An Efficient Certificate-Free Key Distribution Protocol for Secure Group Communication in Grid Environment

: Problem statement: In grid environment, group communication is an important mechanism to realize large-scale information resource sharing. However providing security for group communication in grid environment is very difficult because the group is dynamic in nature. Scalable group re-keying is one of the important issues in secure group communication. These group keys should be updated whenever a member joins/leaves the group to maintain the forward and backward secrecy. Approach: In the recent years, cryptography in grid environment plays an important role that allows secure group communication among members in the dynamic group. Results: Our algorithm for key distribution falls into NP-class. Therefore the key distribution is safe. Conclusion: Performance of the proposed algorithm is computationally efficient and cryptographically strong for message generation and key distribution.


INTRODUCTION
In recent years, due to the rapid growth of the internet, along with the availability of high-speed network and powerful computers as a low cost computing device is changing the mechanism of managing the information and information services. These new technologies have enabled to group a wide variety of geographically distributed heterogeneous resources like supercomputers, storage systems, sensors, visualization tools ,data sources, instruments and special devices , services and more, spreading across multiple administrative domains with the objective of providing users easy access to these resources as a unified resource. The new paradigm that has been evolved is popularly called as "Grid" computing.
Grid computing connects computers that are scattered over a geographic area allowing their computing power to be shared just as the World Wide Web enables access to information; computer grids enable access to computing resources. Thus, grids can combine the resources of thousands of different computers to create a massively powerful computing resource, accessible from the comfort of a personal computer and useful for multiple applications in science, business and beyond. Grid applications are distinguished from traditional client-server applications by their simultaneous use of massive amount of resources with dynamic requirements. Such resources are typically drawn from multiple administrative domains interconnected by complex communication structures and need to be accessed with stringent performance requirements. Two important requirements in grid include the formation of Virtual Organizations (VO) dynamically and establishment of secure communication between the grid entities. A VO is a dynamic group of organizations, individuals that have common rules for resource sharing.
Security in computational grids consists of authentication, authorization, non-repudiation, integrity, confidentiality and auditing. Confidentiality of information in a VO should also be ensured. The necessity for secure communication between grid entities has motivated the development of the Grid Security Infrastructure (GSI)-the defacto security standard in the grid community. The Grid Security Infrastructure (GSI) of the Globus Toolkit (GT) plays an essential role in supporting various grid security services such as single sign-on, mutual authentication, integrity, protection, confidentiality and delegation for sensitive information transferred over the network in addition to the facilities to securely traverse the distinct organizations that are part of collaboration. Being based on Public Key Infrastructure (PKI), GSI users are required to possess and manage long-term credentials (typically RSA public/private key pairs) which are usually renewed yearly. But however, GSI suffers from many potential security drawbacks such as uncontrolled delegation, leaky infrastructure and insecure services. Thus, further security mechanisms are needed to complement GSI in order to ensure the security of grid services. In grid environment, members or user applications may need access to resources that belong to different organizations. To work in grid environment the members in these organizations must form a group. Members in the grid group, before accessing resources that belong to different organizations should authenticate themselves. Once the grid entities are authenticated, key distribution occurs between the grid entities to ensure secure communication In order to perform secure group communications, security mechanism such as authentication, access control, integrity and confidentiality are required. Most of the mechanisms are generally based on encryption using one or several keys. The management of these keys including creating, distributing and updating the keys constitutes a basic block to build secure group communication system. In group communication confidentiality requires that only the members of the grid group could decrypt the message and get the key even if the message is broadcasted to the entire grid network.
The confidentiality requirements can be further classified into four key distribution rules.
Forward secrecy: Should ensure users who left the group should not have access to any future key.
Backward secrecy: Should ensure that a new user who joins the group should not get any access to the previous work. Non-group confidentiality: Must ensure that users that were never part of the group should not have access to any key.
Collusion freedom: Should ensure that intruders should not be able to deduce the currently used key.
There are many more secure strategies and mechanism to ensure the security of grid such as ID authentication, authority and single sign-on. Confidentiality in information transfer in a distributed system is enabled by encrypting the information. Keys should be distributed securely among the members of the group. In existing approaches, each member shares a secret key with the group controller. If the information is to be transferred to 'k' members, 'k' encryptions followed by 'k' uncast are needed. The computational complexity of the existing approach is overcome by using encrypted session keys. Hence the proposed approach uses only an encrypting key with message followed by a multicast operation. This leads to reduced computation and provides efficient group communication. Further, the proposed approach ensures dynamic and secure group communication, forward secrecy and backward secrecy. The encrypted key is used to manage member join, leave operations efficiently. Since a key is maintained/generated for each group member join/leave, secure group communication is facilitated. The computation time of the message distribution along with the key and key derivation from the public message is fast when compared to the key distribution by traditional algorithms like AES.
In this study, we discuss the use of cryptography for secure key distribution in the dynamic grid environment. Also we introduce a mechanism for group key management in grid environment. The algorithms are analyzed with sample examples. The security analysis of the proposed scheme, conclusion and future research work in this direction are presented.

MATERIALS AND METHODS
To achieve security in grid, some technologies have been used to build security mechanism for grid computing. In order to avoid unauthorized users to make use of the grid resources a strong authentication is required between grid entities. Since password-based authentication is simple it has been used extensively in grid environment. Sudha et al. (2009) have proposed secret keys multiplication protocol based on modular polynomial arithmetic (SKMP), which eliminates the need for the encryption/decryption during the group re-keying. Valli et al. (2010) have proposed a new technique (SGKP-1), using hybrid key trees, has certain advantages like secure channel establishment for the distribution of the key material, reducing the storage requirements and burden at each member, minimization of time requirement to become a new member of a group. The computational complexity further reduced using both the combination of public and private key crypto systems. Xukai et al. (2007) have proposed an elegant Dual-Level key Management (DLKM) mechanism using Access Control Polynomial (ACP) and one-way hash functions. In this the first level provides flexible and secure group communication and the second level provides hierarchical access control. Park et al. (2010) have proposed an ID-based key distribution scheme which is secure against session state reveal attacks and long-term key reveal attacks. Also, our scheme offers the scalability, non-usage of additional cryptographic algorithms and efficiency similar to those of the existing schemes. Li1 et al. (2008a) have proposed reconcilable key management mechanism in which the key management middleware in grid can dynamically call the optimum re-keying algorithm and re-keying interval is based on the group members joining or leaving rate. Li1 et al. (2008b) Li et al. (2009) have proposed an authenticated encryption mechanism for group communication in terms of the basic theory of threshold signature and the basic characteristics of group communication in grid. In this approach each group member in the grid can verify the identity of the signer and hold the private key. Ingle and Sivakumar (2010) have proposed an Extended Grid Security Infrastructure (EGSI) to support secure group communication in grid and also present an authentication and access control scheme at virtual organization level. Zhenga et al. (2008) have proposed the use of Identity-Based Signature (IBS) scheme for grid authentication Hongweia et al. (2008) have proposed certificate-free identity-based authentication protocol for grid based on Identity-Based Architecture for Grid (IBAG) and by using corresponding encryption and signature scheme. Amir et al. (2008) have proposed that secure key management in hierarchical group communication by means of using intelligent agents that makes the architecture more flexible and dynamic preparing it for grid computing technologies. Purusothaman et al. (2010) have proposed cluster based hierarchical key distribution protocol for secure group communication. This approach uses prime number addition for member joining and leaving. Li et al. (2009) has proposed the service infrastructure of middleware for pervasive grid. Then, we present a secure mechanism of group communication and analyze the correctness and the security of the mechanism. Finally, we verify the validity of this mechanism by experiments Key computation protocol: it is assumed that every valid user/machine/entity in the grid system is assigned a permanent secret identity, denoted by SID i for member M i . For example, when a member or an organization is willing to join the grid, they can join the grid only by doing registration with the globus toolkit. During this registration process several certificates need to be issued, including the host certificate that authenticates the machine involved in the grid, the service certificate that authenticates the services offered to the grid and the user certificates that are used to authenticate the use of the grid services. Also each member or a node in the grid system is allotted a permanent secret identity, denoted by SID i for each member/node/machine M i . During these registration process, the secret identity can be embedded into the certificates issued to the member.

Prime Number Based (PNB)
Group Key Generator: Whenever there is a group of users participating in a grid service, the Key Distribution Manager (KDM) will generate the message M as follows: Step1: Consider there are N members in the grid systems N= (M 1 , M 2 …...M n ) Step2: Each Member M i will be assigned a P i , a large prime number > K

Key generations:
Step 3: Take a prime number (or any number) K < P i, ∀ i. That is: P 1 > K, P 2 > K, P 3 > K… P n > K

Public Message Generation by Key Distribution Manager (KDM):
Step 4: Generate message M = (P 1 * P 2 *…..*P n ) + K Step 5: Multicast the above public Message M to all the members in the group

Derivation of Key (K) by each Member:
Step 6: Upon receiving the public message M, each member in the group will calculate the key in the following manner: K = M mod P i, for all i.

Re-keying when new member join:
Suppose if any new member wants to join the grid system: Step 1: The new member sends request to KDM (key distribution Manager) that it wishes to join the grid system. The KDM assigns new prime number P n+1., where K < P n+1 Step 2: Then the KDM generate the new public message M'= (P 1 *P 2 *……*P n )*P n+1 + K and sends to the new member.
Step 3: The new members then calculate the Key by using from the message M'. I.e. Remainder = K = M' mod P n+1

Re-keying when existing member leaves:
Step 1: Suppose if any member j is willing to withdraw from the grid system the member should inform to the KDM or periodically check if there are ' n' members present in the grid system by sending M in case of no members have joined or relieved or M' in case of new members joined or left. Suppose if the KDM receives K alone by doing the above steps then no members have left. Step 2: Then the KDM calculates the new public message as follows: • Select or take a new K' (New prime number, where K' < P i for all i) • M''= (P 1 *P 2 *P 3 *….*P j-1 ) (P j+1 *….P n ) + K' -(After leaving the j's prime number) Step 3: Multicast the above public Message M'' to all the members in the group to maintain forward secrecy Step 4: Upon receiving the public message M'' each member in the group will calculate the new key in the following manner K = M'' mod P i The general architecture for secure key distribution is given in Fig. 1. For simplicity, consider a grid with M=10 members. Let Member 1 has permanent secret identity, SID 1 =55837, Member 2 has SID 2 =55603, Member 3 has SID 3 =35353, Member 4 has SID 4 =54709, Member 5 has SID 5 =60779, Member 6 has SID 6 =45953, Member 7 has SID 7 =40847, Member 8 has SID 8 =39461, Member 9 has SID 9 =42709 and Member 10 has SID 10 =58909 and key K= 229.By applying step4 of Public Message Generation by KDM, we generate the public message M=680145885919845305122185386484879441857328 25832 and multicast to all the ten members in the grid group. After receiving this public message, member 1 computes the key (K) by doing M % SID 1 . i.e., K=680145885919845305122185386484879441857328 25832 % 55837. Similarly all the other members in the group calculate their keys by doing M % SID i, i=2, 3...10. It is just an illustrative example. We can take K (Key) sizes as 64,128, 512, 1024 bits and the value of SID (prime) could be 64, 128, 512 and 1024 bits.
Suppose there is a member P k who has a SID k =43651 and the above public message M. The member P k cannot calculate the key. i.e., M mod P k = 680145885919845305122185386484879441857328258 32%43651=13699≠229≠K.

RESULTS
The performance of the algorithm for generating the message M for different group size is given in Fig.  2-7. In 2 and Fig. 5 show that our proposed certificatefree key distribution protocol takes less time for generating message for both small and large group sizes as well. Also 4 and Fig. 7 show the efficiency of our algorithm for small and large group sizes compared with dual-level key management for secure grid communication in dynamic and hierarchical groups. Similarly the efficiency of the algorithm for generating the key is given in Fig. 8-12. Figure 8 and 11 show that our proposed algorithm takes less time for generating key for both small and large group sizes.  Fig. 13 show the efficiency of our algorithm in generating the key for small and large group sizes compared with dual-level key management for secure grid communication in dynamic and hierarchical groups.

DISCUSSION
Strength of the RSA algorithm relies on the fact that given M (the product of two large prime number), it is impossible to find the two factors which makeup M in polynomial time (It is NP-hard).In our algorithm, we have more complex message M, than what is used in RSA algorithm. Therefore, finding any of the prime numbers P 1, P 2, P3,. …..,P n is NP-hard. Thus the key K is very safe and secure and prevents man-in-the middle and brute-force attacks. Similarly our algorithm computes new message and multicast it every time when a member joins/leave, to ensure both Forward Secrecy and Backward Secrecy.

CONCLUSION
We have proposed a simple yet an efficient certificate-free key computation protocol for secure group communication in dynamic grid environment. The experimental results show that our algorithm is efficient both in terms of message generation and key extraction In Future; we wish to implement our design in globus toolkit along with access control and measure the bandwidth utilization of these algorithms compared with dual-level key management for secure grid communication in dynamic and hierarchical groups.