Key Distribution and Update for Secure Inter- group Multicast Communication Ki-Woong Park Computer Engineering Research Laboratory Korea Advanced Institute.

Slides:



Advertisements
Similar presentations
Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
Advertisements

A Survey of Key Management for Secure Group Communications Celia Li.
A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Presentation By: Garrett Lund Paper By: Sandro Rafaeli and David Hutchison.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Multicasting in Mobile Ad-Hoc Networks (MANET)
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Security Issues In Sensor Networks By Priya Palanivelu.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
A Secure Network Access Protocol (SNAP) A. F. Al Shahri, D. G. Smith and J. M. Irvine Proceedings of the Eighth IEEE International Symposium on Computers.
Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.
An Authentication Service Against Dishonest Users in Mobile Ad Hoc Networks Edith Ngai, Michael R. Lyu, and Roland T. Chin IEEE Aerospace Conference, Big.
Security Risks for Ad Hoc Networks and how they can be alleviated By: Jones Olaiya Ogunduyilemi Supervisor: Jens Christian Godskesen © Dec
Wireless Sensor Network Security Anuj Nagar CS 590.
TCP/IP Protocol Suite 1 Chapter 28 Upon completion you will be able to: Security Differentiate between two categories of cryptography schemes Understand.
Group Key Distribution Chih-Hao Huang
Multicast Security Issues and Solutions. Outline Explain multicast and its applications Show why security is needed Discuss current security implementations.
Computer Science CSC 774Dr. Peng Ning1 CSC 774 Advanced Network Security Topic 2. Review of Cryptographic Techniques.
Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.
1 Introduction to Security and Cryptology Enterprise Systems DT211 Denis Manley.
Lecture 12 Electronic Business (MGT-485). Recap – Lecture 11 E-Commerce Security Environment Security Threats in E-commerce Technology Solutions.
MOBILE AD-HOC NETWORK(MANET) SECURITY VAMSI KRISHNA KANURI NAGA SWETHA DASARI RESHMA ARAVAPALLI.
1 Anonymous Roaming Authentication Protocol with ID-based Signatures Lih-Chyau Wuu Chi-Hsiang Hung Department of Electronic Engineering National Yunlin.
Securing AODV Routing Protocol in Mobile Ad-hoc Networks Phung Huu Phu, Myeongjae Yi, and Myung-Kyun Kim Network-based Automation Research Center and School.
An efficient secure distributed anonymous routing protocol for mobile and wireless ad hoc networks Authors: A. Boukerche, K. El-Khatib, L. Xu, L. Korba.
Easwari Engineering College Department of Computer Science and Engineering IDENTIFICATION AND ISOLATION OF MOBILE REPLICA NODES IN WSN USING ORT METHOD.
Presented by: Nandhitha.M Under the guidance of: Mrs. Suma. R Associate profesor and Hod Dept of Computer Science and Engineering.
Aggregation in Sensor Networks
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Cryptography, Authentication and Digital Signatures
Security Patterns in Wireless Sensor Networks By Y. Serge Joseph October 8 th, 2009 Part I.
Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-
Secure Authentication Scheme with Anonymity for Wireless Communications Speaker : Hong-Ji Wei Date :
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.
A Two-Layer Key Establishment Scheme for Wireless Sensor Networks Yun Zhou, Student Member, IEEE, Yuguang Fang, Senior Member, IEEE IEEE TRANSACTIONS ON.
ARSA: An Attack-Resilient Security Architecture for Multi-hop Wireless Mesh Networks Ki-Woong Park Computer Engineering Research Laboratory Korea Advanced.
LiSP: A Lightweight Security Protocol for Wireless Sensor Networks TAEJOON PARK and KANG G. SHIN The University of Michigan Presented by Abhijeet Mugade.
Scalable and Reliable Key Distribution 1/ Ryuzou NISHI † † Institute of Systems & Information Technologies (ISIT)
SAODV and Distributed Key Management Mark Guzman, Jeff Walter, Dan Bress, Pradhyumna Wani.
A Scalable Routing Protocol for Ad Hoc Networks Eric Arnaud Id:
Self-Healing Group-Wise Key Distribution Schemes with Time-Limited Node Revocation for Wireless Sensor Networks Minghui Shi, Xuemin Shen, Yixin Jiang,
Group Key Distribution Xiuzhen Cheng The George Washington University.
Establishing authenticated channels and secure identifiers in ad-hoc networks Authors: B. Sieka and A. D. Kshemkalyani (University of Illinois at Chicago)
Security Issues in Distributed Sensor Networks Yi Sun Department of Computer Science and Electrical Engineering University of Maryland, Baltimore County.
Weichao Wang, Bharat Bhargava Youngjoo, Shin
Efficient Group Key Management in Wireless LANs Celia Li and Uyen Trang Nguyen Computer Science and Engineering York University.
A secure and scalable rekeying mechanism for hierarchical wireless sensor networks Authors: Song Guo, A-Ni Shen, and Minyi Guo Source: IEICE Transactions.
SPEAKER: HONG-JI WEI DATE: Efficient and Secure Anonymous Authentication Scheme with Roaming Used in Mobile Networks.
Design and Implementation of Secure Layer over UPnP Networks Speaker: Chai-Wei Hsu Advisor: Dr. Chin-Laung Lei.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
Fall 2006CS 395: Computer Security1 Key Management.
9.2 SECURE CHANNELS JEJI RAMCHAND VEDULLAPALLI. Content Introduction Authentication Message Integrity and Confidentiality Secure Group Communications.
Secure Instant Messenger in Android Name: Shamik Roy Chowdhury.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
網路環境中通訊安全技術之研究 Secure Communication Schemes in Network Environments
SPINS: Security Protocols for Sensor Networks
Path key establishment using multiple secured paths in wireless sensor networks CoNEXT’05 Guanfeng Li  University of Pittsburgh, Pittsburgh, PA Hui Ling.
SPINS: Security Protocols for Sensor Networks
Presentation transcript:

Key Distribution and Update for Secure Inter- group Multicast Communication Ki-Woong Park Computer Engineering Research Laboratory Korea Advanced Institute Science & Technology Dec 11, 2007 The Third ACM Workshop on Security of Ad Hoc and Sensor Networks 1/17

COMPANY LOGO Prologue  Secure Group Communication  To accelerate the improve propagation speed  To improve the energy efficiency  Location based services  Location information according to the security level Location Based Services Location Free Conference In this paper,  Focus on the problem for secure intergroup communication  key distribution  Key update UFC 2005 UFC 2006 UFC /17

COMPANY LOGO Introduction to Group Communication Related Works Secure Group Communication Key Update during Group Changes Contents 3/20 5 Conclusion & Discussion  Performance Evaluation In terms of Communication / Operation Efficiency 3/17

COMPANY LOGO Introduction  Computation overhead  Key update (overhead for generating secure key pairs frequently) Operation Complexity – AES : 1, RSA-Private Key : 1000, Public/Private Key Generation : 3000  Identity of sender  Contribution  Switching from asymmetric  symmetric key operation Avoids heavy computation  Distributed update of the personal key  Flat table Reduce the key storage overhead  Challenge of asymmetric key based group communication 4/17

COMPANY LOGO Related Works  Group Key Management Protocol (GKMP)  Key Encryption Key (KEK)  Traffic Encryption Key (TEK) One-to-One Distribution  do not scale to large network Scalability Problem  Logical Key Hierarchy  Tree, flat table Broadcast traffic during key refreshment Backward and forward secrecy Avoid single point of failure  Divide the nodes into multiple subgroups –inter-subgroup traffic must be translated by the agents  Dual Encryption protocol To deal with the trust of the third parties Re-Keying Mechanism  Cipher Sequences Time-Synchronized group key distribution protocol periodically rekeying of the group GKMP Re-Keying Mechanism ScalabilityRobustness Today’s Paper Considering - Node mobility - Frequent link changes - Limited resources 5/17

COMPANY LOGO Notations G1G1  F q : Finite Field:  E K (msg) /D K (msg) : Encryption / Decryption of the message with K  H(msg) : Hash Function  h(x) : t-degree polynomial in F q [x]  GM : Group Manager  S GM (msg) : digital signature of the group manager  r : the number of bits required to record a node ID  i 1, i 2, …, i r : node i’s ID G2G2 G3G3 GM i1i1 i2i2 i3i3 i4i4 i5i r = 5 ID : (6) 10 6/17

COMPANY LOGO Secure Group Communication (1/2)  Network Initiation Procedure  Every node will get a set of secret keys from the centralized manager through secure channel such as the physical contact TEK (Traffic encryption keys) : protect the group communication packets KEK (Key Encryption Keys) : support secret refreshment  t-degree polynomial : to determine the personal key shares (inter group traffic)  h 21 (x) : determine the personal key shares of the members in G 1 to G 2  To recover the multicast packets sent by the nodes in G 1 and G 3  h 21 (x), h 23 (x)  Ex) Node v in G 1 sends a packet to the nodes in G 2 G1G1 G2G2 G3G3 GM v i h 21 (v) ( v,G 2,E h 21 (v) (msg,H(msg)) ) E K2 (h 21 (x)) h 21 (v) K 2 : used to encrypt/decrypt the multicast traffic within the group 7/17

COMPANY LOGO Secure Group Communication (2/2)  Personal Key Shares  For multicast packets to G 2 Different personal keys h 21 (v), h 21 (w) –Information Isolation  More difficult for attacker to impersonate another node in the same group Unless it can collect t+1 personal keys G1G1 G2G2 v ( v,G 2,E h 21 (v) (msg,H(msg)) ) h 21 (v) z ( x,G 2,E h 21 (x) (msg,H(msg)) ) h 21 (z) GM h 21 (x) 8/17

COMPANY LOGO Refresh of the keys  Using flat tables  One flat table per a group r: required bits to represent a node ID Flat table : consists of 2r keys z1z1 z2z2 z3z3 z4z4 z5z5 z 1.0 z 1.1 z 2.0 z 2.1 z 3.0 z 3.1 z 4.0 z 4.1 z 5.0 z 5.1 Position of the bit Binary Value  Ex) Node ID = 10 (01010) 2  Keys: z 1.0, z 2.1, z 3.0, z 4.1, z 5.0  Every Node will have exactly a half of the bits in its node ID  Transmission E z1.0 E z2.1 E z3.0 E z4.1 E z5.0 (msg)  Only “Node 10” has all the keys to decrypt the packet E z1.1 (msg) ||E z2.1 (msg) ||E z3.0 (msg) ||E z4.1 (msg)||E z5.0 (msg)  Send a message to all the members but Node 10  9/17

COMPANY LOGO Key Update during Group Changes (1/4)  Joining operations (1/2)  Node i want to joining the group G 1  K1’ should be established For backward secrecy  To establish the new flat table Node can get an entry in the new flat table only if it has the old key at the same position. G1G1 i GM z1z1 z2z2 z3z3 z4z4 z’ 1.0 z’ 1.1 z’ 2.0 z' 2.1 z' 3.0 z' 3.1 z' 4.0 z' /17

COMPANY LOGO Key Update during Group Changes (2/4)  Joining operations (2/2)  Update of h 12 (x), h 13 (x) GM choose 2 t-degree polynomials  With the h 12 (x), h 13 (x) Personal key shares of the nodes in G 2 and G 3 must be updated as well. Propose a distributed mechanism to release new polynomials –GM broadcast an authenticated message and notification for new personal key shares –v acquire new personal key share from w –Intersection of theh 12 (v) and h 21 (w)  Secure Channel between two nodes  GM distribute the keys to node i using K i-GM G1G1 E h 12 (x) (Msg) E h 13 (x) (Msg) G1G1 G2G2 v w h’ 12 (v) request 11/17

COMPANY LOGO Key Update during Group Changes (3/4)  Leaving Operations (1/2)  Node i leaves group G 2  Key replacement of K 2  Broadcast generated the new flat table to the remaining nodes in G 2  Replacement of h 21 (x), h 23 (x) z1z1 z2z2 z3z3 z4z4 z’ 1.0 z’ 1.1 z’ 2.0 z' 2.1 z' 3.0 z' 3.1 z' 4.0 z' 4.1 G2G2 E h 21 (x) (Msg) E h 23 (x) (Msg) 12/17

COMPANY LOGO Key Update during Group Changes (4/4)  Leaving Operations (2/2)  Distributed broadcast of h 21 (x), h 23 (x) GM broadcast an authenticated message and notification for new personal key shares v : acquire new personal key share from w  To prevent usage of h 12 (i), h 32 (i) Maintain a list of the expelled nodes until the new h’ 12 (i) and h’ 32 (i) are established. G2G2 G1G1 v w h’ 21 (v) request 13/17

COMPANY LOGO Conclusion & Discussion (1/3)  Overhead Consideration  Reduce the data processing time at the wireless nodes Improve the system efficiency  Switching to symmetric ciphers Consumed energy by 100 times  Additional transmission and reception overhead for key refreshment is totally paid off Scheme using public/private key Proposed Mechanism Key Storage overhead (r + 4) log q(r t) log q Broadcast traffic during join (2r + 2) log q(2r t) log q Broadcast traffic during leaving event (3r + 1) log q(3r t) log q Encryption/Decryption overhead Asymmetric key operationst-degree polynomial+ symmetric 14/17

COMPANY LOGO  A new key distribution and update for secure inter-group communication  Polynomials to support the distribution of personal key shares  Flat tables to achieve efficient key refreshment  Reduce the computation overhead  Power usage  Discussion (1/2)  Overhead by Group Manager (GM) Important role in the proposed mechanism –Generation of the polynomials and flat tables Who? ( Base Station / Election ) in Mobile Environment Conclusion & Discussion (2/3) [1] “PKASSO: Towards Seamless Authentication providing Non-Repudiation on Resource-Constrained Devices," 21st IEEE Pervasive Computing and Ad Hoc Communications, May [2] "Computationally Efficient PKI-Based Single Sign-On Protocol, PKASSO, for Mobile Devices," IEEE Transactions on Computers (under minor revision)"Computationally Efficient PKI-Based Single Sign-On Protocol, PKASSO, for Mobile Devices," [1,2]

COMPANY LOGO Conclusion & Discussion (3/3)  Discussion (2/2)  Ratio of client operation to server operation  Vulnerable to DoS Attacks  Defending against Collusive Attacks Collusion by reconstructing the polynomials of other group – t-degree polynomial is resistant to the coalition up to t compromised members  Multiple Changes Simultaneously PKIX(RSA) KerberosM-PKINITPKASSO : Server : Client 76% 24% This Paper 16/17

COMPANY LOGO 17/17

COMPANY LOGO 18/23 Symmetric KeyAsymmetric Key Key One Key - One Key to encrypt the data - One Key to decrypt the data Two keys - Public key to encrypt the data - Private key to decrypt the data ConfidentialityYes Digital Signature NoYes Non-repudiationNoYes Key DistributionNoYes Speed (ARM PXA270) 3ms472ms Usage T-money (300ms), SpeedPass (100ms) [1] Internet Banking, E-Commerce  Symmetric Key vs. Asymmetric Key [1] F.Vieira, J.Bonnet, C.Lobo, R.Schmitz, and T.Wall “ Security Requirements for Ubiquitous Computing, ” EURESCOM [2] A.Pirzada and C.McDonald, “ Kerberos Assisted Authentication in Mobile Ad-hoc Networks," in Proceedings of ACM International Conference Proceeding Series; Vol. 56, Discussion 18/18

COMPANY LOGO  Security Aspect  Computation Efficiency Additional Experiment Authentication Digital signature Non- repudiation Secure key distribution Kerberos YESNo PKIX YES M-PKINIT YES No YES ARSA YES No YES System MobileService Device Total Operation Time PuPrSPuPrS PKIX(RSA-1024bit) ms Kerberos ms M-PKINIT TGT ms M-PKINIT SGT ms ARSA Inter-domain AKA ms ARSA Intra-domain AKA ms ARSA Client-Client AKA ms 19/19

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.