2009 IEEE International Advance Computing Conference (IACC 2009)Patiala, India, 6-7 March 2009

KeyBunch:A Novel Approach to Key Management

Vinoth Chandarl, Raghavan Muthuregunathan2

1. Graduate Student, Department ofcomputer science University ofTexas -Austin, email.-mail. vinoth. chandar@,gmail. com, 2. Undergraduate student, Department ofInformation Technology,

Madras Institute ofTechnology Anna University, Chennai, email. raghavan. mit(&gmail.com

keys, it didn't have much impact in performance due toadvancements in hardware technology. There are two major

Abstract-Information Security is an indispensable types of cryptographic techniques namely public keyrequirement in any network environment. Compromising cryptography, example RSA and Symmetric Keyon security may lead to serious technical and social ill cryptography, example AES. Public key cryptography is moreeffects. Security is achieved by encryption and decryption computationally intensive than symmetric cryptography; butof data. Traditionally a symmetric key is initially shared offers more security[12]. Many existing cryptosystems use abetween the two communicating nodes via a public key combination of the two to ensure optimal performance. Acryptography. The session is then secured using the shared public key technique such as Diffie-Hellman[8] key exchangekey for encryption and decryption of messages. However is used to exchange a session key between communicatingsecurity of the system can be enhanced if the single shared principals in a very secure manner. This is an optimal schemekey is replaced by a bunch of keys together with a because the shorter data unit (key) is encrypted using publicmechanism to determine the sequence in which the keys key cryptography and the larger data units (data) areare used. In this way, the session is not compromised just encrypted using symmetric key cryptography. The sharedby cracking a single key and a high level of security is secret key is the vital component and if it is compromised, theassured and number of communications involved between adversary can gain access to the entire session.the two communicators in order to exchange the To improve the security, a key element, from a set ofsymmetric key is decreased. Our work explains the independent keys maintained at both the sender and receiver,concept of keybunch,how it works?, Protocol of key bunch may be used to encrypt and decrypt each message. The set ofexchange in unicast and multicast scenarios and resistance keys and the associated parameters are referred to as a Keyagainst attacks. Bunch. Today's computers can comfortably handle a fair

number of keys for a single session without degradation inKeywords: KeyBunch, Key Management,Unicast,Multicast performance. This is where the proposed approach takes

advantage of the modern hardware technology in terms ofhigher available memory for storing keys and faster machines

1. INTRODUCTION to handle the overhead associated with KeyBunchSecurity is an important aspect in any network application maintenance. The transmission of the KeyBunch can also be

[5]. Without security many network applications like ATM accommodated by high capacity networks and also the factmachines, Internet banking would fail which would lead to that network capacity is underutilized in most networks.greater financial losses [6]. As per Moore's law and Section 2 defines a Key Bunch and its components. SectionMetcalfe's law, the processing power of computers and value 3 and 4 deal with unicast and multicast scenarios for applyingof network are increasing exponentially. In addition to that, the protocol. Section 5 handles losses and section 6 evaluatestechnologies like Grid Computing are offering large the level of security offered, section 7 & 8 deals withcomputational power at cheap cost. Though these changes are experimental results and overheads, Section 9concludes.fruitful, it calls for change in modification of existing securityinfrastructure. These changes bear a direct impact to 2. KEY BUNCHinformation security [7].New threats can arise out of increasedavailability of computational power. As a result, a brute force As mentioned above,a single shared key is replaced by aattack can be executed in relatively lesser time. Thus, there is bunch of keys along with a technique to identify the order ina need for more sophisticated security mechanisms to counter which the keys are used for encryption and decryption. Thethe new threats, taking advantage of the same advancements schematic diagram of KeyBunch is shown in the figure 1.in technology that created the threats in the first place. Forexample, ABS replaced DES [13]when DES was declaredhackable in finite amount of time. Although ABS uses longer

978-1-4244-1888-6/08/f$25.OO Q 2008 IEEE 1252

For carrying out the cryptographic functions, the key in K____P___ I n corresponding to the value of the current state, is used. k sv[Cs]

points to a key in the Keyset K with index SV[CS]Encryption: EK = [plain text] k sv[cs

4 n Decryption: DK = [cipher text] k svIcs,l= I | t =t- = 1 gl l The notational conventions used in this text are as in Table 1.

I V | |vI-data}K Encryption using key K.I I bI - ____________ dataJK- Decryption using key K.

.-I '7 H ConcatenationK m PKx- Private Key of principal X

Cs PKx+ Public Key of principalXX-*Y:M X sends message M to Y

R@ Table 1: Notational conventions___________ < KK denotes the Key set encrypting key that is used toWet _ I j securely exchange key set K of the Key Bunch between the

' communicating principals. Its use will be made clear in theFigure 1: Schematic diagram of key bunch later sections.

It consists of a set of keys K, from which one key will beused to secure a message between the sender and the receiver. 3.UNICAST SCENARIODifferent messages may be encrypted using different keys Unicast communication involves one-to-onefrom K. The number of keys in K and the order in which they communication between a sender and a receiver. Keyare to be used are determined by exchange of parameter P,Q,R management protocol for unicast communication usingat the start of the transmission, such that KeyBunch involves exchange of parameters P,Q,R at the start

P>1 and O<Q <P of the communication. Additionally, the symmetric cipherThese parameters P, Q and R are critical to the successful key algorithm used and the key length may be exchanged. Eachmanagement. When deciding the values of these parameters, principal may define its own Key Bunch that defines the keysthe implementer can take into account various factors like and mechanisms to be used to secure data sent to that principalnetwork bandwidth, processing speed of the communicating by other entities. Thus, for a full-duplex communication, thesystems, etc. With advancements in the hardware technology individual one way communications may have different levelsand availability of enormous computation power one can think of security due to a separate KeyBunch for messagesof choosing relatively high values for these parameters. The addressed to an entity, as shown in Figure 2.choice is left to the implementer based on the need. From, Pand Q, two more values m and n are derived by raising Q and Node A Node A Sends Node BP respectively, to the power of 2. parameters P,Q,R,

m =22 and n=2p e KeyBunch ofA to node Keybunch of AB _ |R is a n-bit number that defines the sequence in which the I ecyI

encryption keys are selected from the set K. R is split into n/m byNodeA eusingcaryparts each containing m-bits. Each m-bit string corresponds to key from keybunch ofindex of a key inside K, such that A

K = {k i}; i=O to 2'-1 total number ofkeys in K is I] = 2'. (111BusesEach m-bit value in R is called a state. The variable CS is a Node B Sends Keybunch of

pointer to the current state. Initially CS is at the first m-bit parameters P,Q,R, A to decryptblock of R and for every cryptographic operation i.e. KeyBunch of B to the messageencryption or decryption, it moves to the next m-bit block on Keybunch of

neKeybunch of B

the right. After it reaches the final m-bit block, it will cycleback to the first block on the next move. Thus, value of CScan range from 0 to (n/m)-l. For the ith transmission, CS rpoints to i mod (n/m)th block. A uses Message encryptedThe value of a state is denoted by SV and it is just the value to decrypt the key from keybunch ofrepresented by that state's m-bit string. SV can be defined for message Ball states from 0 to (n/m)-l and each of the n/m values canrange from 0 to 2m-1. SVj denotes the value of the j th state. Figure 2:KeyBunch in case of Unicast scenarioThe value of the current state is given by The Figure illustrates communication between two nodes A

and B. This has its own advantages, though it may takeSV[CS]= SVcs additional storage for an extra KeyBunch. When the security

of the communication from A to B is compromised, B candetect it and restore the security since communication from Bto A is not compromised. A maintains two Key Bunches

2009IEEE InternationalAdvance Computilng Conference (IACC 2009) 1253

totally. One for messages received from B (KeyBunch B) and and interpreted as in Table 2.the other for messages sent to B (KeyBunch A). Similarly,two Key Bunches are maintained at B also. For correct PI header PI infoencryption at A and decryption at B, the Key Bunches for 00 (do nothing)messages from A to B (Key Bunch A) must be synchronized 01 Last Received (LR)-at both A and B. It is similar in case of messages sent from B indicates the greatestto A. message sequence number

3.1 Key Bunch Exchange in Unicast Scenario with all previous messagesA -* B :{{Key length Algorithm PA QA RA KKAI received without any loss.

TS1} PKA- } PKB+ Table 2 Piggybacking InformationA > B :{KA} KKA LR value is sent every nA/mA messages so that the buffer doesB > A :{{Key length Algorithm IPB QA RB KKB not overflow .When PI information with header 1 isTS2} PKB} PKA+ received,all messages in the buffer with sequence number lessB >+ A :{KB} KKB than or equal to LR are removed from the buffer. Sender tries

to encrypt and send the remaining messages again to theThe first message provides B with information of Key receiver assuming some decryption failure has occurred in the

Bunch A. All messages from A to B will be encrypted same order as theyswere indthere buffer.according to this information. Key length specifies the number Receivinrat B.of bits in the key to be used and Algorithm, for example DES, BReiData IIPB:ISEQ II TS] k[s(A1 [decryptionAES is the cipher function used for encryption and B:DaaIP]ISE IIT]k/VsA -derpinAES s thciher uncton sed or ecrytionand B CSA++ (mod nA/mA) [increment CS to next state for keydecryption. PA,QA and RA are the corresponding KeyBunch hCA /parameters for A. KKA is the key of A used to encrypt the set

bunch of ]paraetes for A.KKAyisnthe key of Ausedtomes p

encr ted eto B decrypts the message applying the key corresponding toof Keys in the Keybunch and TS1 iS a timestamp included to cfetsaeo t e uc fABas hniceet hprevent replay attack of this message by an adversary. The current state Csv eyinor to s hon then kncr h

current state CS value in order to synchronize the key Bunch.entire message is signed using private key of A for In case of decryption failure, it then recovers the SEQ andestablishing authenticity and encrypted using B 's public key PI by applying public and private keys. During nextto preserve secrecy. The second message is that node Aencrypts the set of keys of the Key Bunch to be used using the oneulessthan t recd SE number ofth e ecryptokey set encrypting key KKA.. one less than the received SEQ number of the decrypteon

The next (third) message provides A with Key Bunch B failed packet. Any PI information is also processed.with similar information. All messages from B to A will be 4.MULTICAST SCENARIOencrypted using this information. The fourth message is that Bencrypts the set of Keys in key Bunch B using KKB and send Multicast communication involves a group ofto A. Thus we need an exchange of four messages for principals which share information. Message is sent to thesecuring a full duplex session as per proposed technique. group efficiently using IP multicast. Securing such a group

3.2 Data Transmission communication involves a group key which is known only toOnce the key Bunches are synchronized at both the the group members. There are several approaches to

communicating nodes A and B.Data from node A to node B is generation and distribution of group keys [11]. Applyingencrypted using a key from key Bunch A based on the KeyBunches to group communication, the group key isparameters P,Q ,CSand R replaced by a group KeyBunchG. An entity designated as theSending data from node A to node B: Key Management Entity (KME) does the task of deciding andA -* B :[Data IIPJ1I SEQ 11 TS]k[SVcs(A)I 11 [[SEQ 11 PI]PKA distributing the parameters of the group KeyBunchG. Any]PKB+ multicast key management protocol must consider threeA: CSA++ (mod nVmA) [increment CS to next state for key aspects of group communication - Member join, Memberbunch ofA] leave and Data transmissionk[SVcs(A)] -keyfrom the key setK on the ofSVcs 4.1 Member Join (Backward Secrecy)basis ofkey bunch AA encrypts Data, PJ,Sequence number and Time Stamp using (Unicast) KME NU: [[Key length II Algorithm II PG II QGa key from the Key Bunch based on the state value pointed by II RGG II KKNUII TS]PKKIME-PKNU+CS.Then the sequence number and Piggy backing information (Unicast) KME -* NU: [KGneWJKKNuPI is encrypted using private key of A and public key of B (Multicast) KME ROG: [KGnewkSVG[CsGJ ; ksvG[csGJ 6and are concatenated with original encrypted message and KGldsent to B.The important role that SEQ plays in handling losses ROG: Set their CS to 0.is explained in later section. Each node maintains a buffer for

The KME generates new Key Bunch parameter KGnew (set ofstoring messages it sent to the other node. The message is alsostre in th bufra .Atr sedn th* esae A keys used in the group KeyBunch) and distributes to new user

updates~~~~~~~~ ~itCStthnetsaePTdntsigyckg (NU) along with the other parameters as before for unicastinfrmaiousd fr anaingbuferI i o thfrm scenario. KME does not change the other parameters of

[Pl headerl lP1 info] KeyBunchG . In addition , the new key set KGIIeW is multicasted

11254 2009 IEEE Internactionalz Advance Computing Conference (IACC 2009)

to the rest of the group (ROG) using the key from the previous handled by protocols such as sliding window protocol. ManyKeyBunchGparameter KGo1d. CSG is set to 0 everywhere. This reliable multicast protocols[10] are also available likemeans that the set of keys are transmitted all over again to RMTP[9]. Hence, the focus for loss handling will be onROG. However this provides high level of security since it unicast communications over UDP/IP. Losses are handled byguarantees backward secrecy. If the network cannot support a way of retransmission. Two types of retransmission aremulticast packet with all the key for every join request, then possible.the following alternate scheme can be used. 1. Receiver specifies LR and sender retransmits all messages

after LR (recall the interpretation of LR from section 3.3).(Unicast) KME -* NU: [[Key length 11 Algorithm 1I PG 1I QG This involves low computational overhead but higher11 RGnew KKNU TS}PKKME-}PKNU+ bandwidth usage.(Unicast) KME -* NU: [SS,KG}KKNU; SS=CSG+l 2. Receiver specifies the packets which are to be retransmitted(Multicast) KME ROG: [RGnew}ksvG[csGJ; kSVG[CSGJeKG again and the sender sends only those messages, in the sameCSG++ order in which their sequence numbers were received. This

involves higher computational overhead but lower bandwidthIn the alternate scheme, KME does not generate a set of keys. usage.Instead a new R value is generated and sent along with other For this purpose, a control packet is defined and is sent to theparameters to the new user. The new user also gets a SS(start other principal encrypted using the key encrypting key. Let'sstate) to fix his Key Bunch's initial CS value and thus consider a control packet (refer Table 3 for interpretation) sentsynchronize it with ROG. The new R value is then multicasted from A to B.to ROG and CSG is updated. This level does not guarantee A -* B. {Control Header Control Info}KKAbackward secrecy since the keys are same as before. However, Header Following Info Meaningthe order in which they were used is unknown to the NU since 00 LR For retransmissionit only sees the new R value. It would still require 0(2m * using type 1(n/m)) computation to recover the entire past session. This 01 Seqlll ... Seqi Sequence Number ofscheme is quite useful when the number of keys is large. That lost messages to beway, the size of the key set to be multicasted will be high and retransmitted using typeso will be the computational complexity to crack the section. 2The choice is left to the implementers to choose the correct 10 RnewlISS New R value and startbalance between security and network bandwidth usage. state within R

4.2 Member Leave (Forward Secrecy) Table 3 Control InformationOn member leave, a new set of keys are generated and The loss detection and the overall message processing logic

unicasted to each member using the Key encrypting key that it are illustrated in Figure 3. When a message is received, theshared at the start with the KME. data part is decrypted using the key from the KeyBunch as(unicast) KME -* User U: [KGnew}KKu usual. If it decrypts well, then usual processing is done and theThis ensures forward secrecy i.e. the past members of the signed SEQ part is just ignored. If it fails, it may be a controlgroup cannot have access to the new sessions. message that has to be decrypted using the sender's key

. 4.2 Data Transmission encrypting key. If it's the case, then the required controlEach group member maintains the group KeyBunchG. processing such as retransmission or updating new R value is

Any message sent by group members is sent to all members Of done. If both cases fail then there must have been a loss. Thethe group by encrypting it by the corresponding key of CSG as signed SEQ part is decrypted using proper public and privatebefore. CS value is updated only upon receipt of the message keys. The SEQ number within that indicates the state thesince even the data source (DS) will receive a copy of the sender's KeyBunch is in. The receiver updates thepacket it sends, when IP multicast is used. corresponding KeyBunch's CS value using CSnew= SEQ (mod

n/m). It then decrypts using the key corresponding to the new(Multicast) DS -* Group: {data SEQ TS} ksVGfCSGJ; CS value and initiates a retransmission mechanism by sendingksvGfcsGJ £ KG a control packet. Thus, after retransmission all missing

SEQ and TS have the same interpretation as before. messages are obtained and communication proceeds again.

5.HANDLING LOSSESA reliable medium is pivotal to the success of this protocol.

When packets are lost, the packets arriving at the destinationwill be out of order and will be decrypted using the wrong keyfrom K. This will result the KeyBunches at the sender andreceiver to go unsynchronized and all further decryptions willfail. So, loss handling mechanisms are needed to incorporatesuccessful communication. Losses in TCP environment are

2009 IEEE Inxternational Advanxce Computing Conference (IACC 2009) 1255

ReceiveMessage Unicast: Replay attacks are thwarted using a timestamp andRecelv Message sequence numberSITECBX Multicast: Some entity within the group may pretend to be the

,-'Decrypt As Data source and try to suppress the actual data source. In such.Ai$ 7 LTsi a case, the KME (Key Management Entity)should detect this

MIessage DHeciypdor and change the group key set as if the malicious user has left.SUCCESS Suieccssfil _ In effect, the malicious user is expelled from the group.

UpdaU te CS Replay attacks are prevented in the same waytsingKK 6.4 Modification

IAILUFLE Process Control Sam tries to modify the message sent to the bob, in transit.Message E.g.: phishing [15]. It's an active attack.

Unicast: All parts of the message are encrypted. Sam cannotLoss: DecreptX modify the message.usmg key= Multicast: Sam cannot modify the message in this scenarioSEQ(mod nlm) also.X X ~~~~~SYNCCS

</X | Sender |7.EXPERIMENTAL RESULTSThe weakness of the cipher algorithm, to cryptanalysis, if

any, can be exploited by Sam, in gaining access to theRetinsmission message content. But, the focus will be on how the use of aMl-chanismi KeyBunch will improve security. It is evident that since all the

KeyBunch parameters are exchanged securely and hiddenfrom Sam, he will have no idea of what keys are used and thesequence in which they are used. He will also have no idea

________ about the splitting ofR into m-bit blocks.This section analyzes the increase in computational

Figure 3: Loss Handling complexity for doing a brute force attack i.e. trying allpossible combinations and finding the key. The analysis

6.EVALUATION OF SECURITY compares the conventional single sshared key case with the

Many techniques exist in literature for formal verification KeyBunch protocol for different values ofm = 1, 3, 5, 7(2, 8,ofa security protocol [2,3,4].Almost all of them have had 32,128 number of keys respectively; since number of keys is

thaeir .rign frothe BAN logi [ T ofthem'had

given by 2m). Let kl be the keylength of the algorithm used.their origins from the BAN logic [1]. The security of theAsm httecmaio sdn sn h aecpe

protocol can be measured in tes of its resistance to attacks. function keylength and the same decrypting hardware. In theAttacks can be classified into four major categories. Let Alice fion,keylengthadeisae decypting hadw re.inesend a message to Bob. The following presents an analysis of hsingle key case, there is only one key and time to compromise

theproocointh fae o thse ttcksforuniastan the total security takes 0(2k1) time. Unit time denotes the timemulticast scenarios, taken for one decryption. While using KeyBunch, all keys

6.1 Interruption have to be found to compromise the total security. It willThe adversary ,say Sam, prevents packets from reaching definitely take 0(2m+kl) time for a given value of m as

bob to block the required service provided. E.g.: DOS[14]. It's presented i Figure 4an active attack. DE S(56 bit ke,j

DES(§56 bit keo)Unicast: Sam captures packets to bob and this would cause

1 JJOE+i 9 -decryption to fail. This case is handled just like a loss. It's 9 18hard to prevent e O&O+I-Multicast: Here also, the same attack is possible as for unicast 6JOOE+1Ia6.2 Interception JE+

Sam listens to messages on the wire and tries to read it 4.OOE+1 |though he does not have the key used to encrypt the message. 33DOE+l -

2.OOE+1 8E.g.: Eavesdropping It's a passive attack. |1JJOE+1DUUnicast: The message contains fully encrypted content and SihJeKevy m=1 M=3 m=5 m-7intercepting such a message, Sam cannot understand anything. Figure 4: Time to compromise a sessionMulticast: Here also, the same attack is possible as for unicast. It is evident and a straight forward result that with the

6.3 Fabrication greater number of keys, it requires more computation to breakSam sends a message to bob as if the sender created it. the security. The problem that Sam may have here is that he

E.g.: Spoofing [16]. It's an active attack. cannot be sure if he has cracked all the keys or not. He alsohas no guarantee that a key that he has found will help to

11256 2009 IEEE Internactionalt Advance Computing Conference (IACC 2009)

crack the next message as well. So, in effect, he has to try to falling prices of computer memory. The processing requiredcrack every message as if it were new. Let the number of keys for purging the buffer and processing control information isfound by Sam be denoted by KF, which is initially zero. To very much acceptable. The memory requirement for acrack a message, Sam first tries it with all the keys he has KeyBunch includes buffer for storing messages and thediscovered so far. If they all fail, then he does a brute force KeyBunch itself.attack. Only after he finds all the keys, can he crack every Let S be the size of a message to be stored in buffer.Let KLmessage in 0(2") time. Let tm denote the time to crack a be length of a key in the Key Bunch.Number of Keys inmessage when KeyBunch is used. This time depends on the KeySet of KeyBunch is 2m. Let the size of Buffer be B whichnumber of keys found so far, KY. must have atleast n/m slots to store the messages.

tm= 0( (Probability that the required key is already found)* B = S * (n/i)KF) +0 (Probability that the key is not found) * (2k)) Size of KeyBunch - * KLSam first tries to crack message in linear time from the already Memory overhead Size of Buffer ± Size of Key Bunchfound key set KF. On failing he goes for the costly operation Memory overhead = (S*(n/m)) + (2m * KL)of 0(2kl). After finding all the keys in key set of Key Bunch, 9. CONCLUSION AND FUTURE WORKSam executes a 0(2m) operation to crack the message.The time taken to crack all messages in constant 0(2m) time is Thus, a new approach to key management in Unicast anddenoted by t,. multicast scenarios was discussed and resistance against a few

tc= 0( (KF/2m) *KF) +0( (1- (KF/2m)) (2k)) attacks are analyzed. Security, by itself, is an overhead forKF= o to 2m communication and if more security is needed, additional

For a fixed value of kl and two values for m=5 and m=3 , the overheads are to be tolerated. Although this scheme involvestime taken for cracking a message is plotted against the some overheads in order to manage the set of keys used, it isnumber of keys found when attempting to crack the kept within an acceptable level that can be accommodated bymessage(refer Figure 5). the current hardware and network technologies. Future work

Time to crack a message will involve further research to unearth any other attacksspecific to this protocol and also evolve schemes for mutual

~m-5m=3: recovery from an attack. This paper presented a generalized8E+16 - scheme for applying the concept of KeyBunches. In the7E+1l future, some existing security protocols would be strengthened

and extended by applying KeyBunches5E+164E+16 10-EERNE3E+162E+16 [1] Abadi et al., "A logic of authentication", ACM SIGOPSE+16 _ Operating Systems Review Vol 23 , no 5, pp. 1-13, 1989

[2] V. Varadharajan and Y. Zhang, "A logicfor modeling the1 3 5 7 9 1113 15 17 19 21 23 25 27 29 31 33 dynamics of beliefs in cryptographic protocols", in theHurrt r1ke& k Australasian Computer Science Conference, pp. 215-222,

Figure 5: Time taken to crack a single message Queensland, Australia, 2001.As more keys are found, the time taken reduces drastically and [3] Gong et al., "Reasoning about belief in cryptographic

protocols" Proceedings of the IEEE Symposium on Researchreaches a constant after all keys are found. However, in the . g yCin'. Security and Privacy, pp. 234-248, California, USA, 1990.single key case, the most time consuming computation with 4

KY0isdn oc adfomter neahmesg'cnb [4] L.C. Paulson, "The inductive approach to verifyingcaKedisdonc osteant 0(1) time. Compearisonssiiate that

b cryptographic protocols", Journal of Computer Security Vol 6cracked in constant O(1) time. Comparisons indicate that No 1-2 pp.85128, 2000.cracking a message using KeyBunch is harder For m=3, it [5] A. Burns et al., "On the meaning of safety and security".requires 4.5 times more computation than the single key case The Computer Journal, Vol 35, no 1, pp. 3-15, 1992.and for m=5 the increase in computational complexity is 16.5. [6] Ross Anderson, "Why cryptosystems fail", in 1st ACMThis is a tall order for any computing facility. Thus , use of conference on Computer and communications security,KeyBunch makes the system totally computationally secure pp.215-227, Virginia, United States, 1993.

[7] Houston H. Carr et al., "Threats to Information Systems:8. OVERHEAD Today's Reality, Yesterday's Understanding", MIS Quarterly,

Use of KeyBunches involves some storage overheads and Vol. 16, No. 2, pp. 173-186, 1992.also little processing overhead for managing the buffer. The [8] Whit Diffie and Martin Hellman. "New Directions In

processingovrha ismnmzdb.ain ufrfrls Cryptography ". IEEE Transactions on Information Theory,management so that the message need not be encrypted again. Vo 22 'o6 p6464 96Thus processing overheads are minimized by having storageoverhead and this is indeed more affordable due to the ever

2009 IEEE Inxternational Advanxce Computing Conference (IACC 2009) 1257

[9]Lin J and Paul S, "RM1TP: A reliable multicast transportprotocol", Proceedings of IEEE Infocom, pp 1414-1425. SanFrancisco. CA, USA.1996.[10]Brian Neil Levine and J.J. Garcia-Luna-Aceves, "Acomparison of reliable multicast protocols", MultimediaSystems, Vol.6,no.5, pp.334-348,1998.[11] D. Hutchison and S. Rafaeli, "A survey of keymanagement for secure group communication", ACMComputing Surveys (CSUR), Vol 35, no 3, pp. 309-329,2003.[12] D. Dolev and A. Yao, "On the security of public-keyprotocols ", IEEE Transactions in Information Theory, Vol 29,no 2, pp.198-208, 1983.[13] Don Coppersmith, "The data encryption standard (DES)and its strength against attacks", IBM Journal of Researchand Development, Vol 38, no 3,pp. 243-250, 1994.[14] Lee Garber, "Denial-of-Service Attacks Rip the Internet",IEEE Computer, Vol.33, no.4, pp.12-17, 2000[15] Rachna Dhamija and J. D. Tygar, "The battle againstphishing: Dynamic Security Skins", in Symposium on Usableprivacy and security(SOUPS 05),pp.77-88, Pittsburgh, USA,2005[16] Tamara Dinev, "Why spoofing is serious Internetfraud",Communications of the ACM, Vol 49, no 10,pp. 76-82,2006[17] Dongang Liu,Peng Ning,Kun Sun, "Efficient self-healinggroup key distribution with revocation capability", 10th ACMconference on computer and communications security 2003[18] B Wu, J Wu, EB Fernandez, M Ilyas, S Magliveras -"Secure and efficient key management in mobile ad hocnetworks" Journal of Network and Computer Applications, -Elsevier ,2007[19] J Van Der Merwe, D Dawoud, S McDonald ,"A surveyon peer-to-peer key management for mobile ad hocnetworks", - ACM Computing Surveys (CSUR), 2007[20] Yvo Desmedt, Mike Burmester,Towards practical "proven secure" authenticated keydistribution, Proceedings of the 1st ACM conference onComputer and communications security, 1993

11258 2009 IEEE Internactionalz Advance Computing Conference (IACC 2009)