Title: Security in Large Networks Using Mediator Protocols
Following are few deliverables of this application
- Running application with proper implementation of Quantum key distribution protocol
- Implementation of algorithm that can distribute the quantum key across the large networks
- A mediator protocol that can take care of distributing these keys
- Literature review with proper documentation stating the importance of mediator protocols
- How does a quantum key is generated that can be used in the process of quantum key cryptography
- What is the role of this particular mediator protocol in the process of distributing the quantum key?
Centralized key server is involved by the existing system (in which every system for the generation of key which relies on centralized server). For generation of key, every group member relies on centralized key server. Re keying which is referred as the keys that are related to key tree nodes being renewed, is done each time when a change occurs in the group association including the joining of a new member in the group or a member who is present in the group leaving. Individual rekeying is done for join or leave operations in case of distributive key generation algorithms.
In case of individual re-keying, each member individually rekeys after every join or leave operation. The computation and communication cost are increased due to single re keying operation. Since re-keying is done for each join or leave operations, more resources are used. The risk of single point failure is more in case of using a centralized server.
DRAWBACKS OF EXISTING SYSTEM
- Key information is depended on centralized key server.
- The cost of Computational and Communication is more.
- Whenever a member joins or leaves in the case of distributed key generation algorithm, then individual re-keying is done.
- Rekeying use many resources since it is completed to leave or join leave process.
A key agreement collaboratively involved in proposed system where all nodes will be a portion of group key which is secured. Generation of (group key) which is similar for every member is finished in the group. By using the group key, associates of the group can converse every one like files are driven. Also, rekeying is done following the process of a group of joins or leaves. The protocol will be efficient even when the procedures of joins and leaves are occurred frequently. The Key information is independent of centralized key server. So it is free from the problem of single point failure. The cost of computational and Communication is less. The resources that are used for rekeying are reduced as it is being performed for a group of join and leave processes. Interval-based distributed re-keying algorithms, or interval-based algorithms are considered updating group key.
The individual re-keying approach is outperformed by these interval-based algorithms significantly. The performance of Queue-Batch algorithm is best when compared with the other two algorithms .
ADVANTAGES OF PROPOSED SYSTEM:
- The information of key is independent of centralized key server.
- The group members are independent on key server which is centralized for operating the key.
- Computational as well as Communication cost is less because re keying is done for batch of join and leave operations
- As rekeying executes for the group leave/join operations, the resources which are used for it are reduced.
- Even if the join/leave events occur frequently, the protocol remains efficient.
- In an extremely dynamic situation, workload of computation and communication can be reduced substantially by Queue-batch algorithm.
The whole group is depending on key server which is centralized for the key to be generated. This was the problem with the centralized key server. Re keying is performed whenever there is a change in any group membership including any new member joining or any existing member leaving the group. When there are a number of joins in the group and when the members leave from the group, then server uses more number of resources. A collaborative key agreement is involved in the proposed system where each and every node will be as a part of the secure group key. By using group key, the group can converse every one. Instead of performing individual re keying operations that means re-computing the group key whenever there is a new joining or when the member who is existing in the group leaves, the re key is done for a group of join operations. Generating a group key among the group is the objective of the project. The group members can communicate with the other members of the group by using a common group key. The dynamic nature of the system allows the members who are present in the group to leave as well as new members can enter. The alternative to perform individual re keying operations is performing the re key for a group of join operations. Queue-batch algorithm is used for re-keying by the system .
This application has the following modules
LIST OF MODULE
- Generation of Group Key inside the workgroup
- Rekeying of group key
- Distributing the resources inside the group
MODULE 1: GENERATION OF GROUP KEY INSIDE THE WORKGROUP
Here, in this module the Deffie-Hellman tree based protocol is implemented for generating the group key. The tree that is depicted in this module is a binary tree where a parent node consists of 2 child nodes. The private key for leaf nodes will be decided by a specific member in the group. A request is made by a member for the public key of another child node. When it is received, the private key of its parent node can be known, by using the public key of 1 child node as well as the private key of another child by means of Diffie-Hellman algorithm. Likewise if proceeded further, the group key which is the root node’s private key can be known. Further, all messages that are sent by a member to all other members in the peer group are encrypted with the help of this group key. With the generation of the group key, this module ends.
TREE-BASED GROUP DIFFIE–HELLMAN PROTOCOL (TGDH):
This protocol will be useful in maintaining the group key efficiently in a dynamic peer group which consists of a number of members. Set of keys are maintained by each member, which are set in a hierarchical binary tree. Each tree node is assigned with a node ID. A secret (which is referred as private) key Kv and a blinded (which is referred as public) key BKv are associated for given node. The arithmetic operations were done in a cyclic manner of prime order by using generator. Thus, the node’s blinded key is generated by.
All the leaf nodes in the tree contribute to the individual secret and blinded keys of a group member Mi. All members hold all the secret keys along with their key path starting from associated leaf node to the root node. Thus, all members of the group share the root node’s secret key which is known as group key. The following figure illustrates a key tree consisting of six members M1 to M6. For instance, the keys which are present at nodes 7, 3, 1, and 0 are held by member M1. The group key is the secret key which is present at node 0.
The root node’s node ID is made 0. Every non-leaf node consists of two child nodes and their node ID’s are specified as 2v+1 and 2v+2. According to the Diffie–Hellman protocol, a non-leaf node’s secret key is generated by using v’s one child node secret key and the other child’s blinded key. By mathematics,
In contrast to the keys which are present at non-leaf nodes, the leaf node’s secret key is selected by its related group member by using a secure pseudo random number generator. As the blinded keys are known publicly, they can be computed by each member along their key path to the root node depending on their individual secret key.
Consider the key tree which is shown in the above figure. Every member Mi generates the secret keys and all the secret keys move through the path to the root node. For instance, M1 generates the secret key K7 and blinded key BK8 is requested from M2, and BK4 is requested from M3, and BK2 is requested either from M4, or M5, or M6. If the secret key of M1, K7 and the blinded key BK8 are given, then secret key K3 can be generated by M1using the above formula. Again, if the blinded key BK4 as well as the secret key K3 which is newly generated are given, then secret key K1 can be generated by M1 by using the given formula. If the secret key K1 and the blinded key BK2 are given, then the secret key K0 at root can be generated by M1. From that point, encryption can be done on any communication in the group by using the secret key (which is also referred as group key) K0.
From the above figure, if M5 leaves the system, then the node 11 is endorsed to node 5 and the member M4 is the sponsor. K2 and K0 which are the secret keys are rekeyed by M4 and the blinded keys BK2 and BK5are broadcasted to each and every member in the group by M4. The group key is computed by M1, M2 and M3 after the blinded key BK2 is received. And M6 and M7 members first compute the keyK2 and then K0, the group key after receiving BK5.
From the above figure, a new member M8 wants to enter the group. Initially, the insertion node should be determined by M8 so that it can be inserted in to that. Consider v’ to add a node to the insertion node. First, a new node n’ is formed. After that, the sub tree which is embedded at the insertion node will become the left child of n’, and node v’ will become the right child of the node n’. The original location of the insertion node is replaced by node n’. The insertion node will be either at the rightmost shallowest position so that the tree height is not increased by the join or is placed at the root node if the tree is initially balanced. The above figure explains this concept. Node 5 is the insertion node and M4 is the sponsor. Then, the blinded key BK12 is broadcasted by M8 upon insertion. K5, K2 and K0 are rekeyed by M4 in its local memory, and BK5 and BK2 which are blinded keys are broadcasted to all members in the group by it. All the remaining members can rekey all the keys along their key paths and the new group key can be obtained after the blinded keys are received from M4.
From the above two figures, it is clear that one rekeying operation can be reduced if the connection of node 12 is changed simply to M8 from M5. Thus, interval-based rekeying is planned so that rekeying can be done on a group of requests for join as well as for leave. The operations of rekeying are carried out at standard rekey intervals by the members. Improving the system performance is the motivation. The security will become weaker as the data can still be accessed by the user who is departed till the subsequent rekeying interval. As the rekeying interval can be adjusted according to the application requirements, the tradeoff can be acceptable to practical applications.
Both the qualitative and quantitative methods can be use for the research methodology. Following are the methods that can be used in this particular application
- All the possible key distribution protocols are considered and the performance of each algorithm is evaluated
- Time and space evaluation of the algorithm is calculated using all the possible formulae and then best among is selected
- All the best routes are considered among the nodes and using this path the algorithm is implemented
Evaluating the mediator protocol can be done by considering all the possible paths in the network and the best path is considered by using the quantum key. The process of cryptography can be used in the process of secure data transmission and the generated quantum key can be used for the process of decryption and this protocol can be used to for the distribution of the protocol.
Hardware and Software Requirements
Software interface : JDK 1.5, SQL server and Java Swing
Processor : PentiumIV2.6GHz
RAM : 512 MB DD
Hard Disk : 10GB
Monitor : 15” colour monitor
Key board : Standard 102 keys