ETRI Journal

  • 제43권5호
  • /
  • Pages.932-940
  • /
  • 2021
  • /
  • 1225-6463(pISSN)
  • /
  • 2233-7326(eISSN)
한국전자통신연구원 (Electronics and Telecommunications Research Institute)
권호 표지
DOI QR코드

DOI QR Code

ID-based group key exchange mechanism for virtual group with microservice

  • Kim, Hyun-Jin (Network & System Security Research Section, Electronics and Telecommunications Research Institute) ;
  • Park, Pyung-Koo (Network SW Research Section, Electronics and Telecommunications Research Institute) ;
  • Ryou, Jae-Cheol (Department of Computer Science and Engineering, Chungnam National University)
  • 투고 : 2019.11.14
  • 심사 : 2021.01.06
  • 발행 : 2021.10.01
PDF 다운로드
⟨ 이전 논문 다음 논문 ⟩

초록

Currently, research on network functions virtualization focuses on using microservices in cloud environments. Previous studies primarily focused on communication between nodes in physical infrastructure. Until now, there is no sufficient research on group key management in virtual environments. The service is composed of microservices that change dynamically according to the virtual service. There are dependencies for microservices on changing the group membership of the service. There is also a high possibility that various security threats, such as data leakage, communication surveillance, and privacy exposure, may occur in interactive communication with microservices. In this study, we propose an ID-based group key exchange (idGKE) mechanism between microservices as one group. idGKE defines the microservices' schemes: group key gen, join group, leave group, and multiple group join. We experiment in a real environment to evaluate the performance of the proposed mechanism. The proposed mechanism ensures an essential requirement for group key management such as secrecy, sustainability, and performance, improving virtual environment security.

키워드

과제정보

This research was supported by the Korea Electric Power Corporation (Grant R18XA05).

참고문헌

  1. N. T. Jahromi et al., An NFV and microservice based architecture for on-the-fly component provisioning in content delivery networks, in Proc. IEEE Annu. Consum. Commun. Netw. Conf. (CCNC), (Las Vegas, NV, USA), Jan. 2018, pp. 1-7.
  2. H. Hawilo, M. Jammal, and A. Shami, Exploring microservices as the architecture of choice for network function virtualization platforms, IEEE Netw. 33 (2019), 202-210. https://doi.org/10.1109/mnet.2019.1800023
  3. A. Sheoran et al., Contain-ed: An NFV micro-service system for containing e2e latency, ACM SIGCOMM Comput. Commun. Rev. 47 (2017), 54-60. https://doi.org/10.1145/3155055.3155064
  4. C. Chiou, Secure broadcasting using the secure lock, IEEE Trans. Softw. Eng. 15 (1989), no. 8, 929-934. https://doi.org/10.1109/32.31350
  5. W. C. Kei, M. Gouda, and S. S. Lam, Secure group communications using key graphs, IEEE/ACM Trans. Netw. 8 (2000), no. 1, 16-30. https://doi.org/10.1109/90.836475
  6. M. Burmester and Y. Desmedt, A secure and scalable group key exchange system, Inf. Process. Lett. 94 (2005), 137-143. https://doi.org/10.1016/j.ipl.2005.01.003
  7. X. Guo and J. Zhang, Secure group key agreement protocol based on chaotic Hash, Inform. Sci. 180 (2010), 4069-4074. https://doi.org/10.1016/j.ins.2010.06.013
  8. Q. Wu et al., Asymmetric group key agreement, in Advances in Cryptology-EUROCRYPT 2009, vol. 5479, Springer, Berlin, Heidelberg, Germany, 2009, 153-170.
  9. C. Li and C. Xu, Scalable group key exchange protocol with provable security, COMPEL-The Int. J. Comput. Math. Electr. Electron. Eng. 32 (2013), 612-619. https://doi.org/10.1108/03321641311296990
  10. N. Sakamoto, An efficient structure for LKH key tree on secure multicast communications, in Proc. IEEE/ACIS Int. Conf. Softw. Eng., Artif. Intell., Netw. Parallel/Distrib. Comput. (SNPD), (Las Vegas, NV, USA), June 2014, pp. 1-7.
  11. S. Mittra, Iolus: A framework for scalable secure multicasting, ACM SIGCOMM Comput. Commun. Rev. 27 (1997), no. 4, 277-288. https://doi.org/10.1145/263109.263179
  12. Y. Challal et al., Adaptive clustering for scalable key management in dynamic group communications, Int. J. Secur. Netw. 3 (2008), 133-146. https://doi.org/10.1504/IJSN.2008.017226
  13. Y. Piao et al., Polynomial-based key management for secure intra-group and inter-group communication, Comput. Math. Appl. 65 (2013), 1300-1309. https://doi.org/10.1016/j.camwa.2012.02.008
  14. A. Mehdizadeh, F. Hashim, and M. Othman, Lightweight decentralized multicast-unicast key management method in wireless IPv6 networks, J. Netw. Comput. Appl. 42 (2014), 59-69. https://doi.org/10.1016/j.jnca.2014.03.013
  15. W. Song et al., A practical group key management algorithm for cloud data sharing with dynamic group, China Commun. 13 (2016), 205-216.
  16. D. Coppersmith, A. M. Odlzyko, and R. Schroeppel, Discrete logarithms inGF(p), Algorithmica 1 (1986), 1-15. https://doi.org/10.1007/BF01840433
  17. Y. Tsiounis and M. Yung, On the security of ElGamal based encryption, in Public Key Cryptography, vol. 1431, Springer, Berlin, Heidelberg, Germany, 1998, 117-134.
  18. T. Elgamal, A public key cryptosystem and a signature scheme based on discrete logarithms, IEEE Trans. Inf. Theory 31 (1985), 469-472. https://doi.org/10.1109/TIT.1985.1057074