Towards Scalable and Reliable Secure Multicast Presenter: Yang Richard Yang Network Research Lab Department of Computer Sciences The University of Texas.

Slides:

Advertisements

Similar presentations

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Advertisements

Push Technology Humie Leung Annabelle Huo. Introduction Push technology is a set of technologies used to send information to a client without the client.

A Survey of Key Management for Secure Group Communications Celia Li.

A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Building Cloud-ready Video Transcoding System for Content Delivery Networks(CDNs) Zhenyun Zhuang and Chun Guo Speaker: 饒展榕.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Scalable On-demand Media Streaming with Packet Loss Recovery Anirban Mahanti Department of Computer Science University of Calgary Calgary, AB T2N 1N4 Canada.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts Amherst Operating Systems CMPSCI 377 Lecture.

What’s the Problem Web Server 1 Web Server N Web system played an essential role in Proving and Retrieve information. Cause Overloaded Status and Longer.

KAIS T Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups IEEE/ACM Trans. on Netw., Vol. 14, No. 2, April 2006.

Optimal Communication Complexity of Generic Multicast Key Distribution Saurabh Panjwani UC San Diego (Joint Work with Daniele Micciancio)

12/2/2003chow1 Network and System Support for Multi-Level Security C. Edward Chow Department of Computer Science University of Colorado At Colorado Springs.

Multicasting in Mobile Ad-Hoc Networks (MANET)

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

A Comparison of Layering and Stream Replication Video Multicast Schemes Taehyun Kim and Mostafa H. Ammar.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Scalable Application Layer Multicast Suman Banerjee Bobby Bhattacharjee Christopher Kommareddy ACM SIGCOMM Computer Communication Review, Proceedings of.

Secure Group Communications Using Key Graphs Chung Kei Wong, Member, IEEE, Mohamed Gouda Simon S. Lam, Fellow, IEEE Evgenia Gorelik Yuksel Ucar.

Group Communication Phuong Hoai Ha & Yi Zhang Introduction to Lab. assignments March 24 th, 2004.

Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.

PROMISE: Peer-to-Peer Media Streaming Using CollectCast M. Hefeeda, A. Habib, B. Botev, D. Xu, and B. Bhargava ACM Multimedia 2003, November 2003.

Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.

1 An Overlay Scheme for Streaming Media Distribution Using Minimum Spanning Tree Properties Journal of Internet Technology Volume 5(2004) No.4 Reporter.

Adaptive Web Caching Lixia Zhang, Sally Floyd, and Van Jacob-son. In the 2nd Web Caching Workshop, Boulder, Colorado, April 25, System Laboratory,

Resilient Multicast Support for Continuous-Media Applications X. Xu, A. Myers, H. Zhang and R. Yavatkar CMU and Intel Corp NOSSDAV, 1997.

Multicast Media Streaming: Techniques for Efficiency, Security, And Copyright Protection James Logan CS 525 Dr. Chow.

SIMPLEStone – A presence server performance benchmarking standard SIMPLEStone – A presence server performance benchmarking standard Presented by Vishal.

Multicast Security CS239 Advanced Network Security April 16 th, 2003 Yuken Goto.

1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #12 LSNAT - Load Sharing NAT (RFC 2391)

Department of Computer Science & Engineering The Chinese University of Hong Kong Constructing Robust and Resilient Framework for Cooperative Video Streaming.

Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer.

1 Chapter 27 Internetwork Routing (Static and automatic routing; route propagation; BGP, RIP, OSPF; multicast routing)

Computer Science 1 CSC 774 Advanced Network Security Secure Group Communications Using Key Graphs Presented by: Siddharth Bhai 9 th Nov 2005.

Streaming Video over the Internet Dapeng Wu Electrical & Computer Engineering University of Florida.

Application-Layer Anycasting By Samarat Bhattacharjee et al. Presented by Matt Miller September 30, 2002.

Hierarchical agent-based secure and reliable multicast in wireless mesh networks Yinan LI, Ing-Ray Chen Robert Weikel, Virginia Sistrunk, Hung-Yuan Chung.

Overlay Network Physical LayerR : router Overlay Layer N R R R R R N.

Secure Group Communication: Key Management by Robert Chirwa.

Project guide Dr. G. Sudha Sadhasivam Asst Professor, Dept of CSE Presented by C. Geetha Jini (07MW03)

TOMA: A Viable Solution for Large- Scale Multicast Service Support Li Lao, Jun-Hong Cui, and Mario Gerla UCLA and University of Connecticut Networking.

Chapter 2: System Models. Objectives To provide students with conceptual models to support their study of distributed systems. To motivate the study of.

A Comparison of Layering and Stream Replication Video Multicast Schemes Taehyun Kim and Mostafa H. Ammar Networking and Telecommunications Group Georgia.

Adaptive Web Caching CS411 Dynamic Web-Based Systems Flying Pig Fei Teng/Long Zhao/Pallavi Shinde Computer Science Department.

Source specific multicast routing and QoS issues Laurentiu Barza.

Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.

IP1 The Underlying Technologies. What is inside the Internet? Or What are the key underlying technologies that make it work so successfully? –Packet Switching.

Global Internet 2005 A Comparative Study of Multicast Protocols: Top, Bottom, or In the Middle? Li Lao (UCLA), Jun-Hong Cui (UCONN) Mario Gerla (UCLA),

Peer-to-Peer Media Streaming ZIGZAG - Ye Lin PROMISE – Chanjun Yang SASABE - Kung-En Lin.

J.-H. Cho, I.-R. Chen, M. Eltoweissy ACM/Springer Wireless Networks, 2007 Presented by: Mwaffaq Otoom CS5214 – Spring © 2007 On optimal batch re-keying.

An Adaptive Protocol for Efficient & Secure Multicasting in Wireless LANS Sandeep Gupta & Sriram Cherukuri Arizona State University

4: Network Layer4-1 Chapter 4: Network Layer Last time: r Internet routing protocols m RIP m OSPF m IGRP m BGP r Router architectures r IPv6 Today: r IPv6.

Security for Broadcast Network

Efficient Group Key Management in Wireless LANs Celia Li and Uyen Trang Nguyen Computer Science and Engineering York University.

Efficient Resource Allocation for Wireless Multicast De-Nian Yang, Member, IEEE Ming-Syan Chen, Fellow, IEEE IEEE Transactions on Mobile Computing, April.

Security Kim Soo Jin. 2 Contents Background Introduction Secure multicast using clustering Spatial Clustering Simulation Experiment Conclusions.

Design and Implementation of Secure Layer over UPnP Networks Speaker: Chai-Wei Hsu Advisor: Dr. Chin-Laung Lei.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Computer Science Least Privilege and Privilege Deprivation: Towards Tolerating Mobile Sink Compromises in Wireless Sensor Network Presented by Jennifer.

Network security Presentation AFZAAL AHMAD ABDUL RAZAQ AHMAD SHAKIR MUHAMMD ADNAN WEB SECURITY, THREADS & SSL.

A Fault Tolerance Protocol for Uploads: Design and Evaluation

Data Center Network Architectures

Zueyong Zhu† and J. William Atwood‡

網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments

NSF Faculty Career Award

Design and Implementation of SUPnP Networks

Combinatorial Optimization of Multicast Key Management

DISTRIBUTED SYSTEMS Principles and Paradigms Second Edition ANDREW S

A Lower Bound on the Communication Cost of Secure Group Key Management

Presentation transcript:

Towards Scalable and Reliable Secure Multicast Presenter: Yang Richard Yang Network Research Lab Department of Computer Sciences The University of Texas at Austin 11/02/2000 Project Director: Simon S. Lam Other Members: Steve Li, Xincheng Zhang Past member: C. K. Wong

11/02/2000Towards a Scalable and Reliable Group Key Management2 What is a Group Key Management System? Provide access control to the symmetric group key that is shared by all group membersProvide access control to the symmetric group key that is shared by all group members Two types of access control services:Two types of access control services: q Backward access control: Change the group key after a new user joins Change the group key after a new user joins q Forward access control: Change the group key after a member leaves Change the group key after a member leaves

11/02/2000Towards a Scalable and Reliable Group Key Management3 Key Trees k1-9 k123k456k1k789k2k3k4k5k6k7k8 u2 u3u4u5u6u7u8u9u1 k9 (changed to k78) (changed to k1-8) [Wong et al. SIGCOMM ’98, Wallner et al. Internet Draft] {k78} k7 {k78} k8 {k1-8} k123 {k1-8} k456 {k1-8} k78

11/02/2000Towards a Scalable and Reliable Group Key Management4 Group Key Management System Components registration rekey encoding rekey transport individual keys join leave

11/02/2000Towards a Scalable and Reliable Group Key Management5 Registration Component Issue: authentication can have large overheadIssue: authentication can have large overhead Solution: allow multiple registrars in our Keystone prototypeSolution: allow multiple registrars in our Keystone prototype encodingtransport Reg.

11/02/2000Towards a Scalable and Reliable Group Key Management6 Distributed Registrars Protocol registrarkey server SSL registrar key Kr client lists new user c IDc, Kc SSL {IDc, Kc}Kr TCP: {Join, IDc}Kc {Ack}Kc, {Keys}Kc TCP: {Leave, IDc}Kc {Ack}Kc,

11/02/2000Towards a Scalable and Reliable Group Key Management7 Rekey Encoding Component Issue: rekey for each request in real-time may not be desiredIssue: rekey for each request in real-time may not be desired q Rekey for each request is not efficient q Rekey in real-time have out-of-sync problem Solution: use periodic batch rekeyingSolution: use periodic batch rekeying Periodic batch rekeying provides tradeoffs between performance and how effective group access control isPeriodic batch rekeying provides tradeoffs between performance and how effective group access control is Reg. encoding transport

11/02/2000Towards a Scalable and Reliable Group Key Management8 Periodic Batch Encoding Algorithm Assume J joins and L leaves in a batchAssume J joins and L leaves in a batch If J = L, replace each departed user by a new userIf J = L, replace each departed user by a new user If J < L, replace departed users from the left to rightIf J < L, replace departed users from the left to right If J > L, first replace departed users by joined users, then expand the treeIf J > L, first replace departed users by joined users, then expand the tree

11/02/2000Towards a Scalable and Reliable Group Key Management9 Batch Encoding Performance

11/02/2000Towards a Scalable and Reliable Group Key Management10 Batch Encoding Performance Gains

11/02/2000Towards a Scalable and Reliable Group Key Management11 Rekey Transport Component Two Issues:Two Issues: q What is the workload? q What is the transport protocol? Reg. encoding transport

11/02/2000Towards a Scalable and Reliable Group Key Management12 Rekey Transport Workload Rekey messages have a sparseness propertyRekey messages have a sparseness property q Each receiver only needs to receive a fraction of the packets in a rekey message The number of packets each receiver needs to receive depends on how encrypted keys are assigned to packetsThe number of packets each receiver needs to receive depends on how encrypted keys are assigned to packets

11/02/2000Towards a Scalable and Reliable Group Key Management13 DFS vs BFS Packet Assignment Algorithm

11/02/2000Towards a Scalable and Reliable Group Key Management14 Histogram

11/02/2000Towards a Scalable and Reliable Group Key Management15 Rekey Transport Protocol Rekey transport protocol design needs to consider two factors:Rekey transport protocol design needs to consider two factors: q It is desired that rekey message is delivered before next rekey interval  Proactive FEC q Inter-dependency requires eventual reliability  User send re-synchronization at the end of rekey interval

11/02/2000Towards a Scalable and Reliable Group Key Management16 How to Determine Proactivity Factor?

11/02/2000Towards a Scalable and Reliable Group Key Management17 Two Remaining Questions Questions:Questions: q How to determine the rekey interval T? q How to determine the number of users a key server can support? These answers to these questions will be tradeoff decisionsThese answers to these questions will be tradeoff decisions Reg. encoding transport

11/02/2000Towards a Scalable and Reliable Group Key Management18 Bandwidth Requirement vs Rekey Interval

11/02/2000Towards a Scalable and Reliable Group Key Management19 Determine System Parameters by Constraints Two types of constraints:Two types of constraints: q Performance constraints give lower bounds on T Upper bounds of key server and receiver bandwidth requirement Upper bounds of key server and receiver bandwidth requirement Rekey latency Rekey latency q System effectiveness constraints give upper bound on T: E.g. T/m < 0.1, m is the mean time each user in the group E.g. T/m < 0.1, m is the mean time each user in the group If the lower bounds < upper bound, choose the upper bound as T, otherwise, have to reduce the number of users in the groupIf the lower bounds < upper bound, choose the upper bound as T, otherwise, have to reduce the number of users in the group

11/02/2000Towards a Scalable and Reliable Group Key Management20 Extend to Distributed Key Servers Objective: improve scalability and reliabilityObjective: improve scalability and reliability Issue: how to coordinate different groups?Issue: how to coordinate different groups? Two distributed architectures:Two distributed architectures: q Multiple key servers based on clock synchronization, larger virtual group q iolus agents with RMX like topology

11/02/2000Towards a Scalable and Reliable Group Key Management21 Conclusion Investigated scalability and reliability issues of a single key server systemInvestigated scalability and reliability issues of a single key server system q Registration: distributed registars q Rekey encoding: period batch processing q Rekey transport: proactive FEC + re-synchronization Determine T and N by system constraintsDetermine T and N by system constraints Two distributed key server architectures to further improve scalability and reliabilityTwo distributed key server architectures to further improve scalability and reliability