KTR an Efficient Key Management Scheme for Secure Data Access Control in Wireless Broadcast Services Abstract:
Wireless broadcast is an effective approach to disseminate data to a number of users. To provide secure access to data in wireless broadcast services, symmetric key-based encryption is used to ensure that only users who own the valid keys can decrypt the data. Regarding various subscriptions, an efficient key management to distribute and change keys is in great demand for access control in broadcast services. n this paper, we propose an efficient key management scheme !namely "TR# to handle key distribution with regarding too comple$ subscription options and user activities. "TR has the following advantages. %irst, it supports all subscription activities in wireless broadcast services. &econd, in "TR, a user only needs to hold one set of keys for all subscribed programs, instead of separate sets of keys for each program. Third, "TR identifies the minimum set of keys that must be changed to ensure broadcast security.
Algorithm / Technique used:
&ymmetric "ey 'anagement Algorithm.
Algorithm Description:
This section identifies the alternative algorithms and modes that shall be used when symmetric key management is employed, to encrypt data encryption keys !()"s# and message integrity check !' *# values. *haracter string identifiers are assigned for incorporation in encapsulated +"ey- nfo:+ header fields to indicate the choice of algorithm employed. When symmetric key management is employed, the
symmetrically encrypted ()" and ' *, carried in the third and fourth arguments of a +"ey- nfo:+ header field, respectively, are each represented as a string of contiguous A&* he$adecimal digits.
System Architecture:
Existing System: First, the proposed scheme takes advantage of a fact in broadcast services: many users subscribe to multiple programs simultaneously. n other words, programs overlap with each other in terms of users. ,ecause e$isting approaches manage keys by separating programs, they turn to be demanding for the users who subscribe to many programs. Second, since multiple programs are allowed to share the same set of keys, a critical issue is how to manage shared keys efficiently and securely. n many circumstances, when a user subscribes to new programs or unsubscribe to some programs, a large portion of keys that the user will hold in his new subscription can be reused without compromising security. Proposed System: -. .ogic "ey /ierarchy !."/# based techni0ues
1. ,roadcast encryption techni0ues 2. Rekey 3perations
-. .ogic "ey /ierarchy !."/#:
&ecure key management for wireless broadcast is closely related to secure group key management in networking. The data encryption key !()"# of the program and each represents an individual key ! ("# of a user that is only shared between the system and the user. 3ther keys in the tree, namely key distribution keys !"("s#, When a user 4oins or leaves the group, the server needs to change and broadcast the corresponding new keys, and this operation is called rekey, and the broadcast message of new keys is called rekey message. n our system, data and rekey messages are broadcast in the same broadcast channel to the users.
1. ,roadcast encryption techni0ues:
There are some other key management schemes in the literature for multicast and broadcast services. 5sed arbitrarily revealed key se0uences to do scalable multicast key management without any overhead on 4oins6leaves. 7roposed two schemes that insert an inde$ head into packets for decryption. /owever, both of them re0uire pre-planned subscription, which contradicts the fact that in pervasive computing and air data access a user may change subscriptions at any moment. *ompared with ."/-based approaches, key management schemes in broadcast encryption are less fle$ible regarding possible subscriptions. 2. Rekey 3perations:
To issue new keys upon a user event, the main task is to identify the keys that need to be changed. We use two types of paths in the key forest to represent the to-bechanged keys. When a user leaves a tree, we say, a leave path is formed, which consists of keys that the user will no longer use. When a user 4oins a tree, we say, an enroll path is formed, which consists of keys that the user will use in the future. &imilarly, when a user shifts from one tree to another, a leave path and an enroll path are formed. n "TR, a complete path starts from the leaf node and ends at the multiple ()"s of the subscribed programs that share the tree. To broadcast new keys, the server should first compose rekey packets.
System Requirements:
ard!are Re"uirements#
8 8 8 8 8 8 &ystem /ard (isk 'onitor 'ouse Ram : 7entium 9 1.: ;/ 9;A *olour. : .ogitech. : >-1 'b.
%loppy (rive : -.:: 'b.
Soft!are Re"uirements#
8 8 8 3perating system *oding .anguage Tool 5sed : - Windows ?7. : - @A9A,@%* !@ava &wing#,@1'), R' . : - )clipse.
doc_957087607.doc
Wireless broadcast is an effective approach to disseminate data to a number of users. To provide secure access to data in wireless broadcast services, symmetric key-based encryption is used to ensure that only users who own the valid keys can decrypt the data. Regarding various subscriptions, an efficient key management to distribute and change keys is in great demand for access control in broadcast services. n this paper, we propose an efficient key management scheme !namely "TR# to handle key distribution with regarding too comple$ subscription options and user activities. "TR has the following advantages. %irst, it supports all subscription activities in wireless broadcast services. &econd, in "TR, a user only needs to hold one set of keys for all subscribed programs, instead of separate sets of keys for each program. Third, "TR identifies the minimum set of keys that must be changed to ensure broadcast security.
Algorithm / Technique used:
&ymmetric "ey 'anagement Algorithm.
Algorithm Description:
This section identifies the alternative algorithms and modes that shall be used when symmetric key management is employed, to encrypt data encryption keys !()"s# and message integrity check !' *# values. *haracter string identifiers are assigned for incorporation in encapsulated +"ey- nfo:+ header fields to indicate the choice of algorithm employed. When symmetric key management is employed, the
symmetrically encrypted ()" and ' *, carried in the third and fourth arguments of a +"ey- nfo:+ header field, respectively, are each represented as a string of contiguous A&* he$adecimal digits.
System Architecture:
Existing System: First, the proposed scheme takes advantage of a fact in broadcast services: many users subscribe to multiple programs simultaneously. n other words, programs overlap with each other in terms of users. ,ecause e$isting approaches manage keys by separating programs, they turn to be demanding for the users who subscribe to many programs. Second, since multiple programs are allowed to share the same set of keys, a critical issue is how to manage shared keys efficiently and securely. n many circumstances, when a user subscribes to new programs or unsubscribe to some programs, a large portion of keys that the user will hold in his new subscription can be reused without compromising security. Proposed System: -. .ogic "ey /ierarchy !."/# based techni0ues
1. ,roadcast encryption techni0ues 2. Rekey 3perations
-. .ogic "ey /ierarchy !."/#:
&ecure key management for wireless broadcast is closely related to secure group key management in networking. The data encryption key !()"# of the program and each represents an individual key ! ("# of a user that is only shared between the system and the user. 3ther keys in the tree, namely key distribution keys !"("s#, When a user 4oins or leaves the group, the server needs to change and broadcast the corresponding new keys, and this operation is called rekey, and the broadcast message of new keys is called rekey message. n our system, data and rekey messages are broadcast in the same broadcast channel to the users.
1. ,roadcast encryption techni0ues:
There are some other key management schemes in the literature for multicast and broadcast services. 5sed arbitrarily revealed key se0uences to do scalable multicast key management without any overhead on 4oins6leaves. 7roposed two schemes that insert an inde$ head into packets for decryption. /owever, both of them re0uire pre-planned subscription, which contradicts the fact that in pervasive computing and air data access a user may change subscriptions at any moment. *ompared with ."/-based approaches, key management schemes in broadcast encryption are less fle$ible regarding possible subscriptions. 2. Rekey 3perations:
To issue new keys upon a user event, the main task is to identify the keys that need to be changed. We use two types of paths in the key forest to represent the to-bechanged keys. When a user leaves a tree, we say, a leave path is formed, which consists of keys that the user will no longer use. When a user 4oins a tree, we say, an enroll path is formed, which consists of keys that the user will use in the future. &imilarly, when a user shifts from one tree to another, a leave path and an enroll path are formed. n "TR, a complete path starts from the leaf node and ends at the multiple ()"s of the subscribed programs that share the tree. To broadcast new keys, the server should first compose rekey packets.
System Requirements:
ard!are Re"uirements#
8 8 8 8 8 8 &ystem /ard (isk 'onitor 'ouse Ram : 7entium 9 1.: ;/ 9;A *olour. : .ogitech. : >-1 'b.
%loppy (rive : -.:: 'b.
Soft!are Re"uirements#
8 8 8 3perating system *oding .anguage Tool 5sed : - Windows ?7. : - @A9A,@%* !@ava &wing#,@1'), R' . : - )clipse.
doc_957087607.doc