RE: KTR: an Efficient Key Management Scheme for Secure Data Access Control
KTR an Efficient Key Management Scheme for Secure Data Access Control in Wireless Broadcast Services.doc (Size: 63 KB / Downloads: 78)
KTR an Efficient Key Management Scheme for Secure Data Access Control in Wireless Broadcast Services
Wireless broadcast is an effective approach to disseminate data to a number of users. To provide secure access to data in wireless broadcast services, symmetric key-based encryption is used to ensure that only users who own the valid keys can decrypt the data. Regarding various subscriptions, an efficient key management to distribute and change keys is in great demand for access control in broadcast services. In this paper, we propose an efficient key management scheme (namely KTR) to handle key distribution with regarding too complex subscription options and user activities. KTR has the following advantages. First, it supports all subscription activities in wireless broadcast services. Second, in KTR, a user only needs to hold one set of keys for all subscribed programs, instead of separate sets of keys for each program. Third, KTR identifies the minimum set of keys that must be changed to ensure broadcast security.
Algorithm / Technique used:
Symmetric Key Management Algorithm.
This section identifies the alternative algorithms and modes that shall be used when symmetric key management is employed, to encrypt data encryption keys (DEKs) and message integrity check (MIC) values. Character string identifiers are assigned for incorporation in encapsulated "Key-Info:" header fields to indicate the choice of algorithm employed. When symmetric key management is employed, the symmetrically encrypted DEK and MIC, carried in the third and fourth arguments of a "Key-Info:" header field, respectively, are each represented as a string of contiguous ASCII hexadecimal digits.
Second, since multiple programs are allowed to share the same set of keys, a critical issue is how to manage shared keys efficiently and securely. In many circumstances, when a user subscribes to new programs or unsubscribe to some programs, a large portion of keys that the user will hold in his new subscription can be reused without compromising security.
1. Logic Key Hierarchy (LKH) based techniques
2. Broadcast encryption techniques
3. Rekey Operations
1. Logic Key Hierarchy (LKH):
Secure key management for wireless broadcast is closely related to secure group key management in networking. The data encryption key (DEK) of the program and each represents an individual key (IDK) of a user that is only shared between the system and the user. Other keys in the tree, namely key distribution keys (KDKs), When a user joins or leaves the group, the server needs to change and broadcast the corresponding new keys, and this operation is called rekey, and the broadcast message of new keys is called rekey message. In our system, data and rekey messages are broadcast in the same broadcast channel to the users.
2. Broadcast encryption techniques:
There are some other key management schemes in the literature for multicast and broadcast services. Used arbitrarily revealed key sequences to do scalable multicast key management without any overhead on joins/leaves. Proposed two schemes that insert an index head into packets for decryption. However, both of them require pre-planned subscription, which contradicts the fact that in pervasive computing and air data access a user may change subscriptions at any moment. Compared with LKH-based approaches, key management schemes in broadcast encryption are less flexible regarding possible subscriptions.
3. Rekey Operations:
To issue new keys upon a user event, the main task is to identify the keys that need to be changed. We use two types of paths in the key forest to represent the to-be-changed keys. When a user leaves a tree, we say, a leave path is formed, which consists of keys that the user will no longer use. When a user joins a tree, we say, an enroll path is formed, which consists of keys that the user will use in the future. Similarly, when a user shifts from one tree to another, a leave path and an enroll path are formed. In KTR, a complete path starts from the leaf node and ends at the multiple DEKs of the subscribed programs that share the tree. To broadcast new keys, the server should first compose rekey packets.
• System : Pentium IV 2.4 GHz.
• Hard Disk : 40 GB.
• Floppy Drive : 1.44 Mb.
• Monitor : 15 VGA Colour.
• Mouse : Logitech.
• Ram : 512 Mb.
• Operating system : - Windows XP.
• Coding Language : - JAVA,JFC (Java Swing),J2ME, RMI.
• Tool Used : - Eclipse.