Security for Broadcast Network

Slides:



Advertisements
Similar presentations
1 Security for Ad Hoc Network Routing. 2 Ad Hoc Networks Properties Mobile Wireless communication Medium to high bandwidth High variability of connection.
Advertisements

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.
A Survey of Key Management for Secure Group Communications Celia Li.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Security Issues In Sensor Networks By Priya Palanivelu.
Timed Efficient Stream Loss-Tolerant Authentication. (RFC 4082) Habib Moukalled 1/29/08.
1 Intro To Encryption Exercise Problem Alice and Bob wish to play the game Paper, Rock and Scissors. What may be the problems with the game? The.
INSENS: Intrusion-Tolerant Routing For Wireless Sensor Networks By: Jing Deng, Richard Han, Shivakant Mishra Presented by: Daryl Lonnon.
1 Ad Hoc Networks Security Instructor: Carlos Pomalaza-Ráez Fall 2003 University of Oulu, Finland.
CMSC 414 Computer and Network Security Lecture 22 Jonathan Katz.
Sencun Zhu Sanjeev Setia Sushil Jajodia Presented by: Harel Carmit
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
ITIS 6010/8010: Wireless Network Security Weichao Wang.
LEAP: Efficient Security Mechanisms for Large-Scale Distributed Sensor Networks By: Sencun Zhu, Sanjeev Setia, and Sushil Jajodia Presented By: Daryl Lonnon.
1 Timed Efficient Stream Loss-tolerant Authentication.
Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.
CMSC 414 Computer and Network Security Lecture 13 Jonathan Katz.
Security Introduction Class February Overview  Security Properties  Security Primitives  Sample Protocols.
Alexander Potapov.  Authentication definition  Protocol architectures  Cryptographic properties  Freshness  Types of attack on protocols  Two-way.
Security Considerations for Wireless Sensor Networks Prabal Dutta (614) Security Considerations for Wireless Sensor Networks.
CS5204 – Fall Cryptographic Security Presenter: Hamid Al-Hamadi October 13, 2009.
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.
Secure Aggregation for Wireless Networks Lingxuan Hu David Evans [lingxuan, Department of Computer.
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
SPINS: Security Protocols in Sensor Networks
Network Security Lecture 23 Presented by: Dr. Munam Ali Shah.
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
Security on Sensor Networks Presented by Min-gyu Cho SPINS: Security Protocol for Sensor Networks TinySec: Security for TinyOS SPINS: Security Protocol.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
Rushing Attacks and Defense in Wireless Ad Hoc Network Routing Protocols ► Acts as denial of service by disrupting the flow of data between a source and.
A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.
Multicast Security: A Taxonomy and Some Efficient Constructions By Cannetti et al, appeared in INFOCOMM 99. Presenter: Ankur Gupta.
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Donggang Liu and Peng Ning Department of Computer.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Efficient Distribution of Key Chain Commitments for Broadcast Authentication in Distributed Sensor Networks Random Key Predistribution Schemes for Sensor.
Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.
SEAD: Secure Efficient Distance Vector Routing for Mobile Wireless Ad Hoc Network Raymond Chang March 30, 2005 EECS 600 Advanced Network Research, Spring.
Aggregation and Secure Aggregation. Learning Objectives Understand why we need aggregation in WSNs Understand aggregation protocols in WSNs Understand.
1 Security for Broadcast Network Most slides are from the lecture notes of prof. Adrian Perrig.
Toward Resilient Security in Wireless Sensor Networks Rob Polak Feb CSE 535.
International Conference Security in Pervasive Computing(SPC’06) MMC Lab. 임동혁.
Security Review Q&A Session May 1. Outline  Class 1 Security Overview  Class 2 Security Introduction  Class 3 Advanced Security Constructions  Class.
Aggregation and Secure Aggregation. [Aggre_1] Section 12 Why do we need Aggregation? Sensor networks – Event-based Systems Example Query: –What is the.
Presented by: Reut Barazani Limor Levy. Contents Introduction Digital signature broadcast message authentication TESLA broadcast message authentication.
 Attacks and threats  Security challenge & Solution  Communication Infrastructure  The CA hierarchy  Vehicular Public Key  Certificates.
Fourth Edition by William Stallings Lecture slides by Lawrie Brown
Packet Leashes: Defense Against Wormhole Attacks
SPINS: Security Protocols for Sensor Networks
Ariadne A Secure On-Demand Routing Protocol for Ad Hoc Networks
SPINS: Security Protocols for Sensor Networks
BROADCAST AUTHENTICATION
SPINS: Security Protocols for Sensor Networks
SPINS: Security Protocols for Sensor Networks
Aggregation.
Outline A. Perrig, R. Szewczyk, V. Wen, D. Culler, and J. D. Tygar. SPINS: Security protocols for sensor networks. In Proceedings of MOBICOM, 2001 Sensor.
Presentation transcript:

Security for Broadcast Network Most slides are from the lecture notes of prof. Adrian Perrig.

Challenges for Broadcast Security Broadcast applications need security Packet injection or eavesdropping is easy Security solutions for point-to-point communication not secure for broadcast Broadcast challenges Scale to large audiences Dynamic membership Low overhead (computation & communication) Packet loss How to achieve reliability in broadcasts? Lost packets are not retransmitted

Reliable Broadcast Transmission How to reliably and scalably disseminate data to large numbers of receivers? Challenges Ack implosion problem if receivers return Ack to sender for received packets Nack implosion problem is severe as well For large numbers of receivers, there usually is a fraction of them that do not obtain message Local repair mechanisms (create tree topology and ask upstream parent for packet) faced numerous scalability difficulties

Forward Error Correction Forward Error Correction (FEC) is a mechanism to reliably transmit data to a receiver without a back channel from receiver to sender Sender adds redundant information that enables receiver to tolerate message loss Ideal for broadcast setting because receiver does not need to contact server if messages were lost, simply wait for more redundancy information

Scale & Dynamics Small groups contain up to ~100 members Medium-size groups contain 100-1000 members Large groups contain 1000-109 members How does scale affect security? Dynamic membership: members may join and leave at any time How do dynamics affect security?

Communication Pattern Group can be single-source broadcast One-to-many SSM: Single-source multicast, source-specific multicast Multiple-source broadcast Some-to-many All members broadcast Many-to-many Which one is most common? Examples?

Group Key Management Receivers join/leave at any time Require forward & backward secrecy Which property is easy to achieve? How? Challenge: scalable key management Backward Secrecy Forward Secrecy Time Join Leave

Metrics We use the following metrics to evaluate group key agreement protocols Communication overhead Number and size of messages (unicast & broadcast messages) Join / leave overheads Computation overhead (by center and by members) Security (collusion attacks?)

Security Requirements Group key secrecy Computationally infeasible for a passive adversary to discover any group key Backward secrecy Any subset of group keys cannot be used to discover previous group keys. Forward secrecy Any subset of group keys cannot be used to discover subsequent group keys. Key Independence Any subset of group keys cannot be used to discover any other group keys. Forward + Backward secrecy

What should we do? Group key generation Group Key establishment who generates? how can we generate group keys efficiently? Group Key establishment how can we authenticate sender? Key distribution by trusted third party unicast muticast broadcast Key agreement between group members

Group Key Management Protocol With a trusted Key Distribution Center (KDC), what is simplest approach for key distribution? Group Key Management Protocol (GKMP) Every member shares a key with KDC KDC unicasts all key updates to each member Advantages Security, simplicity Disadvantages Does not scale to large groups, high overhead

Key distribution How can we authentication the sender? Authentication (weaker) Receiver can only convince herself that the data was generated by the sender Sufficient for many apps – packet authentication Signature (stronger) Receiver can prove to a third party that the data was generated by the sender Important for proxy/cache application that receives data and needs to convince final receiver data ok

Broadcast Authentication Broadcasts data over wireless network Packet injection usually easy Each receiver can verify data origin Alice M Sender M Dave M M Bob Carol

Authentication Needs Asymmetry Sender K K = shared key Msg, MAC(K,Msg) MAC: Message Authentication Code (authentication tag) Msg, MAC(K,Msg) Alice K Bob K Forged Msg, MAC(K, Forged Msg)

Digital Signatures Impractical Signatures are expensive, e.g., RSA 1024: High generation cost (~10 milliseconds) High verification cost (~1 millisecond) High communication cost (128 bytes/packet) Very expensive on low-end processors If we aggregate signature over multiple packets, intolerant to packet loss

TESLA Timed Efficient Stream Loss-tolerant Authentication Uses only symmetric cryptography Asymmetry via time Delayed key disclosure Requires loose time synchronization

Basic Authentication Mechanism F: public one-way function 1: Verify K 2: Verify MAC P F(K) Authentic Commitment 3: P Authentic! K disclosed MAC(K,P) t

Security Condition Receiver knows key disclosure schedule Security condition (for packet P): on arrival of P, receiver is certain that sender did not yet disclose K If security condition not satisfied, drop packet

Bootstrapping Receivers Loose time synchronization Receiver knows maximum time synchronization error, upper bound on sender’s time Session setup, authenticated parameters Beginning time of one specific interval Interval duration Key chain commitment Disclosure delay Digital signature for initial authentication

One-Way Hash Chains Versatile cryptographic primitive Construction Pick random rN and public one-way function F ri = F(ri+1) Secret value: rN , public value r0 Properties Use in reverse order of construction: r1 , r2 … rN Infeasible to derive ri from rj (j<i) Efficiently authenticate ri using rj (j<i): rj = Fi-j(ri) Robust to missing values F F F F r4 r3 r5 r6 r7

TESLA Keys disclosed 2 time intervals after use Receiver setup: Authentic K3, key disclosure schedule Authentication of P1: MAC(K5, P1 ) F Authenticate K5 F F K4 K3 K5 K5 K6 K7 t Time 3 Time 4 Time 5 Time 6 Time 7 P1 P2 K5 Verify MAC K3

TESLA: Robust to Packet Loss F Authenticate K5 F F K4 K3 K5 K5 K6 K7 t Time 3 Time 4 Time 5 Time 6 Time 7 P1 P2 K5 Verify MAC K3

Asymmetric Properties Disclosed value of key chain is a public key, it allows authentication of subsequent messages (assuming time synchronization) Receivers can only verify, not generate With trusted time stamping entity, TESLA can provide signature property

TESLA Summary Low overhead Perfect robustness to packet loss Communication (~ 20 bytes) Computation (~ 1 MAC computation per packet) Perfect robustness to packet loss Independent of number of receivers Delayed authentication Applications Authentic media broadcast Sensor networks Secure routing protocols

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.