Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments By Yair Amir, Giuseppe Ateniese, Damian Hasse, Yongdae Kim,

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments By Yair Amir, Giuseppe Ateniese, Damian Hasse, Yongdae Kim,"— Presentation transcript:

1 Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments By Yair Amir, Giuseppe Ateniese, Damian Hasse, Yongdae Kim, Cristina Nita-Rotaru, Theo Schlossnagle, John Schultz, Jonathan Stanton, Gene Tsudik Presented By Anthony Wood

2 2 Outline Overview Group Communication CLIQUES Spread Secure Spread Evaluation Conclusion

3 3 Context Secure Routing Hop-by-hop encryption / authentication SPINS Node to BS protocol, BS broadcast Efficient Distribution… BS broadcast, keychains Random Key Pre-distribution Neighbor key agreement What’s missing? Groups of nodes communicating securely

4 4 Secure Spread Systems look at secure group communication Internet / WAN context Secure Spread uses: Spread toolkit for communication CLIQUES for group key agreement Blowfish for group confidentiality

5 5 Contributions Integration of security with group communication semantics With respect to this seminar Group communication issues Security properties of groups Key agreement protocol

6 6 Groups History: Group communication community Internet community Wireless Sensor Network community In WSNs: Collaboration in neighborhoods Tracking mobile events “Enough”, redundancy, loose membership

7 7 Group Semantics Messaging facilities and semantics Reliability, ordering, safety Failure handling Fail-stop, fail-and-recover, partitions Membership Supported primitives

8 8 Group Membership JoinLeaveMass JoinMass LeaveFusionFission

9 9 Secure Groups Why not just extend 2-party key agreement? Failure of communication channel is not binary anymore Group state fluctuations must be accompanied by security adjustments Naïve pair-wise approach is expensive

10 10 Secure Group Semantics What do we mean by group “security”? Authentication of group as a whole Authentication of group members Confidentiality of in-group communication Confidentiality of to-group communication Membership non-repudiation Key independence

11 11 Secure Spread Goals 1. Authentic and private communication within a group 2. Authentic and private communication between secure group and outsiders 3. Authentication and non-repudiation of members within and outside group

12 12 Why Focus on Keying? Members must share a secret to achieve confidentiality More complex than message formats and mechanisms More costly in communication and computation

13 13 Group Keying Centralized TTP chooses key Controller / Leader chooses key Distributed Group secret is function of all members’ contributions More complex, more overhead More robust, less trust needed

14 14 Outline Overview Group Communication CLIQUES Spread Secure Spread Evaluation Conclusion

15 15 2-Party DH Agree on: An algebraic group G of order p, with generator g Protocol: A (B) chooses random Sa (Sb) < p A -> B: g Sa mod p B -> A: g Sb mod p Shared key is: g SaSb mod p Depends on difficulty of computing discrete logs Participants work: O(log 2 p) Adversaries work: O(p 0.5 )

16 16 CLIQUES Protocol suite for key agreement in dynamic groups (Steiner, Tsudik, Waidner, ’98 ICDCS) Uses Diffie-Hellman group key agreement Uses a group controller to manage member additions/removals Initial and Auxiliary phases Final group key:

17 17 CLIQUES – IKA

18 18 CLIQUES – Join

19 19 CLIQUES – Leave

20 20 1.Make own contribution N i 2.Raise each intermediate value to N i 3.Add received cardinal value to intermediate list 4.Compute new cardinal = old ^ N i 5.Send intermediates, cardinal to next member n. Broadcast intermediates to all members CLIQUES – Example 1 2 3 4 broadcast cardinalintermediates Note: Group key =

21 21 CLIQUES – Example 1 2 3 4 5 … Node 5 joins and is new controller

22 22 CLIQUES Attributes Distributed Contributory Computation load is distributed Uses Diffie-Hellman key agreement Fixed or floating controller, based on trust model

23 23 CLIQUES Requirements Group multicast Member to member unicast FIFO ordering Knowledge of membership All of these are provided by Spread

24 24 Outline Overview Group Communication CLIQUES Spread Secure Spread Evaluation Conclusion

25 25 Spread Overlay network for group communication in WANs (Amir, Stanton, ’98) Provides ordering, reliability, membership, stability Aggregates packets for efficiency over WAN Layers atop different topologies and protocols Uses hierarchical daemon-client architecture

26 26 Spread Architecture Daemon Clients

27 27 Spread SW Architecture Secure Spread

28 28 Spread Semantics Reliability Unreliable Reliable Ordering Unordered FIFO Causal Agreed Stability Safe Delivery Membership Extended Virtual Synchrony View Synchrony

29 29 EVS / VS Virtual Synchrony (ISIS, ’87 SOSP) Processes perceive failures and membership changes at same logical time Extended Virtual Synchrony (’94 ICDCS) Handles network partitions, merging, process failure and recovery View Synchrony (’97 SOPDC) Total order on views, total order on message delivery within views

30 30 Outline Overview Group Communication CLIQUES Spread Secure Spread Evaluation Conclusion

31 31 Secure Spread Integrates Spread with CLIQUES Group keying and crypto are modular Runtime binding of modules to groups Layers security services on top of Spread, exposing similar API to application

32 32 Secure Spread Key agreement Key used for confidentiality Provides VS semantics Can bypass security

33 33 Key Agreement Module CLIQUES for distributed key agreement CKD for centralized key distribution Controller exchanges keys with each member using 2-party Diffie-Hellman Controller creates group key Controller distributes group key to members one at a time

34 34 Blowfish 64-bit block cipher Created by Bruce Schneier Fast, compact, simple, variable key length Uses Feistel network Public domain Requires extensive sub-key computation

35 35 Blowfish Source: http://www.sm.luth.se/csee/courses/smd/102/lek3/lek3.html 1.Pre-compute sub-keys PKi (521 iterations, 4KB) 2.Operate 16 rounds on each 64-bit block of plaintext Mixing Function:

36 36 Layering vs. Integration “Client-model” is layered approach Trust Spread to provide group communication Applications (group members) take part in keying Daemon-model is integration Have to trust Spread to do it all Only daemons have to do key agreement

37 37 Outline Overview Group Communication CLIQUES Spread Secure Spread Evaluation Conclusion

38 38 Evaluation Metrics Number of messages per event Number of participants per event Serial and overall computation per event Fault tolerance Trust in members of group Load distribution

39 39 Evaluation – Messages Number of Messages CLIQUES Initialization:n-1 unicast, 1 broadcast Join:1 unicast, 1 broadcast Leave:1 broadcast Centralized Key Distribution (CKD) Initialization:2(n-1) unicast, 1 broadcast Join:2 unicast, 1 broadcast Leave:1 broadcast

40 40 Evaluation – Participants Number of participants CLIQUE-level Many fewer entities in key agreement if using daemon-model Fully contributory implies all members participate Spread-level Routing scales with daemons Clients at individual sites are reachable by a single message

41 41 Evaluation – Computations CLIQUES relies on controller less, at the expense of greater computation for joins IKA n (n+3)n/2 – 1 3n - 3

42 42 Evaluation Fault Tolerance Cascading Failure Handling: not implemented Trust Cliques: Controller can be checked CKD: Controller is trusted completely Spread: Daemons trusted to provide ordering Load Distribution Floating Controller: New member computes

43 43 Evaluation – Performance One DH exponentiation with 512-bit modulus on SUN: 12 ms Join Group Size Time (sec) CLIQUES uses 3n exponentiations CKD uses n + 6 exponentiations

44 44 Open Issues Cascading failures Handling membership changes or crashes while key adjustment is in progress Group / member certification Membership non-repudiation Secure communication with non-members Group membership policy Impact on other services

45 45 Application to WSNs Constraints Modular exponentiation is still expensive Message sizes are linear in group members Spread architecture is heavyweight (except perhaps for hierarchical WSNs) EVS/VS require ACKs, broadcasts, retransmissions Blowfish optimized for 32-bit architectures

46 46 Application to WSNs WSN Groups Will we know the full membership in a WSN group? What if group members are sleeping when a node is added? Flooding is an expensive multicast method Group Applications Mobicast Envirotrack

47 47 Conclusion Distributed key agreement is useful and robust—but can be expensive Tradeoffs depend on dynamics of membership, semantics desired END

Download ppt "Secure Group Communication in Asynchronous Networks with Failures: Integration and Experiments By Yair Amir, Giuseppe Ateniese, Damian Hasse, Yongdae Kim,"

Similar presentations

Chris Karlof and David Wagner

Chris Karlof and David Wagner
Advisor : Prof. Yu-Chee Tseng Student : Yi-Chen Lu 12009/06/26.

Advisor : Prof. Yu-Chee Tseng Student : Yi-Chen Lu 12009/06/26.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.

Maximum Battery Life Routing to Support Ubiquitous Mobile Computing in Wireless Ad Hoc Networks By C. K. Toh.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan. 2009 - July 2009) Department of.

Customized Network Security Protocols Cristina Nita-Rotaru and Jeffrey Seibert SPONSORED BY DOUBLE-TAKE SOFTWARE (Jan July 2009) Department of.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
URSA: Providing Ubiquitous and Robust Security Support for MANET

URSA: Providing Ubiquitous and Robust Security Support for MANET
Ranveer Chandra , Kenneth P. Birman Department of Computer Science

Ranveer Chandra , Kenneth P. Birman Department of Computer Science
Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.

Chapter 13 IPsec. IPsec (IP Security)  A collection of protocols used to create VPNs  A network layer security protocol providing cryptographic security.
Virtual Synchrony Jared Cantwell. Review Multicast Causal and total ordering Consistent Cuts Synchronized clocks Impossibility of consensus Distributed.

Virtual Synchrony Jared Cantwell. Review Multicast Causal and total ordering Consistent Cuts Synchronized clocks Impossibility of consensus Distributed.
Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.

Notes to the presenter. I would like to thank Jim Waldo, Jon Bostrom, and Dennis Govoni. They helped me put this presentation together for the field.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
Group Communications Group communication: one source process sending a message to a group of processes: Destination is a group rather than a single process.

Group Communications Group communication: one source process sending a message to a group of processes: Destination is a group rather than a single process.
Transis Efficient Message Ordering in Dynamic Networks PODC 1996 talk slides Idit Keidar and Danny Dolev The Hebrew University Transis Project.

Transis Efficient Message Ordering in Dynamic Networks PODC 1996 talk slides Idit Keidar and Danny Dolev The Hebrew University Transis Project.
Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.

Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.
Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.

Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.
SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.

SPINS: Security Protocols for Sensor Networks Adrian Perrig, Robert Szewczyk, Victor Wen, David Culler, J.D. Tygar Research Topics in Security in the context.
TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

TinySec: Link Layer Security Chris Karlof, Naveen Sastry, David Wagner University of California, Berkeley Presenter: Todd Fielder.

Similar presentations

Ads by Google