Lightweight Noninteractive Membership Authentication and Group Key Establishment for WSNs

Cheng, Qi; Hsu, Chingfang; Harn, Lein

doi:https://doi.org/10.1155/2020/1452546

Mathematical Problems in Engineering

On this page

Abstract Introduction Preliminaries Analysis Conclusion Data Availability Conflicts of Interest Authors’ Contributions Acknowledgments References Copyright Related Articles

Research Article | Open Access

Volume 2020 | Article ID 1452546 | https://doi.org/10.1155/2020/1452546

Lightweight Noninteractive Membership Authentication and Group Key Establishment for WSNs

Qi Cheng,¹Chingfang Hsu,²and Lein Harn³

Academic Editor: Salvatore Strano

Received08 Jan 2020

Revised28 Mar 2020

Accepted30 Apr 2020

Published16 May 2020

Abstract

Wireless sensor networks (WSNs) exhibit their potential capacity in the next generation of mobile communication networks and wireless systems (5G). Collected data in WSNs are different from most data transmitted in digital communication applications. Most collected data in WSNs contain only few bits of information. Conventional protocols are not suitable for WSNs since this environment needs more flexible and lightweight protocols for secure group communications. Hence, how to realize the mutual secure and lightweight communication is a big challenge for WSNs. User authentication and key establishment are two fundamental security services in secure communications for WSNs. In this paper, we propose a novel design which embeds the function of membership authentication and group key establishment in WSNs. By using an asymmetric bivariate polynomial, membership authentication and pairwise shared keys distribution are realized. Then, each member mixes his/her input with pairwise shared keys with other members and releases the encrypted value in a broadcast channel. After collecting all released values, each member can compute the group key efficiently. Our proposal is noninteractive and lightweight. As it enjoys low computation and communication costs compared with the state-of-the-art cryptographic solutions, this design is more suitable for efficient membership authentication and group key establishment in WSNs.

1. Introduction

Wireless Sensor Networks (WSNs) have been developed to collect data remotely for various applications [1, 2]. For example, data have been collected for traffic analysis, weather prediction, and medical analysis, etc. [3, 4]. For security reason, the collected data need to be protected from eavesdropping. Data encryption requires that both the source node and the receiver node share a pairwise shared key. The source node encrypts the collected data under the shared key, and the receiver node decrypts the ciphertext under the shared key to recover the data.

In general, security research studies in WSNs are focused on the development of key establishment and key management solutions. Random key predistribution schemes [5–7] have been developed to allow two sensors to establish a shared key. The random key distribution is a probabilistic scheme and does not guarantee connectivity in WSNs. Each sensor is preloaded with k keys randomly selected from a large pool of keys. Blom [8] proposed the first pairwise key establishment scheme based on threshold cryptography. This approach is a deterministic scheme which can guarantee connectivity in WSNs. Blundo et al. [9] have discussed the key establishment using polynomials. Khan et al. [10] proposed a predistribution scheme using a symmetric matrix and a generator matrix of maximum rank distance to establish pairwise keys for sensor nodes. Group key distribution based on bivariate polynomials [11–14] has also been developed to allow a group of sensors to establish a shared key deterministically. The design of WSNs has been classified into two types: flat and hierarchical. In flat WSNs, all sensors have the same capabilities to collect data and forward data to other sensors in the network. In hierarchical WSNs, devices are organized into a hierarchy based on their capabilities. The key management protocols in WSNs have also been proposed according to two different types: flat and hierarchical.

Collected data in WSNs are different from most data in digital communication applications. Most collected data, for example, weather/traffic data, in WSNs contain only few bits of information. Conventional protocols are not suitable for WSNs since WSNs need more fast and lightweight protocols for secure group communications.

User authentication and key establishment are two fundamental security services in secure communications for WSNs. User authentication is the process of determining whether someone is, in fact, who it is declared to be. Key establishment is the process of distributing a secret communication key to all users. The key can be used to protect the secrecy or integrity of exchange messages in the communication.

In general, key distribution schemes can be classified into two types: centralized key distribution schemes (CKDs) and distributed key distribution schemes (DKDs). In CKDS, the key distribution is served by using a server. During registration, each user needs to share a secret key with the authentication server. Then, later, a one-time session key is determined by the server and is encrypted with the preshared key. The ciphertext is sent to each user in a one-to-one communication. This type of key distribution is very efficient, and the security is based on a trusted server. There are many practical network security schemes which use this type of key distribution, for example, the Kerberos [15] and IEEE 802.11 [16]. In DKDs, the key distribution is performed by all users. Every user needs to interact with every other user to finally determine a one-time session key which is only known to all participated users. Diffie–Hellman public-key distribution scheme [17] is one of the most well-known DKD. Many research papers [18, 19] have proposed schemes in the literature which belong to this type of key distribution schemes. In DKD, there is no centralized trust and there are more interactions among users.

Most traditional communications are one-to-one type of communications. The majority of key distribution schemes focus on developing ways to establish a pairwise shared key between two users. Modern communications are no longer interested in one-to-one type of communication but in one-to-many type of communications, such as multicast or conference, in which a group key needs to be established among all users. Diffie–Hellman public-key distribution scheme [17] invented in 1976 only works to establish a pairwise shared key between two users. But, Diffie–Hellman key distribution scheme only works for two users. There are many research papers [18, 19] to extend the original Diffie–Hellman scheme to establish a group key. In 2004, Joux [20] devised a simple three-party Diffie–Hellman group key exchange scheme based on bilinear pairings. Pairing-based cryptography is the use of a pairing between elements of two cryptographic groups and a third group with a mapping. By utilization of the extended Chebyshev chaotic maps, Abbasinezhad-Mood and Nikooghadam [21] proposed an anonymous password-authenticated key exchange protocol. In 1992, Blundo et al. [9] proposed a noninteractive k-secure m-conference scheme based on a multivariate polynomial. Their scheme can establish a conference key of m participants. The storage space of each user is exponentially proportional to the size of conference. This makes their scheme impractical for a group with large size. Laih et al. [22] proposed the first group key distribution scheme based on the secret-sharing scheme. During registration, each group member obtains a token from the group manager. The group manager can distribute a group key to all participated members in broadcasting transmission. There are many published papers based on this approach [23, 24].

In this paper, we propose a novel design which embeds the function of membership authentication and group key establishment. We present this efficient lightweight membership authentication and group key establishment based on an asymmetric bivariate polynomial and the logic Exclusive (XOR) operation function. During registration, each member will receive a “token” from the membership registration center (MRC). Tokens are generated by an asymmetric bivariate polynomial, and each token is a univariate polynomial. Each member uses the token for membership authentication, pairwise shared key establishment. Then, by using the logic Exclusive (XOR) operation function, each member mixes his/her input with pairwise shared secrets with other users and uses his/her pairwise shared keys to encrypt the computed value and then sends this value to other members. After collecting all values from other members, each member can compute the group key. This proposed lightweight scheme is especially suitable for WSNs.

In summary, we list the contributions of this paper as follows:(i)An efficient lightweight membership authentication and group key establishment for WSNs is proposed.(ii)Tokens generated by an asymmetric bivariate polynomial initially can be used for membership authentication and pairwise shared key establishment.(iii)Our proposed approach is very efficient since there is no need for additional membership authentication and pairwise shared key establishment.(iv)Our protocol is secure against inside attackers and outside attackers. Furthermore, confidentiality, authentication, freshness, forward secrecy, and backward secrecy of group key can be achieved.(v)One unique feature of our group key establishment is that the XOR operation is the main computation, so it is lightweight.

The organization of this paper is as follows. In Section 2, we provide some preliminaries about bivariate polynomials. In Section 3, we present the model of our protocols including the protocol description, types of adversaries, and security properties of our proposed protocol. Our proposed protocol including three parts (a) token generation, (b) membership authentication, and (c) group key establishment is given in Section 4. In Section 5, we analyze the security and performance of this protocol. The conclusion is given in Section 5.

2. Preliminaries

In Shamir’s SS [25], the dealer selects a univariate polynomial, with degree and where is the secret. The dealer generates shares, for shareholders, where is a prime with and is the public information associated with each shareholder, Each share, is an integer in Shamir’s SS satisfies security requirements of a SS, that is, (a) with or more than shares can reconstruct the secret and (b) with fewer than shares cannot obtain any information of the secret. Shamir’s SS is unconditionally secure.

In Shamir’s SS, shareholders cannot verify the validity of their shares obtained from the dealer. In 1985, Chor et al. [26] extended the notion of SS and proposed the first verifiable secret sharing (VSS). Verifiability is the property of a VSS which allows shareholders to verify their shares. Invalid shares may be caused either by the dealer during share generation or by channel noise during transmission. VSS is performed by shareholders after receiving their shares from the dealer and before using their shares to reconstruct the secret. If invalid shares have been detected, shareholders can request the dealer to regenerate new shares. There are many VSSs [27–32] using bivariate polynomials, denoted as BVSSs. A bivariate polynomial with degree can be represented as where We can classify BVSSs into two types, the symmetric BVSSs, denoted as SBVSSs [28, 30, 32], and the asymmetric BVSSs, denoted as ABVSSs, [27, 29, 31]. If the coefficients satisfy it is a symmetric bivariate polynomial. Shares generated by a bivariate polynomial can be used to establish pairwise keys between any pair of shareholders. In all SBVSSs, the dealer selects a bivariate polynomial, with degree , and where is the secret. The dealer generates shares, for shareholders, where is a prime with and is the public information associated with each shareholder, Each share, is a univariate polynomial with degree . Note that shares generated in a SBVSS satisfy and the pairwise key, can be established between the pair of shareholders, and In a similar way, in a ABVSS, the dealer generates a pair of shares, and for each shareholder, and the pairwise secret key, or can also be established between the pair of shareholders, and .

In this paper, we propose a novel design of efficient lightweight membership authentication and group key establishment for WSNs. Our design integrates solutions of membership authentication, pairwise shared key establishment, and group key establishment together. In other words, we propose to use a bivariate polynomial to generate tokens. Tokens of members obtained during registration can be used for (a) membership authentication; (b) pairwise shared keys distribution; and (c) group key establishment. However, most of the existing cryptographic solutions need additional membership authentication and shared keys distribution and also need interactive communications or complex computations for encryption and decryption [33–36].

3. Model of Our Proposed Protocol

In this section, we describe the model of our proposed membership authentication and group key agreement protocol for WSNs including the network model and security model, which provide the type of adversaries and security features.

3.1. Protocol Description for the Network Model

Without loss of generality, suppose that there has a mutually trusted membership registration center (MRC) and there are users involved in group communications. Each user is required to register at MRC, and MRC manages all registered users which includes removing any unsubscribed users or adding new users. In order to achieve secure communications, each group’s session key is needed to be securely distributed to all corresponding group members in prior of exchanging messages. Typically, if all participants are members and act honestly, the protocol is successful; i.e., only the members belonging to the same group can derive this group’s session key. Otherwise, it fails, i.e., group members obtain nothing. Thus, membership authentication before the group key establishment is necessary.

In our proposed protocol, each user needs to register at the MRC initially and obtain secret token. The MRC selects an asymmetric bivariate polynomial and generates tokens. Token of each user is two univariate polynomials: one is degree in and the other one is degree in .

In order to establish a secure group communication involving (i.e., ) members, it requires to execute a membership authentication first in which all participated users interact with each other to prove that they belong to the same group. In the membership authentication, each member needs to broadcast a random integer. After receiving all random integers, each member needs to use his secret tokens to compute pairwise shared keys and then compute a hash output as his authentication response. Members can use this authentication response to authenticate his membership. This membership authentication can also identify nonmembers. At the end of membership authentication, each member knows exactly the memberships of users participated in the secure group communication. Then, by using XOR operation function, each member mixes his/her input with pairwise shared keys and, after that, uses his/her pairwise shared keys to encrypt the computed value, and next, sends this value to other members. After collecting all values from other members, each member can compute the group key; that is, a secret group session key is obtained by each member individually. There is no interaction with other members to compute the group key. Thus, our proposed protocol is very efficient in both membership authentication and group key establishment since there is only broadcast transmission. Furthermore, the computation of each member needs only polynomial evaluation, XOR computation, and hash function which are much faster than most public-key computations. We will give detail discussion for its performance evaluation in Section 5.

3.2. Security Model

Now, we introduce the security model which include the type of adversaries and the required security features for secure group communication. These security requirements will be analyzed in Section 5.

3.2.1. Type of Adversaries

We consider two types of attacks: inside and outside attacks. The inside attackers are legitimate members who have obtained valid tokens from MRC initially. From inside attack, colluded members try to recover the MRC’s secret polynomial used to generate tokens for members and then use these uncovered tokens to obtain group keys which they are not authorized to access. On the other hand, the outside attackers are illegitimate members who try to generate valid tokens of members and use them to impersonate members in a secure group communication or to recover secret group keys which they are not authorized to access. In Section 5, we will give the detailed security analysis about these two types of attackers.

3.2.2. Security Features

For secure group communication, the group key establishment protocol needs to have the following security features.(a)Correctness: the protocol can successfully authenticate memberships of all participated users and then establish a secret group key among all members.(b)Freshness of authentication response: the authentication responses generated by members in the membership authentication can only be used for one time. This feature can prevent replay attack in which attackers replay recorded authentication response to fail the membership authentication.(c)Freshness of group keys: the secret group key generated by members in the key establishment can only be used for one time communication. This feature can prevent attackers to reuse previously compromised group keys to gain access to other secure communications.(d)Freshness of the group key authentication: recording a previously used authentication cannot impersonate a member since this random integer is different in every session.(e)Forward secrecy of group keys: the forward secrecy is ensured if a departing member cannot access the content of communications of any future group session.(f)Backward secrecy of group keys: the backward secrecy is ensured if a new member cannot access the content of communications of any past session.

4. Our Proposed Protocol

In this section, we present a membership authentication and group key establishment protocol using an asymmetric bivariate polynomial and XOR operation function. The protocol is described in Algorithm 1. There are three phases in our protocol, i.e., token generation, membership authentication, group key establishment, and authentication. For every phase, we give the illustrative figure, respectively, in Figures 1–3.

	Token generation
	For n users the MRC selects a random asymmetric polynomial, where is degree in and degree (i.e., ). We will prove this condition in Theorem 1 in , , and is a prime integer with The MRC computes a pair of shares, and for each user, where is the public information associated with each user, The MRC sends each pair of shares as ’s token, to user through the secure channel.
	Membership authentication
	We assume that (i.e., ) users, for example want to engage in a group key establishment in WSNs.
	Step 1. Each member broadcasts a random integer, to all other members, where .
	Step 2. Assume that the value with is used as the pairwise shared key between the shareholders and Each member uses one of shares of his token, or to compute pairwise shared keys, between any other users, where is the secret key shared between users, and
	Step 3. Each member computes authentication responses, where is a one-way hash output with and as inputs. Each is sent to member publicly for authentication.
	Step 4. After receiving from member the member uses his computed pairwise shared key, in Step 2 to compute and check whether If the checking is successful, member has been authenticated; otherwise, member has not been authenticated. Repeat this process for all other members
	Group key establishment and authentication
	Let us assume that at the end of membership authentication, all m members, have been successfully authenticated. Then, members follow an XOR operation algorithm to complete the group key establishment process. However, all exchange information among members is encrypted under the pairwise shared keys, , in the Step 2 of membership authentication.
	Step 1. Each member needs to select a secret input and broadcasts a random integer, to all other members, where .
	Step 2. Each member uses his pairwise shared keys with other members to compute
	Step 3. Each member uses his computed pairwise shared keys, in the Step 2 of membership authentication to encrypt as Member sends each to member
	Step 4. After receiving from other member, member uses his computed pairwise shared key, in the Step 2 of membership authentication to decrypt as Repeat this process for all
	Step 5. After obtaining from all other members, member computes , where is the XOR operation.
	Step 6. Each member computes and broadcasts and then checks if where and is a one-way hash output with and as input If the checking is successful, the group key has been authenticated, is the secret group communication key; otherwise, the group key has not been authenticated. Repeat this process for all group members

5. Analysis

In this section, we address the security and performance of our proposed protocol.

5.1. Security Analysis

In this section, we discuss security features and possible attacks of our protocol as described in Section 3.2.

5.1.1. Security Features

(a)Correctness: In membership authentication, if all participated users are members as they claimed in Step 1 of membership authentication, each member, in Step 2 should be able to compute the pairwise shared key Thus, in Step 4, the authentication response, can be used to verify ’s membership by . Nonmembers cannot forge this authentication response since nonmembers do not know the secret tokens of member, In group key establishment, the correctness of this property comes from the rule of XOR operation and thus, , (b)Freshness of authentication response: in Step 3 of membership authentication, the authentication response, is a hash output of pairwise shared key and random integer selected by participated member initially. Recording a previously used authentication response cannot impersonate a member since this random integer is different in every session.(c)Freshness of group keys: in the group key establishment, the group key, , is determined by ’s secret input initially. This group key is different in every session.(d)Freshness of the group key authentication: in Step 6 of group key establishment, the authentication is a one-way hash output with input group key determined by each member’s secret input and sum of random integers selected by the participated member initially. Recording a previously used authentication cannot impersonate a member since this random integer is different in every session.(e)Forward secrecy of group keys: if a member has departed from the group, the departed member cannot access the content of future communications since the any group key, can only be computed by members involved in the secure communication.(f)Backward secrecy of group keys: if a member joins the group, the new member cannot access the content of any past communications since the any group key, can only be computed by members involved in the secure communication.

5.1.2. Possible Attacks

Theorem 1. (inside attack). In the proposed protocol, if , it needs at least insider attackers to work together to reconstruct the tokens. The proposed protocol can resist up to colluded members to recover the secret polynomial of MRC.

Proof. Inside attackers are legitimate members who own valid tokens from the MRC during registration.
Since is an asymmetric polynomial of degree in x and degree in which contains different coefficients. In the proposed scheme, each token contains two univariate polynomials with degree in and degree in respectively. In other words, each user can use his token to establish linearly independent equations in terms of the coefficients of the asymmetric bivariate polynomial When there are colluded users with their tokens together, they can establish total equations. At the same time, for colluded users, there are pairwise keys. Hence, having colluded users’ shares, the total number of linearly independent equations is . If the number of coefficients of the bivariate polynomial is larger than the number of linearly independent equations available to the colluded users (i.e.,), they cannot recover the bivariate polynomial. Hence, they cannot learn any information of the secret. From we obtain Hence, if , it assures that colluded inside adversaries cannot recover the secret polynomial selected by MRC initially. Thus, it needs at least inside attackers to work together to reconstruct the tokens. The proposed protocol can resist up to colluded members to recover the secret polynomial of MRC. According to the security level requirement, the proper values of and can be selected. For example, when , all member collusions cannot recover the secret polynomial of MRC.

Theorem 2. (outside attack). In the proposed protocol, the outside attacker cannot obtain any secret information.

Proof. Outside attackers are illegitimate users who do not own any valid tokens from MRC. The outside attackers may try to impersonate members in the group key establishment to obtain the group key. However, since in the group key establishment, all exchange information of legitimate members are encrypted using pairwise shared keys and outside attackers do not own any valid token to recover any pairwise shared key, so the outside attacker cannot obtain any secret information.

5.2. Performance Evaluation

Most of the latest schemes can either provide user authentication or group key establishment separately [37–40]. They need additional membership authentication and shared keys distribution and also need interactive communications and complex computations for encryption and decryption. We first discuss performance features of our protocol as follows.

Compared with the existing schemes, our protocol can provide both membership authentication and group key establishment simultaneously. By using a bivariate polynomial, membership authentication and pairwise shared keys distribution are realized at the same time. Then, just by the XOR operation, each member mixes his/her input with pairwise shared keys with other members and releases the encrypted value in a broadcast channel. After collecting all released values, each member can compute the group key efficiently. In our protocol, tokens of members obtained during registration can be used for (a) membership authentication; (b) pairwise shared keys distribution; and (c) group key establishment. It is very efficient.

According to the definition in most communications, “Interactive communications” means acting one upon or with the other. In our group key establishment phase, each member computes his/her own values and releases the values to others without “waiting” for other members’ inputs. In other words, each member does not need waiting time in computing and releasing values to other members. We call this property “noninteractive,” which can speed up the communication process significantly.

Our proposal is noninteractive, computation-efficient, and lightweight, which has the advantages in storage, computation, and communication cost. Specific analysis is as follows.

5.2.1. Storage Cost

In our protocol. each member needs to store a token, which consists of two univariate polynomials: one is degree in and the other one is degree in . Thus, each shareholder needs to store coefficients of a univariate polynomial. The storage requirement for each user is bits, where is the modulus. This polynomial-based modulus is far less than public-key-based modulus.

5.2.2. Computation Cost

For our protocol, in Step 2 of membership authentication, when evaluating the polynomials, Horner’s rule [32] can be used to reduce the computational cost. Each shareholder needs to compute pairwise shared keys, by evaluating different polynomials. Using Horner’s rule, evaluating a polynomial of degree needs multiplications and additions. In addition, each member needs to generate one authentication response and to verify authentication responses. Since each authentication response is a hash output, each member needs to compute hash outputs. In steps of group key establishment, there are all XOR operations, symmetric encryption, and decryption operations which is very efficient in comparing with all existing protocols. Finally, there is only computing hash function to authenticate the group session key by each member. The computation load of our proposed protocol is much simpler than most public-key based schemes. For example, the RSA [41] public-key operation requires approximately modulo multiplications (i.e., in RSA, N is at least 1024 bits).

5.2.3. Communication Cost

The communication of membership authentication is performed completely in the broadcast channel. The total communication time is to transmit random integers, and authentication responses for all participated group members. To establish the group key, the total communication time is to transmit random integers, -encrypted messages and hash outputs to authenticate the group session key for all participated group members. In our protocol, all transmitted data are computed on polynomial-based modulus. Furthermore, since our protocols are noninteractive, all released values can be broadcasted simultaneously and they are very efficient.

6. Conclusion

We have proposed a novel design of lightweight membership authentication and group key establishment protocol for WSNs. Our protocol provides both membership authentication and group key establishment simultaneously. However, all existing schemes can provide membership authentication and key establishment separately. We have included the security analysis and performance evaluation in the paper. Our protocol is very efficient in terms of computation and communication, so it is absolutely attractive for secure group communications in WSNs.

Data Availability

The data used to support the findings of this study are included within this article.

Conflicts of Interest

The authors declare that they have no conflicts of interest.

Authors’ Contributions

Chingfang Hsu and Qi Cheng contributed equally to this work.

Acknowledgments

This work was partially supported by the National Natural Science Foundation of China (Grants nos. 61772224 and 61872152), the Fundamental Research Funds for the Central Universities (No. CCNU19TS019), and the Research Planning Project of National Language Committee (No. YB135-40).

References

A.-N. Shen, S. Guo, and H.-Y. Chien, “An efficient and scalable key distribution mechanism for hierarchical wireless sensor networks,” in Proceedings of the 2009 IEEE Sarnoff Symposium, pp. 1–5, Princeton, NJ, USA, March 2009.
View at: Publisher Site | Google Scholar
O. Cheikhrouhou, “Secure group communication in wireless sensor networks: a survey,” Journal of Network and Computer Applications, vol. 61, pp. 115–132, 2016.
View at: Publisher Site | Google Scholar
Q. Jiang, N. Zhang, J. Ni, J. Ma, X. Ma, and K.-K. Raymond Choo, “Unified biometric privacy preserving three-factor authentication and key agreement for cloud-assisted autonomous vehicles,” IEEE Transactions on Vehicular Technology, 2020.
View at: Publisher Site | Google Scholar
Q. Jiang, Z. Chen, J. Ma, X. Ma, J. Shen, and D. Wu, “Optimized fuzzy commitment based key agreement protocol for wireless body area network,” IEEE Transactions on Emerging Topics in Computing, 2019.
View at: Publisher Site | Google Scholar
L. Eschenauer and V. D. Gligor, “A key-management scheme for distributed sensor networks,” in Proceedings of the 9th ACM Conference on Computer and Communications Security-CCS ’02, pp. 41–47, Washington, DC, USA, November 2002.
View at: Publisher Site | Google Scholar
H. Chan, A. Perrig, and D. Song, “Random key predistribution schemes for sensor networks,” in Proceedings of the IEEE Symposium on Research in Security And Privacy, pp. 197–213, Berkeley, CA, USA, May 2003.
View at: Google Scholar
W. Du, J. Deng, Y. S. Han, S. Chen, and P. K. Varshney, “A key management scheme for wireless sensor networks using deployment knowledge,” in Proceedings of the INFOCOM 2004, vol. 1, p. 597, Hong Kong, China, March 2004.
View at: Publisher Site | Google Scholar
R. Blom, “Non-public key distribution,” in Advances in Cryptology: Proceedings of Crypto, D. Chaum, R. L. Rivest, and A. T. Sherman, Eds., pp. 231–236, Plenum, New York, NY, USA, 1982.
View at: Publisher Site | Google Scholar
C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro, and M. Yung, “Perfectly-secure key distribution for dynamic conferences,” in Advances in Cryptology, E. F. Brickell, Ed., pp. 471–486, SpringerVerlag, Berlin, Germany, 1992.
View at: Publisher Site | Google Scholar
E. Khan, E. Gabidulin, B. Honary, and H. Ahmed, “Matrix-based memory efficient symmetric key generation and pre-distribution scheme for wireless sensor networks,” IET Wireless Sensor Systems, vol. 2, no. 2, pp. 108–114, 2012.
View at: Publisher Site | Google Scholar
A. Albakri and L. Harn, “Non-Interactive group key pre-distribution scheme (GKPS) for end-to-end routing in wireless sensor networks,” IEEE Access, vol. 7, pp. 31615–31623, 2019.
View at: Publisher Site | Google Scholar
A. Albakri, L. Harn, and S. Song, “Hierarchical key management scheme with probabilistic security in a wireless sensor network (WSN),” Security and Communication Networks, vol. 2019, Article ID 3950129, 11 pages, 2019.
View at: Publisher Site | Google Scholar
L. Harn, C.-F. Hsu, O. Ruan, and M.-Y. Zhang, “Novel design of secure end-to-end routing protocol in wireless sensor networks,” IEEE Sensors Journal, vol. 16, no. 6, pp. 1779–1785, 2016.
View at: Publisher Site | Google Scholar
L. Harn and C.-F. Hsu, “Predistribution scheme for establishing group keys in wireless sensor networks,” IEEE Sensors Journal, vol. 15, no. 9, pp. 5103–5108, 2015.
View at: Publisher Site | Google Scholar
N. Clifford, H. Sam, Y. Tom, and R. Kenneth, “The Kerberos network authentication service (V5),” 2016.
View at: Google Scholar
IEEE 802 LAN/MAN Standards Committee, “IEEE 802.11, the working group setting the standards for wireless LANs,” 2019.
View at: Google Scholar
W. Diffie and M. Hellman, “New directions in cryptography,” IEEE Transactions on Information Theory, vol. 22, no. 6, pp. 644–654, 1976.
View at: Publisher Site | Google Scholar
L. Harn and C. Lin, “Efficient group Diffie-Hellman key agreement protocols,” Computers & Electrical Engineering, vol. 40, no. 6, pp. 1972–1980, 2014.
View at: Publisher Site | Google Scholar
S. Lin, J. Kim, and G. Tsudik, “Flexible robust group key agreement,” IEEE Transactions on Parallel and Distributed Systems, vol. 22, no. 5, pp. 879–886, 2011.
View at: Publisher Site | Google Scholar
A. Joux, “A one round protocol for tripartite Diffie-Hellman,” in Algorithmic Number Theory: 4th International Symposium, ANTS-IV, Lecture Notes in Computer Science, vol. 1838, pp. 385–393, Springer-Verlag, Berlin, Germany, 2000.
View at: Publisher Site | Google Scholar
D. Abbasinezhad-Mood and M. Nikooghadam, “Efficient anonymous password-authenticated key exchange protocol to read isolated smart meters by utilization of extended Chebyshev chaotic maps,” IEEE Transactions on Industrial Informatics, vol. 14, no. 11, pp. 4815–4828, 2018.
View at: Publisher Site | Google Scholar
C. S. Laih, J. Y. Lee, and L. Harn, “A new threshold scheme and its application in designing the conference key distribution cryptosystem,” Information Processing Letters, vol. 32, no. 3, pp. 95–99, 1989.
View at: Publisher Site | Google Scholar
L. Harn and C. Lin, “Authenticated group key transfer protocol based on secret sharing,” IEEE Transactions on Computers, vol. 59, no. 6, pp. 842–846, 2010.
View at: Publisher Site | Google Scholar
R. Jiao, H. Ouyang, Y. Lin et al., “A computation-efficient group key distribution protocol based on a new secret sharing scheme,” Information, vol. 10, no. 5, p. 175, 2019.
View at: Publisher Site | Google Scholar
A. Shamir, “How to share a secret,” Communications of the ACM, vol. 22, no. 11, pp. 612-613, 1979.
View at: Publisher Site | Google Scholar
B. Chor, S. Goldwasser, S. Micali, and B. Awerbuch, “Verifiable secret sharing and achieving simultaneity in the presence of faults,” in Proceedings of the 26th IEEE Symposium on the Foundations of Computer Science, pp. 383–395, Portland, OR, USA, October 1985.
View at: Publisher Site | Google Scholar
R. Cramer, I. Damgard, S. Dziembowski, M. Hirt, and T. Rabin, “Efficient multiparty computations secure against an adaptive adversary,” in Proceedings of 18th Annual IACR EUROCRYPT, Prague, Czech Republic, vol. 1592, pp. 311–326, Springer, 1999.
View at: Publisher Site | Google Scholar
Y. Cheng and D. P. Agrawal, “A improved key distribution mechanism for large-scale hierarchical wireless sensor networks,” Journal of Ad Hoc Networks, vol. 5, no. 1, pp. 35–48, 2007.
View at: Publisher Site | Google Scholar
Y. Desmedt and Y. Frankel, “Shared generation of authenticators and signatures,” in Advances in Cryptology—Crypto ’91, pp. 457–569, Springer-Verlag, Berlin, Germany, 1991.
View at: Publisher Site | Google Scholar
J. Katz, C. Koo, and R. Kumaresan, “Improving the round complexity of VSS in point-to-point networks,” in Proceedings of the ICALP ’08, Part II: Automata, Languages and Programming, vol. 5126, pp. 499–510, Springer, 2008.
View at: Publisher Site | Google Scholar
R. Kumaresan, A. Patra, and C. P. Rangan, “The round complexity of verifiable secret sharing: the statistical case,” in Advances in Cryptology—ASIACRYPT 2010, LNCS, vol. 6477, pp. 431–447, Springer, Berlin, Germany, 2010.
View at: Publisher Site | Google Scholar
D. E. Knuth, The Art of Computer Programming, Semi-Numerical Algorithms, vol. 2, Addison-Wesley, Boston, MA, USA, 1981.
L. Harn and C.-F. Hsu, “A practical hybrid group key establishment for secure group communications,” The Computer Journal, vol. 60, no. 11, pp. 1582–1589, 2017.
View at: Publisher Site | Google Scholar
L. Harn and C.-F. Hsu, “A novel design of membership authentication and group key establishment protocol,” Security and Communication Networks, vol. 2017, Article ID 8547876, 7 pages, 2017.
View at: Publisher Site | Google Scholar
C.-F. Hsu, L. Harn, Y. Mu, M. Zhang, and X. Zhu, “Computation-efficient key establishment in wireless group communications,” Wireless Networks, vol. 23, no. 1, pp. 289–297, 2017.
View at: Publisher Site | Google Scholar
L. Harn, C.-F. Hsu, and B. Li, “Centralized group key establishment protocol without a mutually trusted third party,” Mobile Networks and Applications, vol. 23, no. 5, pp. 1132–1140, 2018.
View at: Publisher Site | Google Scholar
Z. Jiamin, “Cross-cluster asymmetric group key agreement for wireless sensor networks,” Science China Information Sciences, vol. 61, no. 4, Article ID 048103, 2018.
View at: Publisher Site | Google Scholar
Z. Qikun, G. Yong, Z. Quanxin, W. Ruifang, and T. Yu-An, “A dynamic and cross-domain authentication asymmetric group key agreement in telemedicine application,” IEEE Access, vol. 6, pp. 24064–24074, 2018.
View at: Publisher Site | Google Scholar
H. Tan and I. Chung, “A secure and efficient group key management protocol with cooperative sensor association in WBANs,” Sensors, vol. 18, no. 11, p. 3930, 2018.
View at: Publisher Site | Google Scholar
Q. Zhang, Y. Gan, L. Liu, X. Wang, X. Luo, and Y. Li, “An authenticated asymmetric group key agreement based on attribute encryption,” Journal of Network and Computer Applications, vol. 123, pp. 1–10, 2018.
View at: Publisher Site | Google Scholar
R. L. Rivest, A. Shamir, and L. Adleman, “A method for obtaining digital signatures and public-key cryptosystems,” Communications of the ACM, vol. 21, no. 2, pp. 120–126, 1978.
View at: Publisher Site | Google Scholar

Copyright

Copyright © 2020 Qi Cheng et al. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.

PDF Download Citation

Download other formats

Order printed copies