# INTRODUCTION very message under transformation ought to have security provided to it. So, for providing high security, we consider 2 issues namely (1) Message Confidentiality: Only the authenticated and intended user should read the message and (2) Message Authentication: The receiver should be assured that the sent message is from authenticated sender and the message is not altered in the middle. Here the work of KGS starts. It should provide a one-time session key to achieve the above 2 issues of key exchange. So, KGS distributes the secret key to all intended users with confidentiality and authentication. We can see from [5] the 2 types of key establishment protocols namely Key transfer protocols, Key agreement protocols. Apart from this the KGS helps in selecting the secret key and transport them to all communication entities secretly. These session keys are determined by all communication entities where the most commonly used is Diffie-Hellman (DH) key agreement protocol [12]. Public keys of the communication entities play a key role in this protocol. They are exchanged to fix the value of session key. As the public key itself does not provide authentication, uses a digital signature. But the only drawback is that this is on whole applicable only two 2 users but not to a group. The importance of group key is found here as everyone ought to have it. This group key management protocol can be of 2 categories. Centralize group key management protocols, where the whole group is managed by a Group Key generation. Distributed group key management, where each individual manages the generation of key rather than a group key distribution. Of the both key management protocols, we use Centralized group key management the most. It was proposed by Harney et al [15] which takes O(n) where n indicates the size of group participating in the generation of key id. In addition to this, to update this group key either adding or editing the users, we have hierarchical structure based group key protocols [10], [22], [27]. # II. # RELATED WORK We have Fiat and Naor [14] introducing a kresistant protocol. Using this security to about k users is provided with O(k log k log n) keys and server broadcasting O(k 2 log 2 k log n) messages per rekeying. EBS (Exclusion Basis System) proposed by Eltoweissy et al. [13] is a combinatorial formulation which helps users to switch between number of keys needed to be stored and number of messages to be transmitted. All this is for key updating so that solution to collusion is provided. In the previous days, this group generation management protocols involved the naturally generalized DH key agreement protocol. Many examples can be quoted like Ingemarsson et al. [18], Steer et al. [28], Burmester and Desmedt [9],and Steiner et al. [29] . Later, in 1990s, Steiner et al [29] came forward with extension of DH naming it as DH key exchange [29] and in 2001, name was changed to authentication services [6]. Later from 2006, there was a drastic advancement in this group key generations. In the very year of 2006, Bohli [8] proposed a framework for group key generation agreement which is intended to provide security opposing harming participators and active unauthenticated users at every point in the network. In 2007, Katz and Yung [19] proposed the first constantround and fully scalable group DH protocol which is provably secure in the standard model. Above all, the key feature of group DH is to generate a secret group key by a standardised group like KGS other than relying on members inside. The next advancement in providing security is identifying the intruders present inside the network. For that, Tzeng [31] provided a conference key agreement protocol with the assistance of discrete logarithm (DL). Each user in the group requires having nm power polynomials with n representing number of participants. Later,. in 2008, Cheng and Lain [11] modified Tseng"s conference key agreement protocol based on bilinear pairing. In2009, Huang et al. [16] proposed a no interactive protocol based on DL assumption to improve the efficiency of Tseng"s protocol. All the proposals made and developed till now are good. But one main problem is the time constraint. Since this key agreement involves all the communication entities, takes a lot of time for decision. So to reduce this, we have 2 different solutions. (1)All the communication entities assuming that there is an offline server active all the time and decides the secret key with this assumption. [4], [14], [25,][3]. (2) All the communication entities assuming that an online server is in active state. Of the two, the 1 st one is called key redistribution scheme. In this schema, offline users are provided with a secret piece of information created by a trusted group .But the backhand of this approach is that every server has to store a lot of secret keys and information. So we came to the 2 nd approach [20] . It"s working is almost similar to IEEE 802.11i standard [17] . Here, an online server votes for a group key and transmits to every group member. Even though they employ same methodology, there is a slight difference. Instead of encrypt in the group temporal key(GTK) by Key encryption key(KEK) and individually saying the secret key information to each user, here in this approach, the information of group key is also said to all user so that they can calculate their own secret keys. Lain et.al [20] in 1989 was the 1 st to come up with an algorithm in this approach making use of (t, n) .It consists of (k-1) members. We can also provide some papers in [2], [21], [25] with the same principle. Coming to our paper, we are able to make a solution to this problem by providing confidentiality and authentication. We also came forward separating the insider and outsider attacks. To achieve all the above, every user should have an account in KGS to access the group key transfer service and in turn to achieve a secret key. So, for all these transformations, we need a secret channel for message passing to all the communication entities. And also to transfer this selected group key, to all insiders of network, we need a separate and secret channel. This group key is confidential and no mathematical calculations are involved here but it is information theoretically secure. # III. # OBJECTIVE Having a look at its background, we should be acquainted with: Choose two large primes p and q and calculate a public n such that * n p q ? , which can be referred as quandary of factoring. Practically resolving the quandary of factoring is difficult. Even though Blakely [1] and Shamir [26] developed a solution for this, it is not so efficient. According to this scheme, a whole secret key is shared among all the communication entities so that each gets a share of t . With more or equal to t shares each can calculate their secret keys. But with less than t , computation is not possible. This is called ( , ) tnscheme. It in turn consists of 2 algorithms: a) Share Generation Algorithm: Dealer D first picks a polynomial f(x) of degree (t-1) randomly: April peer resource heterogeneity and security. In proposed protocol model, KGS undertakes the selection of optimized peers to participate in key generation and authenticates the peer integrity and eligibility to become part of the peer network by receiving group key. At the outset every member should register to the KGS which intern at registration selects peers with optimal resources to participate in key generation and provides those selected peers a confidential matter by which calculation of secret key is done and authenticity state of the every peer expecting to be part of the network. Then the selected peers generates group key and for each correct and authorised peer to receive group key, a checksum is appended with cipher text. All around the encryption algorithm provides this security. The confidentiality is achieved by secret sharing scheme proposed. For security, a general broadcast message is created and sent to all communication entities where its secrecy is maintained theoretically. (0) ii iA S f S ? ? ?? ? {} ( )(mod ), j i iA j A i ji x Sp xx ? ?? ? ? ? ? 1 { ,.... } Considering heterogeneity of the peer resources in key generation and security is the key factor in our paper. So the primary goal is to provide security. Some important goals formulated are: Selecting peers for key generation: Selecting peers that are optimized in terms of having resources to participate in key generation. Fixing the key generation peer group count : The proposed protocol selects set of peers such that all other peers can receive group key from selected peer in hop level. Key freshness : That is, the key should not be used before so that further problems may not arise. Key Confidentiality : It is the assurance that the secret information is accessed only by authorized group members. Key authentication : Providing authentication guarantees that generation and broadcasting of secret group key is done by KGS, a trusted organisation but not by any hackers. In spite of all these QoS and security issues, we have 2 more threats to be worked on a) Any hacker in person using the authenticated group user for his works done. b) Hackers modifying the messages in their way of transfer even before reaching the destination esp. KGS. IV. # PROPOSED PROTOCOL To overcome these, the proposed protocol has 3 remedial measures. a) Initialization of KGS. b) User registration c) Selecting optimal peers for Group key generation d) Group key generation and distribution. Initialization of KGS : In this primary step, KGS chooses optimal peers to participate in group key generation. Then KGC sends all random primes selected as shared checksums of the optimal peers to all peers participating in key generation. Then the peers selected for key generation compute n from shared checksums sent by KGC. This n is made public as stated in the proposed theory above in this paper. User Registration: Immediately after the KGS is initialized, it is ready to use and encourages the user registrations. It in turn keeps track of all the registered users and alerts optimal peers about unauthorised peers. Optimal peer selection for key generation : Since the heterogeneity of the peer computational resources has taken into consideration, our proposed model selects the optimal peers with eligible computational resource for group key generation. Group key generation and distribution : As the registration phase ends with the user requests to the KGS for authentication, it sends the shared checksums of the optimal peers to all optimal peers along with the credentials of eligible peers to optimal peers selected for group key generation. Then optimal peers randomly select the secret key t of the hop level requested user and send him the message which is unique to him. By this he can access the group key. All this transformations between the KGS and users is fallows. Step 1: KGS receives certificates and about computational resources from Group members to initiate the key generation. Step 2 : As the authentication, KGS responses by sending the broadcast messages to selected peers that are optimal in resources to participate in key generation. Step3 : As a note of agreement, optimal peers send a random challenge * in R ?? to KGS. Step 4 : KGS sends all random challenges as shared checksums of optimal nodes to all optimal nodes. Then optimal nodes generates group key k from these shared checksums received from GKS, and generates an interpolated polynomial () fxwith degree ' t to pass through ( 1) t ? points, (0, ) k and ( , ) Step 5: Every group member, i P , after knowing the shared secret, ( , ) i i i x y R ? , for1i i i x y R ? , and other optimal # April V. # RESULTS ANALYSIS The experiments were conducted by developing simulation model using MXML. We build a simulation network with hops count of 80. The simulation parameters described in table 1 The metrics to verify the performance of the proposed protocol are ? Data packet delivery ratio : It can be calculated as the ratio between the number of data packets that are sent by the source and the number of data packets that are received by the sink. ? Packet Delivery Fraction: It is the ratio of data packets delivered to the destinations to those generated by the sources. The PDF tells about the performance of a protocol that how successfully the packets have been delivered. Higher the value gives the better results. ? Average End To End Delay : Average end-to-end delay is an average end-to-end delay of data packets. Buffering during route discovery latency, queuing at interface queue, retransmission delays at the MAC and transfer times, may cause this delay. Once the time difference between packets sent and received was recorded, dividing the total time difference over the total number of CBR packets received gave the average end-to-end delay for the received packets. Lower the end to end delay better is the performance of the protocol. ? Packet Loss : It is defined as the difference between the number of packets sent by the source and received by the sink. In our results we have calculated packet loss at network layer as well as MAC layer. The routing protocol forwards the packet to destination if a valid route is known; otherwise it is buffered until a route is available. There are two cases when a packet is dropped: the buffer is full when the packet needs to be buffered and the time exceeds the limit when packet has been buffered. Lower is the packet loss better is the performance of the protocol. ? Routing Overhead : Routing overhead has been calculated at the MAC layer which is defined as the ratio of total number of routing packets to data packets. Figure 1(a) shows the Packet Delivery Ratio (PDR) for basic P2P, AGKTP[32] and HTAGKTP. Based on these results it is evident that HTAGKTP recovers most of the PDR loss that observed in AGKTP [32] against to basic P2P . The approximate PDR loss recovered by HTAGKTP over AGKTP[32] is 1.5%, which is an average of all pauses. The minimum individual recovery observed is 0.18% and maximum is 2.5%. The packet delivery fraction (PDF) can be expressed as: MAC load overhead is slightly more in HTAGKTP over AGKTP [32]. We can observe this in Figure 1(d), which is because of additional control packet exchange in HTAGKTP for neighbour hop validation through certificate exchange. The average MAC load overhead in HTAGKTP over AGKTP[32] 1.64%. The minimum and maximum MAC load overhead observed is 0.81 and 3.24% respectively. In all these evaluation strategies the results derived for basic P2P are interesting. In all metrics except path optimality, basic P2P performed well since it is not considering any security issue as routing parameter, and it is delivering better QOS under no security threat in routing assumption, which is not true in real time practices. In path optimality validation among three considered protocols basic P2P stands last because it is not considering any security constraints, hence identifies unstable paths. # VI. # CONCLUSION Tight security mechanisms are needed to allow secure communication among the group members. Thus, a communication session must have security services to provide authentication, integrity, and confidentiality. Group Key (GK) is the primary and key part of the safe group communication. The performance of GK generation process, which is required for secure communication, may degrade due to less performing members. Thus, the generation process must be done is a more precise way but filtering less performing members. Many changes are occurring in the recent years as increase in usage of mobile computers, network clusters communication with standard servers. Apart from this, heterogeneity and distributed computer environment became common in the current internet world. Thus, GK management system must consider various parameters, differences and environments involved in the communication. These considerations as the basis, the effectiveness of HTAGKTP protocol in comparison to AGKTP [32] is proved. This protocol improves the efficiency by considering the parameters effecting the performance i.e. computational delay and network latency. Thus, this research is aimed at and thus proved that GKGP is more efficient and maximizes the applicability of communication. ![is the fraction of successfully delivered packets, ? c is the total number of flow or connections, ? f is the unique flow id serving as index, ? f R is the count of packets received from flow f ? f N is the count of packets transmitted to flow f .](image-2.png "P") 1![Figure1(c) confirms that HTAGKTP is having fewer packets overhead over AGKTP[32]. Due to stable paths with no compromised or victimized nodes determined by HTAGKTP this advantage become possible. The Packet overhead observed in AGKTP[32] is average 5.29% more than packet overhead observed in HTAGKTP. The minimum and maximum packet overhead in AGKTP[32] over HTAGKTP observed is 3.61% and 7.29% respectively.MAC load overhead is slightly more in HTAGKTP over AGKTP[32]. We can observe this in Figure1(d), which is because of additional control packet exchange in HTAGKTP for neighbour hop validation through certificate exchange. The average MAC load overhead in HTAGKTP over AGKTP[32] 1.64%. The minimum and maximum MAC load overhead observed is 0.81 and 3.24% respectively.In all these evaluation strategies the results derived for basic P2P are interesting. In all metrics except path optimality, basic P2P performed well since it is not considering any security issue as routing parameter, and it is delivering better QOS under no security threat in routing assumption, which is not true in real time practices. In path optimality validation among three considered protocols basic P2P stands last because it is not considering any security constraints, hence identifies unstable paths.](image-3.png "Figure 1 (") ? Tunnelling? The protection against tunnelling attack is theadvantage of the HTAGKTP over AGKTP[32].Number of nodes Range80Dimensions of space1500 m × 300 mNominal radio range250 mSource-destination pairs20Source data pattern (each)4 packets/secondApplication data payload size512 bytes/packetTotal application data load range128 to 512 kbpsRaw physical link bandwidth2 MbpsInitial ROUTE REQUEST timeout2 secondsMaximum ROUTE REQUEST40 secondstimeoutCache size32 routesCache replacement policyFIFOHash length80 bitscertificate life time2 sec? Rushing attack ? Denial of serviceTable1: Simulation parameters that we considered for experimentsProposedRoutingProtectsProtectsProtectsProtectsprotocolsstrategyfromfromfrom RoutingfromRushingDenial oftableTunnelingattackservicemodificationAGKTP[32]P2pYesYesNoNoHTAGKTPP2pYesYesYesYes 2 Heterogeneous Tree Based Authenticated Group Key Transfer Protocolpeers HTAGKTP in Path optimality. HTAGKTP used average i OP for 1,...,| | i OP ? , on () fx P able to i compute the polynomial () 0.019 hops longer than in AGKTP[32] because of the fxand recover the group key and then i hop level certification validation process of the P computes hash value from k and HTAGKTP that eliminates nodes with invalidatei OP for certificate. Here slight advantage of AGKTP[32] over 1, 2,3,.... ' it ? then compares with auth for validity. HTAGKTP can be observable.2012AprilFigure 1(b) indicates AGKTP[32] advantage over © 2012 Global Journals Inc. (US) © 2012 Global Journals Inc. (US) © 2012 Global Journals Inc. (US) Global Journal of Computer Science and Technology Volume XII Issue VII Version I * Safeguarding Cryptographic Keys GRBlakley Proc. Am. Federation of Information Processing Soc. (AFIPS "79) Nat"l Computer Conf Am. Federation of Information essing Soc. (AFIPS "79) Nat"l Computer Conf 1979 48 * How to Broadcast a Secret SBerkovits Proc. Eurocrypt "91 Workshop Advances in Cryptology Eurocrypt "91 Workshop Advances in Cryptology 1991 * An Optimal Class of Symmetric Key Generation Systems RBlom Proc. Eurocrypt "84 Workshop Advances in Cryptology Eurocrypt "84 Workshop Advances in Cryptology 1984 * Perfectly Secure Key Distribution for Dynamic Conferences CBlundo ASantis AHerzberg SKutten UVaccaro MYung Information and Computation 146 1 Oct. 1998 * On Key Agreement and Conference Key Agreement CBoyd Proc. Second Australasian Conf. Information Security and Privacy (ACISP "97) Second Australasian Conf. Information Security and Privacy (ACISP "97) 1997 * Provably Authenticated Group Diffie-Hellman Key Exchange EBresson OChevassut DPointcheval J.-JQuisquater Proc. ACM Conf. Computer and Comm. Security (CCS "01) ACM Conf. Computer and Comm. Security (CCS "01) 2001 * Computer Science and Technology Volume XII Issue VII Version I 30 © Global Journals Inc 2012 US * A Framework for Robust Group Key Agreement MBohli Proc. Int'l Conf. Computational Science and Applications (ICCSA '06) Int'l Conf. Computational Science and Applications (ICCSA '06) April. 2006 Heterogeneous Tree Based Authenticated Group Key Transfer Protocol * A Secure and Efficient Conference Key Distribution System MBurmester YGDesmedt Proc. Eurocrypt '94 Workshop Advances in Cryptology Eurocrypt '94 Workshop Advances in Cryptology 1994 * Multicast Security: A Taxonomy and Some Efficient Constructions RCanetti JGaray GItkis DMicciancio MNaor BPinkas Proc. IEEE INFOCOM '99 IEEE INFOCOM '99 1999 2 * Conference Key Agreement Protocol with Non Interactive Fault-Tolerance Over Broadcast Network JCCheng CSLaih Int'l J. Information Security 8 1 2009 * New Directions in Cryptography WDiffie MEHellman IEEE Trans. Information Theory 22 6 Nov. 1976 * Combinatorial Optimization of Group Key Management MEltoweissy MHHeydari LMorales IHSudborough J. Network and Systems Management 12 1 2004 * Broadcast Encryption AFiat MNaor Proc. 13th Ann. Int'l Cryptology Conf. Advances in Cryptology (Crypto '93) 13th Ann. Int'l Cryptology Conf. Advances in Cryptology (Crypto '93) 1994 * Group Key Management Protocol (GKMP) Architecture HHarney CMuckenhirn TRivers RFC 2094 July 1997 * A Conference Key Agreement Protocol with Fault-Tolerant Capability KHHuang YFChung HHLee FLai TSChen Computer Standards and Interfaces 31 Jan. 2009 * IEEE 802.11i-2004 Medium Access Control (MAC) Security Enhancements 2004 6 * A Conference Key Distribution System IIngemarsson DTTang CKWong IEEE Trans. Information Theory 28 5 Sept. 1982 * Scalable Protocols for Authenticated Group Key Exchange JKatz MYung J. Cryptology 20 2007 * A New Threshold Scheme and Its Application in Designing the Conference Key Distribution Cryptosystem CLain JLee LHarn Information Processing Letters 32 1989 * Conference Key Agreement from Secret Sharing CHLi JPieprzyk Proc. Fourth Australasian Conf. Information Security and Privacy (ACISP '99) Fourth Australasian Conf. Information Security and Privacy (ACISP '99) 1999 * Elk, A New Protocol for Efficient Large-Group Key Distribution APerrig DSong JDTygar Proc. IEEE Symp. Security and Privacy IEEE Symp. Security and Privacy 2001 * Generation of Key Predistribution Schemes Using Secret Sharing Schemes GSaze Discrete Applied Math 128 2003 * How to Share a Secret AShamir Comm. ACM 22 11 1979 * Key Establishment in Large Dynamic Groups Using One-Way Function Trees ATSherman DAMcgrew IEEE Trans. Software Eng 29 5 May 2003 * A Secure Audio Teleconference System DGSteer LStrawczynski WDiffie MJWiener Proc. Eighth Ann. Int'l Cryptology Conf. Advances in Cryptology (Crypto '88) Eighth Ann. Int'l Cryptology Conf. Advances in Cryptology (Crypto '88) 1988 * Diffie-Hellman Key Distribution Extended to Group Communication MSteiner GTsudik MWaidner Proc. Third ACM Conf. Computer and Comm. Security (CCS '96) Third ACM Conf. Computer and Comm. Security (CCS '96) 1996 * DRStinson Cryptography Theory and Practice CRC Press 2002 second ed. * A Secure Fault-Tolerant Conference Key Agreement Protocol WGTzeng IEEE Trans. Computers 51 4 Apr. 2002 * Authenticated Group Key Transfer Protocol Based on Secret Sharing LHarn Changlu Lin 10.1109/TC.2010.40 IEEE Transactions on 59 6 June 2010 Computers