**3.2. Rekeying algorithms**

**1.** when a new MS joins the BS,

134 Selected Topics in WiMAX

**3.** when an MS leaves the BS.

by the equations below:

**2.** when the life time of both GTEK and GKEK expire,

GTEK0 lifetime

GTEK1 lifetime

The nomenclatures are listed as in Table 1.

X⇒Y X broadcasts a message to Y X→Y X unicasts a message to Y [X]<sup>Y</sup> X encrypted by using key Y

**Table 1.** Nomenclature of key management

MSSGi The collection of all MSs within subgroupi

Grace time

**Figure 5.** MBRA messages [19]

The MBRA algorithm of Mobile WiMAX which is a simple rekeying will only happen at the expiration time of GTEK or GKEK. As shown in Figure 5, from time to time, the BS broadcasts message (1) encrypted by GKEK to all MSs in order to update the GTEK as well as sending a unicast message (2) to all MSs which has been encapsulated by the KEK of each MS as shown

> MS BS Key Request Key Reply - Initial GKEK0

> > Key Update Command - {GKEK}KEK Key Update Command - {GTEK}GKEK

Þ :{ }*GKEK BS all MS GTEK* (1)

® :{ }*KEK BS each MS GKEK* (2)

Unicast messages

Broadcast messages

As mentioned earlier, in the MBRA algorithm, the number of unicast messages on rekeying increase with the number of MS, and hence this method is neither scalable nor efficient. In addition, it does not address forward and backward secrecy, which consequently would lead to this method being vulnerable to attacks [8, 9].

Researchers in [18] performed a detailed analysis of the MBRA algorithm and identified its deficiencies. They proposed an improved scheme to address the deficiencies identified. Even though their method showed some improvements on the MBRA, but they suffer a downside in that, the BS needs to send n (n being the number of MS) unicast messages upon every membership changes, which consequently resulted in the drastic drop in network efficiency for a large number of MSs. In addition, the proposed method also sends some plaintexts for message broadcasting, which could cause critical security breaches [19]. In fact, despite some improvements to the MBRA rekeying, the proposed method suffers from some security issues such as Denial of Service (DoS) [19] as well as poor scalability and efficiency. In addition, it does not address the 1-affects-n phenomenon [17], very well.

The authors in [20] proposed a new group key management protocol called Group-Based Key Distribution Algorithm (GKDA) in which the security keys are distributed into subgroups. The MBS group is first divided into N subgroups; hence, N GKEKs for the subgroups are used instead of one GKEK being shared among all MSs. By doing so, only that GKEK which is used for a certain subgroup needs to be updated whenever any membership change (e.g. leave event) occurs in that subgroup. The GKEK is encapsulated by each MS's KEK in the subgroup, and then unicast to each MS. Although the GKDA provides forward and backward secrecy, it is still not scalable and efficient enough, because when the number of MS in each subgroup grows bigger, the number of unicast messages to update GKEKs grows likewise. Nevertheless, GKDA is still better than MBRA in terms of reducing the number of unicast messages needed to perform updates of the group keys. In GKDA, the GTEK update mode is more lengthy because it consists of N GTEKs which are encapsulated by N GKEKs, and thus it consumes more energy to send the messages. Moreover, the scheme does not have a good support for 1 affects-n phenomenon.

In [21], the authors proposed an algorithm called Efficient sub-Linear rekeying Algorithm with Perfect Secrecy (ELAPSE) in order to address the problems of MBRA algorithm. Although this method solves the forward and backward secrecy problems, it suffers from some weaknesses in terms of scalability and efficiency. In ELAPSE, when member join or leave events happen frequently within a large group, the overall performance will degrade due to communication and computational costs. This method is based on key hierarchy and sub-grouping of the MSs in the cell by means of a binary tree. ELASPE divides the number of MS into N=log (n,2) subgroups where n is the number of MS, and each subgroup keeps a set of hierarchical keys named Sub Group KEKs (SGKEKs) instead of a single GKEK. The number of subgroups (N) is defined in advance by the administrator depending on the application's requirements, i.e. the number of subgroups is permanent. The result is weak performance in terms of efficiency and scalability. We illustrate this issue by way of an example as shown in Figure 6, which shows a binary tree with four subgroups. All MSs maintain similar GTEK, and each MS in each subgroup saves a set of SGKEKs; for example, the MSs in subgroup1 store three group keys SGKEK1, SGKEK2 and SGKEK1234. The SGKEK1234 is similar with the GKEK in MBRA. In this case, GKEK is not delivered to each MS by unicast message, instead it is distributed among the subgroups via broadcast messages.

**Figure 6.** Key Hierarchy with four subgroups [21]

When there is no new member joining or leaving, and the lifetime of GTEK expires, the BS broadcasts a new GTEK encapsulated by SGKEK1234 to all MSs represented as message (3) below.

$$BS \implies all \text{ MSs}: \{GTEK\}\_{\text{SGKE}K\_{1234}} \tag{3}$$

the BS, then the BS should unicast message (7) to all remaining MSs in subgroup2. It also needs

3 4 <sup>1234</sup> <sup>34</sup>

<sup>1</sup> 1234 12 <sup>1</sup>

Authors in [22] suggested an improved version of ELASPE called ELAPSE+ using cross layering concept. They assigned fast moving MSs such as cars to specific subgroups, and made the size of those specific subgroups to be smaller than the other subgroups. This is because, the fast moving MSs pass through the BS's cell length faster, and therefore they would experience high number join or leave events, which gives rise to the need to update more group keys. Although ELAPSE+ improves the performance of ELAPSE by reducing the amount of rekeying messages needed to send unicast and broadcast messages, it still inherits the drawback of handling static numbers of subgroups, subsequently resulting in weak efficiency

The authors in [23] proposed a hybrid key management scheme to improve the performance of ELAPSE and ELASPE+ upon rekeying by reducing message passing. This scheme uses the architecture of LORE [23] within a subgroup of ELAPSE. In this way, when a MS enters a BS coverage area, the BS assigns it to a subgroup and also provides a Subgroup Forward Key Set (SGFSet) and Subgroup Backward Key Set (SGBSet). These key sets are created by simple Pseudo-Random Generator (PRNG) and keep the ordering of nodes inside a subgroup similar to LORE. Hence, if there are k MSs in a subgroup, then there are k numbers of Subgroup Forward Key (SGFK) and k numbers of Subgroup Backward Key (SGBK). In this way, for each

Figure 7 shows the revised version of ELAPSE. Here, a node i in subgroup2 has three keys SGKEK1234, SGKEK12 and SGKEK2 as well as a two-key set SGFSeti 2 and SGBSeti 2. Upon member join or leave event, the rekeying algorithm updates SGKEKs and GTEK, but there is

and scalability.

MS i there are two sets of keys as follows:

<sup>2</sup> 1234 12 2 ® :{ , , , } *SG KEK BS MS GTEK SGKEK SGKEK SGKEK* (7)

Key Management in Mobile WiMAX Networks

http://dx.doi.org/10.5772/56154

137

Þ , :{ , } *SG SG SG KEK BS MS MS GTEK SGKEK* (8)

<sup>Þ</sup> :{ , , } *SG BS MS GTEK SGKEK SGKEK SGKEK* (9)

= ££ { |1 } *<sup>m</sup> SGFSet SGFK m i* (10)

= ££ {| } *<sup>m</sup> SGBSet SGBK i m k* (11)

to broadcast two messages, i.e. messages (8) and (9), to all MSs except subgroup2.

Upon a member join event, i.e. when a new MS enters into the BS coverage area, and sub‐ group2 has the lowest number of members, then the BS assigns it to subgroup2. The BS unicasts message (4) below to the new MS and all MSs in subgroup2 in order to update the group keys. Message (4) is then encapsulated by KEK of each MS, and contains all new group keys from subgroup2 to the root of binary tree.

$$BS \to MS\_{SG2} \text{ \& \newline new MS} : \{GTEK, SGKE\_{1234}, SGKE\_{12}, SGKE\_2\}\_{KEK} \tag{4}$$

In order to update the group keys as well as to provide the backward secrecy, the BS needs to send two broadcasts i.e. messages (5) and (6) below, to all MSs excluding subgroup2.

$$BS \Rightarrow MS\_{SG3}, MS\_{SG4}: \{GTEK, SGKE\_{1234}\}\_{SGKE\_{34}} \tag{5}$$

$$BS \Rightarrow MS\_{SGI} : \{GTEK, SGKE\_{1234}, SGKEK\_{12}\}\_{SGKEK\_{\parallel}} \tag{6}$$

Upon member leave event, i.e. when a MS leaves the BS coverage area, the process of the group key updating is similar to member join event. For instance, when one MS of subgroup2 leaves the BS, then the BS should unicast message (7) to all remaining MSs in subgroup2. It also needs to broadcast two messages, i.e. messages (8) and (9), to all MSs except subgroup2.

subgroup saves a set of SGKEKs; for example, the MSs in subgroup1 store three group keys SGKEK1, SGKEK2 and SGKEK1234. The SGKEK1234 is similar with the GKEK in MBRA. In this case, GKEK is not delivered to each MS by unicast message, instead it is distributed among

SGKEK1234

SGKEK12 SGKEK34

subgroup1 subgroup2 subgroup3 subgroup4

When there is no new member joining or leaving, and the lifetime of GTEK expires, the BS broadcasts a new GTEK encapsulated by SGKEK1234 to all MSs represented as message (3)

Upon a member join event, i.e. when a new MS enters into the BS coverage area, and sub‐ group2 has the lowest number of members, then the BS assigns it to subgroup2. The BS unicasts message (4) below to the new MS and all MSs in subgroup2 in order to update the group keys. Message (4) is then encapsulated by KEK of each MS, and contains all new group keys from

In order to update the group keys as well as to provide the backward secrecy, the BS needs to

3 4 <sup>1234</sup> <sup>34</sup>

<sup>1</sup> 1234 12 <sup>1</sup>

Upon member leave event, i.e. when a MS leaves the BS coverage area, the process of the group key updating is similar to member join event. For instance, when one MS of subgroup2 leaves

Þ , :{ , } *SG SG SGKEK BS MS MS GTEK SGKEK* (5)

Þ :{ , , } *SG SGKEK BS MS GTEK SGKEK SGKEK* (6)

send two broadcasts i.e. messages (5) and (6) below, to all MSs excluding subgroup2.

® *SG*<sup>2</sup> & :{ , , , } 1234 12 2 *KEK BS MS new MS GTEK SGKEK SGKEK SGKEK* (4)

SGKEK3 SGKEK4

1234 Þ :{ }*SGKEK BS all MSs GTEK* (3)

SGKEK1 SGKEK2

the subgroups via broadcast messages.

136 Selected Topics in WiMAX

**Figure 6.** Key Hierarchy with four subgroups [21]

subgroup2 to the root of binary tree.

below.

$$\text{MS} \rightarrow \text{MS}\_{\text{SG2}} : \{ \text{GTEK}, \text{SGKE}\_{1234}, \text{SGKE}\_{12}, \text{SGKE}\_2 \}\_{\text{KEK}} \tag{7}$$

$$\text{BS} \Rightarrow \text{MS}\_{\text{SG3}}, \text{MS}\_{\text{SG4}} : \{ \text{GTEK}, \text{SGKE}\_{1234} \}\_{\text{SG}, \text{KEK}\_{\text{34}}} \tag{8}$$

$$BS \Rightarrow MS\_{SG1} : \langle GTEK, SGKE\_{1234}, SGKE\_{12} \rangle\_{SGKKK\_{\parallel}} \tag{9}$$

Authors in [22] suggested an improved version of ELASPE called ELAPSE+ using cross layering concept. They assigned fast moving MSs such as cars to specific subgroups, and made the size of those specific subgroups to be smaller than the other subgroups. This is because, the fast moving MSs pass through the BS's cell length faster, and therefore they would experience high number join or leave events, which gives rise to the need to update more group keys. Although ELAPSE+ improves the performance of ELAPSE by reducing the amount of rekeying messages needed to send unicast and broadcast messages, it still inherits the drawback of handling static numbers of subgroups, subsequently resulting in weak efficiency and scalability.

The authors in [23] proposed a hybrid key management scheme to improve the performance of ELAPSE and ELASPE+ upon rekeying by reducing message passing. This scheme uses the architecture of LORE [23] within a subgroup of ELAPSE. In this way, when a MS enters a BS coverage area, the BS assigns it to a subgroup and also provides a Subgroup Forward Key Set (SGFSet) and Subgroup Backward Key Set (SGBSet). These key sets are created by simple Pseudo-Random Generator (PRNG) and keep the ordering of nodes inside a subgroup similar to LORE. Hence, if there are k MSs in a subgroup, then there are k numbers of Subgroup Forward Key (SGFK) and k numbers of Subgroup Backward Key (SGBK). In this way, for each MS i there are two sets of keys as follows:

$$\text{SGFSet} = \{SGFK\_m \mid 1 \le m \le i\} \tag{10}$$

$$\text{'}\,\text{SGBSet}=\{\text{SGBK}\_m \mid i \le m \le k\}\tag{11}$$

Figure 7 shows the revised version of ELAPSE. Here, a node i in subgroup2 has three keys SGKEK1234, SGKEK12 and SGKEK2 as well as a two-key set SGFSeti 2 and SGBSeti 2. Upon member join or leave event, the rekeying algorithm updates SGKEKs and GTEK, but there is no change in SGFSet and SGBSet sets. After a predefined time T, both SGFSet and SGBSet will be renewed.

=0 = å *d i*

<sup>=</sup> é ù log ê ú *<sup>N</sup>*

performance in terms of energy consumption.

practical for implementation in real environment.

highlighted before still remains.

By using n-ary tree, the BS needs to keep more group keys compared with ELAPSE method. So, in terms of storage costs n-ary tree does not perform very well, even though the commu‐ nication costs is considerably decreased due to the reduction in communication overheads upon group keys updating. The authors made detailed analysis to find the optimal value of n in order to minimize the total energy consumption of the rekeying algorithm. They assumed that transmission and reception energy are equal to total energy consumption of the networks, whereby the energy consumption refers to the length of broadcast or unicast messages. Finally, they came out with an optimal value of n=4, meaning that 4-ary tree would give the best

It should be highlighted here that basically the methods in [20, 21, 23, 24] are based on ELAPSE in that they all use tree structures, and therefore the problem associated with ELAPSE as

The authors in [19] proposed a new method of improving MBRA using asymmetric algorithms. The idea of this method is to establish a common encryption key which is shared among all MSs, but every MS has a different decryption key. This means that the BS can encrypt the messages including the group keys, and only the valid MS can decrypt the messages. In this way, the proposed method provides backward and forward secrecy. In terms of operational efficiency, this method needs to perform more computations because of the use of asymmetric cryptography, and hence this makes the MSs to expense more energy which is not good for mobile devices. Nevertheless, one advantage of the proposed method is that it sends less unicast/broadcast messages, and hence the overall communication cost is low. In this way, upon member changing, the BS sends one broadcast message, but on normal key refresh, it needs to send n unicast messages, where n is the number of MS and also the BS should send two broadcast messages. The proposed method managed to address the backward and forward secrecy issue of the MBRA algorithm. However, it has poor response to scalability, since upon group key updating after the expiration time, it has to send n unicast messages. Moreover, the method needs to make numerous modifications to the standard, which it is not

In [25] the Scalable Rekeying Algorithm (SRA) is proposed, which is based on complete binary tree [26], and is implemented by linear linked list data structure. The SRA method improves the scalability for ELAPSE and it can also improve the other methods [20, 21, 23, 24] which have similar setups. As mentioned earlier, ELAPSE divides the MSs into N subgroups. In this way, each subgroup keeps a set of group keys. In fact, ELAPSE employs a fixed number of subgroups, consequently upon group key updating, the ELAPSE shows poor scalability. In

*k n* (12)

Key Management in Mobile WiMAX Networks

http://dx.doi.org/10.5772/56154

139

*<sup>n</sup> d* (13)

*i*

**Figure 7.** A revised version of ELAPSE [23]

It should be noted here that this improvement in communication costs over ELAPSE, comes at high computational and storage costs in the revised version of ELAPSE. Moreover, this scheme gives rise to security issues such as collusion resistance [23] which means two or more MSs must not get secret keys that they are not allowed to know, and this could be done by exchanging their respective secret keys.

The authors in [24] improved ELAPSE by using a n-ary tree (where n>2) to improve the efficiency of key management. Even though the proposed method shows some improvements on the efficiency of ELAPSE, the method still suffers from the limitations associated with fixed number of subgroups. In this method, the tree depth becomes large when the number of MS increases, and this is the main issue with a binary tree. Therefore, they suggested that by using n-ary, the efficiency of group key updating algorithm will improve. Figure 8 shows a 3-ary tree with 9 subgroups.

**Figure 8.** A 3-ary tree [24]

The number of group keys in n-ary tree and the tree depth are given by equation (12) and (13) respectively.

$$k = \sum\_{\ell=0}^{d} n^{\ell} \tag{12}$$

$$d = \left\lceil \log\_n^N \right\rceil \tag{13}$$

By using n-ary tree, the BS needs to keep more group keys compared with ELAPSE method. So, in terms of storage costs n-ary tree does not perform very well, even though the commu‐ nication costs is considerably decreased due to the reduction in communication overheads upon group keys updating. The authors made detailed analysis to find the optimal value of n in order to minimize the total energy consumption of the rekeying algorithm. They assumed that transmission and reception energy are equal to total energy consumption of the networks, whereby the energy consumption refers to the length of broadcast or unicast messages. Finally, they came out with an optimal value of n=4, meaning that 4-ary tree would give the best performance in terms of energy consumption.

no change in SGFSet and SGBSet sets. After a predefined time T, both SGFSet and SGBSet will

SGKEK1234

SGKEK12 SGKEK34

subgroup1 subgroup2 subgroup3 subgroup4

It should be noted here that this improvement in communication costs over ELAPSE, comes at high computational and storage costs in the revised version of ELAPSE. Moreover, this scheme gives rise to security issues such as collusion resistance [23] which means two or more MSs must not get secret keys that they are not allowed to know, and this could be done by

The authors in [24] improved ELAPSE by using a n-ary tree (where n>2) to improve the efficiency of key management. Even though the proposed method shows some improvements on the efficiency of ELAPSE, the method still suffers from the limitations associated with fixed number of subgroups. In this method, the tree depth becomes large when the number of MS increases, and this is the main issue with a binary tree. Therefore, they suggested that by using n-ary, the efficiency of group key updating algorithm will improve. Figure 8 shows a 3-ary

SGKEK123456789

SGKEK456

The number of group keys in n-ary tree and the tree depth are given by equation (12) and (13)

SGKEK6

subgroup6

SGKEK4 SGKEK5

subgroup4 subgroup5

SGKEK3 SGFSet3 SGBSet3 SGKEK4 SGFSet4 SGBSet4

SGKEK789

SGKEK9

subgroup9

SGKEK7 SGKEK8

subgroup7 subgroup8

SGKEK2 SGFSet2 SGBSet2

SGKEK1 SGFSet1 SGBSet1

**Figure 7.** A revised version of ELAPSE [23]

exchanging their respective secret keys.

tree with 9 subgroups.

SGKEK123

SGKEK3

subgroup3

SGKEK1 SGKEK2

subgroup1 subgroup2

**Figure 8.** A 3-ary tree [24]

respectively.

be renewed.

138 Selected Topics in WiMAX

It should be highlighted here that basically the methods in [20, 21, 23, 24] are based on ELAPSE in that they all use tree structures, and therefore the problem associated with ELAPSE as highlighted before still remains.

The authors in [19] proposed a new method of improving MBRA using asymmetric algorithms. The idea of this method is to establish a common encryption key which is shared among all MSs, but every MS has a different decryption key. This means that the BS can encrypt the messages including the group keys, and only the valid MS can decrypt the messages. In this way, the proposed method provides backward and forward secrecy. In terms of operational efficiency, this method needs to perform more computations because of the use of asymmetric cryptography, and hence this makes the MSs to expense more energy which is not good for mobile devices. Nevertheless, one advantage of the proposed method is that it sends less unicast/broadcast messages, and hence the overall communication cost is low. In this way, upon member changing, the BS sends one broadcast message, but on normal key refresh, it needs to send n unicast messages, where n is the number of MS and also the BS should send two broadcast messages. The proposed method managed to address the backward and forward secrecy issue of the MBRA algorithm. However, it has poor response to scalability, since upon group key updating after the expiration time, it has to send n unicast messages. Moreover, the method needs to make numerous modifications to the standard, which it is not practical for implementation in real environment.

In [25] the Scalable Rekeying Algorithm (SRA) is proposed, which is based on complete binary tree [26], and is implemented by linear linked list data structure. The SRA method improves the scalability for ELAPSE and it can also improve the other methods [20, 21, 23, 24] which have similar setups. As mentioned earlier, ELAPSE divides the MSs into N subgroups. In this way, each subgroup keeps a set of group keys. In fact, ELAPSE employs a fixed number of subgroups, consequently upon group key updating, the ELAPSE shows poor scalability. In addition, the method consumes more bandwidth because of the sending of high number of unicast messages.

The SRA method establishes the number of subgroups according to the number of current MS in the cell. Figure 9 shows a sample of node within linear linked list, where "#MS" field indicates all MSs in a certain subgroup. The group key for that subgroup is "Group-key". L1 and L2 are two pointer fields in the node, where L1 points to the MSs of that subgroup and L2 points to the next node (subgroup).

**Figure 9.** A node of linear linked list

The SRA method uses log (n,2) in order to subgroup the MSs, and whereby according to the current number of MS, it increases or decreases the number of subgroups.

SG

tree structure

Figure 9

**-** GTEK - SGKEK As highlighted before, in Mobile WiMAX, group key updating happens on three events:

 SG **1.** Upon the expiry lifetime of GTEK/GKEK,

(a) Linear linked


Figure 10 For the first event (i.e. upon the lifetime of GTEK or GKEK expiry), the SRA and ELAPSE methods apply similar functions. However, in SRA method, on member join/ leave, it is necessary to add/delete a subgroup at a certain time to increase or decrease the number of subgroups based on log(n,2). #MS Group-key L1 L2

GTEK SG1 SG2 - SGKEK 1 SGKEK1 2 SGKEK2 Assuming that in the first step there is one subgroup as shown in Figure 10, it means that there is a node in the linear linked list. Figure 10 shows a linear linked list structure corresponding to complete binary tree. For the rest of the chapter, the tree is not drawn for the sake of simplicity. Figure 9

Figure 11

**Figure 10.** The creation of one subgroup





2 SGKEK21 2 SGKEK22

SG21


GTEK

2 SGKEK21 2 SGKEK22

SG21

GTEK

GTEK

GTEK

GTEK

GTEK

GTEK

Figure 10 As the number of MS reaches three, a new subgroup should be added, based on log(3,2)=2. Thus, subgroup SG breaks into 2 subgroups, SG1 and SG2. Subsequently, the MSs of SG partition into two different sets, and afterward they are inserted separately into 2 subgroups,

Figure 13

SG22


Figure 11

Figure 12

Figure 13

SG22

Figure 14

SG2b

SG11

3 SGKEK11 3 SGKEK12

SG2

4 SGKEK11 4 SGKEK12

SG11 SG12

SG11

3 SGKEK11 3 SGKEK12

4 SGKEK11 4 SGKEK12

SG11 SG12

SG1 SG2

SG12

Figure 14

SG2b

Figure 12

5

SG12

SG11 SG12

1 SGKEK11 2 SGKEK12

5

SG1 and SG2. In the properties of complete binary tree, if a node is at an index i, the left child is at index 2\*i, and the right child is at index 2\*i+1. We use these properties of the tree to manage the subgroups. In this way, SG1 is at index 2 and SG2 is at index 3. In Figure 11, two subgroups

 SG **-**

tree structure

Figure 10

list structure (b) Complete binary

Figure 11

Figure 9

#MS Group-key L1 L2

The BS unicasts two messages i.e. messages (14) and (15) to all MSs with the purpose of updating the group keys. In this way, the BS unicasts SGKEK1 and SGKEK2 to SG1 and SG2

GTEK SG1 SG2 - SGKEK 1 SGKEK1 2 SGKEK2

Figure 12

Figure 10

list structure (b) Complete binary

SG2

 SG **-**

tree structure

1 1 ® :{ , } *SG KEK BS MS GTEK SGKEK* (14)

2 2 ® :{ , } *SG KEK BS MS GTEK SGKEK* (15)

SG11 SG12

SG12

1 SGKEK11 2 SGKEK12

Key Management in Mobile WiMAX Networks

http://dx.doi.org/10.5772/56154

141

SG11

3 SGKEK11 3 SGKEK12

SG11

3 SGKEK11 3 SGKEK12

4 SGKEK11 4 SGKEK12

SG11 SG12

1 SGKEK11 2 SGKEK12

4 SGKEK11 4 SGKEK12

SG11 SG12

SG11 SG12

SG12

Figure 13

Figure 11

GTEK SG1 SG2 - SGKEK 1 SGKEK1 2 SGKEK2

SG22

SG2

As the number of MS increases beyond 5, a new subgroup is added, based on log(n,2). In this case, the new node is added to the left side of the tree; the left hand side's chil‐ dren of the tree are regarded as 2 new subgroups. Next, the MSs of SG1 divides into 2 parts and then they are associated to 2 new subgroups, viz, SG11 and SG12 as shown in

Figure 14

Figure 12

Figure 13

SG22

Figure 14

SG2b

SG2b

To update the group keys after inserting one new subgroup, the BS should unicast two messages i.e. messages (16) and (17) to SG11 and SG12 respectively. Assuming that the BS adds the new MS to SG11, then the new group keys should be unicast to the MS by

Figure 9

#MS Group-key L1 L2

5

5

are shown with 1 and 2 MSs in '#MS' field respectively.


(a) Linear linked

SG

GTEK


(a) Linear linked


SG



**Figure 12.** The creation of three subgroups



2 SGKEK21 2 SGKEK22

SG21

2 SGKEK21 2 SGKEK22

SG21


GTEK

respectively.

**Figure 11.** The creation of two subgroups

GTEK

GTEK

Figure 12.

GTEK

means of message (16).

GTEK

GTEK

GTEK

5

5

SG1 and SG2. In the properties of complete binary tree, if a node is at an index i, the left child is at index 2\*i, and the right child is at index 2\*i+1. We use these properties of the tree to manage the subgroups. In this way, SG1 is at index 2 and SG2 is at index 3. In Figure 11, two subgroups are shown with 1 and 2 MSs in '#MS' field respectively. Figure 10

 SG **-**

tree structure

Figure 9

#MS Group-key L1 L2

list structure (b) Complete binary

SG

Figure 11

Figure 9

Figure 10

list structure (b) Complete binary

**Figure 11.** The creation of two subgroups

GTEK


(a) Linear linked

addition, the method consumes more bandwidth because of the sending of high number of

The SRA method establishes the number of subgroups according to the number of current MS in the cell. Figure 9 shows a sample of node within linear linked list, where "#MS" field indicates all MSs in a certain subgroup. The group key for that subgroup is "Group-key". L1 and L2 are two pointer fields in the node, where L1 points to the MSs of that subgroup and L2

Figure 9

#MS Group-key L1 L2

The SRA method uses log (n,2) in order to subgroup the MSs, and whereby according to the

Figure 10

#MS Group-key L1 L2

For the first event (i.e. upon the lifetime of GTEK or GKEK expiry), the SRA and ELAPSE methods apply similar functions. However, in SRA method, on member join/ leave, it is necessary to add/delete a subgroup at a certain time to increase or decrease the number of

Assuming that in the first step there is one subgroup as shown in Figure 10, it means that there is a node in the linear linked list. Figure 10 shows a linear linked list structure corresponding to complete binary tree. For the rest of the chapter, the tree is not drawn for the sake of

list structure (b) Complete binary

As highlighted before, in Mobile WiMAX, group key updating happens on three events:

SG

current number of MS, it increases or decreases the number of subgroups.

 SG **-**

tree structure

Figure 11


(a) Linear linked


SG





2 SGKEK21 2 SGKEK22

SG21


GTEK

2 SGKEK21 2 SGKEK22

SG21

GTEK

**Figure 10.** The creation of one subgroup

GTEK

GTEK

simplicity.

GTEK

GTEK

GTEK

GTEK

GTEK SG1 SG2 - SGKEK 1 SGKEK1 2 SGKEK2

Figure 9

Figure 12

As the number of MS reaches three, a new subgroup should be added, based on log(3,2)=2. Thus, subgroup SG breaks into 2 subgroups, SG1 and SG2. Subsequently, the MSs of SG partition into two different sets, and afterward they are inserted separately into 2 subgroups,

list structure (b) Complete binary

SG2

SG

tree structure

**-**

SG11 SG12

SG12

1 SGKEK11 2 SGKEK12

SG11

3 SGKEK11 3 SGKEK12

SG2

4 SGKEK11 4 SGKEK12

SG11 SG12

SG11

3 SGKEK11 3 SGKEK12

4 SGKEK11 4 SGKEK12

SG11 SG12

SG1 SG2

Figure 13

SG22


Figure 11

Figure 12

Figure 13

SG22

Figure 14

SG2b

Figure 10

Figure 14

SG2b

unicast messages.

140 Selected Topics in WiMAX

points to the next node (subgroup).

**Figure 9.** A node of linear linked list

**2.** Upon member join event,

**3.** Upon member leave event.

subgroups based on log(n,2).

GTEK

**1.** Upon the expiry lifetime of GTEK/GKEK,


(a) Linear linked

 SG2 - SGKEK 0 SGKEK1 3 SGKEK2 SG11 SG12 1 SGKEK11 2 SGKEK12 GTEK The BS unicasts two messages i.e. messages (14) and (15) to all MSs with the purpose of updating the group keys. In this way, the BS unicasts SGKEK1 and SGKEK2 to SG1 and SG2 respectively. SG **-** GTEK SG - SGKEK

tree structure

$$BS \to MS\_{SG1} : \{GTEK, SGKE\_1\}\_{KK} \tag{14}$$

$$BS \to MS\_{SG\,2} : \{GTEK, SGKE\_{\,2}\}\_{KEK} \tag{15}$$

SG11 SG12

SG12

3 SGKEK11 3 SGKEK12

SG11

3 SGKEK11 3 SGKEK12

SG11 SG12

 - SGKEK 0 SGKEK1 0 SGKEK2 2 SGKEK21 2 SGKEK22 SG11 4 SGKEK11 4 SGKEK12 SG12 GTEK As the number of MS increases beyond 5, a new subgroup is added, based on log(n,2). In this case, the new node is added to the left side of the tree; the left hand side's chil‐ dren of the tree are regarded as 2 new subgroups. Next, the MSs of SG1 divides into 2 parts and then they are associated to 2 new subgroups, viz, SG11 and SG12 as shown in Figure 12. Figure 11 GTEK SG1 SG2 - SGKEK 1 SGKEK1 2 SGKEK2

SG2b

Figure 12

Figure 13

Figure 14

SG2b

SG22

GTEK **Figure 12.** The creation of three subgroups


SG21

(a) Linear linked

2 SGKEK21 2 SGKEK22

SG21


GTEK

5

5

SG12

SG11 SG12

1 SGKEK11 2 SGKEK12

Figure 14 - SGKEK 0 SGKEK1 0 SGKEK2 4 SGKEK11 4 SGKEK12 GTEK To update the group keys after inserting one new subgroup, the BS should unicast two messages i.e. messages (16) and (17) to SG11 and SG12 respectively. Assuming that the BS adds the new MS to SG11, then the new group keys should be unicast to the MS by means of message (16).

SG22

GTEK

$$BS \to MS\_{SG11} \text{ & } newMS: \{GTEK, SGKE, SGKE\_1, SGKE\_{11}\}\_{KEK} \tag{16}$$

 SG **-**

tree structure

$$BS \to MS\_{SG12} : \langle GTEK, SGKEK, SGKEK\_1, SGKEK\_{12} \rangle\_{KEK} \tag{17}$$

 SG **-**

tree structure

1 SGKEK11 2 SGKEK12

If the number of MS is 11 or less, they join three subgroups (Figure 12), but if they exceed 11, one new subgroup must be added. The procedure to add a new subgroup is similar to our explanation for Figure 12. Here, SG2 divides into two subgroups i.e. SG21 and SG22. The entire number of MSs in each subgroup is labeled in '#MS' field of Figure 13, when the 12th MS enters into the BS coverage area. Figure 12 SG2 SG11 SG12 Figure 11 GTEK SG1 SG2 - SGKEK 1 SGKEK1 2 SGKEK2

Figure 9

#MS Group-key L1 L2

Figure 10

#MS Group-key L1 L2

Figure 9

list structure (b) Complete binary

SG

SG

GTEK SG1 SG2 - SGKEK 1 SGKEK1 2 SGKEK2

list structure (b) Complete binary

Figure 10

Figure 13 **Figure 13.** Linear linked list showing the creation of four subgroups


GTEK

GTEK


(a) Linear linked


(a) Linear linked

Figure 14 SG2b - SGKEK 0 SGKEK1 5 SGKEK2b SG11 SG12 3 SGKEK11 3 SGKEK12 GTEK Suppose a few MSs leave a cell, the total number of MS will decrease. As a result, the number of subgroups based on log(n,2) should decrease as well. When the number of MS drops to less than 12, SG21 and SG22 combine together into one subgroup, i.e. SG2b. Next, the whole MSs in SG21 and SG22 add into SG2b. When the number of MS stands at 11 the subgroups that exist becomes as shown in Figure 14. The BS unicasts message (18) including 3 new group keys to every MS in SG2b to update the group keys. - SGKEK 0 SGKEK1 0 SGKEK2 2 SGKEK21 2 SGKEK22 SG11 4 SGKEK11 4 SGKEK12 SG12 GTEK

$$BS \to MS\_{SG\mathcal{Z}b} : \{GTEK, SGKE, SGKE\_{\mathcal{Z}b}\}\_{KEK} \tag{18}$$

SG22

5

for member joining and (n/N)-1 for member leaving. In SRA, the number of MS in each subgroup is n/log(n,2), and therefore the number of unicast messages is likewise n/(log(n,2)) on member joining/leaving. The comparison among the MBRA, ELAPSE and SAR is shown in Table 2, where ELAPSE4 means four subgroups, and ELAPSE8 means 8 subgroups.

MBRA *O*(*n*) + 1 *O*(*n*)−1

*n* 4

*n* 8

log2

which means that it provides a good scalability even at high number of MS.

Figure 15a & b show the comparison among the rekeying algorithms in terms of unicast messages. Here, y-axis represents the number of unicast messages, and x-axis is the number of MS. As shown in Figure 15a, in the MBRA, the number of unicast messages increase with growing number of MS, and clearly it does not address the question of scalability. Figure 15b shows the analysis among the tree-based rekeying algorithms only. This is also the case with ELAPSE, where the number of unicast messages increases with the number of MS in each subgroup. On the other hand, in SRA the number of unicast messages is less than in ELAPSE,

Figure 16 shows a magnified view of Figure 15, for the number of MS between 200 to 400 in Figure 16a, and 500 to 700 in Figure 16b, respectively. It is clear from the Figure that in SRA method, as the number of MS increases the number of transmitted unicast messages increases with a much lesser degree than for ELAPSE. In other words, the difference between the number of unicast messages between SRA and ELAPSE widens. For example, when there are 400 MSs (Figure 16a), the difference between the number of transmitted unicast messages in the SRA and ELAPSE8 is around 5, but when there are 700 MSs (Figure 16b), this difference is around 10. This shows that SRA method has a good scalability performance especially at high number

Figure 17 depicts a summarised comparison between SRA and ELAPSE. Clearly, SRA reduces the number of unicast messages upon implementing rekeying algorithm, and therefore it has better scalability compared with ELAPSE. Even though ELAPSE8 shows comparable per‐ formance with SRA especially at lower number of MS, the number of MS in a subgroup has to

Finally, Table 3 summarizes the main characteristics of the rekeying algorithms which have

**Unicast Messages Join Leave**

) + 1 *O*(

) + 1 *O*(

*<sup>n</sup>* ) <sup>+</sup> <sup>1</sup> *<sup>O</sup>*( *<sup>n</sup>*

*n* 4 ) −1

Key Management in Mobile WiMAX Networks

http://dx.doi.org/10.5772/56154

143

*n* 8 ) −1

log2 *<sup>n</sup>* ) −1

**Methods**

**Table 2.** Comparative analysis [25]

of MS in the cell.

ELAPSE4 *O*(

ELAPSE8 *O*(

be defined in advance and neither it is dynamic.

been highlighted in this chapter.

SAR *<sup>O</sup>*( *<sup>n</sup>*

5

Figure 14 **Figure 14.** Linear linked list showing the creation of three subgroups

SG21

In the forthcoming, the SRA method is compared and analyzed against MBRA [3] and ELAPSE [21]. The MBRA unicasts n messages to all current MSs as well as new MS upon member joining, and upon member leaving, it unicasts n-1 messages (since 1 MS leaves the cell). As mentioned earlier, ELAPSE creates a permanent number of subgroups, therefore when the number of MS in a cell grows, the number of transmitted unicast messages increases likewise. The entire number of transmitted unicast messages in ELAPSE is (n/N); in fact, it is (n/N)+1 for member joining and (n/N)-1 for member leaving. In SRA, the number of MS in each subgroup is n/log(n,2), and therefore the number of unicast messages is likewise n/(log(n,2)) on member joining/leaving. The comparison among the MBRA, ELAPSE and SAR is shown in Table 2, where ELAPSE4 means four subgroups, and ELAPSE8 means 8 subgroups.


**Table 2.** Comparative analysis [25]

5

5

® *SG*<sup>11</sup> & :{ , , , } 1 11 *KEK BS MS newMS GTEK SGKEK SGKEK SGKEK* (16)

If the number of MS is 11 or less, they join three subgroups (Figure 12), but if they exceed 11, one new subgroup must be added. The procedure to add a new subgroup is similar to our explanation for Figure 12. Here, SG2 divides into two subgroups i.e. SG21 and SG22. The entire number of MSs in each subgroup is labeled in '#MS' field of Figure 13, when the 12th MS enters


GTEK

GTEK


(a) Linear linked


(a) Linear linked





**Figure 14.** Linear linked list showing the creation of three subgroups

every MS in SG2b to update the group keys.

**Figure 13.** Linear linked list showing the creation of four subgroups

2 SGKEK21 2 SGKEK22

2 SGKEK21 2 SGKEK22

SG21

SG21


Figure 12

GTEK SG1 SG2 - SGKEK 1 SGKEK1 2 SGKEK2

Figure 11

Figure 13

Suppose a few MSs leave a cell, the total number of MS will decrease. As a result, the number of subgroups based on log(n,2) should decrease as well. When the number of MS drops to less than 12, SG21 and SG22 combine together into one subgroup, i.e. SG2b. Next, the whole MSs in SG21 and SG22 add into SG2b. When the number of MS stands at 11 the subgroups that exist becomes as shown in Figure 14. The BS unicasts message (18) including 3 new group keys to

SG22

SG2

Figure 12

Figure 14

Figure 13

Figure 14

In the forthcoming, the SRA method is compared and analyzed against MBRA [3] and ELAPSE [21]. The MBRA unicasts n messages to all current MSs as well as new MS upon member joining, and upon member leaving, it unicasts n-1 messages (since 1 MS leaves the cell). As mentioned earlier, ELAPSE creates a permanent number of subgroups, therefore when the number of MS in a cell grows, the number of transmitted unicast messages increases likewise. The entire number of transmitted unicast messages in ELAPSE is (n/N); in fact, it is (n/N)+1

SG2b

SG2b

2 2 ® :{ , , } *SG b b KEK BS MS GTEK SGKEK SGKEK* (18)

SG22

Figure 11

Figure 10

GTEK SG1 SG2 - SGKEK 1 SGKEK1 2 SGKEK2

list structure (b) Complete binary

Figure 9

#MS Group-key L1 L2

Figure 10

#MS Group-key L1 L2

Figure 9

list structure (b) Complete binary

SG

SG

 SG **-**

tree structure

into the BS coverage area.

GTEK

GTEK

142 Selected Topics in WiMAX

GTEK

GTEK

GTEK

GTEK

<sup>12</sup> 1 12 ® :{ , , , } *SG KEK BS MS GTEK SGKEK SGKEK SGKEK* (17)

 SG **-**

tree structure

SG2

SG11 SG12

SG12

1 SGKEK11 2 SGKEK12

SG11 SG12

SG12

1 SGKEK11 2 SGKEK12

SG11

3 SGKEK11 3 SGKEK12

SG11

3 SGKEK11 3 SGKEK12

4 SGKEK11 4 SGKEK12

SG11 SG12

SG11 SG12

4 SGKEK11 4 SGKEK12

Figure 15a & b show the comparison among the rekeying algorithms in terms of unicast messages. Here, y-axis represents the number of unicast messages, and x-axis is the number of MS. As shown in Figure 15a, in the MBRA, the number of unicast messages increase with growing number of MS, and clearly it does not address the question of scalability. Figure 15b shows the analysis among the tree-based rekeying algorithms only. This is also the case with ELAPSE, where the number of unicast messages increases with the number of MS in each subgroup. On the other hand, in SRA the number of unicast messages is less than in ELAPSE, which means that it provides a good scalability even at high number of MS.

Figure 16 shows a magnified view of Figure 15, for the number of MS between 200 to 400 in Figure 16a, and 500 to 700 in Figure 16b, respectively. It is clear from the Figure that in SRA method, as the number of MS increases the number of transmitted unicast messages increases with a much lesser degree than for ELAPSE. In other words, the difference between the number of unicast messages between SRA and ELAPSE widens. For example, when there are 400 MSs (Figure 16a), the difference between the number of transmitted unicast messages in the SRA and ELAPSE8 is around 5, but when there are 700 MSs (Figure 16b), this difference is around 10. This shows that SRA method has a good scalability performance especially at high number of MS in the cell.

Figure 17 depicts a summarised comparison between SRA and ELAPSE. Clearly, SRA reduces the number of unicast messages upon implementing rekeying algorithm, and therefore it has better scalability compared with ELAPSE. Even though ELAPSE8 shows comparable per‐ formance with SRA especially at lower number of MS, the number of MS in a subgroup has to be defined in advance and neither it is dynamic.

Finally, Table 3 summarizes the main characteristics of the rekeying algorithms which have been highlighted in this chapter.

 **Figure 15.** Unicast messages


**Figure 17.** Unicast messages in ELAPSE and SRA
