Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.

Slides:

Advertisements

Similar presentations

Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.

Advertisements

A key agreement protocol using mutual Authentication for Ad-Hoc Networks IEEE 2005 Authors : Chichun Lo, Chunchieh Huang, Yongxin Huang Date : 2005_11_29.

A Survey of Key Management for Secure Group Communications Celia Li.

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.

Self-Healing in Wireless Networks. The self-healing property is expected in many aspects in wireless networks: – Encryption algorithms – Key distribution.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Robust Group Key Management with Revocation and Collusion Resistance for SCADA in Smart Grid Rong Jiang

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

URSA: Providing Ubiquitous and Robust Security Support for MANET

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

Broadcast Encryption and Traitor Tracing Jin Kim.

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker ： LIN, KENG-CHU.

Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.

Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.

Scalable Secure Bidirectional Group Communication Yitao Duan and John Canny Berkeley Institute of Design Computer Science.

Supporting VCR-like Operations in Derivative Tree-Based P2P Streaming Systems Tianyin Xu, Jianzhong Chen, Wenzhong Li, Sanglu Lu Nanjing University Yang.

Group Key Distribution Chih-Hao Huang

Establishing Pairwise Keys in Distributed Sensor Networks Donggang Liu, Peng Ning Jason Buckingham CSCI 7143: Secure Sensor Networks October 12, 2004.

Computer Science 1 Research on Sensor Network Security Peng Ning Cyber Defense Laboratory Department of Computer Science NC State University 2005 TRES.

Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.

Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2.4 Rabin’s Information Dispersal Algorithm Slides by Sangwon Hyun.

Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.

KAIS T Decentralized key generation scheme for cellular-based heterogeneous wireless ad hoc networks 임 형 인 Ananya Gupta, Anindo Mukherjee, Bin.

Secure Group Communication: Key Management by Robert Chirwa.

Dong Hoon Lee CIST Korea University Efficient Communication-Storage Tradeoffs for Broadcast Encryption Schemes ( will be published.

Korea University CRYPTO ‘05 Jung Yeon Hwang, Dong Hoon Lee, Jong In Lim Generic Transformation for Scalable Broadcast Encryption Schemes.

Broadcast Encryption Scheme Based on Binary Cubes Alexey Urivskiy JSC «InfoTeCS», Moscow, Russia

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-

Group Rekeying for Filtering False Data in Sensor Networks: A Predistribution and Local Collaboration-Based Approach Wensheng Zhang and Guohong Cao.

A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.

Toward Fault-tolerant P2P Systems: Constructing a Stable Virtual Peer from Multiple Unstable Peers Kota Abe, Tatsuya Ueda (Presenter), Masanori Shikano,

Computationally Secure Hierarchical Self- Healing Group Key Distribution for Heterogeneous Wireless Sensor Networks Y.J. Yang, J.Y. Zhou, R.H. Deng, F.

Multicast Security: A Taxonomy and Some Efficient Constructions By Cannetti et al, appeared in INFOCOMM 99. Presenter: Ankur Gupta.

Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.

The School of Electrical Engineering and Computer Science (EECS) CS/ECE 419/478 Applied Cryptography ADVANCED KEY ESTABLISHMENT AND GROUP KEY MANAGEMENT.

On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine.

Hierarchical Self-healing Key Distribution for Heterogeneous Wireless Sensor Networks Y.J. Yang, J.Y. Zhou, R.H. Deng, F. Bao Presenter: Jianying Zhou.

Self-Healing Group-Wise Key Distribution Schemes with Time-Limited Node Revocation for Wireless Sensor Networks Minghui Shi, Xuemin Shen, Yixin Jiang,

Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.

Group Key Distribution Xiuzhen Cheng The George Washington University.

Privacy Preserving Payments in Credit Networks By: Moreno-Sanchez et al from Saarland University Presented By: Cody Watson Some Slides Borrowed From NDSS’15.

Computer Science Revocation and Tracing Schemes for Stateless Receivers Dalit Naor, Moni Naor, Jeff Lotspiech Presented by Attila Altay Yavuz CSC 774 In-Class.

Weichao Wang, Bharat Bhargava Youngjoo, Shin

Security for Broadcast Network

A Mechanism for Communication- Efficient Broadcast Encryption over Wireless Ad Hoc Networks Johns Hopkins University Department of Computer Science Reza.

Design and Implementation of Secure Layer over UPnP Networks Speaker: Chai-Wei Hsu Advisor: Dr. Chin-Laung Lei.

Mona: Secure Multi-Owner Data Sharing for Dynamic Groups in the Cloud.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Computer Science Authenticated Group Key Agreement and Friends Giuseppe Ateniese, Michael Stiener and Gene Tsudik Presented by Young Hee Park November.

Fast Transmission to Remote Cooperative Groups: A New Key Management Paradigm.

Seminar On Rain Technology

Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

A Study of Group-Tree Matching in Large Scale Group Communications

CS/ECE 418 Introduction to Network Security

Outline Announcements Fault Tolerance.

CSC 774 Advanced Network Security

A Novel Latin Square-based Secret Sharing for M2M Communications

Design and Implementation of SUPnP Networks

Presentation transcript:

Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides from Donggang Liu, Peng Ning, and Kun Sun

Computer Science 2 Outline Motivation and background –Secure group communication in MANET Proposed solutions –Novel personal key distribution –Self-healing group key distribution –Improvements to reduce storage and communication overheads Conclusions and future work

Computer Science 3 Secure Group Communications in MANET Problem –How to distribute group keys? Challenges in MANET –Dynamic and volatile –Unreliable communication Lost packets, network partitions, relatively long term failures due to active attacks, …

Computer Science 4 Related Work Extensive results on group key management –Group key distribution Tree-based scheme: LKH, Iolus, … Secret sharing-based scheme: Self-healing, … –Group key agreement GDH,TGDH, … Most existing techniques are not suitable for MANET –No fault tolerance => not applicable –Simple fault tolerance => easy to disrupt, cannot deal with network partitions and active attacks

Computer Science 5 Related Work (cont’d) Two potential candidates for MANET –Self-healing group key distribution Ability to recover lost session keys Staddon et al., Oakland 2002 –Stateless group key distribution Ability to rejoin the group Cannot recover lost keys Naor, Naor, and Lotspiech (SDR), Crypto 2001

Computer Science 6 Desirable Properties Unconditionally secure Self-healing t-revocation capability t-wise forward secrecy t-wise backward secrecy K 1, K 2, …, K i, K i+1 …, K m t comp. users revoked  K 1, K 2, …, K i, K i+1 …, K m t comp. users  join

Computer Science 7 Property of proposed scheme Processing,Communication and Storage overheads depend on number of compromised nodes that may collude together and not on group size.

Computer Science 8 Scheme I: Personal Key Distribution Goal: distribute distinct keys to different members with one broadcast message –A key is a point on polynomial f(x), e.g., f(j) Idea: construct a single polynomial w(x) to distribute shares on f(x) such that –A valid member can only get its own key –Revoked members know nothing about Valid members’ keys Their own keys

Computer Science 9 Scheme I (cont’d) Method: w(x)=g(x)f(x)+h(x) –h(x) is called a masking polynomial. Degree 2t Each member i has one share on h(x), which is h(i). –g(x) is called a revocation polynomial. Degree w(w<=t).If member v is revoked, g(v) =0; otherwise g(v)!=0

Computer Science 10 Scheme I (cont’d) Group manager broadcasts –Revoked user ids {r 1,…,r w } => g(x)=(x-r 1 )(x-r 2 )…(x-r w ) –w(x)=g(x)f(x)+h(x) Communication overhead O(tlogq) Member v is not compromised, but member v’ is compromised w(x)=g(x)f(x)+h(x) v v’ 0

Computer Science 11 Property of Scheme I Scheme I is an unconditionally secure personal key distribution scheme with t-revocation capability

Computer Science 12 Scheme II: (Basic Session Key Distribution) Main idea –Combine the new personal key distribution scheme with the self-healing technique. Distribute p(x) part for all old session and q(x) part for all future sessions K=K= p(x) p(x)g(x)+h(x) q(x) q(x)g(x)+h’(x) +

Computer Science 13 Self Healing Property Group key K j = p j (i) + q j (i) (m+1) polynomials broadcasted for all ‘m’ sessions –{ p 1 (i)… p j (i), q j (i) …. q m (i)} U i receives messages from j 1 and j 2 but not j;where j 1 < j < j 2 How to recover session key for ‘j’? –p j (i) from j 2 and q j (i) from j 1

Computer Science 14 Broadcast Bj = {R j } {P j,i (x) = g j (x)p i (x) + h i,j (x)} i=1…j {Q i,j (x) = g j (x)q i (x) + h j,i+1 (x)} i=j…m

Computer Science 15 Scheme II (cont’d) In session j, given a set of revoked member ids R j ={r 1,…,r wj }, the group manager broadcasts R j and m +1 polynomials Communication overhead O(mtlogq) Storage overhead O(m 2 logq) Member KjKj

Computer Science 16 Properties of Scheme II Unconditionally secure, t-revocation capability Self-healing session key distribution t-wise forward secrecy and t-wise backward secrecy

Computer Science 17 Scheme III: Reduce Storage Overhead Goal: reduce the storage overhead in scheme II Source of storage overhead: shares on masking polynomials Observation: each p i (x) or q i (x) is masked by different masking polynomials in different sessions –Having one masking polynomial for each p i (x) or q i (x) is sufficient –The broadcast messages are public. So it is unnecessary to protect the same polynomial multiple times using different masking polynomial

Computer Science 18 Scheme III (cont’d) In session j, given the sets of revoked member ids {R i } i=1,…,j, the group manager broadcasts {R i } i=1,…,j and m+1 polynomials Communication overhead is still O(mtlogq) Storage overhead is O(mlogq) instead of O(m 2 logq) in scheme II Member KjKj

Computer Science 19 Properties of Scheme III Unconditionally secure, self-healing session key distribution and t-revocation capability t-wise forward secrecy and t-wise backward secrecy

Computer Science 20 Scheme IV: (Less Broadcast Size) Goal: further reduce the communication overhead Observation: having redundant information for all the sessions may be unnecessary –Short term communication failures –Long term but infrequent communication failures Idea: –Sliding window. –Trade off between broadcast size and self-healing capability

Computer Science 21 Variant I For short term communication failures l-session self-healing: self-healing capability in terms of l consecutive sessions

Computer Science 22 Variant II For long-term but infrequent communication failures (l,d)-session self-healing: Can recover the lost session keys if a member receives d consecutive messages within ld sessions

Computer Science 23 Conclusions Our new personal key distribution scheme can be used to –Develop more efficient self healing key distribution schemes Reduced the communication and the storage overhead of session key distribution scheme Proposed two ways to trade off the broadcast size with the self-healing ability

Computer Science 24 Future Work Long-lived self-healing key distribution Stateless group key distribution Supporting multiple groups Performance evaluation

Computer Science 25 Thank You! QUESTIONS?