronos: A scalable
group re-keying approach for secure multicast. Proc. of
IEEE Symposium on Security and Privacy 2000 May 2000.
authenticated version of our interval-based algorithms.
[8] C. G. Günther, An identity-based key exchange protocol,
[9] M. Steiner, G. Tsudik, and M. Waidner. CLIQUES: A
new approach to group key agreement. IEEE International
Conferenceon Distributed Computing Systems, pages 380“
387,May 1998.
[10] D. M . Wallner, E. J. Harder, and R. C. Agee. Key
management for multicast: Issues and architectures.
Internet draft draft-wallner-key-arch-00.txt, Internet
Engineering Task Force, July 1999. Expires in six
months.
[11] C. K. Wong, M. Gouda, and S. S. Lam. Secure group
communications using key graphs. Proc. of ACM
SIGCOMMâ„¢98, September 1998.
[12] Y. R. Yang, X. S. Li, X. B. Zhang, and S. S. Lam. Reliable
group rekeying: A performance analysis. Proc. of ACM
SIGCOMMâ„¢01, August 2001.
[13] G. Ateniese, M. Steiner, and G. Tsudik, Authenticated
group key agreement and friends, in Proc. 5th ACM Conf.
Computer and Communication Security, Nov. 1998, pp.
17“26.
Cryptology “EUROCRYPT ™94, volume 950 of Lecture
[14] M. Just and S. Vaudenay, Authenticated multi-party key
agreement,in Proc. Advances in Cryptology â€
ASIACRYPT™96, 1996, vol. LNCS1163, pp. 36“49.
[15] A. Perrig, Efficient collaborative key management
protocols for secure autonomous group communication,
in Int. Workshop on Cryptographic Techniques and E-
Commerce (CrypTEC ™99), Jul. 1999, pp.192“202.
AUTHOR PROFILE
J. Armstrong Joseph received the B.E. (ECE)
degree from Madurai Kamaraj University, M.S.
(information systems and applications) from
Bharathidasan University and doing 3rd year part
time M.E (CSE) in Manomaniam Sundarnar
University in Tirunelveli. From 1991 to 1996, I
was working as an EDP manager in private
companies in Delhi and 1996 to 1999 I was
worked in a company in Saudi Arabia. Now I am
working as Lecturer in St.peterâ„¢s Engineering
College, Avadi, Chennai-54. I have presented one
national and one international paper also. My
other research interests are in network security,
value-added services routers, and mobile wireless
networking.
Mrs. P. Arockia Jansi Rani. M.E.
She is
working as a Lecturer in Manomaniam Sundarnar
University in Tirunelveli. She is guided me in
this project. Her other research interests are in
digital image processing, Graphic design and
Operating system,
