Communication turns into a distributed structure progressively. Many devices within a certain area can exchange data intensely or new devices can get involved to the communication.
The worst case is that all the devices in the communication can be mobile. The number of mobile devices and the distributed networks will increase in the future.
Unmanned Aerial Vehicles(UAV)-assisted 5G cellular infrastructure for disaster-resilient networks which was proposed in  is an example for the distributed nature of future networks. While some users receive service from base stations (BS) in the infrastructure, UAVs provide service for users who lost their connectivity due to the disasters. There are four different groups in the UAV-assisted 5G cellular infrastructure: users served by UAVs, users served by mmWave BS (lower frequency),users served by mmWave BS (higher frequency),user served by mmWave BS. The members of these four groups will interact with BSs and each other, but a secure authentication mechanism for such a distributed infrastructure is still a challenge.
The developments on the Radio Frequency Identification (RFID) and sensor network technologies will create a more and more distributed environment in the future. The traditional mobile network which uses only smart phones currently will be replaced by the heterogous network after increasing the number of sensors around us. The evolution in the network science will create more mobile and more distributed environment.
Security is one of the challenges in the mobile, distributed and crowded networks. In some networks, it is possible to see thousands of nodes. Therefore; the identity of each node is critical for the security of whole network. Also, the confidentiality, integrity and availability of communications between nodes should be well secured. Encryption is the first option for the security of communication. There are two encryption mechanisms which are symmetric and asymmetric key encryptions. Asymmetric key encryption is time and resource consuming method for very distributed networks. Therefore; it is not the first option for IoT or UAV kind networks. The problem in the symmetric key encryption is the key management and exchange methods. It is hard to share the same key with all nodes and to update periodically. Due to these reasons; a new lightweight encryption method is needed for very distributed networks. Shamir Secret Sharing method is a solution for such a challenging problem. It is possible to create a shared key between n users at the same time. Only the nodes that have k value can calculate the secret key. 
Authentication is the one of the most important security step for such a distributed environment. Traditional authentication process includes one claimer that requests authentication and one prover that approves the claims. This kind of authentication process can be named as one-to-one authentication. One-to-one authentication is no longer applicable for such a kind of environment. If n users want to authenticate each other, one user should repeat the authentication process n-1 times. O(n) is the complexity of this kind of authentication.
Many-to-many authentication which is named Group Authentication is the new schema for the complex, mobile and crowded networks. The main idea of Group Authentication is to authenticate n users at the same time. The new complexity of authentication process will be O(1).
There are several studies which are mentioned in the related works part of this study.The authors tried to find a way in the studies in order to authenticate users who belong to the same group at the same time. But current mobility of the users is extremely high and it will be more in the near future. Therefore; one user who belongs to a group will travel to the area of other groups and will try to establish communication with other groups. Hand-over of users between different authentication groups is still a dilemma for group authentication studies. In this study, a novel approach is proposed for handing-over process in group authentication.
This work is organized as follows. The following section provides an overview of related works about group authentication and hand-over. In the third session, the proposal method for group authentication and authentication between two nodes from different group is denoted. The study is completed by conclusion part.
2 Related Work
Authors proposed a group authentication and key agreement protocol for Long Term Evolution (LTE) networks in . They mentioned three different components in the proposed protocol which are Mobile Equipment (ME), Serving Network (SN) and Home Network (HN).
When any ME wants to get involved to a group, it sends request to the SN for authentication. SN sends the identity of ME to the HN. HN is responsible for identifying the ME. This process is repeated for each ME in the group.
The protocol is one-to-one authentication process and it is not applicable for very distributed networks due to the time and resource limitations. Moreover, when one mobile node wants to communicate with other group, the authentcation process should be repeated for
Another group authentication schema is proposed in . They used a hash function with a pre-shared key (HMAC) in order to authenticate nodes. At the second phase of the authentication process, each user sends a reply to the authentication point at different times. Second process makes the protocol one-to-one authentication schema.
A novel method for handover problem for WIMAX (Worldwide Interoperability for Microwave Access) Networks is proposed in . In the WIMAX architecture, there are one Base Station (BS) and several Mobile Stations (MSs) in a group. Also there is connection between BS and AAA (Authentication, Authorization and Accounting) server. They used Extensible Authentication Protocol (EAP) to establish secure connection between MS and AAA server. MS and AAA server identify a Master Session Key (MSK) for further authentication after EAP connection. AAA server shares the MSK with BS after a keyed hashing operation. Then BS and MS can authenticate each other by the result of hashing. At the same time MS and BS choose random numbers in order to use in Elliptic Curve Key Exchange method. At the end of the process each side computes the secret key (SK) for further communications. For handover process BS shares the hashing result of SK with other BS. When MS wants to begin the authentication process, it computes the hash of SK and sends the . confirmed the result by using the credentials that is received from . Also MS and choose random numbers for Elliptic Curve Key Exchange Method in order to identify a secret key for further communications. In the study, each MS needs to repeat the authentication process with to have a group authentication. But this kind of authentication takes too much time and resource for distributed networks. Also, there is no proposal for authentication between Mobile Stations connected to the different Base Stations.
HashHand is another proposal to hand over nodes between access points in mobile networks. The proposed structure includes the Authorization server (AS), Access point (AP) and Mobile node (MN). The AS is responsible for transactions with a high computational load. AS chooses a secret (s) and determines G (cyclic additive group), (cyclic multiplicative group), e: G x G (bilinear map), (public key), , (Hash Functions). AS shares these public parameters except secret key. After determining identities (IDs) for each AP, AS calculates public keys (()) and private keys (s.()). AS shares public and private keys with each AP. AS determines a group of random numbers (,,…,) and calculates public keys (()) and private keys (s.()) for each MN. After calculating of key pairs, AS share these values with relevant MNs. When any MN wants to move from to , MN chooses random private and public key pairs. MN sends to an authentication code. The code is computed by using private key of MN and public key of ((e(,))). Once new AP gets the authentication code, AP computes confirmation code ((e(,))). If the codes are the same, authentication is done between MN and new AP. The proposal is a good example of implementation of Eliptic Curve Criptography (ECC) for handover purposes. Mobile nodes only consumes source in order to calculate bilinear pairing(e) for authentication code. The most source consuming jobs are done by the AS. Therefore; we can assume the proposal an one to many authentication method.
ECC with RSA algorithm is used in  in order to overcome with the vulnerabilities in HandHash. AS determines prime numbers (p,q,r,s) and computes the (n)=(p-1)*(q-1), (m)=(r-1)*(s-1) and (N)=*. Then AS chooses an integer e which satisfy (1e(N)) and gcd (e,(N))=1 and map the number to the Group(G) as public key () for each MN. Private key() is calculated by . Also AS makes the same operations for each AP and determines public key() and private key() pairs. AS share these keys and a M point in the group with relevant APs and MNs. When any MN wants to authenticate itself with any AP, MN chooses a random number (k) and computes C=k.B(B is a generator of G) and Authentication Code=M++C. Once AP gets the code and C, it computes verification code=Auth+-C. If M and verification code is same, authentication is done between AP and MN. The algorithm works faster than HashHand and use less computational power.
Harn proposed an algorithm for Group Authentication in . The algorithm is built based on the Shamir’s Secret Sharing Scheme. The authentication is not one-to-one type authentication as currently used authentication methods. The algorithm provides authentication for several IoT nodes at the same time. This is called many-to-many authentication type.
One of the nodes selects a random polynomical of degree . The secret for the communication is value of the polynomical. The node calculates one secret and one private key for each nodes in the group. Then, the node distributes the keys to the nodes in the group. Each group calculates the secret by Lagrange Interpolating Formula. In the algorithm, many-to-many authentciation is done.However; There is no proposal for authentication of two nodes from two different groups.
The authors proposed an algorihtm by using Paillier Threshold Cryptography in . They compared their result with Harn Group Authentication Method and give the results from their experiments.
In the proposed method, one of the nodes selects a public key and generates several private keys for each member in the group. After encrypting of a secret key by public key, the node distributes the encrypted secret and private keys to the corresponding nodes in the group. Each node decrypts the secret by its own private key and generates a Partial Decrypted Message (PDM). The nodes shares their PDMs with the other nodes. After combining all the PDMs, each node in the group gets the secret for next communications.
The results from  shows that their algorithm has better computational time than the Harn Group Authentication Algorithm. But they didn’t take into account the computational cost of public and private key encryptions. However, they also did not propose any method for authentication of two nodes from two different groups.
Paillier Threshold Cryptography method is used in  in order to authenticate many devices at once. A group manager is responsible to generate a public key and a private key for each group member. Group Manager shares the partial private keys with relevant members in the preparation phase of the protocol. It is not specified in the article how to distribute private keys securely. Group Manager sends a challenge encrypted by public key and the hash of the challenge to each group member in the authentication phase. When each member receives the challenge they decrypt the challenge with their partial keys and send decrypted challenge to other members including group manager. When each member receives all decrypted challenges they combine all challenges in order to have session key. After calculating the session key each member computes the hash of the session key and compare the result with the hash that the group manager sent.
Chien showed that the Harn schemas allow some attacks. If an attacker can get k distinct values in k different trials, the secret function choısen by Group Manager can be solved and all secrets in the algorithm can be obtained. Chien proposed a new method based on Shamir Secret Sharing, ECC and pairing-based cryptography in order to ensure a secure group authentication process. According to proposal, Group Manager (GM) selects two additive group , and one multiplicative group with order q. GM shares a generator P for publicly. A polynomial with degree t-1 is chosen. First coefficient of the polynomial will be the master secret s. Q=s.P is computed and shared publicly. For each user, one public key and one private key f() are chosen and shared with related users secretly.Users participating the authentication phase aggre on a random point on in authentication phase. Then, each user computes =f(). and releases .. After all users release the ., each user computes and verifies e( ,P) e(,Q) holds. The algorithm provides security for group authentication except Node Comprimise and DOS attack but it is resource consuming for users.
3 Proposed Method
Our proposal for group authentication is based on ECC and Shamir Secret Sharing. There are two phases which are initialisation and authentication phases.
In initialisation phase:
Step 1. GM selects an additive group G and a generator P for G.
Step 2. GM selects a bilinear map e: G x G and an Encryption(E)/Decryption(D) algorithm.
Step 3. A polynomial with degree t-1 is chosen by GM and first coefficient is determined as secret s.
Step 4. GM selects one public key and one private key f() for each user in the group.(U=,,…,).
Step 5. GM computes Q=s.P.
Step 6. GM shares P,Q,e,E/D publicly and f() secretly.
In authentication phase:
Step 1. Each user computes f().P and sends f().P to GM and other users to be used for key generating.
Step 2. GM computes =f().P. for each user.
Step 3. GM verifies Q holds.
Step 4. If it holds, authentication is done. Otherwise; GM will repeat the proces from the initialisation phase.
After authentication is done, users will communicate with each other by using symmetric key encryption. Shared key for symmetric key encryption will be calculated by senders and receivers.
Key= e(,Q),i=sender,j=receiver. Sender will use its own private key and value sent by receiver and Q. Receiver will compute same key by using its own private key, value sent by sender and Q.
In our proposal, we used the same group authentication schema (t,m,n) in Harn algorithm. There are n users in the group and m users want to authenticate each other. t is the threshold for the algorithm (t). n should be greater than m and secret can be obtained by the participation of m users or more users till n users.
GM always knows that m user partipated the authentication and m+1 value is not used yet. So in the hand-over phase:
Step 1. select m+1 value which is not used in authentication and computes f().P and sends other GMs secretly.
Step 2. If any user from other groups want to particapate Group 2, user gets the f().P from its GM.
Step 3. New user sends the f().P to .
Step 4. computes =f().P..
Step 5. verifies s.P holds.
Step 6. If it holds, the hand-over porcess is valid and updates other group managers.
Step 7. Even if it holds or not, selects m+2 which is not used for authentication and computes f().P.
Step 8. sends f().P to other GMs secretly.
We compared the computational costs of Harn, Chien and our algorithm. According to Chien, their algorithm has (7m+6785) computational cost and Harn algorithm has (45m+1418) computational cost (m denote the number of users, denote that for one multiplication in the field q). IoT users have to compute only one Eliptic Curve point multiplication in our proposal and it costs 1189 .
The study proposed a novel method for authentication and hand-over process for IoT groups. Many-to-many authentication is used for Group Authentication by several studies but resource-constrained IoT nodes should compute more than their capacity. IoT nodes sould only compute one multiplication in the proposed method.
-  Naqvi, S. A. R., Hassan, S. A., Pervaiz, H., Ni, Q. (2018). Drone-Aided Communication as a Key Enabler for 5G and Resilient Public Safety Networks. IEEE Communications Magazine, 56(1), 36-42.
-  Gubbi, J., Buyya, R., Marusic, S., Palaniswami, M. (2013). Internet of Things (IoT): A vision, architectural elements, and future directions. Future generation computer systems, 29(7), 1645-1660.
-  SHAMIR, Adi. How to share a secret. Communications of the ACM, 1979, vol. 22, no 11, p. 612-613.
-  Lai, C., Li, H., Lu, R., Shen, X. S. (2013). SE-AKA: A secure and efficient group authentication and key agreement protocol for LTE networks. Computer Networks, 57(17), 3492-3510.
-  Martucci, L. A., Carvalho, T. C. M. B., Ruggiero, W. V. (2004). A lightweight distributed group authentication mechanism. In INC2004-Fourth International Network Conference (pp. 393-400).
-  Fu, A., Lan, S., Huang, B., Zhu, Z., Zhang, Y. (2012). A novel group-based handover authentication scheme with privacy preservation for mobile WiMAX networks. IEEE Communications Letters, 1(11), 1744-1747.
-  He, D., Chan, S., Guizani, M. (2015). Handover authentication for mobile networks: security and efficiency aspects. IEEE Network, 29(3), 96-103.
-  Krishnamoorthy, M., Perumal, V. (2017). Secure and efficient hand-over authentication in WLAN using elliptic curve RSA. Computers Electrical Engineering, 64, 552-566.
-  Harn, L. (2013). Group authentication. IEEE Transactions on computers, 62(9), 1893-1898.
-  Mahalle, P. N., Prasad, N. R., Prasad, R. (2014). Novel Threshold Cryptography-based Group Authentication (TCGA) Scheme for the Internet of Things (IoT).
-  Mehta, N., Jadhav, P., Lupane, P., Honrao, P., Mahalle, P. (2013, July). Group authentication using paillier threshold cryptography. In Wireless and Optical Communications Networks (WOCN), 2013 Tenth International Conference on (pp. 1-4). IEEE.
-  Chien, H. Y. (2017). Group Authentication with Multiple Trials and Multiple Authentications. Security and Communication Networks, 2017.