GKEKGroup Key Encryption Key
References in periodicals archive ?
For group communication, two different kinds of keys are used: group key encryption key (GKEK) and group traffic encryption key (GTEK).
MR-BS and N-RS updates and distributes these keys using two different key update command messages: GKEK update mode and GTEK update mode.
In the case of member leaving, there is nothing in this protocol that prevents a leaving SS from receiving the next GKEK and decrypting the next GTEK.
In ELAPSE, they use the concept of sub- grouping SS so that the GKEK will not be maintained via unicasting to individual SS, but via broadcasting to sub- groups.
SEDRRA protocol N - [RS.sub.i] [right arrow] MR - BS : [absolute value of [R.sub.MR-BS][parallel][R.sub.N-RS]]AKID|SAID MR - BS [right arrow] N - [RS.sub.i] : [absolute value of [R.sub.MR-BS]|[R.sub.N-RS]]GKEK|LIFETIME [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] [MATHEMATICAL EXPRESSION NOT REPRODUCIBLE IN ASCII] Where 'u' stands for unicast, 'b' stands for broadcast, 'p', 'i' & 'j' are the integer According to this protocol, N-RS first send the key request for GKEK and GTEK by transmitting random numbers, AK and SAID.
When any N-RS needs to initiate the multicast and broadcast services, it will send the key request for GKEK and GTEK from MR-BS.
Once N-RS achieved the traffic keying parameters from MRBS, it needs to update GKEK. This updating is one-way, i.e.
Pseudo code for SEDRRA rekeying algorithm Algorithm 1: SEDRRA rekeying Algorithm 1 SEDRRA Protocol () 2 { 3 Snd key-request (GKEK & GEEK) 4 GET key-response ([GKEK.sub.[kek]] & [GTEK.sub.[GKEK]]) 5 If 6 GKEK or GTEK is near to expire 7 { 8 Snd GKUC-GKEK 9 GET GKUC-GTEK 10 } 11 Else if 12 GKEK or GTEK is expired 13 Resnd key-request (GKEK & GTEK) 14 } Once GTEK life time approaches its maximum limit, GTEK Grace Time starts and causes MR-BS to transmit GKUC message for GTEK.
Pseudo code for BS-SEDRRA rekeying algorithm Algorithm 2: BS-SEDRRA rekeying Algorithm 1 Backward Secrecy 2 { 3 //N-RS joins the Group 4 NewJoin () 5 { 6 //single hop level 7 If (Hop=l) 8 { 9 Snd key-request (GKEK & GTEK) 10 Rec key-response (([GKEK.sub.[KEK]] & [GTEK 11 .sub.[GKEK]]) 12 Rec Seed 13 Update rekeying scheme 14 Initiate updating key 15 } 16 //Multihop Level 17 Else if 18 If (Hop > 1) 19 { 20 GET key-request (GKEK & GTEK) 21 Generate ([GKEK.sub.[KEK (NRSx)]] & [GTEK 22 .sub.[GKEK]]) 23 Snd key-response with their lifetimes 24 Rec/Snd Seed 25 Update (rekeying) 26 updating keys } } Once it received keying parameters from the MR-BS, it needs to update GKEK periodically before the lifetime approaches maximum limits.
Pseudo code for FS-SEDRRA rekeying algorithm Algorithm 3: FS-SEDRRA rekeying algorithm 1 Forward Secrecy 2 { 3 Relay Leave ([N-RS.sub.y]) 4 { 5 If 6 GKEK lifetime approaches its max.
The processes include key request and key response to and from MR-BS, GKUC for GKEK and GKUC for GTEK.