Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key amplification in unstructured networks

Published byLiliána Sipos Modified over 5 years ago

Similar presentations

Presentation on theme: "Key amplification in unstructured networks"— Presentation transcript:

1 Key amplification in unstructured networks
Shishir Nagaraja University of Cambridge

2 Problem statement Alice Bob
LiveJournal Source: Trejkaz Xaoza, Touchgraph Alice Bob The objective here to use design a decentralized protocol for privacy amplification. The focus of our approach is to tap the topological characteristics of unstructured networks, and how these can be used in constructing an efficient design. Shishir Nagaraja University of Cambridge

3 University of Cambridge
Problem statement Alice and Bob are part of a common network – for instance, a social network. Alice shares a weak human guessable secret with Bob. Both want to amplify their shared-key before using it. Bob would like to ensure that Alice is not a “dodgy” node and vice-versa. Shishir Nagaraja University of Cambridge

4 University of Cambridge
Threat model Global passive adversary Adversary arrives after network bootstraps. Shishir Nagaraja University of Cambridge

5 University of Cambridge
Context… Neither party possesses global topology information Each node shares a strong link key with its neighbours. There is no centralized reputation infrastructure available. Shishir Nagaraja University of Cambridge

6 University of Cambridge
Background work Prior work on password authenticated key exchange, in several waves. EKE, SRP, OKE, AMP, S3P, GLNS … Provably secure schemes [GL03], [GL01], [CPP04] … Random walks on graph topologies have a rich history, security schemes based on them, less so SybilGuard, [BF93] … Our work is complementary to the probably secure schemes listed here. What we are trying to accomplish here is to see how one can combine a decentralized measure of network distance as a security metric and associate it with the degree of success achieved in creating a secure session. So the protocol details given in the associated paper is not the main thrust of this work. Our main goal was to analyze different decentralized schemes and compare them using a well defined framework. Shishir Nagaraja University of Cambridge

7 University of Cambridge
Scheme Alice and Bob each carry out a random walk of k steps. Sybil Region Intersection2 Ali Intersection1 David Multiple independent random walks overlap substantially when the graph topology meets certain conditions – for instance a well mixing graph. The set of overlapping nodes determines a key amplification path, each of which contributes entropy to the initial weak secret. Shishir Nagaraja University of Cambridge

8 University of Cambridge
Desirable properties Protocol efficiency - #collisions/walk-length Lower the risk of manipulation from corrupt nodes Lower the risk from localized graph sampling Avoid key amplification with dodgy nodes Maximize the set of potential entropy contributors to prevent corrupt nodes colluding together or where graph sampling is too localized increase the walk length sufficiently. In fact we should that the walk length required to achieve enough collisions is sufficient to minimize this risk. Lower the risk from localized graph sampling – otherwise this gives an attacker the incentive to come probing your logs looking for entropy contributions Protocol efficiency – Minimize the walk length and total time required to complete the walk. Shishir Nagaraja University of Cambridge

9 University of Cambridge
Key steps Alice and Bob wish to generate a link key: Find common acquaintances. Acquire entropy contribution from acquaintances. Generate a common link key from the entropy contributions obtained. Shishir Nagaraja University of Cambridge

10 Directed network topologies
Baseline topology – LiveJournal network of friendship ties Scale-freeness – presence of hubs Clustering and Weak-ties Community structure We select a number of network models based on independently testing the following network topology properties. The idea is to probe how the number of collisions between random walk schemes varies due to structural attributes of the network topology. Shishir Nagaraja University of Cambridge

11 University of Cambridge
LiveJournal |V|=3.2 million |E|=55 million Source: Trejkaz Xaoza, Touchgraph Pavel Zakharov, Thermodynamic approach for community discovering within the complex networks: LiveJournal study. e-print on arxiv.org: physics/ Shishir Nagaraja University of Cambridge

12 University of Cambridge
Network models - 1 Scale-free Random (SFR) model. Based on massive call graphs from AT&T [Aiello & Chung 2000] Choose a gamma of 3.45 after LJ network. 3.2 million nodes and 55 million nodes Exactly the same degree distribution as the LJ network, but random (uniformly) in all other ways. Shishir Nagaraja University of Cambridge

13 University of Cambridge
Network models – 2 Klienberg-Watts-Strogatz model of social networks p = local ties q = 0 - weak ties |V| = 3.2 million |E| ~ 55 million [Klienberg 2001] Shishir Nagaraja University of Cambridge

14 Protocol 1 – Single random walk
# Collisions or intersections between two random walks each starting from Alice and Bob respectively. Simulation: Selecting a random node, Alice. Bob is selected as follows: With p=0.5, choose another node uniformly at random With p=0.5, choose Bob as the destination of a random walk of 100 steps with Alice as the starting node Conduct a single random walk from each node. Measure the # collisions generated. In the selection of bob, the 1st part gives has a sampling bias towards nodes that are close to you. The second part, gives you nodes that are usually quite far apart. The number 100 is a bit excessive but the basic idea is the walk length should be longer than that required for convergence. Shishir Nagaraja University of Cambridge

15 Protocol 1 – LJ vs Scale-free
LiveJournal Scale-free Random Shishir Nagaraja University of Cambridge

16 Protocol1 – LJ vs small-world
LiveJournal KWS –Weak/Strong ties As we can see, for a 50% chance of having a single collision with a randomly chosen Bob, you need anywhere from 500 to 700 steps. Too expensive! Shishir Nagaraja University of Cambridge

17 University of Cambridge
Protocol 2 Instead of a single walk, Alice and Bob conduct k walks of length t each. We chose k=50 walks of length t=40 steps each. The length is roughly twice that required for convergence with the stationary distribution for LJ. The objective is to create a favourable bias in the neighbourhood of Alice and Bob. Shishir Nagaraja University of Cambridge

18 University of Cambridge
LJ – Protocol 2 Shortest path distance = 4 Shortest path distance = 2 Shishir Nagaraja University of Cambridge Shortest path distance = 3

19 University of Cambridge
LJ – Protocol 2 Shortest path distance = 10 Shortest path distance = 8 Shishir Nagaraja University of Cambridge Shortest path distance = 9

20 Scalefree (SFR) – Protocol 2
Shishir Nagaraja University of Cambridge

21 Small world (KWS) – Protocol 2
Shishir Nagaraja University of Cambridge

22 University of Cambridge
Analysis Protocol 1 (single random walk) - small-world and scale-free perform comparably. In Protocol 2 (Multiple random walk), both scale-free and small-world seem to do far worse than LJ! Reason – Community structure of LJ So here it is – avoid the dodgy guys by controlling the number of walks and the walk-length – SybilGuard [YH 2006] proposed this first. Shishir Nagaraja University of Cambridge

23 University of Cambridge
Analytical reasoning We can formulate this as the “same birthday as you” problem on a heavy tailed distribution of urn sampling. SybilGuard assumes a uniform distribution and is therefore wrong to conclude that the reqd length of random walk is sqrt(n)*logn. Shishir Nagaraja University of Cambridge

24 Checking back with the framework …
Protocol efficiency - #collisions/walk-length Avoid key amplification with dodgy nodes Lower the risk of manipulation from corrupt nodes Lower the risk from localized graph sampling Maximize the set of potential entropy contributors to prevent corrupt nodes colluding together or where graph sampling is too localized increase the walk length sufficiently. In fact we should that the walk length required to achieve enough collisions is sufficient to minimize this risk. Lower the risk from localized graph sampling – otherwise this gives an attacker the incentive to come probing your logs looking for entropy contributions Protocol efficiency – Minimize the walk length and total time required to complete the walk. Shishir Nagaraja University of Cambridge

25 Corrupt nodes – Random selection
Probability of a walk of length t going through ts randomly selected nodes of G(V,E) - Gilbert 1998 (Upper bound) Shishir Nagaraja University of Cambridge

26 Efficiency of random walks on KWS network model
N=5000 nodes Walk length Shishir Nagaraja University of Cambridge

27 Mixing efficiency of SFR and KWS topologies
Shishir Nagaraja University of Cambridge

28 Mixing efficiency of LiveJournal topology
Shishir Nagaraja University of Cambridge

29 University of Cambridge
Protocol details Token collection List negotiation Amplification Shishir Nagaraja University of Cambridge

30 University of Cambridge
Token Collection Alice sends a blob to her neighbour, who signs it and forwards it to another neighbour and so on. passes it off to another neighbour Shishir Nagaraja University of Cambridge

31 List exchange & amplification
Alice and Bob now exchange the list of nodes on their random walk. If Alice and Bob belong to different components that are weakly connected, then this list will be very small. Amplification: Shishir Nagaraja University of Cambridge

32 University of Cambridge
Conclusions We have proposed a decentralized key amplification scheme, that combines a measure of network distance with key amplification success, to avoid dodgy nodes. We have shown from simulations that such a scheme is practical in the real world. We have played with a number of topology properties to conclude that community structure is vital for high efficiency. Applications to other unstructured networks such as sensor networks. Shishir Nagaraja University of Cambridge

Download ppt "Key amplification in unstructured networks"

Similar presentations

Mobile Communication Networks Vahid Mirjalili Department of Mechanical Engineering Department of Biochemistry & Molecular Biology.

Mobile Communication Networks Vahid Mirjalili Department of Mechanical Engineering Department of Biochemistry & Molecular Biology.
Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.

Routing and Congestion Problems in General Networks Presented by Jun Zou CAS 744.
Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.

Authors Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, Abraham Flaxman Presented by: Jonathan di Costanzo & Muhammad Atif Qureshi 1.
Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL 6788 11.

Security and Privacy Issues in Wireless Communication By: Michael Glus, MSEE EEL
Generated Waypoint Efficiency: The efficiency considered here is defined as follows: As can be seen from the graph, for the obstruction radius values (200,

Generated Waypoint Efficiency: The efficiency considered here is defined as follows: As can be seen from the graph, for the obstruction radius values (200,
Information Networks Small World Networks Lecture 5.

Information Networks Small World Networks Lecture 5.
Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.

Message Splitting Against the Partial Adversary Andrei Serjantov The Free Haven Project (UK) Steven J Murdoch University of Cambridge Computer Laboratory.
Haifeng Yu National University of Singapore

Haifeng Yu National University of Singapore
Geographic Gossip: Efficient Aggregations for Sensor Networks Author: Alex Dimakis, Anand Sarwate, Martin Wainwright University: UC Berkeley Venue: IPSN.

Geographic Gossip: Efficient Aggregations for Sensor Networks Author: Alex Dimakis, Anand Sarwate, Martin Wainwright University: UC Berkeley Venue: IPSN.
Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.

Security in Wireless Sensor Networks Perrig, Stankovic, Wagner Jason Buckingham CSCI 7143: Secure Sensor Networks August 31, 2004.
SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.

SybilGuard: Defending Against Sybil Attacks via Social Networks Haifeng Yu, Michael Kaminsky, Phillip B. Gibbons, and Abraham Flaxman Presented by Ryan.
Collecting Correlated Information from a Sensor Network Micah Adler University of Massachusetts, Amherst.

Collecting Correlated Information from a Sensor Network Micah Adler University of Massachusetts, Amherst.
DETERMINATION OF THE TOPOLOGY OF HIGH SURVIVAL HF RADIO COMMUNICATION NETWORK Andrea Abrardo.

DETERMINATION OF THE TOPOLOGY OF HIGH SURVIVAL HF RADIO COMMUNICATION NETWORK Andrea Abrardo.
Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.

Preserving Link Privacy in Social Network Based Systems Prateek Mittal University of California, Berkeley Charalampos Papamanthou.
WALKING IN FACEBOOK: A CASE STUDY OF UNBIASED SAMPLING OF OSNS 2010.6.9 junction.

WALKING IN FACEBOOK: A CASE STUDY OF UNBIASED SAMPLING OF OSNS junction.
Gennaro Cordasco - How Much Independent Should Individual Contacts be to Form a Small-World? - 19/12/2006 How Much Independent Should Individual Contacts.

Gennaro Cordasco - How Much Independent Should Individual Contacts be to Form a Small-World? - 19/12/2006 How Much Independent Should Individual Contacts.
A Highly Scalable Key Pre- Distribution Scheme for Wireless Sensor Networks.

A Highly Scalable Key Pre- Distribution Scheme for Wireless Sensor Networks.
On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.

On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.
Efficient Labeling Scheme for Scale-Free Networks The scheme in detailsPerformance of the scheme First we fix the number of hubs (to O(log(N))) and show.

Efficient Labeling Scheme for Scale-Free Networks The scheme in detailsPerformance of the scheme First we fix the number of hubs (to O(log(N))) and show.
Secure and Energy-Efficient Disjoint Multi-Path Routing for WSNs Presented by Zhongming Zheng.

Secure and Energy-Efficient Disjoint Multi-Path Routing for WSNs Presented by Zhongming Zheng.

Similar presentations

Ads by Google