Visible to the public Key Management 2015Conflict Detection Enabled

SoS Newsletter- Advanced Book Block


SoS Logo

Key Management 2015


Successful key management is critical to the security of any cryptosystem. It is perhaps the most difficult part of cryptography including as it does system policy, user training, organizational and departmental interactions, and coordination between all of these elements and includes dealing with the generation, exchange, storage, use, and replacement of keys, key servers, cryptographic protocols, and user procedures. For researchers, key management is a challenge to create larger scale and faster systems to operate within the cloud and other complex environments, while ensuring validity and not adding weight to the process.  For the Science of Security community, it is relevant to scalability, resilience, metrics, and human behavior.  The work cited here was presented in 2015.

Sharma, S.; Krishna, C.R., "An Efficient Distributed Group Key Management Using Hierarchical Approach with Elliptic Curve Cryptography," in Computational Intelligence & Communication Technology (CICT), 2015 IEEE International Conference on, pp. 687-693, 13-14 Feb. 2015. doi: 10.1109/CICT.2015.116

Abstract: Secure and reliable group communication is an active area of research. Its popularity is fueled by the growing importance of group-oriented and collaborative properties. The central research challenge is secure and efficient group key management. In this paper, we propose an efficient many-to-many group key management protocol in distributed group communication. This protocol is based on Elliptic Curve Cryptography and decrease the key length while providing securities at the same level as that of other cryptosystems provides. The main issue in secure group communication is group dynamics and key management. A scalable secure group communication model ensures that whenever there is a membership change, a new group key is computed and distributed to the group members with minimal communication and computation cost. This paper explores the use of batching of group membership changes to reduce the time and key re-distribution operations. The features of ECC protocol are that, no keys are exchanged between existing members at join, and only one key, the group key, is delivered to remaining members at leave. In the security analysis, our proposed algorithm takes less time when users join or leave the group in comparison to existing one. In ECC, there is only 1 key generation and key encryption overhead at join and leave operation. At join the communication overhead is key size of a node and at leave operation is 2 log2 n -- 2 × key size of a node.

Keywords: cryptographic protocols; public key cryptography; ECC protocol; collaborative properties; cryptosystems; distributed group communication; distributed group key management; elliptic curve cryptography; group dynamics; group membership; group-oriented properties; hierarchical approach; key encryption overhead; key redistribution operations; many-to-many group key management protocol; scalable secure group communication model; security analysis; Binary codes; Elliptic curve cryptography; Encryption; Protocols; Distributed Group Key Management; Group Communication; Hierarchical Group Key Management (ID#: 16-9354)



Benmalek, M.; Challal, Y., "eSKAMI: Efficient and Scalable Multi-group Key Management for Advanced Metering Infrastructure in Smart Grid," in Trustcom/BigDataSE/ISPA, 2015 IEEE, vol. 1, pp. 782-789, 20-22 Aug. 2015. doi: 10.1109/Trustcom.2015.447

Abstract: Advanced Metering Infrastructure (AMI) is composed of systems and networks for measuring, collecting, storing, analyzing, and exploiting energy usage related data. AMI is an enabling technology for Smart Grid (SG) and hence represents a privileged target for security attacks with potentially great damage against infrastructures and privacy. For this reason, security has been identified as one of the most challenging topics in AMI development, and designing an efficient Key Management Scheme (KMS) is one of first important steps. In this paper, we propose a new scalable and efficient key management scheme that we call Efficient and Scalable multi-group Key Management for AMI (eSKAMI) to secure data communications in an Advanced Metering Infrastructure. It is a key management scheme that can support unicast, multicast and broadcast communications based on an efficient Multi-group Key graph technique. An analysis of security and performance, and a comparision of our scheme with recently proposed schemes show that our KMS induces low storage overhead compared to existing solutions (reduction reaches 83%) without increasing the communication overhead.

Keywords: graph theory; smart power grids; telecommunication network management; telecommunication security; AMI development; KMS; SG; Smart Grid; advanced metering infrastructure; eSKAMI; efficient and scalable multigroup key management; efficient key management scheme; energy usage; multigroup key graph technique; privacy; scalable multigroup key management; secure data communications; security attacks; Authentication; Cryptography; Load management; Smart grids; Smart meters; Unicast; Advanced Metering Infrastructure (AMI); Key Management Scheme (KMS); Security; Smart Grid (SG) (ID#: 16-9355)



Zhang Ying; Zheng Bingxin, "A Multiple Key Management Method in Distributed Sensor Networks," in Control Conference (CCC), 2015 34th Chinese, pp. 7676-7681, 28-30 July 2015. doi: 10.1109/ChiCC.2015.7260858

Abstract: Wireless sensor network (WSNs) with a mobile sink node (MS) has been widely concerned. In view of the low security in the basic random key pre-distribution scheme, and the vital role of MS in the research on key management, this paper proposed a new scheme (PPBR scheme) based on a composite key management schemes with polynomial pool-based key pre-distribution and basic random key pre-distribution. The scheme uses polynomial t-degree property to increase the difficulty of cracking the key by enemy and enhance the network resilience to node capture, meanwhile, improves the storage efficiency as heterogeneous features between MS and sensor nodes. The low connectivity is solved by introducing path key tree-based establishment method. Theoretical analysis and simulation experiments show that the proposed scheme has advantages in terms of network security, connectivity and storage effectiveness under the comprehensive consideration on different performance evaluation.

Keywords: polynomials; telecommunication network management; telecommunication security; wireless sensor networks; MS; PPBR scheme; WSN; basic random key predistribution; composite key management schemes; distributed sensor networks; mobile sink node; multiple key management method; network resilience; polynomial pool; polynomial t-degree property; security; wireless sensor network; Mobile sink; composite scheme; heterogeneous networks; key management (ID#: 16-9356)



Yukun Zhou; Dan Feng; Wen Xia; Min Fu; Fangting Huang; Yucheng Zhang; Chunguang Li, "Secdep: A User-Aware Efficient Fine-Grained Secure Deduplication Scheme with Multi-Level Key Management," in Mass Storage Systems and Technologies (MSST), 2015 31st Symposium on, pp. 1-14, May 30 2015-June 5 2015. doi: 10.1109/MSST.2015.7208297

Abstract: Nowadays, many customers and enterprises backup their data to cloud storage that performs deduplication to save storage space and network bandwidth. Hence, how to perform secure deduplication becomes a critical challenge for cloud storage. According to our analysis, the state-of-the-art secure deduplication methods are not suitable for cross-user finegrained data deduplication. They either suffer brute-force attacks that can recover files falling into a known set, or incur large computation (time) overheads. Moreover, existing approaches of convergent key management incur large space overheads because of the huge number of chunks shared among users. Our observation that cross-user redundant data are mainly from the duplicate files, motivates us to propose an efficient secure deduplication scheme SecDep. SecDep employs User-Aware Convergent Encryption (UACE) and Multi-Level Key management (MLK) approaches. (1) UACE combines cross-user file-level and inside-user chunk-level deduplication, and exploits different secure policies among and inside users to minimize the computation overheads. Specifically, both of file-level and chunk-level deduplication use variants of Convergent Encryption (CE) to resist brute-force attacks. The major difference is that the file-level CE keys are generated by using a server-aided method to ensure security of cross-user deduplication, while the chunk-level keys are generated by using a user-aided method with lower computation overheads. (2) To reduce key space overheads, MLK uses file-level key to encrypt chunk-level keys so that the key space will not increase with the number of sharing users. Furthermore, MLK splits the file-level keys into share-level keys and distributes them to multiple key servers to ensure security and reliability of file-level keys. Our security analysis demonstrates that SecDep ensures data confidentiality and key security. Our experiment results based on several large real-world datasets show that SecDep is mor- time-efficient and key-space-efficient than the state-of-the-art secure deduplication approaches.

Keywords: cloud computing; cryptography; data privacy; MLK approaches; SecDep; UACE; brute-force attacks; cloud storage; computation overheads; cross-user deduplication security; cross-user file-level deduplication; cross-user finegrained data deduplication; data confidentiality; inside-user chunk-level deduplication; key security; key space overhead reduction; multilevel key management approaches; security analysis; server-aided method; user-aided method; user-aware convergent encryption; user-aware efficient fine-grained secure deduplication scheme; Encryption; Protocols; Resists; Servers (ID#: 16-9357)



Shuaiqi Hu, "A Hierarchical Key Management Scheme for Wireless Sensor Networks Based on Identity-Based Encryption," in Computer and Communications (ICCC), 2015 IEEE International Conference on, pp. 384-389, 10-11 Oct. 2015. doi: 10.1109/CompComm.2015.7387601

Abstract: Limited resources (such as energy, computing power, storage, and so on) make it impractical for wireless sensor networks (WSNs) to deploy traditional security schemes. In this paper, a hierarchical key management scheme is proposed on the basis of identity-based encryption (IBE). This proposed scheme not only converts the distributed flat architecture of the WSNs to a hierarchical architecture for better network management but also ensures the independence and security of the sub-networks. This paper firstly reviews the identity-based encryption, particularly, the Boneh-Franklin algorithm. Then a novel hierarchical key management scheme based on the basic Boneh-Franklin and Diffie-Hellman (DH) algorithms is proposed. At last, the security and efficiency of our scheme is discussed by comparing with other identity-based schemes for flat architecture of WSNs.

Keywords: cryptography; telecommunication network management; telecommunication security; wireless sensor networks; Boneh-Franklin algorithm; Boneh-Franklin algorithms; Diffie-Hellman algorithms; WSN; hierarchical key management scheme; identity-based encryption; identity-based schemes; network management; security; wireless sensor networks; Base stations; Computer architecture; Encryption; Identity-based encryption; Wireless sensor networks; Diffie-Hellman key exchange; IBE; WSNs; key management (ID#: 16-9358)



Abdmeziem, M.R.; Tandjaoui, D.; Romdhani, I., "A Decentralized Batch-Based Group Key Management Protocol for Mobile Internet of Things (DBGK)," in Computer and Information Technology; Ubiquitous Computing and Communications; Dependable, Autonomic and Secure Computing; Pervasive Intelligence and Computing (CIT/IUCC/DASC/PICOM), 2015 IEEE International Conference on, pp. 1109-1117, 26-28 Oct. 2015. doi: 10.1109/CIT/IUCC/DASC/PICOM.2015.166

Abstract: It is anticipated that constrained devices in the Internet of Things (IoT) will often operate in groups to achieve collective monitoring or management tasks. For sensitive and mission-critical sensing tasks, securing multicast applications is therefore highly desirable. To secure group communications, several group key management protocols have been introduced. However, the majority of the proposed solutions are not adapted to the IoT and its strong processing, storage, and energy constraints. In this context, we introduce a novel decentralized and batch-based group key management protocol to secure multicast communications. Our protocol is simple and it reduces the rekeying overhead triggered by membership changes in dynamic and mobile groups and guarantees both backward and forward secrecy. To assess our protocol, we conduct a detailed analysis with respect to its communication and storage costs. This analysis is validated through simulation to highlight energy gains. The obtained results show that our protocol outperforms its peers with respect to the rekeying overhead and the mobility of members.

Keywords: Internet of Things; cryptographic protocols; data privacy; mobile computing; multicast communication; backward secrecy; communication costs; decentralized batch-based group key management protocol; dynamic groups; energy constraints; energy gains; forward secrecy; group communication security; membership changes; mobile Internet of Things; mobile groups; multicast applications; rekeying overhead reduction; sensitive mission-critical sensing tasks; storage costs; Context; Encryption; Mobile communication; Peer-to-peer computing; Protocols; Servers; Data confidentiality; Group key Management; Internet Of Things; Multicast communications; Security and Privacy (ID#: 16-9359)



Vijayalakshmi, V.; Sharmila, R.; Shalini, R., "Hierarchical Key Management Scheme using Hyper Elliptic Curve Cryptography in Wireless Sensor Networks," in Signal Processing, Communication and Networking (ICSCN), 2015 3rd International Conference on, pp. 1-5, 26-28 March 2015. doi: 10.1109/ICSCN.2015.7219840

Abstract: Wireless Sensor Network (WSN) be a large scale network with thousands of tiny sensors moreover is of utmost importance as it is used in real time applications. Currently WSN is required for up-to-the-minute applications which include Internet of Things (IOT), Smart Card, Smart Grid, Smart Phone and Smart City. However the greatest issue in sensor network is secure communication for which key management is the primary objective. Existing key management techniques have many limitations such as prior deployment knowledge, transmission range, insecure communication and node captured by the adversary. The proposed novel Track-Sector Clustering (TSC) and Hyper Elliptic Curve Cryptography (HECC) provides better transmission range and secure communication. In TSC, the overall network is separated into circular tracks and triangular sectors. Power Aware Routing Protocol (PARP) was used for routing of data in TSC, which reduces the delay with increased packet delivery ratio. Further for secure routing HECC was implemented with 80 bits key size, which reduces the memory space and computational overhead than the existing Elliptic Curve Cryptography (ECC) key management scheme.

Keywords: pattern clustering; public key cryptography; routing protocols; telecommunication power management; telecommunication security; wireless sensor networks; ECC; IOT; Internet of Things; PARP; TSC; WSN; computational overhead reduction; data routing; hierarchical key management scheme; hyper elliptic curve cryptography; memory space reduction; packet delivery ratio; power aware routing protocol; secure communication; smart card; smart city; smart grid; smart phone; track-sector clustering; up-to-the-minute application; wireless sensor network; Convergence; Delays; Elliptic curve cryptography; Real-time systems; Throughput; Wireless sensor networks; Hyper Elliptic Curve Cryptography; Key Management Scheme; Power Aware Routing; Track-Sector Clustering; Wireless Sensor network (ID#: 16-9360)



Purushothama, B.R.; Koti, N., "Security Analysis of Tree and Non-Tree Based Group Key Management Schemes Under Strong Active Outsider Attack Model," in Advances in Computing, Communications and Informatics (ICACCI), 2015 International Conference on, pp. 1825-1829, 10-13 Aug. 2015. doi: 10.1109/ICACCI.2015.7275882

Abstract: Key management schemes for secure group communications should satisfy two basic security requirements, backward secrecy and forward secrecy. Most of the prominent secure group key management schemes are shown to satisfy the basic security requirements considering passive attack model. In this paper, we analyze secure group key management schemes under active outsider attack model. In active outsider attack model, an adversary can compromise a legitimate user of the group. We show that some of the efficient tree based, non-tree based and proxy re-encryption based group key management schemes are not secure under active attack model. We evaluate the cost involved in making these schemes secure under active attack model. Also, we construct a secure version of these schemes and show that the schemes are secure under active outsider attack model.

Keywords: cryptography; trees (mathematics); backward secrecy; forward secrecy; nontree based group key management scheme security analysis; passive attack model; proxy reencryption scheme; secure group communication; strong active outsider attack model; tree based group key management scheme security analysis; Analytical models; Computational modeling; Cryptography; Polynomials; Servers; Vegetation (ID#: 16-9361)



Shi Li; Inshil Doh; Kijoon Chae, "Key Management Mechanism in ALTO/SDN Based CDNi Architecture," in Information Networking (ICOIN), 2015 International Conference on, pp. 110-115, 12-14 Jan. 2015. doi: 10.1109/ICOIN.2015.7057866

Abstract: Content delivery network interconnection (CDNi) as a new interactive network which inherits all of the advantages of single CDN. Moreover, CDNs supported by different network operators can communicate with each other directly through the interfaces between them. Meanwhile, the interactivity also brings some security issues. In this paper, we propose a new CDNi communication architecture which combined with another two efficient technologies, ALTO and SDN. Based on this architecture, a key generation and distribution mechanism is also proposed to ensure the security communication of content in CDNi. From the analysis result, we can proof that it is scarcely possible for attackers to break our security system.

Keywords: computer network security; optimisation; software defined networking; telecommunication traffic; ALTO-SDN based CDNi communication architecture; application-layer traffic optimization; content communication security; content delivery network interconnection; interactive network; key distribution mechanism; key management mechanism; software defined networking; Computer architecture; Equations; Routing; Security; Servers; Symmetric matrices; Vectors; ALTO service; CDNi; Key management; SDN; Security (ID#: 16-9362)



Caixia Zhang; Lili Qu; Xiangdong Wang; Jianbin Xiong, "An Efficient Self-Healing Group Key Management with Lower Storage for Wireless Sensor Network," in Computer Science and Mechanical Automation (CSMA), 2015 International Conference on, pp.124-128, 23-25 Oct. 2015. doi: 10.1109/CSMA.2015.31

Abstract: For the problems of energy constrained and the channel insecurity in group communication of WSN, we propose a self-healing group key management protocol based on polynomial and some algorithm. This protocol can recover the lost group key without transmitting message once more. The method can improve the security of the channel, while consuming less energy. The performance analysis of this protocol shows that we can achieve forward secrecy and backward secrecy and communication security with lower energy consumption, which can expand the range of applications of wireless sensor networks while improving life.

Keywords: public key cryptography; wireless sensor networks; WSN; backward secrecy; channel insecurity; channel security; communication security; forward secrecy; group communication; self-healing group key management protocol; wireless sensor networks; Automation; Cryptography; Energy consumption; rotocols; Wireless sensor networks; Yttrium; lower storage; security; self-healing; wireless sensor network (ID#: 16-9363)



Chen Hong, "Towards a Identity-Based Key Management System for Vehicular Ad Hoc Network," in Measuring Technology and Mechatronics Automation (ICMTMA), 2015 Seventh International Conference on, pp. 1359-1362, 13-14 June 2015. doi: 10.1109/ICMTMA.2015.332

Abstract: Current solutions either do not consider the main requisites of these networks, as the absence of central administration or self organization, or do not detail with important operations, such as key revocation or key update. Thus, this paper presents (Identity-Based Cryptography), a complete and fully self-organized identity-based key management scheme for mobile ad hoc networks. Does not depend on any central authority or third trusted party, even during the network formation. Also, provides mechanisms to revoke the private key of malicious or compromised nodes and ways to update the keys of non-compromised nodes. Simulation results show that is effective while it does not impose a high communication overhead to the system.

Keywords: mobility management (mobile radio); telecommunication security; vehicular ad hoc networks; central authority; malicious node; mobile ad hoc network; noncompromised node; private key; self-organized identity-based key management scheme; third trusted party; vehicular ad hoc network; Identity-based encryption; Mobile ad hoc networks; Simulation; Wireless communication; Identity-Based Cryptography; Security; vehicular ad hoc network (ID#: 16-9364)



Treytl, A.; Sauter, T., "Hierarchical Key Management for Smart Grids," in Systems Engineering (ISSE), 2015 IEEE International Symposium on, pp. 496-500, 28-30 Sept. 2015. doi: 10.1109/SysEng.2015.7302803

Abstract: Data transfer in smart grids is sensitive and must be properly protected. However, proven security approaches from the IT world can be used only to a certain extent. In particular, resource limitations in the communication network for the last mile and the field devices must be taken into account, which makes popular asymmetric public key infrastructures difficult to apply. This paper reviews current security architectures and proposes an efficient solution based on symmetric keys, which has advantages for highly resource limited devices and networks. Key management follows a four-level hierarchical approach, where the actual session keys used for regular data exchange in the smart grid can be derived automatically by the field devices to increase system security and save communication bandwidth. Execution time measurements of the cryptographic algorithms demonstrate the efficiency of the approach.

Keywords: power system security; public key cryptography; smart power grids; time measurement; asymmetric public key infrastructures; communication bandwidth; communication network; cryptographic algorithms; data transfer; execution time measurements; four-level hierarchical approach; hierarchical key management; regular data exchange; security architectures; session keys; smart grids; symmetric keys; Bandwidth; Computer architecture; Encryption; Program processors; Smart grids; communication network; key management; security; smart grid (ID#: 16-9365)



Fakhrey, H.; Boussakta, S.; Tiwari, R.; Al-Mathehaji, Y.; Bystrov, A., "Location-Dependent Key Management Protocol for a WSN with a Random Selected Cell Reporter," in Communications (ICC), 2015 IEEE International Conference on, pp. 6300-6305, 8-12 June 2015. doi: 10.1109/ICC.2015.7249328

Abstract: A wireless sensor network (WSN) employed to serve smart city applications is usually located in a vast and vulnerable territory. In order to secure vital and critical information, the security requirements of data confidentiality, authenticity and availability should be guaranteed. One of the leading key management schemes is based on using location information to generate security credentials. However, existing location-dependent schemes have disadvantages related to cell capture caused by a threshold number of nodes (e) being compromised. This paper presents a location-dependent key management protocol with a random selected cell reporter, LKMP-RSCR, where a set of cell reporters are selected randomly by the base station (BS) to provide a third level of report endorsement. In the LKMP-RSCR, an adversary would need to compromise all cell reporters in addition to endorsement (e) nodes to capture a particular cell. The LKMP-RSCR is presented and evaluated using an extensive analysis that shows a significant enhancement achieved in comparison with LEDS and MKMP schemes in terms of data confidentiality (85%), authenticity (35%) and availability (85%).

Keywords: cryptographic protocols; wireless sensor networks; LKMP-RSCR; WSN; authenticity; availability; data confidentiality; location-dependent key management protocol; random selected cell reporter; security requirements; smart city applications; wireless sensor network; Ad hoc networks; Authentication; Cryptography; Light emitting diodes; Probability; Wireless sensor networks; End-to-End Security; Location- Dependent Key Management System; Smart Cities; Wireless Sensor Network (WSN) (ID#: 16-9366)



Kumar Reddy K, P.; Chandavarkar, B.R., "Mitigation of Desynchronization Attack During Inter-eNodeB Handover Key Management in LTE," in Contemporary Computing (IC3), 2015 Eighth International Conference on, pp. 561-566, 20-22 Aug. 2015. doi: 10.1109/IC3.2015.7346744

Abstract: In recent years, 3rd Generation Partnership Project (3GPP) is taking on a pivotal role in standardizing the 4G network. Long Term Evolution (LTE) is a standard by the 3rd Generation Partnership Project (3GPP) and its main goal is to transform into 4G from mobile cellular wireless technology. Optimization of radio access techniques along with the improvement in the LTE systems lead 3GPP in developing the 4G standard as the next generation of LTE-Advanced (LTE-A) wireless networks. The support of full inter-working and flat Internet Protocol (IP) connectivity with heterogeneous wireless access networks in both 3GPP LTE and LTE-A architecture leads to new challenges in the security aspects. The primary challenge of LTE is to provide security to end users. Despite of security architecture available in LTE, still there exist vulnerabilities which can compromise the whole network. The major contribution of this paper is to design a new mitigation scheme which reduces the impact of desynchronization attack during the inter-eNodeB handover key management in LTE. Desynchronization attack can lead to serious consequences like compromise of User Equipment (UE) and eNodeB, during inter-eNodeB handover key management.

Keywords: 3G mobile communication; 4G mobile communication; Long Term Evolution; cryptography; mobility management (mobile radio);telecommunication security; 3GPP; 4G network; LTE-Advanced; Third Generation Partnership Project; desynchronization attack mitigation; flat internet protocol; intereNodeB handover key management; interworking protocol; long term evolution; Base stations; Computer architecture; Handover; Long Term Evolution; Mathematical model; Security; 3GPP; AKA; LTE-Security; desynchronization attack; eNodeB; handover key management (ID#: 16-9367)



Zongmin Cui; Haitao Lv; Chao Yin; Guangyong Gao; Caixue Zhou, "Efficient Key Management for IOT Owner in the Cloud," in Big Data and Cloud Computing (BDCloud), 2015 IEEE Fifth International Conference on,  pp. 56-61, 26-28 Aug. 2015. doi: 10.1109/BDCloud.2015.40

Abstract: IOT (internet of things) owner may not want their sensitive data to be public in the cloud. However, the client operated by IOT owner may be too lightweight to provide the encryption/decryption service. To remove the issue, we propose a novel solution to minimize the access control cost for IOT owner. First, we present a security model for IOT with minimal cost of IOT owner client without encryption, in which we transfer the encryption/decryption from the client to the cloud. Second, we propose an access control model to minimize the key management cost for IOT owner. Third, we provide an authorization update method to minimize the cost dynamically. In our method, the sensitive data from IOT owner is only available to the authorized user. Each IOT owner needs only to manage a single password, by which the IOT owner can always manage his/her sensitive data and authorization no matter the authorization policy how to change. Experimental results show that our approach significantly outperforms most of existing methods with efficient key management for IOT owner.

Keywords: Internet of Things; authorisation; cloud computing; cryptography; Internet of Things; IoT; access control cost; authorization update method; cloud computing; decryption service; encryption service; key management cost; password management; security model; Authorization; Cloud computing; Encryption; Servers; Authorization update; Cloud computing; IOT owner key management; Internet of things; Sensitive data (ID#: 16-9368)



Nengcheng Chen; Wenying Du, "Spatial-Temporal Based Integrated Management for Smart City: Framework, Key Techniques and Implementation," in Geoinformatics, 2015 23rd International Conference on, pp. 1-4, 19-21 June 2015. doi: 10.1109/GEOINFORMATICS.2015.7378628

Abstract: With the rapid development of urban economy and the enormous increase of urban population, a series of problems arise, including safety and security protections of citizens, emergency events responding and management, monitoring and maintaining of urban infrastructures, and urban environment pollution treatment, etc. These problems undoubtedly hinder the development of cities and the quality improvement of residents' lives, whereas a novel and efficient management method is absent for the solving of these problems. This paper proposes the method of spatial-temporal integrated management for smart cities (STIMSC), which is used to manage diverse resources of cities, builds the overall architecture of integrated management, and form an integrated management mode for cities by employing the techniques of collaborative sensing, model web, and intelligent service. The pipe leakage event in Taiyuan, China on June 23, 2014 is chosen as the use case for the validation of STIMSC. Results demonstrate that STIMSC is able to realize the integration of heterogeneous resources in the service-oriented way for decision makers, make effective action plan for enterprises, and gain more evacuation time for residents. STIMSC is of great significance in the efficiency improvement of city management.

Keywords: Internet; emergency management; quality management; security; smart cities; town and country planning; STIMSC; city management; collaborative sensing; emergency event management; emergency event responding; integrated management mode; intelligent service; model Web; pipe leakage event; quality improvement; safety protection; security protection; service-oriented way; smart city; spatial-temporal based integrated management; spatial-temporal integrated management for smart cities; urban economy; urban environment pollution treatment; urban infrastructures; urban population; Computational modeling; Metadata; Visualization; collaborative sensing; integrated management; intelligent service; model web; smart city (ID#: 16-9369)



Chokngamwong, R.; Jirabutr, N., "Mobile Digital Right Management with Enhanced Security using Limited-Use Session Keys," in Electrical Engineering/Electronics, Computer, Telecommunications and Information Technology (ECTI-CON), 2015 12th International Conference on, pp. 1-5, 24-27 June 2015. doi: 10.1109/ECTICon.2015.7207069

Abstract: Digital contents have been increasing rapidly in which they can contribute to business-to-customer productivity growth. A number of Mobile Digital Rights Management (MDRM) protocols have been proposed. The aim of MDRM is to distribute digital contents to consumers in a controlled manner that can protect the copyright of digital contents. Some protocols do not provide necessary security properties; hence, they may not be suitable for mobile network. This paper introduces MDRM protocols for distribution of digital contents. The proposed protocols deploy limited-use offline session key generation and distribution technique to enhance security and importantly make it lightweight and more secure. Moreover, the proposed protocols are suitable for current mobile infrastructure and thus maintain ease of use.

Keywords: content management; copy protection; copyright; cryptographic protocols; digital rights management; mobile computing; mobile radio; telecommunication security; MDRM protocol; business-to-customer productivity growth; consumers; digital content copyright protection; digital content distribution; limited-use offline session key generation; mobile digital right management; mobile infrastructure; mobile network; security enhancement; security property; Copyright protection; Encryption; Licenses; Mobile communication; Protocols; Data Protection; MDRM; Mobile Digital Right Management; Mobile Security; OMA DRM; ROAP (ID#: 16-9370)



Sone, M.E., "Efficient Key Management Scheme to Enhance Security-Throughput Trade-Off Performance in Wireless Networks," in Science and Information Conference (SAI), 2015, pp. 1249-1256, 28-30 July 2015. doi: 10.1109/SAI.2015.7237304

Abstract: Wireless network security schemes are characterized by parameters such as processing time and the avalanche property. These parameters tend to adversely affect the efficiency of the wireless network namely; throughput of network and lost/ retransmitted packets. The undesirable effects of processing time and avalanche property are due to the fact that, existing implementation of wireless security schemes is based on symmetric cryptography. The avalanche property makes a block cipher secure but in turn reduces throughput since it causes them to be sensitive to bit errors. In addition, processing time through the many rounds required to establish a session key increases the round trip time (RTT) for a message significantly. Hence there is need to implement a wireless security scheme which could minimize both the processing time and the avalanche property. The paper introduces a new algorithm for wireless security based on RSA public-key cryptography, convolutional codes and subband coding. It describes implementation using small integer key lengths thereby minimizing processing time and avalanche property since it is based on asymmetric cryptography. Future works in this study can show that, the implementation can fit in a single FPGA device which is close to a wireless transmitter and receiver at access points (APs).

Keywords: convolutional codes; error statistics; public key cryptography; radio networks; radio receivers; radio transmitters; telecommunication network management; telecommunication security; AP; RSA public-key cryptography; RTT; access points; asymmetric cryptography; avalanche property; bit errors; block cipher security; convolutional codes; efficient key management scheme; lost-retransmitted packets; round trip time; subband coding; symmetric cryptography; trade-off performance; wireless network security schemes; wireless receiver; wireless transmitter; Convolutional codes; Cryptography; Encoding; Filter banks; Forward error correction; Throughput; Cipher text; Field Programmable Gate Array (FPGA); Residue Number System (RNS); Rivest, Shamir and Adleman (RSA) cryptography; Trellis Coded Modulation (TCM); moduli set; residue number system (RNS) (ID#: 16-9371)



Salvi, S.; Sanjay, H.A.; Deepika, K.M.; Rangavittala, S.R., "An Encryption, Compression And Key(ECK) Management Based Data Security Framework For Infrastructure as a Service in Cloud," in Advance Computing Conference (IACC), 2015 IEEE International, pp. 872-876, 12-13 June 2015. doi: 10.1109/IADCC.2015.7154830

Abstract: Cloud Computing is the recent technology that is based on shared pool of resources and provides features like Ubiquitous access, multi-tenancy, flexibility, scalability and pay as you use, which makes it more resource efficient and cost effective. But Cloud-based systems open unfamiliar threats in authentication and authorization. Explicit authorization accordance must be defined at smallest level, especially in multi-tenant environments. The liaison between Cloud Service Provider & customer must also be clearly mentioned in relation like who holds administrative rights and indirect access to privileged customer information. Moreover the scenario of cloud in educational and research community is still developing and has some security concerns. This paper provides a brief review about Cloud Security concerns for adoption of cloud computing in data sensitive research and technology aided education. Also this paper proposes, ECK based framework for securing end-user data in Community Cloud. Implications and considerations for additional research are provided as well.

Keywords: authorisation; cloud computing; cryptography; data compression; message authentication; ECK management; authentication; authorization; cloud computing security; cloud-based system; data security framework; encryption compression and key management; infrastructure as a service; Cloud computing; Computer architecture; Encryption; Virtual machining; Cloud Computing; Data Securtiy; Educational Cloud(Edu-Cloud); Virtual Machine(VM); Xen Server (ID#: 16-9372)



Senan, S.; Hashim, A.A.; Othman, R.; Messikh, A.; Zeki, A.M., "Dynamic Batch Rekeying Scheme using Multiple Logical Key Trees for Secure Multicast Communication," in Computing, Control, Networking, Electronics and Embedded Systems Engineering (ICCNEEE), 2015 International Conference on, pp. 47-51, 7-9 Sept. 2015. doi: 10.1109/ICCNEEE.2015.7381426

Abstract: A group key management has an important role in multicast security in order to achieve data integrity and confidentiality. The session key is a common secret key for a group of users in key trees that is shared securely and efficiently among them. It is used to encrypt other session keys and transmitted data in order to protect group communication. This paper proposed a new key management protocol using Multiple Logical key trees for dynamic groups. To minimize the communication overhead of rekeying process, a one-way key derivation are integrated with multiple logical key trees. New keys created by the server of the key tree are not sent to the members who are able to derive their own keys. As a result each rekeying process requires less number of encrypted keys sent within the group tree. The performance analysis of the proposed scheme shows that it has less communication cost than the other compared protocols.

Keywords: computer network security; cryptographic protocols; data integrity; multicast protocols; private key cryptography; trees (mathematics);communication overhead minimization; data confidentiality; data integrity; dynamic batch rekeying scheme; group communication protection; group key management; key management protocol; multicast communication security; multiple logical key tree; secret key; session key encryption; Multicast security; batch rekeying; group key management (ID#: 16-9373)



Tawde, R.; Nivangune, A.; Sankhe, M., "Cyber Security in Smart Grid SCADA Automation Systems," in Innovations in Information, Embedded and Communication Systems (ICIIECS), 2015 International Conference on, pp. 1-5, 19-20 March 2015. doi: 10.1109/ICIIECS.2015.7192918

Abstract: Cyber attacks into modern SCADA (Supervisory Control and Data Acquisition) lead to vulnerabilities as International Electrotechnical Commission (IEC) 61850 has no security features inbuilt. IEC 62351 is used to secure IEC 61850 profiles. SCADA power utilities, using IEC 61850 protocol, are facing problem of key management as it is not outlined in IEC 62351. In recent times, key management in SCADA networks is a major challenge. Due to lack of resources and low latency requirements in SCADA networks, it is infeasible to use traditional key management schemes such as RSA based PKI (Public Key Infrastructure).This paper will give a general insight on the development of security mechanisms to secure substation level SCADA communication which has a Bump-in-the-wire (Bitw) device. Finally, we propose a security solution to eliminate the problem of key management by integrating CDAC's key distribution and management protocol Sec-KeyD into IEC 62351 to secure IEC 61850 protocol.

Keywords: IEC standards; SCADA systems; protocols; public key cryptography; smart power grids; substation automation; Bitw device; CDAC key distribution protocol; CDAC key management protocol; IEC 61850 protocol; IEC 62351;International Electrotechnical Commission standard; RSA based PKI key management scheme; Sec-KeyD protocol; bump-in-the-wire device;cyber attack security; public key infrastructure; smart grid SCADA automation system; substation level SCADA communication security mechanism; supervisory control and data acquisition system; Authentication; Cryptography; IEC Standards; Protocols; Substations; Authentication; Bump-in-the wire; IEC 61850; IEC 62351; Key Management (ID#: 16-9374)



Gopalakrishnan, S.; GaneshKumar, P., "Secure and Efficient Transmission in Wireless Network using Key Authentication Based Secured Multicasting Technique," in Advanced Computing and Communication Systems, 2015 International Conference on, pp. 1-4, 5-7 Jan. 2015. doi: 10.1109/ICACCS.2015.7324064

Abstract: Multicasting is one of the fast and simple ways of transmitting a same data to multiple people at the same time in the network which saves the transmission time. Since multicasting is taking part of transmitting to multiple people there are chances for creating vulnerability against various attacks. In the existing system, MKMP - Multicast Key Management protocol is used in which the session information about the users is given to the sub stations for various groups. It is difficult to understand the user list under the sub stations, and there are chances to miss or mismatch the user list with the station information. To overcome this problem, in this paper KABSM-[Key Authentication based Secured Multicasting] approach is introduced and it provides a citizenship key for activating every functionality of the nodes in the network like, entering into a region, while communication etc. In this approach a dynamic key is generated and assigned to entire nodes in the network. The simulation result shows that the efficiency of the proposed approach is more sleuth to the existing approach.

Keywords: cryptographic protocols; multicast communication; radio networks; telecommunication security; KABSM; MKMP; dynamic key; key authentication based secured multicasting technique; multicast key management protocol; secure transmission; session information; station information; transmission time; user list; wireless network; Authentication; IEEE 802.11 Standard; Multicast communication; Protocols; Throughput; Wireless LAN; Wireless networks; Key Management; Multicast Key Management; Secured Multicasting; WLAN (ID#: 16-9375)



Kavitha, R.J.; Caroline, B.E., "Hybrid Cryptographic Technique for Heterogeneous Wireless Sensor Networks," in Communications and Signal Processing (ICCSP), 2015 International Conference on, pp. 1016-1020, 2-4 April 2015. doi: 10.1109/ICCSP.2015.7322653

Abstract: The wireless sensor networks are always deployed in hostile and pervasive environment. They are prone to security threats and they do have a wide range of applications like military, environmental monitoring, health care, etc... traditional network security methods are not up to the mark due to limited resources. Several key management schemes have been proposed security in HSN. In this paper, we propose a key distribution scheme based on random key pre-distribution for heterogeneous sensor networks to achieve better security and performance compared to homogeneous networks, which is suffer from high communication overhead, computation overhead and high storage requirements. A combination of symmetric and asymmetric keys were tried (hybrid), where the cluster head and BS use public key encryption based on ECC, while using symmetric key encryption between the adjacent nodes in the cluster.

Keywords: public key cryptography; telecommunication computing; ubiquitous computing; wireless sensor networks; BS; asymmetric key encryption; cluster head; heterogeneous wireless sensor network security method; high communication overhead; high computation overhead; high storage requirements; hostile environment; hybrid cryptographic technique; key distribution scheme; key management scheme; pervasive environment; public key encryption; random key pre-distribution scheme; security threats; symmetric key encryption; Elliptic curve cryptography; Encryption; ISO Standards; Wireless sensor networks; Yttrium; Heterogeneous wireless sensor network; elliptic curve cryptography (ECC);key management; symmetric encryption (ID#: 16-9376)



Kiviharju, M., "Attribute Pooling for Cryptographic Access Control," in Military Communications and Information Systems (ICMCIS), 2015 International Conference on, pp. 1-12, 18-19 May 2015. doi: 10.1109/ICMCIS.2015.7158677

Abstract: The need to securely share classified information is a long-standing open problem, especially in large and dynamic environments. Multiple large scale approaches, such as NATO Object Level Protection (OLP) and Content-based Protection and Release (CPR) address parts of this problem. CPR contains an example for enforcement paradigm called Cryptographic Access Control (CAC), to enable combining protection and release policies with content, user and terminal properties (or attributes) cryptographically. The main element of CAC in this case is called attribute-based encryption, or ABE. With ABE it is possible to enforce very fine-grained policies, but combining attributes from users and terminals for general policies is cumbersome and not directly possible with existing schemes. We present in this paper a key-management encryption scheme on top of a multi-authority ABE solving the key pooling problem. Direct applications include a more efficient and general CAC approach for e.g. CPR to enable more secure handling of multi-level secure, encrypted content. Indirectly, the more general framework of CAC itself is completed with this functionality.

Keywords: authorisation; cryptography; CAC; CPR; OLP; attribute pooling; attribute-based encryption; content-based protection and release; cryptographic access control; key pooling problem; key-management encryption scheme; multiauthority ABE; multilevel secure encrypted content; object level protection; release policies; terminal properties; Algorithm design and analysis; Cryptography; ABE; CAC; CPR; LW-ABE; MLS; OLP; key management; provable security (ID#: 16-9377)



Manjunath, C.R.; Anand, S.; Nagaraja, G.S., "An Hybrid Secure Scheme for Secure Transmission in Grid Based Wireless Sensor Network," in Advance Computing Conference (IACC), 2015 IEEE International, pp. 472-475, 12-13 June 2015. doi: 10.1109/IADCC.2015.7154753

Abstract: In a Wireless Sensor Networks (WSNs) the sensor nodes are placed in an environment depending on the applications where secure communication is in high demand. To ensure the privacy and safety of data transactions in the network, a unique identification for the nodes and secure key for transportation have become major concerns. In order to establish a secure communication channel in the network, care and address the recourse constraints related to the devices and the scalability of the network when designing a secure key management. An approach for secure communication channel establishment is made in order to suite the functional and architectural features of WSNs. Here a hybrid key management scheme for symmetric key cryptography is attempted to establish a secure communication. An ECC and DH based key management and a certificate generation scheme, where the key is generated to decrypt the certificates to establish link for communication in the network. The hybrid scheme is tested based on amount of energy consumed and security analysis by simulation.

Keywords: data privacy; public key cryptography; telecommunication power management; telecommunication security; wireless sensor networks; DH based key management; Diffie-Hellman based key management; ECC; WSN; certificate generation scheme; data transactions; elliptic curve cryptography; grid based wireless sensor network; hybrid key management scheme; hybrid secure scheme; secure communication channel; secure key management; secure transmission; security analysis; sensor nodes; symmetric key cryptography; Base stations; Clustering algorithms; Elliptic curve cryptography; Elliptic curves; Wireless sensor networks; Elliptic Curve Cryptography; Wireless Sensor Networks; certificate; key establishment; scheme; secure communication (ID#: 16-9378)



Haddad, Z.; Mahmoud, M.; Taha, S.; Saroit, I.A., "Secure and Privacy-Preserving AMI-Utility Communications Via LTE-A Networks," in Wireless and Mobile Computing, Networking and Communications (WiMob), 2015 IEEE 11th International Conference on, pp. 748-755, 19-21 Oct. 2015. doi: 10.1109/WiMOB.2015.7348037

Abstract: In smart grid Automatic Metering Infrastructure (AMI) networks, smart meters should send consumption data to the utility company (UC) for grid state estimation. Creating a new infrastructure to support this communication is costly and may take long time which may delay the deployment of the AMI networks. The Long Term Evolution-Advanced (LTE-A) networks can be used to support the communications between the AMI networks and the UC. However, since these networks are owned and operated by private companies, the UC cannot ensure the security and privacy of the communications. Moreover, the data sent by the AMI networks have different characteristics and requirements than most of the existing applications in LTE-A networks. For example, there is a strict data delay requirement, data is short and transmitted every short time, data is sent at known/predefined time slots, and there is no handover. In this paper, we study enabling secure and privacy preserving AMI-UC communications via LTE-A networks. The proposed scheme aims to achieve essential security requirements such as authentication, confidentiality, key agreement and data integrity without trusting the LTE-A networks. Furthermore, an aggregation scheme is used to protect the privacy of the electricity consumers. It can also reduce the amount of required bandwidth which can reduce the communication cost. Our evaluations have demonstrated that our proposals are secure and require low communication/computational overhead.

Keywords: Long Term Evolution; data protection; power grids; power system security; power system state estimation; smart meters; telecommunication security; LTE-A network; Long Term Evolution-advanced network; UC; aggregation scheme; communication cost reduction; electricity consumer privacy protection; grid state estimation; privacy-preserving AMI-utility communication; secure AMI-UC communication; smart grid automatic metering infrastructure network; smart meter; utility company; Authentication; Delays; Privacy; Smart grids;Smart meters; Wireless communication; Data Aggregation; Key Management; LTE security and privacy preservation; Smart grid AMI (ID#: 16-9379)



Adeka, M.; Shepherd, S.; Abd-Alhameed, R.; Ahmed, N.A.S., "A Versatile and Ubiquitous Secret Sharing," in Internet Technologies and Applications (ITA), 2015, pp. 466-471, 8-11 Sept. 2015. doi: 10.1109/ITechA.2015.7317449

Abstract: The Versatile and Ubiquitous Secret Sharing System, a cloud data repository secure access and a web based authentication scheme. It is designed to implement the sharing, distribution and reconstruction of sensitive secret data that could compromise the functioning of an organisation, if leaked to unauthorised persons. This is carried out in a secure web environment, globally. It is a threshold secret sharing scheme, designed to extend the human trust security perimeter. The system could be adapted to serve as a cloud data repository and secure data communication scheme. A secret sharing scheme is a method by which a dealer distributes shares of a secret data to trustees, such that only authorised subsets of the trustees can reconstruct the secret. This paper gives a brief summary of the layout and functions of a 15-page secure server-based website prototype; the main focus of a PhD research effort titled `Cryptography and Computer Communications Security: Extending the Human Security Perimeter through a Web of Trust'. The prototype, which has been successfully tested, has globalised the distribution and reconstruction processes.

Keywords: Internet; cloud computing; message authentication; trusted computing; ubiquitous computing; AdeVersUS3; Adekas Versatile and Ubiquitous Secret Sharing System; Web based authentication scheme; cloud data repository secure access; human trust security perimeter; secure data communication; secure server-based Website prototype; threshold secret sharing scheme; Computer science; Cryptography; Electrical engineering; IP networks; Prototypes; Radiation detectors; Servers; (k, n)-threshold; authentication; authorised user; cloud data repository; combiner; cryptography; dealer or distributor; human security perimeter; interpolation; key management; participants (trustees); secret sharing (ID#: 16-9380)



Talawar, S.H.; Hansdah, R.C., "A Protocol for End-to-End Key Establishment During Route Discovery in MANETs," in Advanced Information Networking and Applications (AINA), 2015 IEEE 29th International Conference on, pp. 176-184, 24-27 March 2015. doi: 10.1109/AINA.2015.183

Abstract: An end-to-end shared secret key between two distant nodes in a mobile ad hoc network (MANET) is essential for providing secure communication between them. However, to provide effective security in a MANET, end-to-end key establishment should be secure against both internal as well as external malicious nodes. An external malicious node in a MANET does not possess any valid security credential related to the MANET, whereas an internal malicious node would possess some valid security credentials related to the MANET. Most of the protocols for end-to-end key establishment in MANETs either make an unrealistic assumption that an end-to-end secure channel exists between source and destination or use bandwidth consuming multi-path schemes. In this paper, we propose a simple and efficient protocol for end-to-end key establishment during route discovery (E2-KDR) in MANETs. Unlike many other existing schemes, the protocol establishes end-to-end key using trust among the nodes which, during initial stage, is established using public key certificate issued by an off-line membership granting authority. However, the use of public key in the proposed protocol is minimal to make it efficient. Since the key is established during route discovery phase, it reduces the key establishment time. The proposed protocol exploits mobility to establish end-to-end key, and provides comprehensive solution by making use of symmetric keys for protecting routing control messages and end-to-end communication. Moreover, as the end-to-end keys are established during route discovery phase, the protocol is on-demand and only necessary keys are established, which makes the protocol storage scalable. The protocol is shown to be secure using security analysis, and its efficiency is confirmed by the results obtained from simulation experiments.

Keywords: cryptographic protocols; mobile ad hoc networks; multipath channels; private key cryptography; routing protocols; telecommunication security; wireless channels; E2-KDR; MANET; end-to-end secure channel; end-to-end shared secret key; malicious node; mobile ad hoc network; multipath scheme; off-line membership granting authority; protocol storage; public key certificate; route discovery; routing control message protection; secure communication; security analysis; Ad hoc networks; Mobile computing; Public key; Routing; Routing protocols; Key Management; Mobile Ad hoc Network (MANET); Secure Routing (ID#: 16-9381)




Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.