ROBUST AND SECURE AUTHENTICATION PROTOCOL BASED ON COLLABORATIVE KEY AGREEMENT
seminar presentation Active In SP Posts: 582 Joined: Apr 2010 
06062010, 10:13 PM
ROBUST AND SECURE AUTHENTICATION PROTOCOL BASED ON COLLABORATIVE KEY AGREEMENT.docx (Size: 243.74 KB / Downloads: 52) ROBUST AND SECURE AUTHENTICATION PROTOCOL BASED ON COLLABORATIVE KEY AGREEMENT FOR PEER TO PEER OF DYNAMIC GROUP Presented By: J. Armstrong Joseph 1 P. Arockia Jansi Rani 2 Lecturer, St. Peterâ„¢s Engineering College, Avadi, Chennai, India, Lecturer, Manonmaniam Sundaranar University, Tamilnadu, India, ABSTRACT There is a need for security services to provide group oriented communication privacy and data integrity in many grouporiented distributed applications. To provide this form of group communication privacy, it is important that members of the group can establish a common secret key for encrypting group communication data. Consider a group of people in a peertopeer or adhoc network having a closed and confidential meeting. Since they do not have a previously agreed upon common secret key, communication between group members is susceptible to eavesdropping. To solve the problem, we need a secure distributed group key agreement and authentication protocol so that people can establish and authenticate a common group key for secure and private communication. In this project and implimentation modified Treebased Group DiffieHellman protocol has been proposed for a dynamic communication group in which members are located in a distributed fashion and can join and leave the group at any time. Any communication in the group can be encrypted based on the secret key. To provide both backward confidentiality (i.e., joined members cannot access previous communication data) and forward confidentiality (i.e., left members cannot access future communication data), rekeying, which means renewing the keys associated with the nodes of the key tree, is performed whenever there is any group membership change including any new member joining or any existing member leaving the group. For rekeying operations Queuebatch algorithm has been proposed because Queuebatch algorithm performs the best among the three intervalbased algorithms such as rebuild, batch and Queuebatch algorithms. More importantly, the Queuebatch algorithm can substantially reduce the computation and communication workload in a highly dynamic environment. To demonstrate the strength of the system instance messaging has been proposed for implementation. . 1. INTRODUCTION Cause of increased popularity of group oriented applications and protocols, security services are needed to provide communication privacy and integrity in group communications. Secure group communication is not only a simple extension of secure two party communications, there are two important differences. Firstly, protocol efficiency is major concern due to the number of participants and distances among them. The second difference is due to group dynamics (i.e., members join and leave). Twoparty communication can be viewed as it starts, lasts for a while and ends but, group communication is more complicated since it starts, the group mutates such as member join and leave. This complicates presentment security services among key agreement in members of group. We focus dynamic group since they are common in many layer of network protocol stack and applications. In contrast to large multicast groups, dynamic group tend to be small size. Larger member groups are unable to control on peer to peer basis and organized in a hierarchy sort. Dynamic group assume that many â€œmany communication pattern. We consider the dynamic communication group in wh ich members are located in a distributed fashion. The membership of the communication is dynamic so that members can leave and new members can join the group at any time. The contributions our work is The agreement protocol is distributed in nature and does not require a centralized key server. The key agreement is contributively  each member contributes its part to the overall group We use an intervalbased approach using queue batch algorithm to significantly reduce the computation and communication costs of maintaining the group key. To demonstrate the strength of the system such as Secure, robust and efficient key management is critical for secure group communication; instance messaging has been proposed for implementation. The rest of this paper is organised as follows. Section 2 introduces our notation and terminology. Section 3 explains TGDH protocols and tree management. Section 4 explains about analysis of queue batch algorithm based on performance and experimental analysis. The actual protocols described in section 5 and implemented in section 6 for instance messaging. The paper concludes the summary of previous work in section 2. NOTATION AND DEFINITIONS One of the key features is adaptation of key trees for the use in collaborative key agreement. Figure 1. Notation for tree Figure shows an example of key tree. The root is located at level 0 and the lowest leaves of tree are at height Ëœhâ„¢. Since we use the binary trees,[1] ever node is either a leaf or a parent of two nodes. The nodes are denoted <l,v>, where 0 v 2l â€œl. Since each level l hosts at most 2l nodes[2]. The key tree is balanced for node numbering. Thus a nodeâ„¢s <l,v> left and right children have indexes <l+1,2v> and <l+1, 2v+1>, respectively. Each node <l,v> exponentiation in prime order groups, i.e, f(k) = a k mod p [ p is prime integer]. Assuming a leaf node <l,v> assigns the member Mi, then the node <l,v> has Mâ„¢s session random key K<l,v>. Moreover, the member M i at node <l,v> knows every key along the path from <l,v> to <0,0>. In fig, If member M2 owns the tree T2, then M2 knows every key{ K<3,1> , K<2,0>, K<1,0>, K<0,0> } of KEY 2 and every blind key { BK<0,0> , BK<1,0> Â¦ BK<3,7> }on T2. Every key K<l,v> is computed recursively as follows. K<l,v> = ( BK<l+1><2v+1> ) K<l+1,2v>mod p = ( BK<l+1><2v> ) K<l+1,2v+1>mod p = a K<l+1,2v> K<l+1,2v+1> mod p K<0,0> at the root node is the group secret shared by all members. This value is never used as a cryptographic key for the purpose of encryption, authentication or integrity. In turn, such keys are derived from group secret, e.g., by setting Kgroup = h(K<0,0>) where h is the cryptographically strong hash function. 3. TGDH PROTOCOLS Three basic protocols forms the TGDH protocol suite such as join, leave and merge. These protocols all share a common framework with the following notable features. Each group member contributes its share to the group key, which is computed as a function of all shares of current group members. New member shares are factored into the group key and changed the group key at regular interval. Departing member shares are removed from the new key and at least one remaining member changes its share All the protocol messages are assigned by the sender by DSA for security. In our protocol, one of group member involves to compute keys and broadcast the blinded keys to the group at regular intervals. For instance, any member in this group can take this responsibility, we call this member is called Ëœsponsorâ„¢. The sponsor who handles the membership change is determined by each membership event. The ËœLeader is the single member that is responsible for periodically notifying all group members to start rekeying operation synchronously at regular rekeying intervals. 3.1. TGDH Membership events is associated with the key K<l,v> and the blinded key BK<l,v> = f(K<l,v>) where the function is modular Proceedings of the International Conference on Network Security and Workshop 2007 (ICONS 2007) Erode Sengunthar Engineering College, Tamil Nadu, India, 2931 January 2007 A group of key agreement scheme needs to provide key adjustment protocols stemming from membership changes. TGDH includes protocols in supporting of the following operations Join : a new member is added to the group Figure 3. Tree T3 Tree T5 We have n members and a member Mw leaves the group. In this case, the sponsor is the rightmost leaf node of the sub tree rooted at the leaving memberâ„¢s sibling node. Every member updates its key tree by deleting the leaf node corresponding to Mw. The former sibling of Mw is Figure 2. Tree update: Join Assume that the group pf n users {M 1,Â¦Mn}. The new member Mn+1 indicates the protocol by sending a join request that contains its own blinded key BK<0,0>. When current group members receive this message, they first determine the insertion node in the tree. The insertion node is the rightmost node, where the join does not increase height of the key tree. If the key tree is well balanced, the new member joins to the root node. The sponsor is the right most of the leaf node in the sub tree rooted at the insertion node. Next the sponsor creates a new intermediate node and a new member node, and promotes the new intermediate node to be the parent of both insertion node and the new member node. After updating the tree, the sponsor computes the new group key, since it knows all the necessary blinded keys. After computing the group key, the sponsor broadcasts the new tree which contains all blinded keys. All other members update their trees accordingly and compute the new group key. Example of member M4 is joining to a group, where the promoted to replace Mwâ„¢s parent node. The sponsor picks a new secret share, compute all keys on its key path up to the root, and broadcasts the new set of blinded keys to the group key. In figure, if member M leaves the group, every member deletes node <1,1> and <2,2>. After updating the tree, the sponsor M5 picks a new key K<2,3>, recomputed K<1,1>, K<0,0>,BK<2,3> and BK<1,1> and broadcasts the updated tree T5 with its BK*. After receiving the broadcast message, all members compute the group key. Note that M cannot compute the group key, though it knows all the blinded keys, because its shares in no longer part of the group key. Merge: a subgroup is added to the group sponsor M 3 performs the following actions. Figure 4. Tree T5 TreeT7 Tree T5 renames node <1,1,> to <2,2> generates a new intermediate node <1,1> and a new member node <2,3> promotes <1,1> as the parent node of <2,2> and <2,3> Since all members know BK<2,3> and BK<1,0>, M3 can compute the new group key k<0,0>. Every other member performs step1 and 2, but cannot compute the group key in first round. After receiving the blinded keys, every member can compute the group key. Leave: A member is removed from the group. Each sponsor is the right most member of each group broadcasts its tree information with blinded keys to other group. After receiving this message, all members can independently determine the merge position of the two sub trees. If the sub trees have same height, we join one tree to the root node (insertion node) of the other tree. To impose an ordering on the two trees, we compare the identifiers of the sponsors. In turn, the trees are different heights and we join the shallower tree to the deeper tree. The insertion node can be either the right shallowest node (not necessarily a leaf node), where the join does not increase the height of the tree or the root node, if join to any other node increases the height of the key tree. The right most member of the sub tree rooted at the joining location becomes the sponsor of the key update operation. The sponsor computes every key on the key path and the corresponding blinded key. Then, broadcasts the tree with blinded key to the other members. All the members now have the complete set of blinded keys, which allows them to compute all keys on their key path. Figure shows an example, the sponsors M2 and M7 broad cast their trees (T2 and T ) containing all blinded keys, along with BK*2and BK*7. After receiving these broad cast messages, every member in both groups merges two trees, and then M2, the sponsor in this example updates the key tree and computes and broadcasts blinded keys 3.2. Tree management The number of exponentiations for membership events varies, depending on the tree structure. For instance, if a single member or a sub tree merges to the root node of current tree, then exactly two modulations are required. If a key tree is balanced, and a member joins to leaf node, then the number of exponentiations is [log2n] where n is the current number of users. Hence, joining to root always requires the minimal number of exponentiations for the additive membership operations. If n members join to the root, however, the resulting tree becomes unbalance (similar to linked list). If a member in the deepest node leaves the group, n1 exponentiations are required to update the group key. However, if a key tree is fully balanced, the number of exponentiations is [log2n]. 4. Analysis Of Queue Batch Algorithm We consider two performance measures, namely: the number of new members wish to join the communication group. Let T denote the existing tree which contains N members. The level of node v is L = [log2(v+1)]. , where v is the node ID, and the maximum level of T is h. Based on this first assumption, we know that N=2h. Also let Ralg be the number of renewed nodes and ?alg be the number of exponentiations for the particular algorithm alg. The performance measure ?alg is composed of two part: ?salg s and ?balg, which represent the number of exponentiations of calculating the secret keys (which is done by all members) and the number of exponentiations of calculating the blinded keys (which is done by sponsors only). We have ?alg = ?salg + ?balg, Based on the last assumption, we know the number of blinded key computation is ?alg = Ralg So, we consider the number of secret key computations ?salg. Queue batch algorithm exploits the idle rekeying interval to preprocess some rekeying operations. When j=0, Queuebatch algorithm is equivalent to Batch in pure leave scenario. For J>0 the number of renewed nodes in the queuebatch during the queuemerge phase is equivalent to that batch when J = 1. Thus the expected number of renewed nodes is Also, the expected number of exponentiations when J>0 for queuebatch is given by Average number of renewed nodes: a node is said to be renewed if it is a nonleaf node and its associated keys are renewed. This metric provides a measure of the communication cost since new blinded keys of the renewed nodes have to be broadcast to the whole group. 2. Average number of exponentiation For J>0 and L>0, assume the new subtree is attached to a operations: This metric provides a measure of the computation load for all members in the communication group. node at some level d. we first decrement d from E[?Batch,J=1, and L>0] to exclude the secret key computations of the leaf node which is now replaced by the root node of the new sub tree. Then we add dJ to account for the secret key computations done by these new J members. For mathematical analysis, let N be the number of members originally in the system, L (where L = N) be the number of members wis h to leave the system, and J>0 be The value d is the level of the highest node that has all its descendents departed; we can find the upper bound of the value d, which occurs when the leaving leaf nodes are evenly distributed in the key tree. Thus d is given by the group members. Each member holds two types of keys: shortterm secret and blinded keys as well as long term private and public keys. Shortterm keys are d = [log2(N1)]+1 d=0 if N>L ; if N=L; randomly generated when a member joins the group and become expired when the member leaves, while longterm keys remain permanent across many sessions and are 4.1 Analysis of Queue Batch at different reset intervals Queuebatch does not reconstruct the whole key tree as Rebuild during rekeying. Thus, the key tree may become unbalanced after some rekeying intervals. In this experiment, we consider how Queuebatch performs if we reconstruct the key tree using the Rebuild algorithm every rekeying intervals, where is called the reset interval. Fig depicts that the performance of Queuebatch remains approximately constant even at high reset intervals, meaning that Queuebatch can still preserve its performance without reconstructing the key tree after a long period of rekeying. This shows the robustness of the Queuebatch algorithm in maintaining a relatively balanced tree. This property is important because it can reduce the average costs of exponentiations and renewed nodes in the system. 4.2 Analysis in terms of number of rounds We define a round as the period during which the group members compute the secret keys as far up the key tree as they can. At the end of each round, all sponsors have to broadcast the blinded keys of the renewed nodes that have their secret keys computed so that other members can proceed with the secret key computations. In the analysis, we assume that rekeying is performed in lockstep, meaning that the two steps of secret key computations and blinded key broadcasts are carried out alternately. Fig. illustrates the average numbers of rounds required for Batch and Queuebatch. At high leave probabilities, Queuebatch saves three to four rounds as compared to Rebuild and Batch. The savings are due to the preprocessing of join requests at the Queuesubtree stage. A fewer number of rounds is preferred as less message overhead is involved in processing rekeying messages and storing message headers. 5. MODIFIED TGDH We propose the Modified TreeBased Group Diffieâ€œ Hellman (M TGDH) protocol that provides key authentication and robustness for our intervalbased algorithm. The idea is to couple the sessionbased group key with the certified permanent private components of certified by a trusted CA. Our protocol seeks to satisfy several requirements that are crucial for key establishment [3]: (i) perfect forward secrecy (i.e., the compromise of longterm keys does not degrade the Secrecy of past short term keys); (ii) known key security (i.e., the compromise of past shortterm keys does not degrade the secrecy of future shortterm keys); and (iii) key authentication (i.e., all group members are assured that no outsiders can identify the group key). Also, our protocol can be implemented in a way that satisfies key confirmation (i.e., all group members are assured that every other member holds the same group key). (iv)Cryptography (i.e., the sender uses this key and Digital Signature Algorithm(DSA) to encrypt data; the receiver uses the same key and corresponding decryption algorithm to decrypt data. The Digital Signature Algorithm (DSA) is used to give an authentication for resultant key. Key generation is done by Choose a 160bit prime q. Choose an Lbit prime p, such that p=qz+1 for some integer z and such that 512 = L = 1024 and L is divisible by 64. Choose h, where 1 < h < p  1 such that g = hz mod p > 1. Choose x by some random method, where 0 < x < q. Calculate y = g x mod p. Public key is (p, q, g, y). Private key is x. Note that (p, q, g) can be shared between different users of the system, if desired. There exist efficient algorithms for computing the modular exponentiations hz mod p and gxmod p. Signing is obtained by Generate a random per message value k where 0 < k < q Calculate r = (gk mod p) mod q Calculate s = (k 1(SHA1(m) + x*r)) mod q, where SHA1(m) is the SHA1 hash function applied to the message m Recalculate the signature in the unlikely case that r=0 or s=0 The signature is (r,s) The extended Euclidean algorithm can be used to compute the modular inverse k 1 mod q. Verifying is done by Since the blinded keys of leaf nodes are , for i=1,2,3 and 4, the secret keys of nodes 1 and 2 are computed as and Reject the signature if either 0<r<q or 0<s<q is K2= The sponsor M 1 not satisfied. Calculate w = (s)1 mod q Calculate u1 = (SHA1(m)*w) mod q Calculate u2 = (r*w) mod q Calculate v = ((gu1*yu2) mod p) mod q The signature is valid if v = r broadcasts and , and the sponsor M3 broadcasts and . M1 and M2 can retrieve from and respectively. Similarly, M3 and M4 can retrieve .Therefore, the members can compute the resulting group key as DSA is similar to the ElGamal signature scheme. The DSA used for decryption is the reverse of the algorithm used for encryption (i.e., encryption algorithm uses a combination of addition and multiplication, the decryption algorithm uses a combination of division and subtraction. Fig shows that the key agreement using MTGDH. In which every node v in the key tree is associated with a secret key and a blinded key BKv. We construct the blinded key set BKâ„¢v, which refers to a number of copies BKv â„¢s respectively encrypted by the longterm private component of every descendant member of the sibling of node v. The set of the descendant memb ers of node is given by Mv. The ith member, Mi , holds a short term secret key rMi and the corresponding blinded key , as well as a longterm private key Mi and We compare the non modified and modified Queuebatch algorithms for a population of size 1024 with a fixed join probability P J=0.25. the corresponding public key , where all arithmetic operations are to be performed on the cyclic group of prime order with generator a . For brevity, we omit the term mod p in the following description. We assume that each member has acquired the certificates of all other members and hence their longterm public keys from a trusted CA prior to the key agreement process. We consider a possible key tree formed after the rekeying process as shown in Fig. Fig. plots the average number of exponentiations of computing Kv and BKv as well as the average number of blinded key copies BKV broadcast to the group for all renewed nodes . It shows that the authenticated version Example for 4 members in a group Nodes 0, 1, and 2 are renewed nodes. Also, and are requires about twice the exponentiations and more than 10 times the blinded key copies as compared to the non modified one. All protocols messages are signed by the sender by DSA encryption. chosen to be the sponsors. Hence, the members perform the following steps. Thus, the use of modified is subject to the tradeoff between security and performance. alone. At least one secret key is needed to compute all secret keys from K up to the root key. Hence we can show that the joining member M cannot obtain any keys of the previous key tree. First, M picks its secret share r, blinds it and broadcast a r as par of its join request. Once M receives all blinded key on its copath, it can compute all secret keys on its key path. Clearly, all keys will contain 6. IMPLEMENTATION TREE_API is a group key agreement API implementing the cryptographic primitives of TGDH. The underlying communication system is assumed to deal with group communication and network events such as merges, partitions, failures and other abnormalities. TREE_API is small and it contains only the following three function tree_new_user generates a group context for a new group member (including its secret share). tree_merge_req is called by each sponsor when a merge occurs. The output (new key tree) is then broadcast to the merging group. This function performs no cryptographic operations. tree_cascade is the core function of TREE_API. Every group member calls this function following a membership event. The function is called repeatedly until the group key is computed tree_cascade provides robustness against cascaded network events. Since TREE_API does not provide its own communication facility, the robustness of the API was tested by simulating random events on a single machine running all group members. 7. DISCUSSION 7.1 Security Group key secrecy means that even an attacker who knows all blind keys cannot derive the group key. This property has been explained in the randomoracle model [5]. The proof of Becker and Willie[4] shows that group key secrecy is reducible to the decision DiffieHellman problem [10]. We now give an informal argument that TGDH satisfies the weak forward and backward secrecy. Weak backward secrecy states that a new number who knows the current group key cannot derive any previous group key. The group key secrecy property implies that the group keys cannot be derived from the blinded keys Mâ„¢s contribution®. Hence, they are independent of previous secret keys on that path. Therefore M cannot derive any previous keys. In case of weak forward secrecy, when member M leaves the group, the right most member of sub tree rooted at the sibling node changes its secrets share, Mâ„¢s leaf node is deleted and its parent node is replaced with its sibling node. This operation causes all of Mâ„¢s contribution removed from each key on Mâ„¢s former key path. Hence, M only knows all blinded keys, and the group key secrecy property prevents M from deriving the new group key. 7.2 Robustness Robustness is possible that a group member leaves the group or encounters system failures during the execution of a rekeying operation. Depending on the type of leaving member, we consider the two cases. First, if the leaving member is neither the leader nor one of the sponsors, or if it is the sponsor but has broadcast all necessary blinded keys for the current rekeying operation, the communication group continues with the existing rekeying operation without being affected and leave event is reflected in the next rekeying operation. Second, if the leaving member is the leader or sponsor that has not yet broadcast all required blinded keys, the communication group first selects a new leader. Then the broadcasts a rekeying message to start a new rekeying operation which reflects the current leave event. Any renewed nodes whose blinded keys have not yet been broadcast remain renewed in the new rekeying operation. Also, the nodes are on the key path of the leaving member become the renewed nodes. Given the set of renewed nodes, new sponsors are selected to broadcast the updated blinded keys. 8. RELATED WORK Wong et al. [11] and Wallner et al. [10] independently proposed the key tree approach to secure group communications. They suggested to associate keys in a hierarchical tree and rekey at every join or leave event. Later, the authors in [6, 7, 12] introduced the concept of batch rekeying to enhance system efficiency since the rekeying workload is independent of membership dynamics. All the above approaches rely on a centralized key server, which is responsible for generating and distributing new keys. The authors in [1, 9, 3, 4] extended the DiffieHellman protocol [2] to group key agreement schemes for secure communications in a peertopeer network. [3] proposed the TreeBased Group Diffie Hellman (TGDH) to arrange keys in a tree structure. Every member only needs to hold the keys along its key path, implying that the rekeying workload is distributed to all members. All the above schemes are contributory, meaning that key generation is performed by all members and hence avoids the singlepointoffailure problem in the centralized approach. While the scheme in [1] is independent of membership change, the rest of the schemes [9, 3, 4] suggest to perform rekeying at single join, leave, merge or partition events. Our paper enhances the scheme in [3] to support rekeying involving a batch of join and leave events. Rather than emphasize the rekeying efficiency, [13], [14], and [15] focus on the security issues and develop authenticated group key agreement schemes based on the BurmesterDesmedt model, Cliques, and TGDH, respectively. For instance, the AGKAG protocol [15] is an extension of the twoparty GÃƒÂ¼nther scheme [8] to the TGDH protocol. Our MTGDH protocol is an 9. CONCLUSION We have considered several distributed collaborative key agreement protocols for dynamic peer groups. The key agreement setting is performed herein there is no centralized key server to maintain or distribute the group key. We show that one can use the TreeBased Group DiffieHellman protocol to achieve such distributive and collaborative key agreement. To reduce the rekey complexity, we propose to use an intervalbased rekey approach so that we can group multiple join/leave requests and process them at the same time. In particular, we show that the Queuebatch algorithm can significantly reduce both computational and communication costs. This reduction enables a more efficient way to manage secure group communication. We also address both authentications with robustness and implementation for the intervalbased key agreement algorithms. References [1] M. Burmester and Y. Desmedt. A secure and efficient conference key distribution system. In Advances in in Proc. Advances in Cryptology EUROCRYPTâ„¢89, 1989, vol. LNCS 434, pp.29â€œ37. Notes in ComputerScience, pages 275â€œ286. Springer Verlag, 1995. [2] W. Diffie and M. Hellman. New directions in cryptography. IEEE Transactions on Information Theory, IT22(6):644â€œ 654, 1976. [3] Y. Kim, A. Perrig, and G. Tsudik. Simple and fault tolerant key agreement for dynamic collaborative groups. Proc. Of 7th ACM Conference on Computer and Communications Security,pages 235â€œ244, November 2000. [4] Y. Kim, A. Perrig, and G. Tsudik. Communication efficient group key agreement. Information Systems Security, Proceedingsof the 17th International Information Security Conference IFIP SECâ„¢01, November 2001. P. P. C. Lee, J. C. S. Lui, and D. K. Y. Yau. Distributed collaborative key agreement protocols for dynamic peer groups. IEEE/ACM Transactions on networking, vol.14, No.2, April 2006. [6] X. S. Li, Y. R. Yang, M. G. Gouda, and S. S. Lam. Batch rekeying for secure group communications. Proceedings ofTenth International World Wide Web Conference (WWW10), May 2001. [7] S. Setia, S. Koussih, and S. Jajodia. Kronos: A scalable group rekeying approach for secure multicast. Proc. of IEEE Symposium on Security and Privacy 2000 May 2000. authenticated version of our intervalbased algorithms. [8] C. G. GÃƒÂ¼nther, An identitybased key exchange protocol, [9] M. Steiner, G. Tsudik, and M. Waidner. CLIQUES: A new approach to group key agreement. IEEE International Conferenceon Distributed Computing Systems, pages 380â€œ 387,May 1998. [10] D. M . Wallner, E. J. Harder, and R. C. Agee. Key management for multicast: Issues and architectures. Internet draft draftwallnerkeyarch00.txt, Internet Engineering Task Force, July 1999. Expires in six months. [11] C. K. Wong, M. Gouda, and S. S. Lam. Secure group communications using key graphs. Proc. of ACM SIGCOMMâ„¢98, September 1998. [12] Y. R. Yang, X. S. Li, X. B. Zhang, and S. S. Lam. Reliable group rekeying: A performance analysis. Proc. of ACM SIGCOMMâ„¢01, August 2001. [13] G. Ateniese, M. Steiner, and G. Tsudik, Authenticated group key agreement and friends, in Proc. 5th ACM Conf. Computer and Communication Security, Nov. 1998, pp. 17â€œ26. Cryptology â€œEUROCRYPT â„¢94, volume 950 of Lecture [14] M. Just and S. Vaudenay, Authenticated multiparty key agreement,in Proc. Advances in Cryptology â€ ASIACRYPTâ„¢96, 1996, vol. LNCS1163, pp. 36â€œ49. [15] A. Perrig, Efficient collaborative key management protocols for secure autonomous group communication, in Int. Workshop on Cryptographic Techniques and E Commerce (CrypTEC â„¢99), Jul. 1999, pp.192â€œ202. AUTHOR PROFILE J. Armstrong Joseph received the B.E. (ECE) degree from Madurai Kamaraj University, M.S. (information systems and applications) from Bharathidasan University and doing 3rd year part time M.E (CSE) in Manomaniam Sundarnar University in Tirunelveli. From 1991 to 1996, I was working as an EDP manager in private companies in Delhi and 1996 to 1999 I was worked in a company in Saudi Arabia. Now I am working as Lecturer in St.peterâ„¢s Engineering College, Avadi, Chennai54. I have presented one national and one international paper also. My other research interests are in network security, valueadded services routers, and mobile wireless networking. Mrs. P. Arockia Jansi Rani. M.E. She is working as a Lecturer in Manomaniam Sundarnar University in Tirunelveli. She is guided me in this project and implimentation. Her other research interests are in digital image processing, Graphic design and Operating system, Use Search at http://topicideas.net/search.php wisely To Get Information About Project Topic and Seminar ideas with report/source code along pdf and ppt presenaion



