Join Protocol. We assume the group has members: . The new member initiates the protocol by broadcasting a join request message that contains its own bkey . This message is distinct from any JOIN messages generated by the underlying group communication system, although, in practice, the two might be combined for efficiency’s sake. Each current member receives this message and determines the insertion point in the tree. The insertion point is the shallowest rightmost node, where the join does not increase the height of the key tree. Otherwise, if the key tree is fully balanced, the new member joins to the root node. The sponsor is the rightmost leaf in the subtree rooted at the insertion node. Next, each member creates a new intermediate node and a new member node, and promotes the new intermediate node to be the parent of both the insertion node and the new member node. After updating the tree, all members, except the sponsor, block. The sponsor proceeds to update its share and compute the new group key; it can do this since it knows all necessary bkeys. Next, the sponsor broadcasts the new tree which contains all bkeys. All other members update their trees accordingly and compute the new group key (see Proposition 2). It might appear wasteful to broadcast the entire tree to all members, since they already know most of the bkeys. However, since the sponsor needs to send a broadcast message to the group anyhow, it might as well include more information which is useful to the new member, thus saving one unicast message to the new member (which would have to contain the entire tree). Figure 3 shows an example of member joining a group where the sponsor ( ) performs the following actions:
Join Protocol. <0,0> New Intermediate Node <1,0> <1,1> New Member <2,0> M1 <2,1> M2 <2,2> <2,3> X0 X0 Xxxx X0 Xxxx X0 <0,0> <1,0> <2,0> <2,1> <1,1> M3 Sponsor M1 M2
Join Protocol. The group has n members, {M1,..,Mn}. Every member in current group knows the existing key tree. The new member Mn+1 wishes to join the group by detecting the maximum signal strength of current group member to be as director in order to communicate in one hop and shortest distance. Later the new member sends, JOIN_MESSAGE, request message to director. The director refreshes the own session random key, computes keys and blinded keys of intermediate nodes up to the root node, and sends the existing key tree with its new session random key to new member. The insertion point of new member on key tree will be new root node of key tree because the new member can computed the information of new key tree with the lowest computation cost. The new member needs to compute only the blinded key at the new root node. Later, the new member updates existing key tree in accordance with creates a new root node and a new member node. Next, the new member selects session random key (i.e., secret key) and computes keys and blinded keys going up to the root. The blinded key of new member Mn+1 is BKn+1 = sn+1 βr βn+1 s-1 where βr is existing publish braid word at root node that the new n+1 member can find in existing key tree information. The new member broadcasts the new key tree containing only blinded keys to all other members. Finally all other members compute the new group key. This join protocol provides backward secrecy since director updated session random key that knowledge of a new member is unable to compute old group keys. Figure 3.4 shows situation before new member joins. After that, the Figure 3.5 shows an example of M4 joining a group where director as M2. This instance, it means that the M2 is nearest with M4 . The conclusion of join protocol is illustrated as follows:
Join Protocol. Assume that the group has n members . The new member Mn+1 initiate the protocol by broadcasting a join request message that contains its own public key and the ip address. Each current member receives this message and determines the insertion point in • Each group member contributes an equal share to the group key. The key is computed as a function of all current group members’ shares. • Each share is secret (private to each group member) and is never revealed. After every membership change, all remaining members independently update the key tree structure. This protocol also requires each member to know all public keys in the entire key tree. As part of the protocol, a group member can take on a special sponsor role, which involves computing keys and broadcasting to the group. Each broadcasted message contains the sender’s view of the key tree, which contains each Public key known to the sender. Any member in the group can take on this responsibility, depending on the type of membership event. This makes the handling of future membership changes more efficient and robust. the tree. The insertion point is based on its ip address. The sponsor is the node at which the new member joins or the sibling of the new node.
Join Protocol. The join protocol is initiated when a potential member sends a valid join message to a sponsor member. The authentication server generates a ‘joining tag’ for new member 𝑁𝑗, as shown below. After receiving a valid join tag, 𝑁𝑗 multicasts the join request 𝐸𝑌(𝑛𝑗) 𝖣 𝑌 = {��𝑖} ), and the protocol proceeds as follows:
Join Protocol. We assume the group has n members: {M1, . . . , Mn}. The new member Mn+1 initiates the protocol by broadcasting a join request message that contains its own bkey BK(0,0). This message is distinct from any JOIN messages generated by the underlying group communication system, although, in practice, the two might be combined for efficiency’s sake.
Join Protocol. In the proposed scheme, when a new member needs to join a group, he will send a request to join a group message containing his published braid to a director. The director can be anyone in the existing group members. After the director receives the join request message, he sends a sequence of published braids of all members to the new member. Then the new member computes his public key and sends it back to the director. The director can generate a new key tree including the new member’s public key and new public group key in the tree and then broadcasts this new key tree to all members. The insertion point of a new member in a key tree is at a new root node. From section 3.2, the setup phase, an example is continued with the scenario when user D needs to join the group as shown in Figure 3.3. User C as a director sends a sequence of published braids of all existing members gAgBgC to a new member. User D can compute his public key and then send it back to the director. The director can compute a new group key KABCD = KABC PKD KABC -1and a new public group key PKABCD. The new member can also compute the new public group key after getting an updated key tree but he cannot compute the previous group key KABC or KAB because he does not know each user’s private key. Thus the proposed scheme complies with the concept of backward secrecy. Next is an example of join protocol that continued from the setup phase as the following. For user D: D’s private key: σ19σ17 D’s published braids: σ18σ16 D’s public key: (σ19σ17) σ2σ2σ9σ6σ11σ14σ18σ16 (σ19σ17)-1
Join Protocol. In the proposed scheme, we assume that each new member have already contacted a private key generator in order to get his private key. When the new member needs to join a group, he can send a request to join message to the group. This message contains the new member’s public key. Every member can compute a new group public key. From subsection 4.2.1, the setup phase, this example continues with the scenario when user named “Delta” needs to join the group as shown in the following. For Delta:
Join Protocol. To handle a join event, a group controller is needed. It can be any member in the group. The group controller has usually higher performance capability than other members. Let Mc be the group controller, and let Mi+1 be the potential member. In first step, Xx chooses a new random secret exponent Sc. The message will be sent by Mc to the new member Mi+1. Mi+1 generates randomly its secret Si+1 and embeds Si+1 in the message which it then broadcasts to all members in group. After running join protocol, all members compute the new group key.
Join Protocol. The current group has n members, the new member is identified with Mn+1. The tree will be updated by incrementing n = n + 1 and adding a new internal node INn with two children: the root node INn−1 of the prior tree Ti on the left and the new leaf node LNn on the right. This node becomes the new root node. Figure 2.11 gives an example of addition of a new member to a group with four members. For simplicity, it uses n in the following to denote the number of group members before operation join. To deal with the join operation, the member Mn is chosen as the sponsor. The new member Mn+1 broadcasts a join request containing its own blinded key bkn+1. All members Mi with 1 ≤ i ≤ n can compute the new group key. The sponsor unicasts all blinded keys to Mn+1. Equipped with this message the new member can also compute the new group key. However this join protocol does not provide key independence since knowledge of a previous group key can be used to compute the new group key. To remedy the situation, they suggest that the sponsor updates its session random. The changed information will then be broadcasted to all members. The process is illustrated as follows: random brn+1.
