Purdue University - Infocom 20071 Enabling Confidentiality of Data Delivery in an Overlay Broadcasting System Ruben Torres, Xin Sun, Aaron Walters, Cristina.

Slides:



Advertisements
Similar presentations
A Construction of Locality-Aware Overlay Network: mOverlay and Its Performance Found in: IEEE JOURNAL ON SELECTED AREAS IN COMMUNICATIONS, VOL. 22, NO.
Advertisements

IEEE INFOCOM 2004 MultiNet: Connecting to Multiple IEEE Networks Using a Single Wireless Card.
1 S4: Small State and Small Stretch Routing for Large Wireless Sensor Networks Yun Mao 2, Feng Wang 1, Lili Qiu 1, Simon S. Lam 1, Jonathan M. Smith 2.
A Survey of Key Management for Secure Group Communications Celia Li.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
On Large-Scale Peer-to-Peer Streaming Systems with Network Coding Chen Feng, Baochun Li Dept. of Electrical and Computer Engineering University of Toronto.
Cooperative Overlay Networking for Streaming Media Content Feng Wang 1, Jiangchuan Liu 1, Kui Wu 2 1 School of Computing Science, Simon Fraser University.
Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli University of Calif, Berkeley and Lawrence Berkeley National Laboratory SIGCOMM.
Natural Selection in Peer-to-Peer Streaming: From the Cathedral to the Bazaar Vivek Shrivastava, Suman Banerjee University of Wisconsin-Madison, USA ACM.
1 Considering Priority in Overlay Multicast Protocols under Heterogeneous Environments Michael Bishop, Sanjay Rao – Purdue University Kunwadee Sripanidkulchai.
LightFlood: An Optimal Flooding Scheme for File Search in Unstructured P2P Systems Song Jiang, Lei Guo, and Xiaodong Zhang College of William and Mary.
Receiver-driven Layered Multicast S. McCanne, V. Jacobsen and M. Vetterli SIGCOMM 1996.
1 Failure Recovery for Priority Progress Multicast Jung-Rung Han Supervisor: Charles Krasic.
Multicasting in Mobile Ad-Hoc Networks (MANET)
SCAN: A Dynamic, Scalable, and Efficient Content Distribution Network Yan Chen, Randy H. Katz, John D. Kubiatowicz {yanchen, randy,
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
ZIGZAG A Peer-to-Peer Architecture for Media Streaming By Duc A. Tran, Kien A. Hua and Tai T. Do Appear on “Journal On Selected Areas in Communications,
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Network Coding for Large Scale Content Distribution Christos Gkantsidis Georgia Institute of Technology Pablo Rodriguez Microsoft Research IEEE INFOCOM.
1 A Framework for Lazy Replication in P2P VoD Bin Cheng 1, Lex Stein 2, Hai Jin 1, Zheng Zhang 2 1 Huazhong University of Science & Technology (HUST) 2.
1 Enabling Contribution Awareness in an Overlay Broadcasting System ACM SIGCOMM 2006 Presented by He Yuan.
Issues in Offering Live P2P Streaming Service to Residential Users Nazanin Magharei, *Yang Guo, and Reza Rejaie Dept. of Computer and Information Science.
Application Layer Multicast
1March -05 Jiangchuan Liu with Xinyan Zhang, Bo Li, and T.S.P.Yum Infocom 2005 CoolStreaming/DONet: A Data-Driven Overlay Network for Peer-to-Peer Live.
Understanding Mesh-based Peer-to-Peer Streaming Nazanin Magharei Reza Rejaie.
CS218 – Final Project A “Small-Scale” Application- Level Multicast Tree Protocol Jason Lee, Lih Chen & Prabash Nanayakkara Tutor: Li Lao.
1 Enabling Contribution Awareness in an Overlay Broadcasting System Yu-Wei (Eric) Sung Michael Bishop, Sanjay Rao School of ECE SIGCOMM, Pisa, September.
6/28/2015Reza Rejaie INFOCOM 07 1 Nazanin Magharei, Reza Rejaie University of Oregon PRIME: P2P Receiver-drIven MEsh based.
Supporting VCR-like Operations in Derivative Tree-Based P2P Streaming Systems Tianyin Xu, Jianzhong Chen, Wenzhong Li, Sanglu Lu Nanjing University Yang.
Group Key Distribution Chih-Hao Huang
Deliver Multimedia Streams with Flexible QoS via a Multicast DAG Yu Cai 02/26/2004.
Multicast Security CS239 Advanced Network Security April 16 th, 2003 Yuken Goto.
Nearcast: A Locality-Aware P2P Live Streaming Approach for Distance Education XUPING TU, HAI JIN, and XIAOFEI LIAO Huazhong University of Science and Technology.
University of Nevada, Reno Virtual Direction Multicast for Overlay Networks Suat Mercan & Dr. Murat Yuksel HOTP2P’11.
CSE679: Multicast and Multimedia r Basics r Addressing r Routing r Hierarchical multicast r QoS multicast.
Receiver-driven Layered Multicast Paper by- Steven McCanne, Van Jacobson and Martin Vetterli – ACM SIGCOMM 1996 Presented By – Manoj Sivakumar.
Exploiting Virtualization for Delivering Cloud based IPTV Services Speaker : 吳靖緯 MA0G IEEE Conference on Computer Communications Workshops.
Communication Part IV Multicast Communication* *Referred to slides by Manhyung Han at Kyung Hee University and Hitesh Ballani at Cornell University.
Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer.
COCONET: Co-Operative Cache driven Overlay NETwork for p2p VoD streaming Abhishek Bhattacharya, Zhenyu Yang & Deng Pan.
Zhen Feng, Mingwei Xu, Yu Wang and Qing Li Tsinghua University, Beijing, China, Globalcom2013 – NGN Symposium Katto Lab Hiroto Kisara AN ARCHITECTURE FOR.
Hierarchical agent-based secure and reliable multicast in wireless mesh networks Yinan LI, Ing-Ray Chen Robert Weikel, Virginia Sistrunk, Hung-Yuan Chung.
Gil EinzigerRoy Friedman Computer Science Department Technion.
Overlay Network Physical LayerR : router Overlay Layer N R R R R R N.
Resilient Peer-to-Peer Streaming Presented by: Yun Teng.
A Case for End System Multicast Yang-hua Chu, Sanjay G. Rao, Srinivasan Seshan and Hui Zhang Presentation by Warren Cheung Some Slides from
Higashino Lab. Maximizing User Gain in Multi-flow Multicast Streaming on Overlay Networks Y.Nakamura, H.Yamaguchi and T.Higashino Graduate School of Information.
Secure Group Communication: Key Management by Robert Chirwa.
NUS.SOC.CS5248 Ooi Wei Tsang Previously, on CS5248..
TOMA: A Viable Solution for Large- Scale Multicast Service Support Li Lao, Jun-Hong Cui, and Mario Gerla UCLA and University of Connecticut Networking.
HUAWEI TECHNOLOGIES CO., LTD. Page 1 Survey of P2P Streaming HUAWEI TECHNOLOGIES CO., LTD. Ning Zong, Johnson Jiang.
Adaptive Web Caching CS411 Dynamic Web-Based Systems Flying Pig Fei Teng/Long Zhao/Pallavi Shinde Computer Science Department.
Taiming Feng, Chuang wang, Wensheng Zhang and Lu Ruan INFOCOM 2008 Presented by Mary Nader.
Enabling Conferencing Applications on the Internet using an Overlay Multicast Architecture Yang-hua Chu, Sanjay Rao, Srini Seshan and Hui Zhang Carnegie.
PRIME: P2P Receiver-drIven MEsh based Streaming Nazanin Magharei, Reza Rejaie University of Oregon Presenter Jungsik Yoon.
2007/03/26OPLAB, NTUIM1 A Proactive Tree Recovery Mechanism for Resilient Overlay Network Networking, IEEE/ACM Transactions on Volume 15, Issue 1, Feb.
Group Key Distribution Xiuzhen Cheng The George Washington University.
J.-H. Cho, I.-R. Chen, M. Eltoweissy ACM/Springer Wireless Networks, 2007 Presented by: Mwaffaq Otoom CS5214 – Spring © 2007 On optimal batch re-keying.
Security for Broadcast Network
CoopNet: Cooperative Networking
Challenges in the Next Generation Internet Xin Yuan Department of Computer Science Florida State University
1 Roie Melamed, Technion AT&T Labs Araneola: A Scalable Reliable Multicast System for Dynamic Wide Area Environments Roie Melamed, Idit Keidar Technion.
17 th -21 st July nd APAN Meeting in Singapore ’06 Forwarding State Reduction for One-to-Many Group Communications Sahar A. Al-Talib (PhD. Candidate)
Overlay Networking Overview.
Aditya Ganjam, Bruce Maggs*, and Hui Zhang
Fault Tolerance Distributed Web-based Systems
The Case for DDoS Resistant Membership Management in P2P Systems
Enabling Contribution Awareness in an Overlay Broadcasting System
EE 122: Lecture 22 (Overlay Networks)
Design and Implementation of OverLay Multicast Tree Protocol
Presentation transcript:

Purdue University - Infocom Enabling Confidentiality of Data Delivery in an Overlay Broadcasting System Ruben Torres, Xin Sun, Aaron Walters, Cristina Nita-Rotaru and Sanjay Rao

Purdue University - Infocom Introduction Overlay multicast, replacement for IP multicast –Real deployments: Tmesh, CoolStreaming, ESM –Commercial systems: PPLive, TVU Multicast group: source (A) and members (B,C,D) IP multicastOverlay multicast ACDBACBD R1R2 R1R2

Purdue University - Infocom Data Confidentiality in Overlays Further usage of overlays requires integrating security mechanisms for data confidentiality Security mechanisms efficiently provided with symmetric encryption –Group key shared by all members to encrypt data –Group key management protocols to establish and manage the group key.

Purdue University - Infocom New Opportunities in Overlays Group key management extensively studied with IP multicast New opportunities and challenges for group key management with overlay networks –Richer design space on constructing structures for data and keys delivery Coupling data and keys delivery in one overlay Decoupling data and keys delivery using two overlays –Opportunities to simplify resilient key delivery

Purdue University - Infocom Key Contributions of this Paper One of the first studies on key dissemination using overlays Show overlays can simplify resilient key dissemination –Per-hop reliability is effective in achieving end to end resiliency Show decoupled out-performs coupled approaches –Decoupled: data and keys delivered in separate overlays –Good application performance and low overhead Distinguished work in evaluation under real Internet environments and real workloads

Purdue University - Infocom System Model and Assumptions Single source Tree based delivery Bandwidth intensive applications Access bandwidth limitation –DSL ~ Kbps –Ethernet ~ Mbps Outsider attack source Group members A/V signal Data delivery tree SAD B EF C Ethernet DSL

Purdue University - Infocom Background Group key shared by all members to encrypt data and restrict access only to authorized users –Key changes with joins and leaves in the group Two approaches to change keys –Every event (join or leave) –Batching events, better performance This paper employs LKH [Wong00] and batching –LKH is pioneering work and widely studied

Purdue University - Infocom Considerations on Keys Delivery Key messages are sensitive to loss –Losing data packets: tolerable –Losing keys: dramatic impact in application performance Key traffic can be bursty –High key traffic at rekey event could compete with data traffic for large groups Keys messages needed by subset of members –Group key management artifact

Purdue University - Infocom Resilient Key Dissemination Schemes Extensively studied with IP Multicast (hard problem) Unique opportunity in overlays Use per-hop reliable protocols (e.g. TCP) –Explore effectiveness of per-hop reliability in end to end reliability: Real join/leave patterns Real workloads TCP end to end Data delivery tree

Purdue University - Infocom Architectures for Key Dissemination Data and keys traffic have different properties Explore design space to distribute data and keys: –Coupled Data Optimized – One overlay optimized for data delivery –Coupled Key Optimized – One overlay optimized for key delivery [Zhang05] –Decoupled – Two overlays, one for data and one for keys

Purdue University - Infocom Coupled Key Optimized [Zhang05] u2u3 u1u4 s Coupled Data Optimized + Simple + Good application performance - Can incur high unnecessary overheads Coupled Data Optimized s u3u4 u2u1 kA u1 u2 kB u3 u4 Keys needed by subset of nodes

Purdue University - Infocom Coupled Key Optimized Coupled Key Optimized [Zhang05] u1 u3u4s u2 disconnected kA kB Keys needed by subset of nodes u2 u1 u3 u4 DSL Ethernet Not feasible in heterogeneous scenarios (Ethernet, DSL)

Purdue University - Infocom Decoupled + Good application performance + Reduce key dissemination overhead - Two structures have to be maintained Compare: – Cost of maintaining two structures in Decoupled – Benefit of reducing key dissemination overhead

Purdue University - Infocom Evaluation Methodology Evaluation conducted with ESM broadcasting system [Chu04] Planetlab experiments Streaming video rate of 420Kbps [Chu04] Traces from operational deployments to represent group dynamics EventDegree 0 or 1Degree 6Peak Group SizeJoinsLeaves Rally37%12% Competition54%7% Portal65%35% Conference133%67%4289 Conference262%38%627163

Purdue University - Infocom Evaluation Goals Resilient key dissemination: –Effectiveness of per-hop TCP in end to end reliability Real join/leave patterns Real workloads Comparison of architectures: –Coupled Data Optimized –Coupled Key Optimized –Decoupled

Purdue University - Infocom Decryptable Ratio better Coupled Data Optimized

Purdue University - Infocom Per-hop TCP Tail Expected: per-hop reliability improves performance Surprising: it is close to perfect better

Purdue University - Infocom Tree-Unicast Proposed in our paper Considers overlay convergence tail

Purdue University - Infocom Coupled Data Optimized in Various Regimes Similar results obtained in different scenarios: –Sensitivity to various real traces –Burst departures –Ungraceful departures –Sensitivity to overlay node bandwidth limitation –Synthetic traces for join-leave dynamics

Purdue University - Infocom Comparison of Architectures SchemePerformance Key dissemination overhead Overlay maintenance overhead Coupled Data Optimized Good ? Data optimized ? One structure Coupled Key Optimized [Zhang05] Infeasible--- DecoupledGood? Key optimized ? Two structures

Purdue University - Infocom Peak Overheads Overall peak overhead reduced Overhead of maintaining two structures is low better

Purdue University - Infocom Summary One of the first studies on key dissemination using overlays Show overlays can simplify resilient key dissemination –Per-hop reliability is effective in achieving end to end resiliency Show decoupled out-performs coupled approaches –Data and keys delivered in separate overlays –Good application performance and low overhead Distinguished work in evaluation under real Internet environments and real workloads

Purdue University - Infocom Thanks! Questions?

Purdue University - Infocom Backup Slides

Purdue University - Infocom Applicable to Mesh or Multi-tree Overhead –Independent of using multi-tree, mesh or tree –Could create a structure specialized for key distribution on top of the mesh Performance –Better since mesh and multi-trees are more redundant structures

Purdue University - Infocom Rekey period 60 seconds Batching scheme more useful if changes in the group are small. If rekey period is too small, higher avg. overhead If too long, large portion of group changes, which can degrade batching scheme

Purdue University - Spring Why 60 seconds? - Computation Overhead Marking performs better for small rekey intervals. For larger rekey intervals, the number of encryptions increase by group dynamics

Purdue University - Spring Why 60 seconds? - Peak Overheads On average, overhead is low, but there are peaks These overheads are not sustained. They only occur at the rekey event, which take less than one second

Purdue University - Infocom Why Per-hop Reliability so Effective? Performed wide number of experiments changing degree, leave model, join/leave pattern Much of these workloads don't seem to expose problems. Factors that mitigate this: –A failure very close to the rekey event (60 seconds rekey period). The odds of this happening are small. –The node that leaves must have children –There is still a tail where certain nodes show some impact. we think simple heuristic could improve scheme further

Purdue University - Infocom Churn Trace Stay Time – Median (minutes) Conference111 Conference22 Portal3 -We also used several synthetic traces to experiment with higher churns -Tree-Unicast performed well under such scenarios

Purdue University - Infocom Scaling There are two aspects with scaling – Application performance won't be affected – For overhead, the benefits of decoupled might become more significant. That said, enabling confidentiality itself can cause higher overhead.

Purdue University - Infocom Tree-Unicast - details Join account for larger fraction of the cases and it is easy to handle. For leaves, a similar heuristic can be done. –More involved solution (node leaving could have children)

Purdue University - Infocom Is DR good but raw data degrades when nodes die? Impact in transient performance overall average performance remains good –Time a node takes to reconnect is short (5secs) It could show up if: –Departure happen just before rekey period, –Node cannot reconnect before the next rekey event –Node have children A few of this events occurred and account for the tail. Further improvements with simple heuristics (caching)

Purdue University - Infocom [ ] [0] [00][01][02] Keys Tree Node 001 leaves msg1 = { {group_key} 0, {0} 00, {0} 01, {0} 02, {00} 000, {00} 002 } | forward_level = 1 [ ] Msg6 = { {group_key} 0, {0} 00, {00} 002 } | forward_level = 3 Multicast Tree msg2 = { {group_key} 1 } | forward_level = 1 msg3 = { {group_key} 2 } | forward_level = 1 Msg4 = { {group_key} 0,{0} 01 } | forward_level = 2 Msg5 = { {group_key} 0,{0} 02 } | forward_level = 2 msg1 msg4 msg5 msg6 msg2msg3

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.