Description:Field of Invention
Now a day’s encryption plays a crucial role for maintenance of secret data, High-Profile data and sensitive business information. To maintain integrity and confidentiality up to a specific range, an enterprise needs many number of encryption tools and thus requires many number of keys for these encryptions. Keys used for encryption are most confidential. So, the keys must be protected in a secure manner. In cryptographic system, key management consists of creation, distribution, storage, exchange of keys. It also consists of policies, procedures, guidelines, protocols design, key server, policy standards, algorithms that provides coordination between the elements of a system, group management, system framework, peer-to-peer communication etc. There are many number of challenges faced by key management for secure and efficient cryptographic algorithms. Most of the cyber security applications such as defense systems, multimedia transmission, distributed computing etc needs authentication of peers, reduction of key change cost, reduction of storage cost for keying operation, reduces encryption and decryption cost and transfer of information over the network etc. To satisfy these challenges a novel cryptographic key management schemes are developed.
Background of the Invention
Cryptographic keys are backbone of any cryptographic system. Level of security of any cryptographic system is mostly dependent on the management of cryptographic keys. The main challenge of key management is not the key storage and encryption but actual challenge is to manage the whole key life cycle efficiently (US8204231B2). Primarily, cryptographic systems are classified into two types. 1. Symmetric Key cryptographic systems and 2. Asymmetric key cryptographic systems. In Symmetric Key cryptography, both parties use common key for encryption as well as for decryption. In asymmetric key cryptography, each participant has two keys namely Public Key and Private Key. Both Keys are mathematically related with each other and out of these two keys, one key is used for encryption and other one is used for decryption. Group Key is a special type of Symmetric Key where each member of the group uses same key. To pass the common information to group members, information is encrypted with common key and it is sent to the group members. In present situations, the majority of the cyber security applications uses Group Key for encryption and decryption of the information. In these type of systems Group Controller multicasts the common information to remaining members of the group. Some of the domains where information is to be transformed from one to-many mode is distance learning, Multimedia transmission, video conference, data replication, distributed network, defense systems, cloud computing etc. One of the Multimedia transmission examples is Conditional Access Systems (CAS) where group keys are commonly used to encrypt and decrypt the broadcasted signals. The challenges are (i) Keys should be chosen according the defined security standards and regulatory frameworks. (ii) Keys should be efficiently computable by legitimate users. (iii) There should be efficient and secure medium for distribution of keys. (iv) Keys should be revoked timely and on need basis. (v) Required storage should be minimum. (vi) There should be higher security on shorter key length. (vii) There should be minimum re-keying cost. (viii) Efficient mechanism for recovery of keys. (ix) There should be minimum loss in case of key compromise or key loss. (x) There should be minimum trust on third party. (xi) Keys should be stored securely and stored keys should be changed regularly. (xii) To achieve the higher data transfer rate with high quality of data stream, common information should be floated in multicast or broadcast model (EP2786292B1).
Summary of the Invention
Many number of challenges faced by Key Management for secure and efficient cryptographic systems. Basically, symmetric and asymmetric keys are used for encryption of data. Along with these two keys Group management keys are also used for sharing the encrypted data to a single group. Next Diffie- Hellman key agreement protocol is applied but it leads to the problem of man in the middle attack. To overcome this problem a variation of Diffie-Hellman Key Exchange Protocol is developed. But still it faces impersonation attack. To handle this type of vulnerability, an advanced key exchange procedure using third party authentication scheme is developed. To deal with Group Key Management ECC based Key Distribution Scheme for Secure and Efficient Multicast Communication is proposed and again to improve the security of key management a Secure Group Communication is proposed. Next for accessing Conditional Access Systems an Efficient and Secure Conditional Access System for Pay-TV Systems are developed. This technique achieves the forward and backward secrecy and also reduces the communication cost and improves the cryptographic security.
Brief Description of Drawings
Figure 1: Proposed Key Agreement Protocol.
Figure 2: Centralized Group Key Distribution Architecture.
Figure 3: Key Management Architecture of Proposed Conditional Access System
Figure 4: Pay-TV system architecture.
Detailed Description of the Invention
Diffie-Hellman key exchange is used for transferring the text between two parties by using a secret key. By using this it is possible to exchange the key only between the parties. The main problem faced by Diffie-Hellman key exchange is identification of authentication between the parties is failed and it leads to impersonation attack and man-in middle attack. To overcome the problems a variation of Diffie-Hellman key exchange is proposed but it resolves man-inmiddle attack and again it leads to the problem of impersonation attack. To overcome this impersonation attack an advanced key exchange is developed by using third party authentication scheme. This technique implements authentication scheme along with hash comparisons are also performed at receiver side to eliminate man-in-middle attack, replay attack and also impersonation attack.
Multicast or group communication transfers large amount of information using an advanced transport mechanism for many-to-many and one-to-many communications. The major problem faced by group communications is security issues because the most of the information is exchanged through internet. The main aim is exchange of key to all the members of the group for secure communication. Some of the challenges faced by group communication are storage cost, rekeying cost, computational load are increased and maintenance of secrecy in the group. Two overcome these problems two Group Key Management schemes are developed. First one is ECC based Key Distribution Scheme for Secure and Efficient Multicast Communication uses a group key management scheme with lowest storage cost at member side is shown in figure 2. In this scheme, each participant calculates group key by using the secret polynomial shared in the group. The computational load of central server is distributed among the members available in the network. This scheme provides ECC based key distribution by reducing the cost of communication and improving the security in cryptography in comparison to existing cryptographic systems and also achieves backward secrecy, forward secrecy, and minimum rekeying cost. This scheme is dynamic in nature so, any set of participants in the network computes group key in an effective manner. Second group key management scheme proposes computational load of the server is shared by the network members. This scheme also achieves the forward secrecy as well as backward secrecy.
Efficient and Secure Conditional Access System for Pay-TV Systems has also efficient mechanism of load balancing at Group Controller (GC) side. To speed up the search of the channel package in the existing database, Optimal Binary Search Tree (OBST) data structure and Finite State Machine (FSM) are used. Scheme also provides the efficient leaving and joining mechanism for single user as well as batch users. To overcome the issues of hierarchical and centralized systems, a noble key distribution scheme based on algebraic group theory incorporating the features of tree structure and centralized system is proposed. Proposed scheme provides the freedom of channel package composition for Conditional Access System, provision of load balancing at Group Controller (GC) side. To speed up the search of the channel package, Optimal Binary Search Tree (OBST) data structure with Finite State Machine is used in the proposed scheme. Moreover, proposed scheme is scalable so, any number of users can be accommodated in this centralized scheme. Load of the central server also shared by the multiple sub servers. Proposed Scheme also provides the efficient leaving and joining mechanism for single user as well as batch users. Proposed scheme is well suited for both Pay Per View (PPV) and Pay Per Channel (PPC) multimedia services for Conditional Access System for Pay-TV Systems.
Let there is a Central Server (CS) which generates the Group Key (GK). GK is the series of Control Words (CWs) of all channels, and these CWs are used to encrypt and decrypt the content of the respective channels. The description of various notations used in the proposed scheme is given in Table 6.2.1 and the Key Management Architecture of proposed CAS is given in Figure 6.2.1. Let there are ‘n’ number of Group Controllers (GCs) where each GC represent one city. Each GC shares one coordination key (CK ) with central server. Each GC divides the users of its city into various groups. Members who subscribed for common channels are kept in same group. Let initially there is ‘m’ number of groups of members or in other words ‘m’ number of channel packages are active in the city. Number of active channel packages may increase or decrease, it depends on the member shift from one channel package to another channel package or member leaves or member joins. Let there is ‘d’ number of total channels. Let there is ‘r’ number of idle channels, none of the member has subscription of any channel from these ‘r’ idle channels and total ‘m’ active channel packages contain ‘d-r’ active channels. Initially any new member subscribes the existing package, after subscription, member is eligible to view the channels contained in the subscribed channel package. If a member does not wish to subscribe any existing package then a new package containing the selected channels is created by the GC. Channel Package is dissolved and marked as d-active channel package if there is only one member in this package and this last member also leaves the current channel package shown in fig 3.
In conventional key distribution systems lot of messages are transferred for frequently updation of the Control Word in Conditional Access Systems. To achieve this possibility two key distribution techniques are developed. The First scheme consists of efficient load balancing at controller side, dynamic channel package creation, speed up channel package by using OBST and using leaving and joining for single user as well as group users. The computational cost of Group Creation is decreased drastically because of batch join and leave mechanisms. The second scheme is mainly depends on Elliptic Curve Cryptography. By using Elliptic Curve Cryptographic and secret polynomial shares decryption keys are computed. This technique also achieves backward and forward secrecy with low cost of communication and more security.
Group Controller (GC) does the single encryption of CW and broadcasts to members of the system. Each member only needs to decrypt one cipher text using the Group Key (GK). Subscribers are able to compute GK without sending any message to GC or to any other subscriber of the system. This minimizes the communication cost of subscribers. Subscribers need to store only two attributes secret key (sk) and secret polynomial share for computing the GK. This minimizes the storage cost of the subscribers. There is no flow of messages from subscribers to GC therefore, it minimizes the communication cost on rekeying also. Subscribers are free to make the channel package without any restriction on channel compositions. This protocol provides perfect forward secrecy as well as backward secrecy. The Pay-TV system architecture is shown in fig 4.
4 Claims & 4 Figures , Claims:The scope of the invention is defined by the following claims:

Claim:
1. Key Management in Cryptographic algorithms in perspective of cyber security comprising the steps of
a) Examines Asymmetric and Symmetric Key Management and Group Key Management for secure transfer of information and estimation of Time for Revocation of Keys in Cryptographic Systems.
b) Analyzed Exchange of keys between sender and receiver with Authentication.
c) Analyzed the performance of Group Key Management Schemes.
2. Key Management in Cryptographic algorithms in perspective of cyber security as claimed in claim 1, Time Estimation Model for Key Revocation, Probability Estimation function for revocation of key, Time estimation for given probability are developed.
3. Key Management in Cryptographic algorithms in perspective of cyber security as claimed in claim 1, identification of Man-in-middle attack in Diffie-Hellman Key Exchange Protocol and to overcome aKey Agreement Protocol is developed.
4. Key Management in Cryptographic algorithms in perspective of cyber security as claimed in claim 1, an ECC based Key Distribution Scheme for Secure and Efficient Multicast Communication and Key Management Scheme for Secure Group Communication is developed.