Join Protocol. We assume the group has members: . The new member initiates the protocol by broadcasting a join request message that contains its own bkey . This message is distinct from any JOIN messages generated by the underlying group communication system, although, in practice, the two might be combined for efficiency’s sake. Each current member receives this message and determines the insertion point in the tree. The insertion point is the shallowest rightmost node, where the join does not increase the height of the key tree. Otherwise, if the key tree is fully balanced, the new member joins to the root node. The sponsor is the rightmost leaf in the subtree rooted at the insertion node. Next, each member creates a new intermediate node and a new member node, and promotes the new intermediate node to be the parent of both the insertion node and the new member node. After updating the tree, all members, except the sponsor, block. The sponsor proceeds to update its share and compute the new group key; it can do this since it knows all necessary bkeys. Next, the sponsor broadcasts the new tree which contains all bkeys. All other members update their trees accordingly and compute the new group key (see Proposition 2). It might appear wasteful to broadcast the entire tree to all members, since they already know most of the bkeys. However, since the sponsor needs to send a broadcast message to the group anyhow, it might as well include more information which is useful to the new member, thus saving one unicast message to the new member (which would have to contain the entire tree). Figure 3 shows an example of member joining a group where the sponsor ( ) performs the following actions:
1. renames node to
Step 1: The new member broadcasts request for join.
Step 2: Every member update key tree by adding new member node and new intermediate node, removes all keys and bkeys from the leaf node related to the sponsor to the root node. The sponsor additionally generates new share and computes all [ ] pairs on the key-path, broadcasts updated tree including only bkeys. Step 3: Every member computes the group key using .
Join Protocol. <0,0> New Intermediate Node <1,0> <1,1> New Member <2,0> M1 M2 X0 X0 Xxxx X0 Xxxx X0 <0,0> <1,0> <2,0> <2,1> <1,1> M3 Sponsor M1 M2
Join Protocol. The group has n members, {M1,..,Mn}. Every member in current group knows the existing key tree. The new member Mn+1 wishes to join the group by detecting the maximum signal strength of current group member to be as director in order to communicate in one hop and shortest distance. Later the new member sends, JOIN_MESSAGE, request message to director. The director refreshes the own session random key, computes keys and blinded keys of intermediate nodes up to the root node, and sends the existing key tree with its new session random key to new member. The insertion point of new member on key tree will be new root node of key tree because the new member can computed the information of new key tree with the lowest computation cost. The new member needs to compute only the blinded key at the new root node. Later, the new member updates existing key tree in accordance with creates a new root node and a new member node. Next, the new member selects session random key (i.e., secret key) and computes keys and blinded keys going up to the root. The blinded key of new member Mn+1 is BKn+1 = sn+1 βr βn+1 s-1 where βr is existing publish braid word at root node that the new member can find in existing key tree information. The new member broadcasts the new key tree containing only blinded keys to all other members. Finally all other members compute the new group key. This join protocol provides backward secrecy since director updated session random key that knowledge of a new member is unable to compute old group keys. Figure 3.4 shows situation before new member joins. After that, the Figure 3.5 shows an example of M4 joining a group where director as M2. This instance, it means that the M2 is nearest with M4 . The conclusion of join protocol is illustrated as follows:
Step 1: The new member detects the maximum signal strength of current group members as director and sends JOIN_MESSAGE request message to join the group. After the director received the request message, it selected its new session random key, computes keys and blinded keys, and sends the existing key tree to new member.
Step 2: The new member selected its session random key, updates key tree, computes keys and blinded keys, and broadcasts the new key tree containing the only all blinded key. Step 3: Each member computes the secret group key.
2 1 [1,0] [1,1] BK[1,1] = s3β -1 [0,0] 3 K[1,1] = s3 [2,0] M1 director -1 [2,1] M2 BK[2,1] = s β[1,0] s-1 K[2,1] = s2 [2,0] = s1 β[1,0] s1 K[2,0] =s1
Join Protocol. Assume that the group has n members . The new member Mn+1 initiate the protocol by broadcasting a join request message that contains its own public key and the ip address. Each current member receives this message and determines the insertion point in Each group member contributes an equal share to the group key. The key is computed as a function of all current group members’ shares. Each share is secret (private to each group member) and is never revealed. After every membership change, all remaining members independently update the key tree structure. This protocol also requires each member to know all public keys in the entire key tree. As part of the protocol, a group member can take on a special sponsor role, which involves computing keys and broadcasting to the group. Each broadcasted message contains the sender’s view of the key tree, which contains each Public key known to the sender. Any member in the group can take on this responsibility, depending on the type of membership event. This makes the handling of future membership changes more efficient and robust. the tree. The insertion point is based on its ip address. The sponsor is the node at which the new member joins or the sibling of the new node.
Join Protocol. The join protocol is initiated when a potential member sends a valid join message to a sponsor member. The authentication server generates a ‘joining tag’ for new member 𝑁𝑗, as shown below. After receiving a valid join tag, 𝑁𝑗 multicasts the join request 𝐸𝑌(𝑛𝑗) 𝖣 𝑌 = {��𝑖} ), and the protocol proceeds as follows:
1. 𝑁𝑗 → (𝑋𝑁 − 𝑁𝑖+1): 𝐸𝑌 (𝑠𝑖𝑔(𝑛𝑗)) 𝖣 𝑌 = {𝑁𝑖} 𝐺 𝐺
2. ∀(𝑋𝑁 − 𝑁𝑖+1) ⊢ 𝐾𝑛𝑒𝑤 = 𝐻𝑎𝑠ℎ(𝐾𝑐𝑢𝑟𝑟𝑒𝑛𝑡, 𝑛𝑖) 𝐺
3. 𝑁𝑖 → 𝑁𝑗: 𝐸𝑌(𝐾𝑛𝑒𝑤) 𝖣 𝑌 = {𝑁𝑗} 𝐺
4. 𝑁��−1 → 𝑁𝑖+1: 𝐸𝑐𝑢𝑟𝑟𝑒𝑛𝑡 (𝑛𝑖) 𝐺 𝐺
5. 𝑁𝑗 ⊢ 𝐾𝑛𝑒𝑤 = 𝐻𝑎𝑠ℎ(𝐾𝑐𝑢𝑟𝑟𝑒𝑛𝑡, 𝑛𝑖)
1) In first step 𝑁𝑗 multicasts the join message encrypted with multicasting key 𝐾𝑌 derived from 𝑁𝑖 ’s secret nonce, which infers that all group members excluding 𝑁𝑖+1 receive 𝑛𝑗 . All
2) All group members, excluding 𝑁𝑗 and 𝑁𝑖+1, generate a new group key and update their state vectors by adding the secret of the new member 𝑁𝑗.
3) The sponsor node 𝑁𝑖 shares the new group key with the joining member 𝑁𝑗. At this point, the newly joining member 𝑁𝑗 can decrypt the first half of the join ticket to acquire
4) In parallel with message 3, the member 𝑁𝑖−1 shares the nonce of the sponsor node with member 𝑁𝑖+1. This sharing breaks the logical link between the sponsor member and 𝑁𝑖+1 and established a new logical connection between 𝑁𝑗 and 𝑁𝑖+1. 5) Finally, after receiving 𝑛𝑗, the member 𝑁𝑖+1 also generates a group key. 𝐸𝐺(Xx)||𝐸𝑌 (��𝑖𝑔(𝑛𝑗)) 𝖣 𝑌 = {𝑁𝑖} A valid joining tag consists of two parts. The first part 𝐸𝐺(Xx) is destined for new member 𝑁𝑗 only, whereas the second half 𝐸𝑌 (𝑠𝑖��(𝑛𝑗)) 𝖣 𝑌 = {𝑁𝑖} is used by new member 𝑁𝑗 to initiate the join protocol. Due to the encryption with unknown keys, the contents of the tag are hidden from the 𝐺 requesting member 𝑁𝑗 . The first half is encrypted with the updated group key 𝐾𝐺 = 𝐻𝑎𝑠ℎ(𝐾𝑐𝑢𝑟𝑟𝑒𝑛𝑡, 𝑛𝑖), where 𝑛𝑖 is the secret nonce of the current sponsor member of the group, which is the new member, who intends to join. This part of the tag consists of the vector state for member 𝑁𝑗 , as the state is encrypted with the updated group key 𝐾 , and the requesting We consider a group of three members, as shown in Figure 4, where 𝑁3 is the sponsor member and 𝑁4 sends a valid join request 𝐸𝑌(𝑠𝑖𝑔(𝑛4)) 𝖣 𝑌 = {𝑁3}, which infers that only 𝑁2 and 𝑁3 can decrypt the message using 𝐾𝑌 = 𝑓({𝑁3}) . For the given example the join protocol proceeds...
Join Protocol. In the proposed scheme, we assume that each new member have already contacted a private key generator in order to get his private key. When the new member needs to join a group, he can send a request to join message to the group. This message contains the new member’s public key. Every member can compute a new group public key. From subsection 4.2.1, the setup phase, this example continues with the scenario when user named “Delta” needs to join the group as shown in the following. For Delta:
1) The private key generator encodes Delta’s identity IDD into a braid in group g4, then divides this braid into left and right braids; g4l and g4r
2) The private key generator prepares private keys SK1D and SK2D for Delta where SK1D = z1g4lz2 and SK2D = z4g4rz3 For Group: The group public key PKABCD = (g1) (g2) (g3) (g4) The total communication messages for join protocol are two unicast messages and one multicast message; these two unicast messages for obtaining a private key from private key generator, and one multicast message for sending a join request. The total computation cost are three serial numbers of braid group multiplication (one for generate new public group key and two for generate private keys for new member), and one encoding operation to convert identity into braid. The multiple join occurs when any m users want to join a group simultaneously. In this case the total communication messages are 2m unicast messages and m multicast messages, and the total computation cost is 2m+1 serial numbers of braid group multiplication, and m encoding operation.
Join Protocol. NLGK = (xK)Rjj x−1 P = i=Y1,i xKli Rjj P, The main security requirement of the member addition is the secrecy of the previous group key with respect to outsider and new group members. Klj where xK is the previous group key.
Join Protocol. The current group has n members, the new member is identified with Mn+1. The tree will be updated by incrementing n = n + 1 and adding a new internal node INn with two children: the root node INn−1 of the prior tree Ti on the left and the new leaf node LNn on the right. This node becomes the new root node. Figure 2.11 gives an example of addition of a new member to a group with four members. For simplicity, it uses n in the following to denote the number of group members before operation join. To deal with the join operation, the member Mn is chosen as the sponsor. The new member Mn+1 broadcasts a join request containing its own blinded key bkn+1. All members Mi with 1 ≤ i ≤ n can compute the new group key. The sponsor unicasts all blinded keys to Mn+1. Equipped with this message the new member can also compute the new group key. However this join protocol does not provide key independence since knowledge of a previous group key can be used to compute the new group key. To remedy the situation, they suggest that the sponsor updates its session random. The changed information will then be broadcasted to all members. The process is illustrated as follows: random brn+1.
1) The new member broadcasts its own blinded session
2) The sponsor Ms(s = n) updates its session random ss and brs, computes new kn, bkn, and broadcasts the updated tree with all blinded keys and blinded session random.
3) Every member Mi updates the tree by inserting Mn+1, sets n = n + 1, and computes the keys: • if i = 1, · · · , n − 2, computes k = brkj-1 for j = n − 1, • if i = n (new member), computes k = bksn , • if i = s (sponsor), computes k = brkn-1 .
Join Protocol. To handle a join event, a group controller is needed. It can be any member in the group. The group controller has usually higher performance capability than other members. Let Mc be the group controller, and let Mi+1 be the potential member. In first step, Xx chooses a new random secret exponent Sc. The message will be sent by Mc to the new member Mi+1. Mi+1 generates randomly its secret Si+1 and embeds Si+1 in the message which it then broadcasts to all members in group. After running join protocol, all members compute the new group key.
Join Protocol. We assume the group has n members: {M1, . . . , Mn}. The new member Mn+1 initiates the protocol by broadcasting a join request message that contains its own bkey BK(0,0). This message is distinct from any JOIN messages generated by the underlying group communication system, although, in practice, the two might be combined for efficiency’s sake.
Step 1: The new member broadcasts request for join BK(0,0)=αrn+1 Mn+1 Step 2: Every member − − − − − − −→ C = {M1, . . . , Mn} • update key tree by adding new member node and new intermediate node, • removes all keys and bkeys from the leaf node related to the sponsor to the root node, The sponsor Ms additionally • broadcasts updated tree T^s including only bkeys. • generates new share and computes all [key, bkey] pairs on the key path, C ∪ {Mn+1} = {M1, . . . , Mn+1} T (BK∗) Ms ^s s ←− − − − − − − Step 3: Every member computes the group key using T^s
