Professional Documents
Culture Documents
Abstract—Proximity Services (ProSe) discovery or Proximity Service security). Moreover, those two phases have
communications using LTE-based Device-to-Device (D2D) to use a secure key for each ProSe which is considered as a
communications have been recently in the heart of the group of D2D users.
discussions about the advent of 5G networks. Meanwhile, their
related security aspects are of a major concern especially when
dealing with direct radio communications and large-scale
deployment of D2D groups. As the security features of short
radio communications are much less robust than those used in
public cellular systems, they would not be adequate for major
public services and they would be unsuitable for public safety
(PS-ProSe) applications proposed by D2D. Yet, existing security
algorithms and solutions are not adapted to these emerging new
types of communications and group formation. The goal of this
paper is focused on D2D communications’ security issues in both
ProSe discovery and communication phases. First, we address the
global security stakes and challenges in group communications.
Then, we propose a Group Key Management (GKM) mechanism
to secure the exchanged D2D messages during the discovery and
communication phases. The proposed solution is discussed and
compared to similar solutions for GKM near to our D2D use
cases (i.e. ad-hoc). Moreover, the implemented solution results Fig. 1. Main phases in D2D communication.
indicate an efficient key management system for our D2D group
communication. In our previous work [6], we provided a secure D2D
discovery solution to be integrated with 3GPP discovery
Keywords—Device-to-Device communications; LTE; Security;
Identity Based Encryption (IBE)
phase. This IBE based solution is implemented and tested for
its performance and security measure analysis either for single
or multiple domains.
I. INTRODUCTION
The Identity-based cryptography schemes that have been
Today, security is considered as an important step in the proposed based on a single Private Key Generator (PKG) as
design and implementation of new versions for the Fifth- shown in Fig. 2 is not suitable for multi-domain networks or in
Generation (5G) cellular network. However, the security is a our D2D ProSe use case. This is due to the high mobility of
matter of different requirements. Therefore, we study key D2D aspect (dynamicity issue).
distribution systems to manage the security phases for
discovery and communication in inter and intra operators In this work, we are going to present an ID-based
D2D. cryptography scheme based on multiple PKGs. We believe
that our scheme is more suitable for multi-domain ad-hoc
Recent studies on LTE-based D2D have been already networks than previously proposed schemes as it will be
discussing some of the major aspects of D2D, such as D2D clarified in results section.
high bitrates, lower communication delay [1], peer discovery
mechanisms [2], LTE protocol stack extensions to support
D2D communications on both radio and core networks [3],
and radio ressource allocation methods [4][5]. Despite being
of a major concern for the deployment of D2D-based services,
security and privacy aspects still need many investigations to
cope with the dynamic ProSe security requirements.
The D2D has mainly two phases (Discovery and
Communication) after passing the initialization phase as
shown in Fig. 1. We assumed that, the phase of initialization is
Fig. 2. D2D secure phases based PKG integration
pre-done and secured enough by the 4G/5G core network
security elements for authentication and key agreement. For For securing any group communication like multicast
D2D phases, each phase has to be secured in order in order to architectures, we need to build a strong protocol for the Group
assure the security requirements of the application (i.e Key Management (GKM).
Fig. 3 details the preliminary security requirements for TABLE I. PRELIMINARIES SOLUTIONS FOR SECURITY REQUIREMENTS
general group communications as follows: Security Requirements Solution
Group communication has two important security Perfect FS Re-Key Algorithm
requirements: ‘Group Confidentiality’ and ‘Key Management’. Perfect BS Re-Key Algorithm
Furthermore, we must guarantee the security of established
sessions. Therefore, we can conclude that; the base for KI ECDLP
providing common security services for group CF ECDLP + Refresh Algorithm
communication is the ‘Key Management’.
TR Authentication + Key Agreement
a partial control from the core network over the D2D phases III. PROPOSED METHODOLOGY
i.e data flow routed via eNB(s) (D2D-A), while direct D2D We present an ID-based cryptography scheme based on
schemes (D2D-D) allow the establishment of direct links Elliptic Curve Cryptography for securing multicast group
between devices without any involvement of the core network. communication.
In both schemes, the device is initially authenticated during
the network attach (USIM authentication & terminal The proposed protocol is based on the idea of key graph
authentication using UMTS AKA protocol for authentication [13]. The idea is to divide the group of members formed after
and key agreement) [8], and then grants authorization from the the discovery process into subgroups. Each subgroup has 2
LTE core network to use the D2D resources. members D2D users and shares one session key. This sub-
grouping reduces the complexity of the two main processes:
The Identity Based Cryptography (IBC) has emerged as a join process and leave process. This reduction is from O (size
long-term evolution or substitution to Public Key of group) to O (log4 (size of group)/2). This protocol works in
Infrastructure (PKI). It is a crypto system in which the public a hierarchy of two levels of controllers: Group Controller
key is generated using the identity of the client (user) and the (GC), and Subgroup Controller (SC). Each SC works as the
private key is the public key multiplied by the secret key of server of the D2D users and shares a secret key (symmetric
the server. The latter is responsible of the user’s private key key) with GC.
distribution and is called the Private Key Generator (PKG).
In Fig. 4, we define the group formation procedure. Our
D2D security procedures for Proximity-based services group formed in this process is a sequence of subgroups
including key generation systems for Direct D2D are not yet formed by D2D multiple domains.
well investigated in the 3GPP standards. However, there are
few works in the literature that propose some solutions:
In [9], authors propose mechanisms to achieve D2D
security through Key Hierarchies (KH); the solution is based
on a Key Distribution System (KDS) when two users are
connected to the same operator, eNB and Mobile Management
Entity (MME). They also propose a Pre-Shared Key (PSK)
based security scheme for Public Safety scenarios (PS)
specifically for out of network coverage users’ use case and
using homomorphic encryption for user privacy
amelioration. Generally, the proposed solution in [9] reuses
the existing security features of LTE-A so as to reduce any
CAPEX cost. But, it did not deal with multiple domains Fig. 4. Group formation procedure
scenario with two eNBs. Moreover, the user privacy is
elevated in our solution especially in discovery phase using We denote the Key Server (PKG) related to the group
strong identity creation procedure. In our solution, we propose which is responsible for Key distribution. The goal of this
an asymmetric cryptographic system using the IBE key scheme is to secure a group communication by sub-grouping
generation based on Elliptic Curve Cryptography (ECC), in the whole group of discovered devices into subgroup of 2
order to secure both D2D discovery and communication members. In order to achieve perfect forward secrecy and
phases. The ECC can achieve the high degree of security with perfect backward secrecy, the group key should be updated
the short lengths keys comparing to RSA. any time when dynamicity occurs in the group membership by
Authors in [10] investigate the security aspects for routing joining or leaving the group. The proposed scheme is
informations through the study of secure Network Coding organized like LKH approach [14].
(NC) routing for Public Safety (PS) D2D communications
A. Steps of the proposed protocol
over LTE Heterogeneous Networks (HetNets). The proposed
approach named SNCDS is based on a Data Splitting We can detail our proposed work as follows:
algorithm (SNCDS) and consists on a core network security Step1: Secret keys generation
solution. Whereas, in our solution, we propose a complete Each node picks its private/public key as mentioned in the
secure communication protocol between the device and the first scenario of intra-domain communication (details in [6]):
network entities (i.e PKG and ProSe servers).
• Kpub=H (PID)*Y
Besides, a secure ‘smart’ solution is proposed in [11] to • Kpriv=H (PID)*X
enhance D2D communications efficiency while adding Step2: Elliptic Curve Digital Signature Algorithm
security features; the proposed security framework is designed (ECDSA) protocol
to decrease network congestion while reducing security In this step, we execute the ECDSA [6] protocol for fast
threats. A discussion about security issues in D2D and D2D group discovery.
security business models are proposed. In our work, we
propose a technical complementary solution for security issues Step3: Signature verification
in D2D phases. This solution can be integrated with security After ECDSA, each device in interest of the sender node,
framework architecture proposed by 3GPP for LTE-A [12]. verifies the signature.
2015 International Conference on Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS).
Step4: Group Formation Procedure of re-keying must also be done like in join process. At this
In this step, we formed a group as shown in Fig. 5. The process, the member, who wants to leave the group, sends a
formation of the group is based on the Logical Key Hierarchy leave request to the key server. Group members update their
(LKH) Protocol as following: keys as following:
• K’’16 = an arbitrary choice from the member left
alone in the form (x*P) where x is a random number.
• K’’13, 16 =K’13, 16 – K’16 + K’’16
• K’’G=K’G – K’13, 16 + K’’13, 16
As we notice, the key server does not need to generate
solely a new key after a leave from a member, the process of
re-keying is in cooperation between members and Key Server.
The key server has only to broadcast the new key received
from the remaining member of the subgroup 16.
Fig. 5. The 4-ary key tree for our group formation procedure
Each subgroup "i" is formed by D2D users and shared a IV. IMPLEMENTATIONS AND PERFORMANCE EVALUATION
common Key Ki as an output of Elliptic curve Diffie– In this part, we present the performance evaluation
Hellman Protocol (ECDHP) [6]. obtained in the security of group communications
implementation. We used the IBE provided with “MIRACL
Step4: keys generation Library” [15] on which we integrated some modifications to
In this step, each subgroup self-calculates its subgroup Key implement the necessary communication procedures between
Ki as following: Ki=a*b*P=KD2D, (where a and b are the entities in D2D2. We used the elliptic curve y2=(x3-
private numbers used by ECDHP). Finally, the Key Server 3x+b)modp, where p is 256-bits prime number and b is
calculates for each i=1, 5, 9, 13: determined through a function in MIRACL that calculates the
Ki, i+3=sum (Ki, Ki+1, Ki+2, Ki+3) which is called the number of points in a finite field (prime number). The
node key. obtained results are estimated using a computer machine with
the following configuration: Intel Core i5 2410 M CPU 2.30
KG=sum (Ki, i+3) which called the group key. GHz, memory 4G in Linux Ubunto12.
Step5: Join process Since we must answer several security requirements, our
In this process, when new user equipment joins the proposed work uses (IBC + ECC) for key Management. The
multicast group, a re-keying must be done in order to achieve IBC + ECC are used also for Master Key and Private Key
perfect forward secrecy (PFS) requirement. In this process an Generation. Moreover, they are also used for Group Key
authentication with the key server is first done, and then the Generation and Agreement. Therefore, our approach increases
user will share with the key server a session key sent from key the level of security in order to prevent any form of attack and
server to the new member in a secure way. The key server guarantee the following requirements:
assigns a subgroup identity and an identity to the member. As
an example, if we suppose that the subgroup 16 has one • Non-Repudiation
member, then new user will belong to subgroup 16 and its • Integrity and Protection
identity is 2. At this time the keys that must be updated are • Privacy in Group Communication (GK)
K16, K13, 16, and KG to K’16, K’13, 16 and K’G. • Anonymity in GK
The key Server receives from SC the new Key of D2D • Dynamicity with ECC
users, calculates the required Keys and sends them unicast. • Key Revocation
Then, it will be encrypted by the session Key to the new • Key Escrow
member. • Identity Disclosure
S unicast U2 {K’13, 16, K’G} session_key We now extend our solution in order to include group
communication then we will make a comparison between our
The key server also encrypts K’13, 16 by k13, 16 for approach and the related work or paradigms. Generally and
subgroup 13, 14, 15 and encrypts also k’G by KG for based on security techniques, we can compare IBC
subgroup 1 to 12. Then, it distributes these encrypted keys straight/weaknesses between our approach and other works
through multicast for the existing members. (see Table II).
S Multicast Existing Members {(K’16) k16, (K’13, 16) k13, Our proposed solution has two new contributions:
16, (K’G) KG} session_key • Dynamicity: It is assured by rekeying after the phases
of join and leave.
Step6: Leave process • Anonymity: ECC is based on pseudonym instead of
In this phase, we have to achieve the perfect backward identity which leads to assure privacy, anonymity and
secrecy (PBS). In fact, when user equipment leaves the
session, it should not decrypt the transferred data. So a process 2
The code: http://www-public.int-evry.fr/~afifi/D2D-security.rar
2015 International Conference on Protocol Engineering (ICPE) and International Conference on New Technologies of Distributed Systems (NTDS).
solve identity disclosure problem. Further, the use of TABLE III. KEY GENERATION OVERHEAD COMPARISON
ECC achieves the highest speed of IBE’s functions. Process on Key Server Process on Member Node
Approach
Join Leave Join Leave
TABLE II. COMPARISON IBC STRAIGHT/WEAKNESSES BETWEEN OUR SA 2 1 0 0
APPROACH AND OTHER WORKS LKH Log2n Log2n 0 0
Implicit Key DOD Need for OFT Log2n Log2n-1 Log2n Log2n
Approach
Certificate Escrow Attack CA Manisha Log4(n/m) 0 0 0
PKI [16] No Yes No Yes
Our Protocol Log4(n/2)-1 0 0 Log4(n/2)-1
IBC [17-18] Yes Yes No No
CL-PKC [19] Yes No Yes No
AHMAD [20] Yes No No No
Our Protocol No No No No
TABLE VI. MAIN CHARACTERISTICS AND WEAKNESSES OF GROUP KEY [4] M. Belleschi, G. Fodor, A. Abrardo, “Performance analysis of a
GENERATION AND AGREEMENT SCHEMES distributed resource allocation scheme for D2D communications”, In
IEEE GLOBECOM Workshops 2011,pp. 358–362, 2011.
Using
Static [5] Zulhasnine, M.; Changcheng Huang; Srinivasan, A., "Efficient resource
Approach Unicast Main Idea Weaknesses
Dynamic allocation for device-to-device communication underlaying LTE
Routing
Bohio et al. Using of network", WiMob, pp.368-375, 2010.
Yes Dynamic Against IBC [6] E. Abd-Elrahman, H. Ibn-khedher, H. Afifi and T. Toukabri; “Fast
[22-24] signature
Requirement of Group Discovery and Non-Repudiation in D2D Communications using
Zahng et Resistance to IBE”, In the proceeding of IWCMC 2015, Security Symposium -
No Static ephemeral key
al. [25] unstable links Wireless Communications and Mobile Computing 2015.
for each node
Requirement of [7] 3GPP TS 23.303 “Architecture enhancements to Support Proximity
Sub-grouping Services (ProSe)”, 2014.
Chien et al. an existing
Yes Static of a 2 party/
[26] security [8] 3GPP, TS 33.401, v. 12.9.0 “Security Architecture”, Rel. 12, Sept. 2013.
3part KA
mechanism [9] Alam, M.; Du Yang; Rodriguez, J.; Abd-alhameed, R., "Secure device-
Zhang et GK based on to-device communication in LTE-A," Communications Magazine, IEEE
No Static Dynamicity
al. [27] IBBE , vol.52, no.4, pp.66,73, 2014.
Our Sub-grouping
No Dynamic No [10] Chafika, T.; Kadoch.M;, “Secure Network Coding based Data Splitting
Protocol + ECC+IBBE
for Public Safety D2D Communications over LTE Heterogeneous
Networks”; Recent Advances in Computer Engineering,
TABLE VII. MAIN CHARACTERESTICS AND WEAKNESSES OF SCHEMES Communications and Information Technology, pp.43-48, 2014.
OVERCOMING PROBLEMS OF IBC
[11] Ramasubramanian, S; Chung,S.; Ling Ding,L.; Ryu,S.; “ Secure and
smart media sharing based on direct communication among mobile
devices underlying in LTE-A cellular network”; 2014 source:
https://www.tacoma.uw.edu/sites/default/.../S_Ramasubramanian.pdf.
[12] 3GPP TR 33.833 v1.2.0: “Study on Security issues to support Proximity
Services (ProSe)”, Release 13, Nov. 2014.
[13] C. K. Wong, M. Gouda, and S. S. Lam, "Secure Group Communications
Using Key Graphs," ed. ACM SIGCOMM, 1998.
[14] LKH D. Damodaran Y. Wang and P Dung le. Efficient group key
management in wireless networks. in proceedings of International
Conference on Information Technology: New Generations, page 432 –
439, 2006.
[15] Multiprecision Integer and Rational Arithmetic C Library (MIRACL):
http://www.certivox.com/miracl.
[16] C. J. Mitchell and R. Schaffelhofer. The personal pki. In C. J. Mitchell,
editor, Security for Mobility, chapter 3, IEE, pages 35–61, 2004.
V. CONCLUSION [17] E Kiltz. “Chosen ciphertext secure identity-based encryption in the
standard model with short ciphertexts”. Cryptology ePrint Archive,
In this paper, we introduced a secure group communication 2006.
mechanism for D2D using IBE. It porvides intra and inter [18] B Waters. Efficient identity-based encryption without random oracles.
domain ProSe security. This proposed solution is evaluated In: Cramer, R.J.F. (ed.) EUROCRYPT, 3494:114–127, 2005.
through two performance evaluation. The first assessment for [19] Sattam S. Al-Riyami and Kenneth G. Paterson. “Certificateless public
an ECC-based fast group key communication based on some key cryptography”. ASIACRYPT, Lecture Notes in Computer Science,
security parameters (like: computational overhead, the 2894:452–473, 2003.
communication overhead, the re-keying message size and the [20] A. Ahmad; “Sécurité orientée utilisateur pour les réseaux personnels
key storage overhead). Then, we envision to the second sans fil ; PhD thesis EDITE 2010.
assessment metrics and highlight the second assessment based [21] M. Manisha and M. Rajesh. “Secure Group Communication based on
Elliptic Curve Cryptography”. Transactions on Networks and
on the weaknesses of the IBC and the ways of creating and Communications, v. 2, n. 1, pp. 1-26, 2014.
using Group Keys Management (GKM). The overall [22] Miri, M. B. ; “Autenticated secure communication in mobile ad-hoc
performance comparisons for our methodology against other networks”; in Proc. Canadian Conference on Electrical and Computer
works indicate an enhancement in the protocol complexity and Engineering. IEEE Computer Society Press, 2004.
high security. [23] Miri, M. J.; “An authenticated broadcasting scheme for wireless ad-hoc
network”. in Proc. CNSR 2004. IEEE Computer Society, 69-74, 2004.
REFERENCES [24] Miri, M. J. ;”Efficient identity-based security schemes for ad-hoc
network routing protocols”. Ad Hoc Networks, 309-317, 2005.
[1] G. Fodor, E. Dahlman, G. Mildh, S. Parkvall, N. Reider, G. Miklós, Z. [25] L. Zhang, Y. H. ,“An identity-based broadcast encryption protocol for ad
Turányi, “Design aspects of network assisted device-to-device hoc networks”. Young Compiter Scientists, International Conference for,
communications”, IEEE Commun. Mag. 50(3),pp.170–177, 2012. 1619-1623, 2008.
[2] G.T, Thouraya, S. Tsang Kwong U and A. Hossam; "Hybrid Model for [26] Lin, Y. C. ,“Improved id-based security framework for ad-hoc network”
LTE Network-Assisted D2D Communications", ADHOC-NOW, . Ad Hoc Networks, 47-60, 2008.
Springer International Publishing, pp.100-113, 2014.
[27] P. Zhang, C. Y. ,”Constant-round contributory group key agreement for
[3] M.J. Yang, S.Y. Lim, H.J. Park, N.H. Park, Solving the data overload: ad-hoc networks”. in Proc. IEEE Wireless Communications, Networking
Device-to-device bearer control architecture for cellular data offloading. and mobile Computing. IEEE Computer Society Press, 2005.
IEEE Veh. Technol. Mag. 8(1), pp.31–39, 2013.