Home Energy Management Systems (HEMS) contain devices of multiple manufacturers. Also, a large number of groups of devices must be managed according to several clustering situations. Hence, since it is necessary to establish a common secret group key among group members, the group key management scheme of IEEE 802.21 is used. However, no security verification result by formal methods is known. In this paper, we give the first formal verification result of secrecy and authenticity of the group key management scheme of IEEE 802.21 against insider and outsider attacks using ProVerif, which is an automatic verification tool for cryptographic protocols. As a result, we clarify that a spoofing attack by an insider and a replay attack by an outsider are found for the basic scheme, but these attacks can be prevented by using the scheme with the digital signature option.

A multicast content service, including numerous devices, requires an efficient group key management scheme as one of its core components. The purpose of group key management is to provide a secure key-sharing scheme among the members of a group so that messages transmitted via broadcasting or multicasting are not exposed to non-members. The Chinese Remaindering Group Key (CRGK) is an efficient group key management scheme based on the Chinese Remainder Theorem (CRT). It optimizes the number of re-key messages, the user-side key computation cost, and the number of stored keys. However, CRGK is not fit for a group with a large number of members because of the high computation complexity of the CRT. In this paper, we propose a Hierarchical CRGK (HCRGK) scheme that supports a group with a large number of members. We improved CRGK by adopting it to include an n-ary tree structure. The tree approach simplifies the group key management by distributing the group key computation to subgroups. Our scheme requires at most (log m N + 1) re-key messages for a group with N members and a short computation time even when the group is very large.

Scalability is one of the most important requirements for secure multicast in a multi-group environment. In this study, we propose a decentralized multi-group key management scheme that allows each multicast group sender to control the access to its group communication independently. Scalability is enhanced by local rekeying and inter-working among different subgroups. The group key secrecy and backward/forward secrecy are also guaranteed.

Efficient group rekeying is an important issue for secure group communications. Most of the proposed group rekeying methods require expensive encryption and decryption operations to rekey the group. However, in a model where a trusted server is used to distribute group keys, the trusted server may become a bottleneck because of the expensive computation operations, such as encryption, that it has to perform. In this paper, we propose a new stateless group rekeying scheme to solve the multicast group rekeying problem. In our proposed scheme, the trusted server combines mask-based key-location hiding with the simple XOR-encryption using secret hash values to rekey the group. Without affecting the system security, our approach reduces the processing cost of the trusted server by eliminating the need to encrypt the group key. Moreover, to acquire the group key, the computational cost of the group members is low and stable regardless of the rekeying message size.

We propose receiver authentication and group key delivery protocol (AKDP) to realize secure multicast communication. AKDP provides three principal functions: 1) group key delivery for data confidentiality, 2) receiver access control to cope with denial of service and 3) receiver authentication for user accounting. AKDP has a negotiation function to choose and offer only those functions required by the situation. We evaluate the feasibility of AKDP by developing a prototype system and show that total communication time is acceptable (i.e. 406 ms). We also show that the negotiation function of AKDP reduces total communication time because unnecessary functions can be skipped. We demonstrate that the negotiation function reduces the total communication time by 52% if user accounting is not executed. We also find that the scalability of group control and key server is not insignificant if multiple receivers access it simultaneously; however, we also propose a secure multicast architecture that can accommodate multiple servers and so guarantee scalability.

Recently, with the explosive growth of communication technologies, group oriented services such as teleconferencing and multi-player games are increasing. Access to information is controlled through secret communication using a group key shared among members, so efficient updating of group keys is vital to maintaining secrecy of large and dynamic groups. In this paper, we employ (2,4)-tree as a key tree, which is a height balanced tree, to reduce the number of key updates caused by joins or leaves of members. Specifically, we use the CBT (Core Based Tree) to determine the network configuration of the group members to reflect that onto the structure of the key tree. This allows for more efficient updates of group keys when splitting or merging of subgroups occurs by network failure or recovery.