Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Slides:



Advertisements
Similar presentations
Multicasting in Mobile Ad hoc Networks By XIE Jiawei.
Advertisements

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
Push Technology Humie Leung Annabelle Huo. Introduction Push technology is a set of technologies used to send information to a client without the client.
A Survey of Key Management for Secure Group Communications Celia Li.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Network Layer Routing Issues (I). Infrastructure vs. multi-hop Infrastructure networks: Infrastructure networks: ◦ One or several Access-Points (AP) connected.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.
Optimizing Buffer Management for Reliable Multicast Zhen Xiao AT&T Labs – Research Joint work with Ken Birman and Robbert van Renesse.
Ranveer Chandra , Kenneth P. Birman Department of Computer Science
KAIS T Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups IEEE/ACM Trans. on Netw., Vol. 14, No. 2, April 2006.
Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
Towards Scalable and Reliable Secure Multicast Presenter: Yang Richard Yang Network Research Lab Department of Computer Sciences The University of Texas.
Network Coding for Large Scale Content Distribution Christos Gkantsidis Georgia Institute of Technology Pablo Rodriguez Microsoft Research IEEE INFOCOM.
Secure Multimedia Multicast: Interface and Multimedia Transmission GROUP 2: Melissa Barker Norman Lo Michael Mullinix server router client router client.
Secure Group Communications Using Key Graphs Chung Kei Wong, Member, IEEE, Mohamed Gouda Simon S. Lam, Fellow, IEEE Evgenia Gorelik Yuksel Ucar.
Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
1 IP Multicasting. 2 IP Multicasting: Motivation Problem: Want to deliver a packet from a source to multiple receivers Applications: –Streaming of Continuous.
Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.
Anonymous Gossip: Improving Multicast Reliability in Mobile Ad-Hoc Networks Ranveer Chandra (joint work with Venugopalan Ramasubramanian and Ken Birman)
MULTICASTING Network Security.
Group Key Distribution Chih-Hao Huang
Web Caching Schemes For The Internet – cont. By Jia Wang.
Definition of terms Definition of terms Explain business conditions driving distributed databases Explain business conditions driving distributed databases.
Multicast Transport Protocols: A Survey and Taxonomy Author: Katia Obraczka University of Southern California Presenter: Venkatesh Prabhakar.
Multicast Security Issues and Solutions. Outline Explain multicast and its applications Show why security is needed Discuss current security implementations.
Study of the Relationship between Peer to Peer Systems and IP Multicasting From IEEE Communication Magazine January 2003 學號 :M 姓名 : 邱 秀 純.
Computer Science 1 CSC 774 Advanced Network Security Secure Group Communications Using Key Graphs Presented by: Siddharth Bhai 9 th Nov 2005.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
AD HOC WIRELESS MUTICAST ROUTING. Multicasting in wired networks In wired networks changes in network topology is rare In wired networks changes in network.
Social Networking with Frientegrity: Privacy and Integrity with an Untrusted Provider Prateek Basavaraj April 9 th 2014.
Hierarchical agent-based secure and reliable multicast in wireless mesh networks Yinan LI, Ing-Ray Chen Robert Weikel, Virginia Sistrunk, Hung-Yuan Chung.
Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups David Insel John Stephens Shawn Smith Shaun Jamieson.
Overlay Network Physical LayerR : router Overlay Layer N R R R R R N.
Tsunami: Maintaining High Bandwidth Under Dynamic Network Conditions Dejan Kostić, Ryan Braud, Charles Killian, Eric Vandekieft, James W. Anderson, Alex.
Secure Group Communication: Key Management by Robert Chirwa.
Multicast Routing Algorithms n Multicast routing n Flooding and Spanning Tree n Forward Shortest Path algorithm n Reversed Path Forwarding (RPF) algorithms.
Improving MBMS Security in 3G Wenyuan Xu Rutgers University.
Load-Balancing Routing in Multichannel Hybrid Wireless Networks With Single Network Interface So, J.; Vaidya, N. H.; Vehicular Technology, IEEE Transactions.
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.
2007/03/26OPLAB, NTUIM1 A Proactive Tree Recovery Mechanism for Resilient Overlay Network Networking, IEEE/ACM Transactions on Volume 15, Issue 1, Feb.
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
APPLICATION LAYER MULTICASTING
SAODV and Distributed Key Management Mark Guzman, Jeff Walter, Dan Bress, Pradhyumna Wani.
Self-Healing Group-Wise Key Distribution Schemes with Time-Limited Node Revocation for Wireless Sensor Networks Minghui Shi, Xuemin Shen, Yixin Jiang,
Optimal Batch Rekeying for Secure Group Communications in Wireless Networks Authors: Jin-Hee Cho, Ing-ray Chen, Mohamed Eltoweissy Presented by Niharika.
Push Technology Humie Leung Annabelle Huo. Introduction Push technology is a set of technologies used to send information to a client without the client.
Group Key Distribution Xiuzhen Cheng The George Washington University.
J.-H. Cho, I.-R. Chen, M. Eltoweissy ACM/Springer Wireless Networks, 2007 Presented by: Mwaffaq Otoom CS5214 – Spring © 2007 On optimal batch re-keying.
Multicast: Wired to Wireless Hrishikesh Gossain Carlos de Morais Cordeiro Dharma P. Agrawal IEEE Communication Magazine June 2002 資工所 蔡家楷.
ECE 544 Project3 Group 9 Brien Range Sidhika Varshney Sanhitha Rao Puskuru.
Weichao Wang, Bharat Bhargava Youngjoo, Shin
Security for Broadcast Network
Efficient Resource Allocation for Wireless Multicast De-Nian Yang, Member, IEEE Ming-Syan Chen, Fellow, IEEE IEEE Transactions on Mobile Computing, April.
Security Kim Soo Jin. 2 Contents Background Introduction Secure multicast using clustering Spatial Clustering Simulation Experiment Conclusions.
Project Orda Secure Key Distribution Over Ad Hoc Networks Security in Ad Hoc Networks – Team A Lane Westlund, Roderic Campbell, Mark Allen, Dima Novikov,
KAIS T A Secure Group Key Management Scheme for Wireless Cellular Network Hwayoung Um and Edward J. Delp, ITNG’ Kim Pyung.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
17 th -21 st July nd APAN Meeting in Singapore ’06 Forwarding State Reduction for One-to-Many Group Communications Sahar A. Al-Talib (PhD. Candidate)
Network Topologies for Scalable Multi-User Virtual Environments Lingrui Liang.
Zueyong Zhu† and J. William Atwood‡
Wireless Ad Hoc Multicast and ODMRP CS 218 Fall 2017
Scalable Group Key Management with Partially Trusted Controllers
Combinatorial Optimization of Multicast Key Management
EE 122: Lecture 13 (IP Multicast Routing)
Design and Implementation of OverLay Multicast Tree Protocol
Presentation transcript:

Secure Multicast Xun Kang

Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying Group key management in n-to-n multicast Recent progress in wired and wireless networks Other related issues

Unicast to Multicast What is Multicast? Currently, unicast is dominant, while the requirement for IP multicast is increasing –Audio and video distribution –Push application –Tele conferencing –Group collaboration applications –Some file transfer applications

Obstacles for Deployment Scalability: group management Group Management Security (why?) Address Allocation Network Management Billing Multicast Service

What to protect? Group management: –Authorization for group creation –Receiver authorization –Sender authorization Security: –Protection against attacks on multicast routes and sessions –Support for data integrity mechanisms

Factors affect Design of Security Multicast Application Type: –(1to n) or (n to n) –Confidentiality, or source-authentication –Frequency and rate of data transmission Group Size and Group Dynamics –Affect the scalability of security –Join/leave –Nodes distribution Trust Model

Secure Group Communications Using Key Graphs Center point is GM and GKM –Scalability –Independence –Reliability –Security

Basic Design of SGC Assume that the S(ource) is trusted Each node shares a secret individual key with S A shared key used for the whole group Source

Shortcoming of one Group Key When updating key, requires n messages encrypted with individual keys While it must be updated frequently: –Group session is longer than peer session –Forward access control: Leave –Backward access control: Join

Solution: A hierarchy of keys A full and balanced d-ary tree (directed) kept on server For each user, a directed path to the root –The root key is shared by the whole group –The leave key belongs to an individual user –Some intermediate keys shared by a subgroup of users Server needs to perform O(dlog d (n) ) encryption

Some terms using Key Graph Extend to U’ and K’: keyset(U’) userset(K’) For (U, K, R), and a subset S of U, find a minimum size subset K’ of K, such that userset(K’)=S

Key Graph Types Star Tree –Height h –Degree d Complete –Each combination of users has at least a key

Rekeying Strategies - Star KG Joining or leaving a star key graph Join: Leaving:

Rekeying Strategies - tree KG

Joining: User-oriented rekeying –For each user, creates a rekey msg that contains all needed This approach needs h rekey messages. The encryption cost for the server is: –1+2+…+(h-1)+(h-1) = h(h+1)/2-1

Rekeying Strategies - tree KG Joining: Key-oriented rekeying –Each new key is encrypted individually. –A user may have to get multiple rekey messages. This approach needs 2(h-1) rekey messages. The encryption cost for the server is: –2(h-1)

Rekeying Strategies - tree KG Joining: Group-oriented rekeying –Construct a single rekey message containing all new keys. –Do we need to consider whether the message will be too large? What is the size of the msg? This approach needs 2 rekey messages. The encryption cost for the server is: –2(h-1) What’s the advantage of group-based over other two kinds?

Rekeying Strategies - tree KG Leaving: User-oriented rekeying –For each user, creates a rekey msg that contains all needed This approach needs (d-1)(h-1) rekey messages. The encryption cost for the server is: –(d-1)(1+2+…+(h-1)) = (d-1)h(h-11)/2

Rekeying Strategies - tree KG Leaving: Key-oriented rekeying –Each new key is encrypted individually. –A user may have to get multiple rekey messages. This approach needs (d-1)(h-1) rekey messages. The encryption cost for the server is: –d(h-1)

Rekeying Strategies - tree KG Leaving: Group-oriented rekeying –Construct a single rekey message containing all new keys. This approach needs 1 rekey messages. The encryption cost for the server is: –d(h-1)

Encryption cost

How to Sign Rekey Messages Use Merkle hash tree –Root of the tree is the hash of all msgs –Leaves are the hash for each individual msg –Root is signed by the Server –For each rekey msg, the server will combine it with a path to the root of the tree

Performance conclusion Server side, group-oriented rekeying is the best, then key-oriented, then user-oriented; Client side, exactly reversed; Optimal key tree degree is around four? For certain number of node, or for all? If large number of clients are slow, then group-oriented rekeying is not good;

Batch Updates of Key Trees Any problem in previous solution? –Synchronization problems among rekey msgs and between rekey and data msgs; How? –Individual rekeying can be inefficient; especially when join/leave happens frequently, there will be a huge burden on server for signing keys;

Periodic batch rekeying Rekey subtree; Collect requests during a rekey interval and rekey them in a batch; Advantage: –For a J join and L leave, only needs 1 signing; –Less number of encrypted keys; Disadvantage: –Delayed group access control; A balance between rekeying overhead and group access control, the degree of forward access control vulnerability.

Three ways of Batch Rekeying Periodic batch rekeying; Periodic bath leave rekeying; Periodic bath join rekeying; Question: –What’s the advantage and disadvantage of each one? Which one is better?

Batch Rekeying Algorithm Strategy 1: always keep a balanced tree

Batch Rekeying Algorithm Strategy 2 –New nodes form a subtree –Grafted to a departed node with smallest height? Strategy 3 –?

Reliable rekey protocol Eventual reliability –A receiver should receive all needed keys; Soft real-time requirement –A rekey msg is finished before the start of the next rekey interval Solution –Send re-synchronization requests when cannot recover a rekey msg in time; –Proactive FEC for reducing recovery latency;

Proactive FEC Partition rekey msgs into blocks Generate  ( p-1 )k  PARITY packets (FEC) for each block

Conclusion