AN EFFICIENT AND VARIABLE INTERVAL REKEYING FOR DYNAMIC AD HOC MULTICAST GROUP USING KEY PATH REDUCTION

Key distribution is one of the major issues in secure ad hoc multicast group communication. There has been an extensive research on rekeying, to reduce cost. In this study, we propose an efficient and scalable batch rekeying for dynamic ad hoc multicast group, with variable interval and key path reduction techniques. The proposed scheme overcomes the major existing issues like inefficiency in using the keys that are generated and distributed, the sync issue in which a user tries to decrypt a data using an irrelevant key, imbalance in network traffic and latency in the key server response to the user request, for leaving and joining at once. Generally, a central key server is used to govern all the above issues. The proposed scheme excludes the usage of a central key server by generating the group key in the individual nodes, which minimizes the communication overhead and the number of keys that each user possesses. The proposed scheme also reduces the depth of the tree very effectively, when a user joins or leaves the group, using key path reduction technique and ensures forward and backward secrecy. The simulation result shows better performance when compared to individual, regular batch and periodic rekeying.


INTRODUCTION
Multicasting is an efficient method of communication, while delivering services from a sender to a large group of users and it provides proficient and best-effort delivery service (Wong et al., 2000;Caronni et al., 1998). The service provider must ensure that authorized members alone access the service, by using an access control mechanism, which authenticates the users or ensures that only the authentic users access the service (Wallner et al., 1999;Pietro et al., 2003). Symmetric key cryptography (Wang and Bhargava, 2005) was the conventional access control mechanism used in group communication with a pre-shared key, otherwise called, group key (Wei et al., 2007;Steiner et al., 2007;Desmond et al., 2006). A group key must be distributed by the key server to all the users of a particular multicast group and when there is any change in the membership, the pre-shared key must be updated and distributed to all the members of the group, which is usually called 'rekeying' (Ballardie, 1996). The two important properties associated with rekeying, are forward secrecy and backward secrecy (Judge and Ammar, 2003;Canetti et al., 1999). Any rekeying mechanism must ensure both forward and backward secrecy.
Individual rekeying with Logical Key Hierarchy (LKH) (El-Zoghdy et al., 2011) was proposed as a solution for rekeying; it reduces the rekey communication cost considerably (Muthusamy et al., 2013). In rooted key tree for a group of N members with the degree of d, where N = 9 and d = 3, the numbers of encryptions by the key server are (Wei et al., 2007)  (1) where, c j and c l are the number of rekey messages when a member joins and leaves respectively. However, individual rekeying with LKH has some significant issues, like inefficiency in using the keys that are generated and distributed and the sync issue. The above issues were considered as a waste of server cost. Batch rekeying Yang et al., 2001) was proposed as a solution to the above issues, in which the server collects the entire join and leaves requests during a particular period of time and processes them. In rooted key tree for a group of N members with the degree of d, where N = 9 and d = 3, the number of rekey messages is (Wong et al., 2000) Equation (2): where, C is the total number of rekey messages and N j and N l are the total number of rekey messages when a group of members joins and leaves respectively. The three major issues that arise in batch rekeying are: First, when there is a maximum (N) request to the key server, the network traffic increases in abundance and if the number of requests is 0, the key server lies idle. Second, latency in the key server response to the user request and third, user requests for leaving and joining cannot be responded to at once. To solve all the above issues, we devised an efficient and scalable batch rekeying for dynamic ad hoc multicast group (Kaya et al., 2003;Zhu et al., 2003) with variable interval (Prathap and Vasudevan, 2008) and key path reduction techniques. Our experimental results show that the proposed scheme is very efficient when compared to the existing individual, regular batch and periodic rekeying approaches. The rest of the paper is organized as follows. Section 2, presents the related works. Section 3, are presents the proposed protocol description. In sections 4 and 5, we present the proposed join and leave protocol respectively. Section 6, analyzes the results of the proposed protocol and section 7 concludes the paper.

RELATED WORKS
In this section, different approaches used for rekeying are discussed; they are: Batch rekeying with variable intervals and rekeying using key path compression.

Batch Rekeying with Variable Intervals
In this approach (Jin et al., 2002;Li et al., 2001), an analysis was done using the user's request and response delay in batch rekeying. Two major factors were considered; the average delay of the user's request-response and the number of users' requests in the batch interval. Both the factors have a substantial impact on the rekeying cost. A long average delay of the user request-response will reduce the system's safety and will also reduce the interest of users in multicast services and increase the cost of rekeying. The number of user requests which is influenced by the batch interval, also has a great effect on the rekey traffic. The result of the analysis (Jin et al., 2002) shows that there is a delay in the response to the user's request, which is relevant to the batch interval and the parameter of the distribution. The batch rekeying with variable interval is more suitable for the network, than the fixed interval and any network that wants steady rekey traffic must satisfy the following inequality Equation (3): Where: d = The number of user requests in the Interval t(t 0 ,t 0 + t ) N = The total number of user requests in the Interval (t 0 ,t 0 + t) t = The time duration which ranges from 0 to t

Rekeying using Key Path Compression
In this approach (Raju et al., 2010), the members are organized into a logical key hierarchy and use both symmetric and asymmetric encryption for key distribution (Raghini et al., 2013). This approach dynamically selects a member as a sponsor, to reduce the chances of the generation of a weak group key, uses neither any central server to update the group key nor secure channels for transmitting the keys.
When a member wants to join a group, it broadcasts a join request along with its public key. The join request reaches the join point and the sponsor node of the tree. All the nodes except those who have a root as their parent, along the co-path of the join point are detached from the key path of the join point and attaches themselves to the root, thus the path is compressed. The join point parent node also attaches itself to the root. Two new nodes will be created by the existing group members and added as the children to the join point. The sponsor associated with the join point will be given to the right child node of the join point and associate the new member Science Publications JCS and its public key with the left child node of the join point. The sponsor and the root exchange the new group key. The sponsor encrypts the new group key with the old group key and broadcasts and also sends the new group key and the updated public keys of the key path nodes to the new member encrypted with the public key of the new member. All the group members update their public and private keys and also the public keys of their ancestor nodes.
When a member wants to leave, it broadcasts the leave request. The Sponsor of the sub-tree rooted at the leaving member parent will act as sponsor. The nodes and members, who are in the co-path of the leaving member, send their private keys to the root encrypted with the root's public key and detach themselves from the key path of the leaving member and attach themselves to the root directly. The intermediate nodes along the co-path of the insertion point, who have the root as their parent, remain the same. Both the root and the sponsor get the group key, using the Diffie-Hellman algorithm. The root will encrypt the new group key using the private keys and rearrange the tree.

PROTOCOL DESCRIPTION
This part describes the proposed scheme, which is an efficient and scalable batch rekeying for the dynamic ad hoc multicast group with a variable interval and key path reduction. The proposed scheme is divided into two major parts, namely, batch rekeying with variable interval and rekeying using key path reduction.

Batch Rekeying with Variable Interval
The idea of the batch processing of individual rekeying comes from the fact that the membership changes in a multicast group may happen at almost the same time. The batch processing suggested in this study uses two important mechanisms, namely, Interval Manager (IM) and Request Controller (RC). The general operations of the IM and RC are; whenever a user needs to join or leave an ad hoc multicast group, it broadcast a join or leave a request. The RC collects all the join or leave requests over a period of time. The time duration for collecting the user request, either a join request or a leave request is called an interval. In conventional batch rekeying (Wong et al., 2000), a fixed interval would be maintained to collect the user's join and leave requests, which leads to an increase in the network traffic when there are more requests, or the key server would be idle when there are no user requests during a particular time interval. In the proposed scheme, the Interval Manager (IM), dynamically fixes the time duration of the interval based on real-time factors, like the number of requests over a particular time, the average delay of the users' request-response, the traffic network overhead and latency. The number of requests over a particular period of time can be initialized by the administrator in the IM, based on the nature of the multicast application in which the proposed scheme is implemented. Other factors like the average delay of the users' request-response, t he network traffic and latency will be considered by the IM, to compute the time interval for every batch of user requests. As controlled by the IM, the RC holds the entire join or leaves requests for a particular duration (t 0 ,t 0 + t), where it ranges from 0 to t, computed based on the real-time factors. Let r be the number of requests from users in an interval of (t 0 ,t 0 + t), with r being variable, the variable batch interval satisfies the following inequality Equation (4): Where: d = The number of requests in (t 0 ,t 0 +∆t) N = The total number of user request in (t 0 ,t 0 +∆t).

Rekeying Using Key Path Reduction
The second part of the proposed scheme is rekeying, using the path reduction technique. After collecting all the user requests, the RC forwards them to the Join Point Selector (JPS) in the case of the join request, or to the Leave Point Selector (LPS) in case of leave requests. The general operation of the proposed scheme when a user joins and leaves a dynamic ad hoc multicast group is shown in Fig. 1 and 2 respectively. The functionality of the JPS and LPS is described as Join protocol and Leave protocol in sections 5 and 6 respectively. The JPS identifies the nodes to which the new users are to be attached. The LPS identifies the nodes from which the users are to be detached. Both the LPS and JPS, rearrange the tree hierarchy after generating the new group key by the individual nodes, using the random number and the member id assigned by the RC.

JOIN PROTOCOL
When a member wants to join a group (M8), it broadcasts a join request to the RC. The RC assigns a unique member id and a random number to all the members who have submitted join requests. The JPS selects a node as the join point, where exactly the new member will be attached in the tree. Usually a join point (2,3) is the right most shallowest leaf node of the tree; in case the right most shallowest leaf node of the tree is not available, two other different criteria will be used to select a Join Point in the tree. If the Join Point is a nonleaf node with one member as a child, then the member will be selected as a Join Point or the sub tree rooted at the sibling node of the Join Point will be selected. Once the join point is selected, other two nodes in the tree are selected as Sponsor-1 (S1) node and Sponsor-2 (S2) node. S1 (2,2) is a node along the co-path of the join point without having the root as a parent and S2 (2,1) is node which is placed exactly as a mirror image of S1 (2,2) in a balanced tree. Both S1 (2,2) and S2 (2,1) are detached from the key path and attach themselves to the root. Four new nodes will be created by the existing group members and will be added as the children of the S1 (2,2) and S2 (2,1) nodes. Thus the key path is reduced on both sides of the tree. Figure 3 shows tree before join and Fig. 4 shows tree after join. Once the path reduction takes place and the new member joined the tree, the S1 and the root exchange the new group key. S1 encrypts the new group key with the old group key and broadcasts it. The S1 also sends the new group key and the member id of the key path nodes after the key path reduction, to the new member encrypted with the member id of the new member. All the group members update their member id and also the member id of their ancestor nodes, using the equations, given below:

LEAVE PROTOCOL
When a member wants to leave a group (M8), it broadcasts a leave request to the RC. The member id of all the users who submitted a leave request will be collected and forwarded by the RC to the LPS to select the leave point from where the member would be detached from the tree. Usually, a leave point (e.g., (2,3)) is the right most shallowest leaf node of the tree. Once the leave point is selected, two other nodes in the tree will be selected as the Sponsor-1 (S1) and Sponsor-2 (S2) nodes. The criteria for selecting the S1 (3,6), node are if the member who is leaving does not have any sibling then the S1 of the sub tree rooted at the leaving member parent will act as S1; if the leaving member has a sibling, then it will act as S1. The criteria for selecting the S2 node is, the node along the co-path Science Publications JCS of the Leave Point without having the root as a parent and S2 (3,1) is a node which is placed exactly as a mirror image of S1 (3,6) in a balanced tree. Once S1 and S2 are identified, on the right half, the nodes and members excluding S1 who are in the co-path of the leaving member will send their member-id to the root encrypted with the old group key and detach themselves from the root directly. The intermediate nodes along the co-path of the insertion point that has the root as their parent, will remain the same. On the right half of the tree, the nodes and members excluding S2 who are in the co-path will send their member-id to the root encrypted with old group key and detach themselves from the key path and attach themselves to the root. Two new nodes will be created by the existing group members and will be added as the children. Thus, the key path is reduced on the left side of the tree. Fig.  5 and 6 show the tree before and after leave respectively. The root encrypts the new group key, using the private key and broadcasts it:

RESULT AND DISCUSSION
In this section, we examine the performance of our proposed scheme, which was evaluated in the simulation environment. The two major aspects evaluated are, the number of messages generated and the dynamic change in the membership over a period of time.

Simulation Environment Evaluation
The performance of the proposed scheme was tested using the simulation tool OMNeT++version 4.3, a popular simulation platform among the scientific community. The simulation environment and the underlying topology are shown in Fig. 7. In the simulation environment, the performance of the proposed scheme is compared with those of three other well-known schemes, like individual rekeying, regular batch rekeying and periodic rekeying with various parameters. Table 1 shows the various parameters and their values used in a simulation environment.

Total Number of Messages Generated
The parameter values given in Table 1 were used to compare the performance of the proposed scheme with those of individual keying, regular batch rekeying and periodic rekeying. Figure 8 shows the number of messages, whose values are to be gathered during a time period of 5 min. As the graph shows, the number of messages generated by the individual, regular batch and periodic rekeying are much greater than that of the proposed scheme. The proposed scheme consumes less number of messages. Figure 9 shows the total number of messages gathered by all the four rekeying schemes with a total of hundred users within the time period of five minutes. The individual rekeying method gathers a huge number of messages among all and generates more number of messages, whereas the proposed scheme generates a much less number of messages. It shows that the proposed scheme is more efficient than the other schemes.

Dynamic Change in Membership
Evaluating the performance of a protocol during the change in the membership is a major and essential criterion for any rekeying scheme. This section describes the evaluation results according to the dynamic membership states. To evaluate the performance of the proposed scheme during the membership change, the parameter values given in Table 1 were used in the simulation environment. To adjust the frequency of the users' join and leave, the value of 'duration of leave' has been changed from 5 to 60 min. If the values are less, the group membership is changed more frequently and if the value is more, the group membership is not changed frequently. The comparison is shown in Fig. 10. As shown in the graph, the proposed scheme is much more efficient than the other schemes, as the environment has more dynamic changes in the membership. This section describes the evaluation results according to the period. In the simulation environment, the parameter values as shown in Table 2 were used to evaluate the effect of the period. The value of the period has changed from 2 seconds to 20 seconds, as shown in Table 3. The results are shows in Fig. 11. As shown in the graph, the gap of the performance is not much, but the proposed scheme is more efficient than the other rekeying schemes.

CONCLUSION
In this study, a new rekeying approach to dynamic ad hoc multicast groups with variable interval and key path reduction technique is proposed. Through the experimental results, it has been proved that the proposed scheme addressed all the major issues that exist in the individual, regular batch and periodic rekeying approaches. The proposed scheme is more suitable for the network, which has steady rekey traffic. The computation and communication overhead can be reduced when highly frequent membership events occur. Our scheme neither requires any central key server to update the group key, nor secure channels for transmitting the keys. Our scheme also addresses various other issues like sync problems, network traffic imbalance, inefficient key usage and user requests for leaving and joining at once. The number of keys and the cost of a join and leave and the experiment are estimated. The result shows better performance when compared to the existing individual, regular batch and periodic rekeying schemes. In future, new modules may be included, which increases the compatibility of the proposed scheme that makes an application much better.