Efficient Star Topology based Multicast Key Management Algorithm

: Problem statement: Secure group communication is very important for many applications such as internet pay sites. It provides efficient delivery of identical data to only the customers in the group. In large and dynamic multicast groups, the group keys of members have to be changed frequently whenever the member leaves or joins. A common method is to apply a symmetric key that is used to encrypt the transmitted data. The rekeying cost scales linearly with the number of members in the group and cost of the rekeying process is the main issue. The tree-based architecture is commonly used to reduce the rekeying cost in terms of storage, transmission and computation. But it usually gives extra overhead to balance the tree which is in order to achieve logarithmic rekeying cost. Approach: The main aim was to use star topology based architecture to avoid the balancing and eliminate the rekeying processes and more over it was more secured by exchanging the secret key between only server and each group member. The features of proposed algorithm were that the private key was computed by individual member. Results: The burden of server was reduced and also there was no rekeying when a member leaves the group. The secret value of leaving member was not added in the encryption and so the private value could not be obtained after decryption. Conclusion: Proposed algorithm is simple and no rekeying when a member leaves and also reduces the computation and communication complexity.


INTRODUCTION
In the modern technology world, network attacks have become more sophisticated and harder to identify the attack. When many applications like scalable chat services and streaming video, are expected to run over the Internet, the security is necessary in computing and communication became a necessity. The internet today provides less security for privacy and authentication of multicast packets. The number of applications using multicast increases day by day and so it need secure multicast services.
Multicast is an internetwork service which provides efficient delivery of data from a source to multiple receivers and also improve the bandwidth efficiency of the network. A common group key is necessary for individual members in the group for secure multicast communication. In general the group key management (Peyravian et al., 1999;Rafaeli and Hutchison, 2003;Zhu and Jajodia, 2003;Kim et al., 2005;Devi and Padmavathi, 2010;Sahar et al., 2010;Abdul-Rahman et al., 2011) can be divided into three categories (a) centralized key management (b) distributed key management (c) decentralized key management.
In all approaches (Harney and Muckenhirm, 1997;Waldvogel et al., 1999;Wong et al., 2000;Sherman and McGrew, 2003;Sahar et al., 2010) whenever a member joins or leaves the group or the members are static in nature, the group key has to be changed to achieve forward secrecy which assures that the newly joined members cannot decrypt the multicast data sent earlier before joining the group and assures that the former members cannot decrypt the communication after leaving the group.
In most of the key management protocol (Peyravian et al., 1999;Tu et al., 1999;Wong et al., 2000;Selcuk and Sidhu, 2002;Zhu and Jajodia, 2003;Kreishan, 2011;Mansouri et al., 2011) tree topology is used. Tree balancing is another issue when a member joins or leaves. The main drawback of tree topology is that number of overhead and cost for rekeying proportionately increase if the number of member increases. A huge database is necessary for storage and complexity also increases. Scalability is an issue in connection with the dynamic multicast members.

MATERIALS AND METHODS
The drawback of tree based architecture was overcome in SBMK (Lin et al., 2010) which uses starbased architecture in which the server computes a secret key and unicast to every user separately. But the drawbacks of these kinds of protocols are as follows: • It increases the load on the server • Computational and communication complexities are increased • If private key is computed and sent by a server to all the members then the private component of members may not be used for authentication Our star topology based proposed algorithm has overcome the above problem: • The total load on the server reduces because the private key is computed and sent by each user to server. So it reduces the load on the server • The private component of members may be used for authentication • It also reduces the computation complexity of server • It gives a better rekeying performance than that of the key tree and there is no need to balance the tree • Moreover our proposed scheme takes care of the important security requirements for secure group communication such as group secrecy, forward secrecy and backward secrecy In this study, we propose an efficient star based key management algorithm for internet pay sites, which is relatively simple to implement.
The rest of the study describes the proposed scheme, derives the result with suitable illustration of proposed algorithm, discuss and compare the proposed algorithm with the existing algorithms and finally concludes the study and future work.
Proposed scheme: In the proposed star topology based algorithm, the individual member joining the group is allowed to choose prime numbers and compute their private key and the secret value of N computed is sent to the server by a secure unicast message. Thus the burden of server is reduced and also rekeying is totally reduced and also scalable for a large multicast group.
Key assignment phase: The steps of key assignment are as listed below: Step 1: First the server authenticates the user who want to join the multicast group and also announce public value as e. It is common for the server as well as users.
Step 2: The individual user Mi randomly select two prime numbers m and n and calculate the product Xi = mi x ni and φ (Xi) = (mi-1) x (ni-1).
Step 3: The private of key of individual member will be calculated (Rivest et al., 1978;Menezes et al., 1997;Sharma et al., 2011) by the user using the extended Euclidean algorithm to calculate a unique integer d i such that Eq. 1: Step 4: The authenticated individual members send their X value to the server.
Step 5: The server verifies and accepts the X i value only if it is unique value from other members and hold the value of X i as secret.

Message encryption:
Step 1: When the server wants to send a secret message P to selected users in the multicast group M 1 , M 2 , M 4 , then the server uses e as well as the secrets of Members X 1 , X 2 and X 4 The encryption of the secret message is computed using the general formulae Eq. 2 (Lin et al., 2010): where, Xi includes the X value of members to whom the secret plain text has to be sent.
Step2: The server computes cipher text and sends a broadcast message to all the members of the group.

Message decryption:
Step 1: The individual member Mi receiving the cipher text C can use its private key di and his/her public parameter Ni, to decrypt the plain text and obtain the secret and confidential message P using (Lin et al., 2010) the following formulae Eq. 3: Member joining: When a new member Mn+1 want to join the group, the key server repeats the procedures similar to key assignment.
Step 1: First the server authenticates the user who want to join the multicast group and also announce public value as e .It is common for the server as well as users.
Step 3: The private of key (Rivest et al., 1978;Menezes et al., 1997;Sharma et al., 2011) of individual member will be calculated by the user using the extended Euclidean algorithm to calculate a unique integer d0 such that: Step 4: The newly joined member send their X i+1 value to the server Step 5: The server verify the X i+1 and accept the X i+1 only if it is unique value from other members and hold the value of X as secret Members leaving: When a member Xi leaves the group, the key server just deletes the secret information X i . Therefore, in the cipher text computation (Rivest et al., 1978;Menezes et al., 1997;Sharma et al., 2011) in Formula (2) removes the modulus operations with respect to X i (m i × n i ). Member Mi, cannot decrypt the secrete message because Xi is not added in cipher text calculation. Hence both forward and backward secrecy is maintained. The pair of prime numbers of a leaving member cannot be reassigned to new user joining the group. So there is no need for rekeying even if the members of multicast group change.

Illustration of the proposed algorithm with suitable examples and the result obtained is discussed in this section.
Key assignment phase: The steps of key assignment are as listed below: Step 1: First the server authenticate the user who want to join the multicast group and also announce public value as e = 103. It is common for the server as well as users.
Step 1: First the server authenticates the users M7 and M8 who want to join the multicast group and also inform the public value as e = 103.It is common for the server as well as users.
X i = m i × n i and φ (X i ) = (m i -1) x (n i -1) M 7 selects m 1 =149 and n1=191 computes X 7 = 28459 and φ(X 7 ) = 28120 M 8 selects m 2 =199 and n2 = 179 computes X 8 = 35621 and φ (X 8 ) = 35244 Step 3: The private of key of individual member M7 and M8 is calculated by each user using the extended Euclidean algorithm used in RSA algorithm: 103×d7 ≡ 1 mod (φ(X7) ≡1 mod 28120 and d7 =27847 103×d8 ≡1 mod (φ (X8) ≡1 mod 35244 and d8 =13687 Step 4: Member M7 and M8 inform their X values to the server Step 5: Now the server will add M7 and M8 in the database and also when it is sending a new secret value, it will add M7 and M8 in the cipher text formulae Step 6: Suppose if the server wants to send a new secret message P = 342 to all the members X 1 , X 2 , X 3 , X 4 , X 5 , X 6 , X 7 and X 8 , it will compute new cipher text using the formulae in Eq. 2: Step7: The existing group members X 1 , X 2 , X 3 , X 4 , X 5 , X 6 use their exiting private key to decrypt the cipher text to get the new secret message and the newly added two members X 7 and X 8 use their private key to decrypt the secret message as given below: Members leaving: When two members M 5 and M 6 leaves the group, the key server just deletes the secret information of X 5 and X 6 correspond to M 5 and M 6 .
Step1: In the cipher text computation in Formula (2) removes the modulus operations with respect to X 5 = 47053 and X 5 = 47941 if the server wants to send a new secret message P=25 to members X 1 , X 2 , X 3 , X 4 , X 7 and X 8 : Step 2: Using the private keys, the members M1, M2, M3, M4, M7, M8 can decrypt the secret message P =25 Members M5 and M6 will get different secret message as 25057 and 11127 respectively, which is different from the actual one.
The members M 5 and M 6 cannot decrypt the secret message because X 5 and X 6 is not added in the cipher text computation. Hence both forward and backward secrecy is maintained. When a member leaves the group, the server would not allow a new member to select the same pair of prime number. So there is no need for rekeying even if the members of multicast group change.

Complexity analysis:
The secret Xi generated by the individual authenticated user is hold by server as a confidential one. It is known only to the corresponding users and server.
Difficulty for unauthorised member try to deduce the private key and secret value: The security of our proposed algorithm depends on the secret value and private key of individual users. It is not possible for the unauthorized person to derive the private key di from the public parameter e. It is extremely difficult for the adversary to derive the private key from the public parameter e alone. Moreover the secret value X is unique and the number of digit may also vary for every user.
Preventing the unauthorized access: If a member is not authenticated by the server, the server will not add the secret value of X in the cipher text calculation and unauthorized member will get different value when he tries to decrypt the encrypted message. So it is more secured.
Performance analysis based on complexity comparison of various key management schemes: Table 1-4 provides the comparative analysis of the various protocols. It shows that every protocol achieves unique results when applying different techniques. Some protocols achieve exceptionally better results than others do. By comparing the table, we can clearly understand that the bottleneck of server is avoided by reducing total no of keys managed by server in our proposed algorithm. It is also smaller when compared with LKH, OFT and SBMK algorithm (Kim et al., 2005;Lin et al., 2010;Abdul-Rahman et al., 2011).
Only one multicast message will be send to the group when a member joins and no message is send when a member leaves the group. So there is no need for rekeying when a member leaves also the rekeying overhead is less compared with LKH and OFT (Kim et al., 2005;Abdul-Rahman et al., 2011).
The proposed algorithm achieves better results for storage, communication, computation and processing on both server and user. The computation cost of server is greatly reduced by allowing the users to calculate their private key and secret values compared with other techniques.
The cost of encryption when a member joins the group is 1 and the cost of encryption when a member leaves the group.
From the tables we can easily understand that proposed protocol is more suitable for a dynamic users and storage cost of server is reduced (Lin et al., 2010) and distributed to the users.  2 log n -1 2 log n One way function tree log n +1 log n +1 SBMK 1 0 Proposed protocol 1 0

CONCLUSION
In this study, an efficient Star Topology based Multicast Key Management algorithm is proposed and implemented which produces better results than the existing protocols in terms of less computational, communication and storage costs. The proposed star based architecture reduces the rekeying overhead. The private key of the users are computed by the individual and so it can be used for authentication also.
The computation complexity of the server is totally reduced in the new protocol. It is also scalable and easy to implement when the number of users are very high and dynamic in nature .As future scope of work, it may be extended for bulk member join and leaves.