Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments By Yair Amir, Giuseppe Ateniese, Damian Hasse, Yongdae Kim,

Slides:



Advertisements
Similar presentations
Chris Karlof and David Wagner
Advertisements

Advisor : Prof. Yu-Chee Tseng Student : Yi-Chen Lu 12009/06/26.
A Survey of Key Management for Secure Group Communications Celia Li.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan July 2009) Department of.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
URSA: Providing Ubiquitous and Robust Security Support for MANET
Ranveer Chandra , Kenneth P. Birman Department of Computer Science
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Virtual Synchrony Jared Cantwell. Review Multicast Causal and total ordering Consistent Cuts Synchronized clocks Impossibility of consensus Distributed.
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
Group Communications Group communication: one source process sending a message to a group of processes: Destination is a group rather than a single process.
Transis Efficient Message Ordering in Dynamic Networks PODC 1996 talk slides Idit Keidar and Danny Dolev The Hebrew University Transis Project.
Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.
Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.
Anonymous Gossip: Improving Multicast Reliability in Mobile Ad-Hoc Networks Ranveer Chandra (joint work with Venugopalan Ramasubramanian and Ken Birman)
1 Group Key Agreement - Theory and Practice - Ph.D Defense Presentation June 29, 2015 Yongdae Kim.
Key management in wireless sensor networks Kevin Wang.
Vs. Object-Process Methodology Written by Linder Tanya Rubinshtein Leena Nazaredko Anton Research Report Work Flow Management System.
Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.
Computer Measurement Group, India Reliable and Scalable Data Streaming in Multi-Hop Architecture Sudhir Sangra, BMC Software Lalit.
DELAY-TOLERANT NETWORKS Volodymyr Goncharov Freiburg Uni, WS 2009, Seminar Ad Hoc Netzwerke.
Overview of Security Research in Ad Hoc Networks Melanie Agnew John Folkerts Cory Virok.
Communication (II) Chapter 4
KAIS T A lightweight secure protocol for wireless sensor networks 윤주범 ELSEVIER Mar
Failure Resilience in the Peer-to-Peer-System OceanStore Speaker: Corinna Richter.
MULTICAST SECURITY GROUP KEY MANAGEMENT PROTOCOL COURSE CMSC 621.
Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups David Insel John Stephens Shawn Smith Shaun Jamieson.
1 Secure Ad-Hoc Network Eunjin Jung
Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.
Overlay Network Physical LayerR : router Overlay Layer N R R R R R N.
SPREAD TOOLKIT High performance messaging middleware Presented by Sayantam Dey Vipin Mehta.
Project guide Dr. G. Sudha Sadhasivam Asst Professor, Dept of CSE Presented by C. Geetha Jini (07MW03)
Lab 2 Group Communication Farnaz Moradi Based on slides by Andreas Larsson 2012.
Cryptography and Network Security (CS435) Part Eight (Key Management)
New Cryptographic Techniques for Active Networks Sandra Murphy Trusted Information Systems March 16, 1999.
Impact of Topology on Overlay Multicast Suat Mercan.
Byzantine fault-tolerance COMP 413 Fall Overview Models –Synchronous vs. asynchronous systems –Byzantine failure model Secure storage with self-certifying.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
Intrusion Tolerant Software Architectures Bruno Dutertre, Valentin Crettaz, Victoria Stavridou System Design Laboratory, SRI International
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
Fall 2010/Lecture 321 CS 426 (Fall 2010) Key Distribution & Agreement.
Farnaz Moradi Based on slides by Andreas Larsson 2013.
Chapter 3 (B) – Key Management; Other Public Key Cryptosystems.
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
The School of Electrical Engineering and Computer Science (EECS) CS/ECE 419/478 Applied Cryptography ADVANCED KEY ESTABLISHMENT AND GROUP KEY MANAGEMENT.
SAODV and Distributed Key Management Mark Guzman, Jeff Walter, Dan Bress, Pradhyumna Wani.
November NC state university Group Communication Specifications Gregory V Chockler, Idit Keidar, Roman Vitenberg Presented by – Jyothish S Varma.
Totally Ordered Broadcast in the face of Network Partitions [Keidar and Dolev,2000] INF5360 Student Presentation 4/3-08 Miran Damjanovic
Chapter 14 Network Encryption
The CoBFIT Toolkit PODC-2007, Portland, Oregon, USA August 14, 2007 HariGovind Ramasamy IBM Zurich Research Laboratory Mouna Seri and William H. Sanders.
CS 6401 Overlay Networks Outline Overlay networks overview Routing overlays Resilient Overlay Networks Content Distribution Networks.
Security for Broadcast Network
Efficient Group Key Management in Wireless LANs Celia Li and Uyen Trang Nguyen Computer Science and Engineering York University.
Aggregation and Secure Aggregation. Learning Objectives Understand why we need aggregation in WSNs Understand aggregation protocols in WSNs Understand.
1 Diffie-Hellman (Key Exchange) Protocol Rocky K. C. Chang 9 February 2007.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
1 Self-Certified Group Key-Generation for Ad Hoc Clusters in Wireless Sensor Networks Ortal Arazi, Hairong Qi Dept. Electrical & Computer Engineering The.
Computer Science Authenticated Group Key Agreement and Friends Giuseppe Ateniese, Michael Stiener and Gene Tsudik Presented by Young Hee Park November.
Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.
Overlay Networking Overview.
CSC 774 Advanced Network Security
Security Of Wireless Sensor Networks
Security of Wireless Sensor Networks
Distributed security – Dynamic Group Key Management by Jaman Bhola
Presentation transcript:

Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments By Yair Amir, Giuseppe Ateniese, Damian Hasse, Yongdae Kim, Cristina Nita-Rotaru, Theo Schlossnagle, John Schultz, Jonathan Stanton, Gene Tsudik Presented By Anthony Wood

2 Outline Overview Group Communication CLIQUES Spread Secure Spread Evaluation Conclusion

3 Context Secure Routing Hop-by-hop encryption / authentication SPINS Node to BS protocol, BS broadcast Efficient Distribution… BS broadcast, keychains Random Key Pre-distribution Neighbor key agreement What’s missing? Groups of nodes communicating securely

4 Secure Spread Systems look at secure group communication Internet / WAN context Secure Spread uses: Spread toolkit for communication CLIQUES for group key agreement Blowfish for group confidentiality

5 Contributions Integration of security with group communication semantics With respect to this seminar Group communication issues Security properties of groups Key agreement protocol

6 Groups History: Group communication community Internet community Wireless Sensor Network community In WSNs: Collaboration in neighborhoods Tracking mobile events “Enough”, redundancy, loose membership

7 Group Semantics Messaging facilities and semantics Reliability, ordering, safety Failure handling Fail-stop, fail-and-recover, partitions Membership Supported primitives

8 Group Membership JoinLeaveMass JoinMass LeaveFusionFission

9 Secure Groups Why not just extend 2-party key agreement? Failure of communication channel is not binary anymore Group state fluctuations must be accompanied by security adjustments Naïve pair-wise approach is expensive

10 Secure Group Semantics What do we mean by group “security”? Authentication of group as a whole Authentication of group members Confidentiality of in-group communication Confidentiality of to-group communication Membership non-repudiation Key independence

11 Secure Spread Goals 1. Authentic and private communication within a group 2. Authentic and private communication between secure group and outsiders 3. Authentication and non-repudiation of members within and outside group

12 Why Focus on Keying? Members must share a secret to achieve confidentiality More complex than message formats and mechanisms More costly in communication and computation

13 Group Keying Centralized TTP chooses key Controller / Leader chooses key Distributed Group secret is function of all members’ contributions More complex, more overhead More robust, less trust needed

14 Outline Overview Group Communication CLIQUES Spread Secure Spread Evaluation Conclusion

15 2-Party DH Agree on: An algebraic group G of order p, with generator g Protocol: A (B) chooses random Sa (Sb) < p A -> B: g Sa mod p B -> A: g Sb mod p Shared key is: g SaSb mod p Depends on difficulty of computing discrete logs Participants work: O(log 2 p) Adversaries work: O(p 0.5 )

16 CLIQUES Protocol suite for key agreement in dynamic groups (Steiner, Tsudik, Waidner, ’98 ICDCS) Uses Diffie-Hellman group key agreement Uses a group controller to manage member additions/removals Initial and Auxiliary phases Final group key:

17 CLIQUES – IKA

18 CLIQUES – Join

19 CLIQUES – Leave

20 1.Make own contribution N i 2.Raise each intermediate value to N i 3.Add received cardinal value to intermediate list 4.Compute new cardinal = old ^ N i 5.Send intermediates, cardinal to next member n. Broadcast intermediates to all members CLIQUES – Example broadcast cardinalintermediates Note: Group key =

21 CLIQUES – Example … Node 5 joins and is new controller

22 CLIQUES Attributes Distributed Contributory Computation load is distributed Uses Diffie-Hellman key agreement Fixed or floating controller, based on trust model

23 CLIQUES Requirements Group multicast Member to member unicast FIFO ordering Knowledge of membership All of these are provided by Spread

24 Outline Overview Group Communication CLIQUES Spread Secure Spread Evaluation Conclusion

25 Spread Overlay network for group communication in WANs (Amir, Stanton, ’98) Provides ordering, reliability, membership, stability Aggregates packets for efficiency over WAN Layers atop different topologies and protocols Uses hierarchical daemon-client architecture

26 Spread Architecture Daemon Clients

27 Spread SW Architecture Secure Spread

28 Spread Semantics Reliability Unreliable Reliable Ordering Unordered FIFO Causal Agreed Stability Safe Delivery Membership Extended Virtual Synchrony View Synchrony

29 EVS / VS Virtual Synchrony (ISIS, ’87 SOSP) Processes perceive failures and membership changes at same logical time Extended Virtual Synchrony (’94 ICDCS) Handles network partitions, merging, process failure and recovery View Synchrony (’97 SOPDC) Total order on views, total order on message delivery within views

30 Outline Overview Group Communication CLIQUES Spread Secure Spread Evaluation Conclusion

31 Secure Spread Integrates Spread with CLIQUES Group keying and crypto are modular Runtime binding of modules to groups Layers security services on top of Spread, exposing similar API to application

32 Secure Spread Key agreement Key used for confidentiality Provides VS semantics Can bypass security

33 Key Agreement Module CLIQUES for distributed key agreement CKD for centralized key distribution Controller exchanges keys with each member using 2-party Diffie-Hellman Controller creates group key Controller distributes group key to members one at a time

34 Blowfish 64-bit block cipher Created by Bruce Schneier Fast, compact, simple, variable key length Uses Feistel network Public domain Requires extensive sub-key computation

35 Blowfish Source: 1.Pre-compute sub-keys PKi (521 iterations, 4KB) 2.Operate 16 rounds on each 64-bit block of plaintext Mixing Function:

36 Layering vs. Integration “Client-model” is layered approach Trust Spread to provide group communication Applications (group members) take part in keying Daemon-model is integration Have to trust Spread to do it all Only daemons have to do key agreement

37 Outline Overview Group Communication CLIQUES Spread Secure Spread Evaluation Conclusion

38 Evaluation Metrics Number of messages per event Number of participants per event Serial and overall computation per event Fault tolerance Trust in members of group Load distribution

39 Evaluation – Messages Number of Messages CLIQUES Initialization:n-1 unicast, 1 broadcast Join:1 unicast, 1 broadcast Leave:1 broadcast Centralized Key Distribution (CKD) Initialization:2(n-1) unicast, 1 broadcast Join:2 unicast, 1 broadcast Leave:1 broadcast

40 Evaluation – Participants Number of participants CLIQUE-level Many fewer entities in key agreement if using daemon-model Fully contributory implies all members participate Spread-level Routing scales with daemons Clients at individual sites are reachable by a single message

41 Evaluation – Computations CLIQUES relies on controller less, at the expense of greater computation for joins IKA n (n+3)n/2 – 1 3n - 3

42 Evaluation Fault Tolerance Cascading Failure Handling: not implemented Trust Cliques: Controller can be checked CKD: Controller is trusted completely Spread: Daemons trusted to provide ordering Load Distribution Floating Controller: New member computes

43 Evaluation – Performance One DH exponentiation with 512-bit modulus on SUN: 12 ms Join Group Size Time (sec) CLIQUES uses 3n exponentiations CKD uses n + 6 exponentiations

44 Open Issues Cascading failures Handling membership changes or crashes while key adjustment is in progress Group / member certification Membership non-repudiation Secure communication with non-members Group membership policy Impact on other services

45 Application to WSNs Constraints Modular exponentiation is still expensive Message sizes are linear in group members Spread architecture is heavyweight (except perhaps for hierarchical WSNs) EVS/VS require ACKs, broadcasts, retransmissions Blowfish optimized for 32-bit architectures

46 Application to WSNs WSN Groups Will we know the full membership in a WSN group? What if group members are sleeping when a node is added? Flooding is an expensive multicast method Group Applications Mobicast Envirotrack

47 Conclusion Distributed key agreement is useful and robust—but can be expensive Tradeoffs depend on dynamics of membership, semantics desired END

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.