Secure Group Communications Using Key Graphs Chung Kei Wong, Member, IEEE, Mohamed Gouda Simon S. Lam, Fellow, IEEE Evgenia Gorelik Yuksel Ucar.

Slides:



Advertisements
Similar presentations
Mobile and Wireless Computing Institute for Computer Science, University of Freiburg Western Australian Interactive Virtual Environments Centre (IVEC)
Advertisements

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
KAIS T Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups IEEE/ACM Trans. on Netw., Vol. 14, No. 2, April 2006.
Optimal Communication Complexity of Generic Multicast Key Distribution Saurabh Panjwani UC San Diego (Joint Work with Daniele Micciancio)
The Cache Location Problem IEEE/ACM Transactions on Networking, Vol. 8, No. 5, October 2000 P. Krishnan, Danny Raz, Member, IEEE, and Yuval Shavitt, Member,
Scribe: A Large-Scale and Decentralized Application-Level Multicast Infrastructure Miguel Castro, Peter Druschel, Anne-Marie Kermarrec, and Antony L. T.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
ZIGZAG A Peer-to-Peer Architecture for Media Streaming By Duc A. Tran, Kien A. Hua and Tai T. Do Appear on “Journal On Selected Areas in Communications,
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Towards Scalable and Reliable Secure Multicast Presenter: Yang Richard Yang Network Research Lab Department of Computer Sciences The University of Texas.
Group Communications Group communication: one source process sending a message to a group of processes: Destination is a group rather than a single process.
© nCode 2000 Title of Presentation goes here - go to Master Slide to edit - Slide 1 Reliable Communication for Highly Mobile Agents ECE 7995: Term Paper.
Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.
1 A Distributed Delay-Constrained Dynamic Multicast Routing Algorithm Quan Sun and Horst Langendorfer Telecommunication Systems Journal, vol.11, p.47~58,
Study of the Relationship between Peer-to-Peer Systems and IP Multicasting T. Oh-ishi, K. Sakai, K. Kikuma, and A. Kurokawa NTT Network Service Systems.
MULTICASTING Network Security.
Group Key Distribution Chih-Hao Huang
Improving Data Access in P2P Systems Karl Aberer and Magdalena Punceva Swiss Federal Institute of Technology Manfred Hauswirth and Roman Schmidt Technical.
C++ Programming: Program Design Including Data Structures, Third Edition Chapter 20: Binary Trees.
Multicast Communication Multicast is the delivery of a message to a group of receivers simultaneously in a single transmission from the source – The source.
CRYPTOGRAPHIC DATA INTEGRITY ALGORITHMS
Binary Trees Chapter 6.
Security using Encryption Security Features Message Origin Authentication - verifying that the sender is who he or she says they are Content Integrity.
Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer.
Study of the Relationship between Peer to Peer Systems and IP Multicasting From IEEE Communication Magazine January 2003 學號 :M 姓名 : 邱 秀 純.
Multimedia Broadcast/Multicast Service (MBMS)
Computer Science 1 CSC 774 Advanced Network Security Secure Group Communications Using Key Graphs Presented by: Siddharth Bhai 9 th Nov 2005.
SSL / TLS in ITDS Arun Vishwanathan 23 rd Dec 2003.
Chapter 19: Binary Trees. Objectives In this chapter, you will: – Learn about binary trees – Explore various binary tree traversal algorithms – Organize.
Network Aware Resource Allocation in Distributed Clouds.
Hierarchical agent-based secure and reliable multicast in wireless mesh networks Yinan LI, Ing-Ray Chen Robert Weikel, Virginia Sistrunk, Hung-Yuan Chung.
Overlay Network Physical LayerR : router Overlay Layer N R R R R R N.
Secure Group Communication: Key Management by Robert Chirwa.
Lecture 10 Trees –Definiton of trees –Uses of trees –Operations on a tree.
Lecture 17 Trees CSCI – 1900 Mathematics for Computer Science Fall 2014 Bill Pine.
Chapter 6 Binary Trees. 6.1 Trees, Binary Trees, and Binary Search Trees Linked lists usually are more flexible than arrays, but it is difficult to use.
Binary Trees, Binary Search Trees RIZWAN REHMAN CENTRE FOR COMPUTER STUDIES DIBRUGARH UNIVERSITY.
1 Security Protocols in the Internet Source: Chapter 31 Data Communications & Networking Forouzan Third Edition.
A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.
Middleware for Secure Environments Presented by Kemal Altıntaş Hümeyra Topcu-Altıntaş Osman Şen.
CSCI 3140 Module 6 – Database Security Theodore Chiasson Dalhousie University.
Efficient Fault-Tolerant Certificate Revocation Rebecca Wright Patrick Lincoln Jonathan Millen AT&T Labs SRI International.
31.1 Chapter 31 Network Security Copyright © The McGraw-Hill Companies, Inc. Permission required for reproduction or display.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public 1 Living in a Network Centric World Network Fundamentals – Chapter 1.
Introduction to Computer Networks Dr. Sanjay P. Ahuja, Ph.D FIS Distinguished Professor of Computer Science School of Computing, UNF.
Group Key Distribution Xiuzhen Cheng The George Washington University.
J.-H. Cho, I.-R. Chen, M. Eltoweissy ACM/Springer Wireless Networks, 2007 Presented by: Mwaffaq Otoom CS5214 – Spring © 2007 On optimal batch re-keying.
Efficient Group Key Management in Wireless LANs Celia Li and Uyen Trang Nguyen Computer Science and Engineering York University.
Security Kim Soo Jin. 2 Contents Background Introduction Secure multicast using clustering Spatial Clustering Simulation Experiment Conclusions.
Project Orda Secure Key Distribution Over Ad Hoc Networks Security in Ad Hoc Networks – Team A Lane Westlund, Roderic Campbell, Mark Allen, Dima Novikov,
Design and Implementation of Secure Layer over UPnP Networks Speaker: Chai-Wei Hsu Advisor: Dr. Chin-Laung Lei.
KAIS T A Secure Group Key Management Scheme for Wireless Cellular Network Hwayoung Um and Edward J. Delp, ITNG’ Kim Pyung.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
1 Roie Melamed, Technion AT&T Labs Araneola: A Scalable Reliable Multicast System for Dynamic Wide Area Environments Roie Melamed, Idit Keidar Technion.
Security of the Internet of Things: perspectives and challenges
1 Example security systems n Kerberos n Secure shell.
1 © 2007 Cisco Systems, Inc. All rights reserved.Cisco Public Network Architecture Characteristics  Explain four characteristics that are addressed by.
Zueyong Zhu† and J. William Atwood‡
Computer Communication & Networks
Multiway range trees: scalable IP lookup with fast updates
Qiong Zhang, Yuke Wang Jason P, Jue 2008
Chi Zhang, Yang Song and Yuguang Fang
Binary Trees, Binary Search Trees
Design and Implementation of SUPnP Networks
Combinatorial Optimization of Multicast Key Management
Binary Trees, Binary Search Trees
Presentation transcript:

Secure Group Communications Using Key Graphs Chung Kei Wong, Member, IEEE, Mohamed Gouda Simon S. Lam, Fellow, IEEE Evgenia Gorelik Yuksel Ucar

Introduction  Most emerging applications are based upon the group communications model. As a result, securing group communications i.e., providing confidentiality, authenticity and integrity of messages delivered between group members, will become critical networking issue.  For secure group communications, a symmetric key is created and shared by server and clients. Authenticated and accepted into a group, each member shares with the server the key called that member’s individual key. For group communications the server distributes to each member a group key to be shared by all members of group. To achieve a high level of security in a group communications, the group key should be changed after every join and leave.

Key Graphs  A key graphs is a directed acyclic graphs G with two types of nodes: u-nodes representing users and k-nodes representing keys.

Special Classes of Key Graphs  Star is a special class of secure group where each user has only two keys: its individual key and a group key that is shared by every user.  Tree is a special class of secure group whose key graph is a single-root tree  The height h of the tree is the length (in number of edges) of the longest directed path in the tree.  The degree d of the tree is the maximum number of incoming edges of a node in the tree

Key Trees Before and After Join

Joining a Tree Key Graph  After granting a join request from u, server s creates new node u-node for user u and a new k-node for its individual key k u. Server s finds an existing k-node (called the joining point for this join request) in the key tree and attaches k-node k u to the joining point as its child.  User-Oriented Rekeying: For each user, the server constructs a rekey message that contains precisely the new keys needed by the user and encrypts them using a key held by the user.  Key-Oriented Rekeying: Each new key is encrypted individually (except keys for the joining user)  Group-Oriented Rekeying: Server constructs a single rekey message containing all new keys, this rekey message is then multicasted to the entire group.

Leaving a Tree Key Graph  After granting a leave request from user u, server s updates the key graph by deleting the u-nodes for user u and the k-node for its individual key from the key graph. The parent of the k-node for its individual key is called the leaving point.  User-Oriented Rekeying: Each user gets a rekey message in which all the new keys it needs are encrypted using a key it holds.  Key-Oriented Rekeying: Each new key is encrypted individually.  Group-Oriented Rekeying: A single rekey message is constructed containing all new keys.

Experiments and Performance Comparisons  The experiments were carried out on two lightly loaded SGI Origin 200 machines running IRIX 6.4. The machines were connected by a 100-Mbps Ethernet. The key server process runs on one SGI machine.  Group size  Rekeying strategy  Key tree degree  Encryption algorithm  Message digest algorithm  Digital signature algorithm  Each experiment was performed with three different sequences of 1000 join/leave requests. For fair comparisons (between different rekeying strategies, key trees of different degrees), same three sequences were used for a given group size.

Number and size of Rekey Messages, with Encryption and Signature Sent by the Server Number and size of Rekey Messages, with Encryption and Signature Sent by Client

Server Processing time per request versus group size (key tree degree 4) (a) Encryption only (b) encryption and signature Server processing time per join versus key tree degree (initial group size 8192) (a) Encryption only and (b) encryption and signature

Server processing time per leave versus key tree degree (initial group size 8192) (a) Encryption only and (b) encryption and signature Server processing time per request versus key tree degree (initial group size 8192) (a) Encryption only and (b) encryption and signature

Number of key changes by a client per request

Performance and Conclusion  The problem was reduced from O(n) to O(log n)  We conclude that our group key server using any of the three rekeying strategies is scalable to very large groups with frequent joins and leaves. In particular, the average server processing time per join/leave increases linearly with the logarithm of group size. We found that the optimal key tree degree is around four.  On the server side, group-oriented rekeying provides the best performance, with key-oriented rekeying in second place, and user-oriented rekeying in third place.  On the client side, user-oriented rekeying provides the best performance, with key-oriented rekeying in second place, and group-oriented rekeying in third place.

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.