Presentation is loading. Please wait.

Presentation is loading. Please wait.

Combinatorial Optimization of Multicast Key Management

Published byElżbieta Piątkowska Modified over 5 years ago

Similar presentations

Presentation on theme: "Combinatorial Optimization of Multicast Key Management"— Presentation transcript:

1 Combinatorial Optimization of Multicast Key Management
M. Eltoweissy, Virginia Tech., Department of Computer Science University of Texas at Dallas Richardson, Tx 4/24/2019

2 Outline Preliminaries Key Maintenance Structures Scalability
Trees Exclusion Basis Systems Scalability Collusion Attacks Conclusions and Future Work Preliminaries: Define multicasting over the internet Why are we interested – multicasting is not the only area where key management is needed, used for illustrative purposes here. Why security? Security requirements Key maintenance What is it? Why is it needed? Solutions Other issues: Tree balancing Security heirarchies 4/24/2019

3 What is Multicasting? Multicasting allows a source node to communicate common information to a group of recipients by means of a single message. Multicasting is implemented by designating special multicast addresses, which accommodate groups of hosts, which may be on more than one network. 4/24/2019

4 Why is key maintenance needed?
Forward security is required when a user leaves the multicast group. All keys known to the evicted user must be changed New keys must be communicated to appropriate members Backward security Keys changed when a user joins the group. Reiterate definitions of Forward and Backward security: Forward security: Evicted user must not be able to read future messages, even by collusion with other evicted users. Absolutely required Backward security: New users must not be able to read prior messages Optional To provide forward and backward security, server must know certain things: Server must be able to identify which keys need to be changed Server must know who to send the new keys to. 4/24/2019

5 Basic System Problem Ensure message security for a dynamic multicast group by encrypting messages When users join or depart encryption keys must be changed. Minimize: (a) the number of keys users must know, and (b) the number of re-key messages 4/24/2019

6 Binary Tree log2n keys per user log2n messages to re-key . . .
User n Root Key Server Key A Key B1 Key C2 Key C3 Key C4 Key C1 Key B2 Key D8 Key D7 Key D6 Key D5 Key D4 Key D3 Key D2 Key D1 User 3 User 4 User 5 User 7 User 6 Key A is the shared data encryption key – known to all users. One data message is sent instead of n messages in unicast B, C and D keys are key management keys. These keys play no role in data transmission Used only for secure transmission of keys when users arrive and depart. Each user knows all and only the keys on the path from the leaf node to the root. Example: User 7 knows only {A, B1, C2, D4} Call these keys User 7’s “Path Keys” Tree must be balanced to keep the logarithmic bound on the number of keys and re-key messages. In general the tree is not a complete binary tree. Comparing to unicast model: One data message is sent instead of n messages But each user must remember log n keys for key maintenance (0 for unicast case) Logn key maintenance messages are needed when user departs (0 for unicast case) Let’s see how the logn keys and messages come about. log2n keys per user log2n messages to re-key 4/24/2019

7 Binary Tree – Deleting a user
Root Key Server Key A’ Key C’ Key B’ User i Key E’ Key Y Key X Key Z Key A Key C Key B Key E User j X When user j departsm server must: Delete User j from key management tree Update key information Create new path keys {A’,B’,C’,E’} to replace {A,B,C,E} Send new path keys {A’,B’,C’,E’} to User i, encrypted with User i’s personal key. Send {A’,B’,C’} to Key Z subtree, encrypted with Key Z. Send {A’,B’} to Key Y subtree, encrypted with Key Y. Send A’ to Key X subtree, encrypted with Key X. log2n keys per user log2n re-key messages Delete User j from key management tree Update key information log2n keys per user log2n re-key messages 4/24/2019

8 Binary Tree – Adding a user
Root Key Server Key A Root Key Server Key A’ Key X Key X Key B Key B’ Key C Key Y Key C’ Key Y Key Z Key E Key Z User i User i User j Insert new user into key management tree: Find the leftmost leaf (user) closest to the root. Call this User i. Replace this leaf with an interior node and make User i a child of this new node. Add the new user (User j) as a sibling of User i. Update key information: Create a new key management key (e.g. Key E) for the new interior node. Create new path keys {A’, B’, C’} to replace {A, B, C} Send path keys {A’,B’,C’,E’} to User i, encrypted with User i’s personal key. Send path keys {A’,B’,C’,E’} to User j, encrypted with User j’s personal key. Send Keys {A’,B’,C’} to Key Z subtree, encrypted with Key Z Send {A’,B’} to Key Y subtree, encrypted with Key Y. Send A’ to Key X subtree, encrypted with Key X. log2n keys per user log2n re-key messages if backward security is needed as well. Balance is maintained by inserting users at shallowest leaf. Balance is needed to achieve log2n bounds. Insert new user into key management tree Update key information log2n keys per user log2n re-key messages 4/24/2019

9 Can one do better? Can we do beeter than logn keys and messages? Let’s start over and use a different approach… 4/24/2019

10 Exclusion Problem Let U = {1, …, n}. Given n,k,m, find a collection C of subsets of U, if possible, such that: 1. For every iU, there are m subsets in C such that the union of the m subsets equals U – {i}. 2. No element iU is in more than k subsets of C. Exclusion Basis System (EBS(n,k,m)) Problem: For given n,k,m, is there an EBS(n,k,m)? 4/24/2019

11 EBS(n,k,m) systems Each subset represents a key
The elements of a subset represent users who know that key m is the number of re-key messages needed to distribute new keys to all but one user k is the number of keys each user knows. 4/24/2019

12 Example (EBS(8,3,2)) Consider the collection C = { a = {5,6,7,8}, b = {2,3,4,8}, g ={1,3,4,6,7}, d ={1,2,4,5,7}, e ={1,2,3,5,6,8} } The following unions are sufficient to isolate any element: ab = 1 bg = 5 a g = 2 bd = 6 a d = 3 be = 7 a e =  gd = 8 Note: no element is in more than 3 subsets 4/24/2019

13 This can be described by a table:
#1 #2 #3 #4 #5 #6 #7 #8 1 4/24/2019

14 EBS(8,3,2) vs. A binary tree A complete binary tree of height 3, with 8 leaves, requires each user to know 3 keys and requires 3 messages to re-key. An EBS(8,3,2) requires each user to know 3 keys and requires only 2 messages to re-key. 4/24/2019

15 Theorem. There is an EBS(n,k,m) whenever C(k+m,m) n.
4/24/2019

16 1 2 3 4 5 6 7 8 9 10 A1 A2 A3 A4 A5 4/24/2019

17 Binary trees vs. EBS(n,k,m):
Note: C(2n,n) = (4n/n3/2). Thus, C(log2n, (log2n)/2) = (n/log3/2n). So, EBS(cn/log3/2n, (log2n)/2, (log2n)/2) is possible, for some constant c>0.  The parameters k and m (above) in the best EBS are half as large as in a standard binary tree system. 4/24/2019

18 Example: For 106 users A binary tree system requires each user to know 20 keys and needs 20 multicast re-key messages. As C(23,11) = 1,352,078, the exclusion basis system EBS(106,12,11) exists and requires 12 keys/user and 11 multicast re-key messages. 4/24/2019

19 Scalability We need to consider how easy it is for a system to maintain an EBS(n,k,m) when a user is added or a user is deleted. For example, consider EBS(10,3,2). What does the system do when user 11 arrives? 4/24/2019

20 Adding an 11th user to EBS(10,3,2)
4 5 6 7 8 9 10 11 A1 A2 A3 A4 A5 A6 4/24/2019

21 Add 11th user & create EBS(20,3,3)
4 5 6 7 8 9 10 11 A1 A2 A3 A4 A5 A6 4/24/2019

22 Add 11th user & create EBS(20,4,2)
3 4 5 6 7 8 9 10 11 A1 A2 A3 A4 A5 A6 4/24/2019

23 Without added features an EBS(n,k,m) is not secure from collusion
If users share information, they could know all of the keys. (This is not the case with traditional binary tree logical structures.) One can design techniques to make collusion attacks difficult. For example, - one can hide the keys from the users, i.e. give the users encrypted programs containing the keys, rather than the keys themselves or - combine the advantages of an EBS with the collusion avoidance of tree based systems. 4/24/2019

24 A future research topic
An exclusion basis system or a binary tree system is an efficient system for evicting (or adding) a single user. It is not so efficient for simultaneous evictions (or additions) of large numbers of users. For example, to evict half of the n users, current systems evict one user at a time, taking cnlog n messages, for some constant c>0. However, unicasting requires only n/2 messages. Can one design a better system? 4/24/2019

25 Conclusions We have introduced the concept of an Exclusion Basis System EBS(n,k,m) and proved, for which values of n,k,m, it exists. We have given a constructive lower bound for any exclusion system and hence given optimum solutions. We have shown that an optimum EBS is scalable. Preliminaries: Define multicasting over the internet Why are we interested Why security? Security requirements Key maintenance What is it? Why is it needed? Solutions Other research interests Network Partitioning Fault Tolerant Network Architectures Combinatorial problems: Graph embeddings Sorting 4/24/2019

Download ppt "Combinatorial Optimization of Multicast Key Management"

Similar presentations

A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
Computer Networking A Top-Down Approach Chapter 4.7.

Computer Networking A Top-Down Approach Chapter 4.7.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Dynamic Planar Convex Hull Operations in Near- Logarithmic Amortized Time TIMOTHY M. CHAN.

Dynamic Planar Convex Hull Operations in Near- Logarithmic Amortized Time TIMOTHY M. CHAN.
AVL Tree Smt Genap 2011-2012. Outline AVL Tree ◦ Definition ◦ Properties ◦ Operations Smt Genap 2011-2012.

AVL Tree Smt Genap Outline AVL Tree ◦ Definition ◦ Properties ◦ Operations Smt Genap
Ranveer Chandra , Kenneth P. Birman Department of Computer Science

Ranveer Chandra , Kenneth P. Birman Department of Computer Science
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Internet Indirection Infrastructure Ion Stoica UC Berkeley.

Internet Indirection Infrastructure Ion Stoica UC Berkeley.
Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.

Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.
Anonymous Gossip: Improving Multicast Reliability in Mobile Ad-Hoc Networks Ranveer Chandra (joint work with Venugopalan Ramasubramanian and Ken Birman)

Anonymous Gossip: Improving Multicast Reliability in Mobile Ad-Hoc Networks Ranveer Chandra (joint work with Venugopalan Ramasubramanian and Ken Birman)
Group Key Distribution Chih-Hao Huang

Group Key Distribution Chih-Hao Huang
P2P Course, Structured systems 1 Introduction (26/10/05)

P2P Course, Structured systems 1 Introduction (26/10/05)
Computer Science 1 CSC 774 Advanced Network Security Secure Group Communications Using Key Graphs Presented by: Siddharth Bhai 9 th Nov 2005.

Computer Science 1 CSC 774 Advanced Network Security Secure Group Communications Using Key Graphs Presented by: Siddharth Bhai 9 th Nov 2005.
Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups David Insel John Stephens Shawn Smith Shaun Jamieson.

Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups David Insel John Stephens Shawn Smith Shaun Jamieson.
Maximum Reliability K-Hop Multicast Strategy in Tree Networks Mugurel Ionut Andreica, Nicolae Tapus Polytechnic University of Bucharest Computer Science.

Maximum Reliability K-Hop Multicast Strategy in Tree Networks Mugurel Ionut Andreica, Nicolae Tapus Polytechnic University of Bucharest Computer Science.
The Binary Heap. Binary Heap Looks similar to a binary search tree BUT all the values stored in the subtree rooted at a node are greater than or equal.

The Binary Heap. Binary Heap Looks similar to a binary search tree BUT all the values stored in the subtree rooted at a node are greater than or equal.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-
1 WS-Routing. 2 Why WS-Routing? SOAP (by itself) doesn’t define a message path –Header blocks describe functions to be performed by intermediaries that.

1 WS-Routing. 2 Why WS-Routing? SOAP (by itself) doesn’t define a message path –Header blocks describe functions to be performed by intermediaries that.
Multicasting Part I© Dr. Ayman Abdel-Hamid, CS4254 Spring 20061 CS4254 Computer Network Architecture and Programming Dr. Ayman A. Abdel-Hamid Computer.

Multicasting Part I© Dr. Ayman Abdel-Hamid, CS4254 Spring CS4254 Computer Network Architecture and Programming Dr. Ayman A. Abdel-Hamid Computer.
A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.

A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.

Similar presentations

Ads by Google