GKMPAN: An efficient group rekeying scheme for secure multicast in ad-hoc networks

Sencun Zhu, Sanjeev Setia, Shouhuai Xu, Sushil Jajodia

Research output: Contribution to journalArticlepeer-review

24 Scopus citations


We present GKMPAN, an efficient and scalable group rekeying protocol for secure multicast in ad hoc networks. Our protocol exploits the property of ad hoc networks that each member of a group is both a host and a router, and distributes the group key to member nodes via a secure hop-by-hop propagation scheme. A probabilistic scheme based on pre-deployed symmetric keys is used for implementing secure channels between members for group key distribution. GKMPAN also includes a novel distributed scheme for efficiently updating the pre-deployed keys. GKMPAN has three attractive properties. First, it is significantly more efficient than group rekeying schemes that were adapted from those proposed for wired networks. Second, GKMPAN has the property of partial statelessness; that is, a node can decode the current group key even if it has missed a certain number of previous group rekeying operations. This makes it very attractive for ad hoc networks where nodes may lose packets due to transmission link errors or temporary network partitions. Third, in GKMPAN the key server does not need any information about the topology of the ad hoc network or the geographic location of the members of the group. We study the security and performance of GKMPAN through detailed analysis and simulation; we have also implemented GKMPAN in a sensor network testbed.

Original languageEnglish (US)
Pages (from-to)301-325
Number of pages25
JournalJournal of Computer Security
Issue number4
StatePublished - 2006

All Science Journal Classification (ASJC) codes

  • Software
  • Safety, Risk, Reliability and Quality
  • Hardware and Architecture
  • Computer Networks and Communications


Dive into the research topics of 'GKMPAN: An efficient group rekeying scheme for secure multicast in ad-hoc networks'. Together they form a unique fingerprint.

Cite this