Hybrid Broadcast Group Management Protocol for Secure, Scalable and Efficient Group Communication

: In hasty growth of communication, security plays a central role in maintaining confidentiality of data in group communication. Keeping the data intended for the group in confidential manner is the most important security feature need to be sustained for the group communication. An efficient group key management mechanism named as Hybrid Broadcast Group Management Protocol (HBGMP) is devised based on the Reverse Function (RF) and Chinese Remainder Theorem (CRT). The distinctive security among the subgroups is ensured by the reverse function and the session ID of each subgroup is calculated by employing Chinese remainder theorem. By contraption, the Session ID using Chinese Remainder Theorem, with which a cohort of n users requires Sub Group Service Provider (SGSP) to do O (n/m) computation for communication and the storage cost are diminished by diverting the computing load of the Group Service Provider (GSP) into the SGSP. The significance of this protocol is the group member needs to store only two different values during the entire life span and also the rekey message is broadcasted which brings down the communication cost to O(1). The protocol is defined generally for any applications in hybrid architecture. The proposed architecture using CRT and Reverse function is scalable for hefty sized dynamically changing group.


Introduction
The vital problem in group oriented applications is to guarantee the confidentiality. The clandestineness of a broadcast communication session is normally ensured using a cryptographic mechanism. A common key known as group key is shared among the authorized group members in a broadcast group which is used to encrypt and decrypt the messages. In many applications, the group membership is dynamic, i.e., in broadcast session the new members are authorized to join while some existing may be evicted. The evicted members cannot access the information of future group transactions is called forward secrecy and the joining members cannot access the information of past group transactions is called backward secrecy. In order to ensure the forward and backward secrecy, the group key is to be updated and the new group is to be distributed only to the members of the group. Normally in the group communication, unicast or multicast methods are adopted to deliver the new session key which may impose communication overhead. It is a challenging task to distribute the group key in an efficient and scalable way.
A number of protocols have been proposed over a decade for group key management. Based on the architecture of the group communication a set of scalable, efficient and secured centralized group key management protocols (Sherman and McGrew, 2003). The protocols are on hierarchical structure with the cost of O (log n) keys to be computed, communicated and stored by each members in the group and the overhead for group is large with restricted capacity.
In this study, hybrid architecture has been proposed which yields the advantages of both centralized and contributory group key management protocol using RF and CRT. All the protocols discussed make use of either multicast or unicast for rekeying which may increase the communication complexity. But the proposed protocol uses broadcast for rekeying which makes the communication overhead to a constant.

Related Work
Assorted researchers are paying attention towards the group key management for the past decade.
The group key management (Rafaeli et al., 2003) can be broadly classified into: • Centralized key management • Decentralized key management and distributed key management In a centralized key management approach, only one entity called as group controller is responsible for the generation, distribution and the renewal of the group key. Mainly, this approach has single point of failure or "1 affects n" problem.
In decentralized key management, the large dynamic group is split into small subgroups. Different sub group controllers are used to alleviate the problem of single point of failure, but the processing time and communication requirements get increased proportionately in terms of the number of subgroups.
Distributed key management eradicates the existence of central group controller. The session key is generated in a fashion in which all members contribute their own share to compute group key. It is very important to ensure the integrity of the rekey messages. Begum and Purusothaman (2011) has proposed a protocol which is based on Elliptic curve cryptography algorithm to form secure group key, even with smaller key size, it is capable of providing more security. This protocol can be used both in wired or wireless environments, but the attention should be made with the computation cost which is notable. Manz et al. (2010) proposed a protocol in which costs can be analyzed, procedure and security can be improved and protocols can be implemented for wireless ad-hoc networks. In addition, it led two authors of this study to create a new protocol, DTEGK which increases the communication cost and also cannot be applied for hybrid architecture.
A decentralized protocol: Iolus has been proposed by (Mittra, 1997) in which it disintegrates the group control to each subgroup controller. The proposed protocol lacks and high in confidential overhead in the performance of the relied multicast data by each sub group controller and more over the computational overhead is high. Steiner et al. (2000;Kim et al., 2004a;2004b;2004c) proposed distributed group key protocols based on group diffie hellman methods for small dynamic peer groups. Rodeh et al. (2002) proposed a distributed logical key hierarchy protocol using AVL trees. These protocols can be adopted only for small peer groups and also requires many rounds of communication to update a new group key.
A set of scalable hierarchical structure based group key protocols (Bresson et al., 2001;Sherman and McGrew, 2003) have been proposed. In the above protocols storage overhead for the key server is 2n keys and each users stores O (n) keys to perform decryption and for each time, rekeying overhead is O (log n) keys. Chiou and Chen (1989) proposed a secure broadcasting protocol also based on CRT, used only for a single subgroup and cannot be adopted for hybrid architecture and also it requires O (n) encryptions for each broadcast while proposed protocol only needs 1 encryption. Zheng et al. (2007) proposed a Hierarchical Scalable Group Key Management Based on Chinese Remainder Theorem, a protocol adopted only for single subgroups and not for hybrid architecture. Vasanthi et al. (2014) proposed mathematical model that analyses the various power parameters for group rekeying and locates the finest values for the batch size and interval time using the M/M/1/K model queues.
The weight of server was condensed and also there was no rekeying when a member leaves the group (Saravanan and Purusothaman, 2012). The secret value of parting member was not added in the encryption and so the private value could not be obtained after decryption.

Materials and Methods
In this study, a hybrid broadcast group management protocol has been proposed that removes the above limitations of both centralized and contributory key management protocol. In particular, the protocol enables hybrid architecture with least possible communication and computational overheads and less number of keys. The protocol includes a secure, scalable and efficient hybrid rekeying protocol based on the reverse algorithm and CRT concept to handle (J) Join and (L) Leave scenario for a key tree.

Hybrid Architecture
The fundamental reason behind the hybrid architecture ( Fig. 1) is to avoid the bottle neck problem in centralized architectures is that when the key server is down (off-line). Here the sub group communications is processed using the reverse function and CRT. On the other hand, if the key server is on-line, then there is a centralized scheme for communication among sub group.

Reverse Function
The Broadcast Key (BK) generation is done using the reverse function to maintain the distinctiveness among the subgroups.

Self Inverse Function
If x is an identity then identity function on x is its own inverse Equation 1:

Chinese Remainder Theorem
The Chinese remainder theorem states that let Rp 1 , Rp 2 ,…..,Rp n be pair wise relatively prime positive integers and let a 1 , a 2 ,…., a n be the arbitrary integer. Then the system of linear congruence's in one variable is given by:

Group Initialization
In the initial stage the new group requires preparation. To begin with, the GSP will craft SGSP and assign a unique Group ID (G ID) . The number of Subgroups (SGSP) (2) will be decided by GSP with the number of users in the group which is done by Now SGSP will be the soul responsible for the members of corresponding subgroups. The Broadcast Key (B K) , Broadcast Session ID (B SID ) will be computed and broadcasted to all members. Initially SGSP assigns unique RPi, ai, G ID to each members with which the S ID and G K can be computed.

Member Join
After the initial group has been setup and when a user joins the group as above said protocol, RP i , a i , G ID will be securely communicated to joining user and the rekeying will be computed in which B SID (4) using Congruence system (CRT) and B K Equation (3 to 5) using reverse function will be done and broadcasted to corresponding members.  The re-computation of S ID (6), G K (7) by the members is done as Equation 6: Group key extraction by members Equation 7:

Member Eviction
In the proposed protocol, the rekeying in member eviction is done similar to member join. After the member eviction, the corresponding member's RP i , a i will be black listed and it will be avoided in B SID (8) calculation.
Let us consider member 3 has evicted from the group Equation 8: The re-computation of B K and B SID will be done and broadcasted to the corresponding groups.

Security Analyses
In the proposed protocol each current group members will keep their RP i and a i values secret, each SGCP will keep the same values of its member's secret.
Furthermore, the set of RP i and a i values are arbitrarily picked from an boundless large pool of pair wise relatively prime positive integers, hence knowing one number gains slight knowledge about the others except that the other members do not contain the same factors.

Forward Secrecy
The ultimate aspire of forward secrecy is about to prevent evicted members to enjoy accessing upcoming group communications. In proposed protocol, once each member evicted the RP i and a i values of member is discarded, no evicted member can obtain the S ID and G K values of the group users.

Backward Secrecy
Backward Secrecy for new users is to forbid the new members in accessing earlier group communications. In this protocol, each new group key is a capriciously picked value with no relation to any old group key, without that each new added member's ability of calculating the new group key will not gain knowledge about the previous group key.

Collusion Attack
Collusion attack is the set of evicted members joins together in prediction of the S ID and G k . This is not possible with this protocol, since the RP i and a i values of member are discarded. For this protocol, even if the set of RP i and a i values are arbitrarily picked from an boundless large pool of pair wise relatively prime positive integers, then knowing one number gains slight knowledge about the others except that the other members do not contain the same factors. However, the pool of positive integers is made up of primes then collusion gains no added information.

Results
In the performance analyses of the proposed protocol, a comparative study has been made with some benchmark protocols. Most of the protocols adopt unicast or multicast for distribution of rekey values, but the proposed protocol will broadcast the rekey value which reduces the communication overhead drastically to O(1). Table 1 gives the comparative study of storage complexity wherenumber of users and m-Number of sub groups regarding storage complexity the proposed HBGMP (Fig. 2) reduces complexity better than the other methods.  While considering the communication complexity, when users join the group into account (Fig. 3), the rekeying overhead is O(1) and also in the case of users evicted (Fig. 4) from the group the rekeying overhead is O(1). The comparative study is made with other methods for the rekeying overhead (Table 2).

Discussion
The proposed hybrid architecture with CRT and Reverse function offers scalability and also security for the group members. The key factors such as storage complexity and communication complexity have been come down to a notable value. This hybrid protocol is suitable for hefty sized and assorted secured group communications.

Conclusion
In this proposed method, a hybrid broadcast group management protocol based on CRT and reverse function is implemented which is very scalable for large size dynamically changing group. The scalability of the proposed protocol is relatively simple hybrid structure, which minimizes re-key message overhead and also requirements on regular group user computation overhead. In case of key storage space, the HBGMP makes suitable for a variety of secure large group communication. Even though the protocol is evaluated using simulation, the unit performance is based on modulo and power functions using broadcast method which is different from other protocol can cause real performance results deviated. In the future work, tuning of the protocol will be done to provide optimized performance in the real time process and comparison with other protocols. Limitations: The computational overhead may increase when the users in the group is maximum and the server has to generate more number of RP i and a i values, since the values should be unique.

Funding Information
The authors have no support or funding to report.

Author's Contributions
All authors equally contributed in this work.

Ethics
This article is original and contains unpublished material. The corresponding author confirms that all of the other authors have read and approved the manuscript and no ethical issues involved.