Self-Healing Group Key Distribution Facilitating Source Authentication Using Block Codes

Secure group key distribution is essential for many group-oriented applications such as sensor networks, multimedia broadcast services, and Internet of Things (IoT) scenarios. There are several challenges and requirements in designing secure group key distribution. Among them, computational efficiency, communication efficiency, adaptability to dynamic group membership change, robustness to various security threats, self-healing capacities, and source authentication are desirable. It is very challenging to design an efficient group distribution that satisfies all the requirements and challenges. Based on block codes, we propose an efficient self-healing group key distribution that facilitates both message source authentication and secure group key distribution, where the source identification and authentication can facilitate intrusion detection and identification. Both the privacy of the group key and the authentication of message sources are computationally secure. To the best of our knowledge, it is the first codes-based scheme that satisfies all the above requirements and facilitates message source authentication. The merits of the proposed scheme include the following: (1) it is highly efficient in terms of computation and communication, (2) it provides self-healing capacities for unstable environments, (3) it is very robust to various security threats and attacks, (4) it facilitates both message source authentication and secure group key distribution, and (5) it greatly improves the communication performance, compared to the state-of-the-art schemes. The security properties are analyzed, and the performance evaluations confirm its efficiency and practicality.

A Hierarchical Multicast Key Distribution Protocol

In secure group communication, group keys (GK) are used to ensure the confidentiality of communication. The group key distribution (GKD) is responsible for updating and distributing new group keys when the group membership changes. Most well-known GKD protocols are based on a logical key hierarchy (LKH), where only one group controller (GC) is used. These protocols have various issues, including a single point of failure, meaning that the GC often has a huge workload and can be easily overwhelmed. In this paper, we propose a hierarchical multicast key distribution protocol that supports multi-level controllers to manage a group. Each controller just needs to manage the next-level nodes, and if one fails, the superior controller can replace it with minimal work. The proposed protocol effectively balances the work of controllers, greatly improves the reliability of the group key distribution, and also allows group members to build dynamic conferences without controllers. We provide a security proof of the proposed protocol in a symbolic security model and compare it to other protocols in terms of efficiency, functionality, and security.

A Secure and Efficient Group Key Management Scheme for Clusters of String Inverters

A string inverter converts the low voltage direct current coming from the string of its Photovoltaic (PV) panels into alternating current to be exported to the grid. In today Smart Grid’s context, PV plants feature clusters of cooperating smart string inverters that exchange information in a multicast fashion (typically) over the Internet Protocol (IP). However, IP multicast does not provide any mechanism to limit the access to multicast data to authorized subjects only. A security infringement may cause a cluster either into exporting no energy into the grid (zero energy attack) or more energy than the limit set (energy overflow attack). Both the attacks can lead to potential severe consequences. In this regard, we are the first addressing those issues. Particularly, we propose a Key Management Service (KMS) for group key generation and distribution. The KMS provides forward secrecy and periodic refresh. We implement a prototype on a cluster of Power-One Italy S.p.A. a member of FIMER Group smart string inverters and evaluate the performance. Experimental results indicate that the scheme scales up to clusters composed of 50 inverters with an efficiency of 90.5% in terms of latency for group key distribution and 99% in terms of memory overhead.