Presentation is loading. Please wait.

Presentation is loading. Please wait.

Towards Scalable and Reliable Secure Multicast Presenter: Yang Richard Yang Network Research Lab Department of Computer Sciences The University of Texas.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Towards Scalable and Reliable Secure Multicast Presenter: Yang Richard Yang Network Research Lab Department of Computer Sciences The University of Texas."— Presentation transcript:

1 Towards Scalable and Reliable Secure Multicast Presenter: Yang Richard Yang Network Research Lab Department of Computer Sciences The University of Texas at Austin 11/02/2000 Project Director: Simon S. Lam Other Members: Steve Li, Xincheng Zhang Past member: C. K. Wong

2 11/02/2000Towards a Scalable and Reliable Group Key Management2 What is a Group Key Management System? Provide access control to the symmetric group key that is shared by all group membersProvide access control to the symmetric group key that is shared by all group members Two types of access control services:Two types of access control services: q Backward access control: Change the group key after a new user joins Change the group key after a new user joins q Forward access control: Change the group key after a member leaves Change the group key after a member leaves

3 11/02/2000Towards a Scalable and Reliable Group Key Management3 Key Trees k1-9 k123k456k1k789k2k3k4k5k6k7k8 u2 u3u4u5u6u7u8u9u1 k9 (changed to k78) (changed to k1-8) [Wong et al. SIGCOMM ’98, Wallner et al. Internet Draft] {k78} k7 {k78} k8 {k1-8} k123 {k1-8} k456 {k1-8} k78

4 11/02/2000Towards a Scalable and Reliable Group Key Management4 Group Key Management System Components registration rekey encoding rekey transport individual keys join leave

5 11/02/2000Towards a Scalable and Reliable Group Key Management5 Registration Component Issue: authentication can have large overheadIssue: authentication can have large overhead Solution: allow multiple registrars in our Keystone prototypeSolution: allow multiple registrars in our Keystone prototype encodingtransport Reg.

6 11/02/2000Towards a Scalable and Reliable Group Key Management6 Distributed Registrars Protocol registrarkey server SSL registrar key Kr client lists new user c IDc, Kc SSL {IDc, Kc}Kr TCP: {Join, IDc}Kc {Ack}Kc, {Keys}Kc TCP: {Leave, IDc}Kc {Ack}Kc,

7 11/02/2000Towards a Scalable and Reliable Group Key Management7 Rekey Encoding Component Issue: rekey for each request in real-time may not be desiredIssue: rekey for each request in real-time may not be desired q Rekey for each request is not efficient q Rekey in real-time have out-of-sync problem Solution: use periodic batch rekeyingSolution: use periodic batch rekeying Periodic batch rekeying provides tradeoffs between performance and how effective group access control isPeriodic batch rekeying provides tradeoffs between performance and how effective group access control is Reg. encoding transport

8 11/02/2000Towards a Scalable and Reliable Group Key Management8 Periodic Batch Encoding Algorithm Assume J joins and L leaves in a batchAssume J joins and L leaves in a batch If J = L, replace each departed user by a new userIf J = L, replace each departed user by a new user If J < L, replace departed users from the left to rightIf J < L, replace departed users from the left to right If J > L, first replace departed users by joined users, then expand the treeIf J > L, first replace departed users by joined users, then expand the tree

9 11/02/2000Towards a Scalable and Reliable Group Key Management9 Batch Encoding Performance

10 11/02/2000Towards a Scalable and Reliable Group Key Management10 Batch Encoding Performance Gains

11 11/02/2000Towards a Scalable and Reliable Group Key Management11 Rekey Transport Component Two Issues:Two Issues: q What is the workload? q What is the transport protocol? Reg. encoding transport

12 11/02/2000Towards a Scalable and Reliable Group Key Management12 Rekey Transport Workload Rekey messages have a sparseness propertyRekey messages have a sparseness property q Each receiver only needs to receive a fraction of the packets in a rekey message The number of packets each receiver needs to receive depends on how encrypted keys are assigned to packetsThe number of packets each receiver needs to receive depends on how encrypted keys are assigned to packets

13 11/02/2000Towards a Scalable and Reliable Group Key Management13 DFS vs BFS Packet Assignment Algorithm

14 11/02/2000Towards a Scalable and Reliable Group Key Management14 Histogram

15 11/02/2000Towards a Scalable and Reliable Group Key Management15 Rekey Transport Protocol Rekey transport protocol design needs to consider two factors:Rekey transport protocol design needs to consider two factors: q It is desired that rekey message is delivered before next rekey interval  Proactive FEC q Inter-dependency requires eventual reliability  User send re-synchronization at the end of rekey interval

16 11/02/2000Towards a Scalable and Reliable Group Key Management16 How to Determine Proactivity Factor?

17 11/02/2000Towards a Scalable and Reliable Group Key Management17 Two Remaining Questions Questions:Questions: q How to determine the rekey interval T? q How to determine the number of users a key server can support? These answers to these questions will be tradeoff decisionsThese answers to these questions will be tradeoff decisions Reg. encoding transport

18 11/02/2000Towards a Scalable and Reliable Group Key Management18 Bandwidth Requirement vs Rekey Interval

19 11/02/2000Towards a Scalable and Reliable Group Key Management19 Determine System Parameters by Constraints Two types of constraints:Two types of constraints: q Performance constraints give lower bounds on T Upper bounds of key server and receiver bandwidth requirement Upper bounds of key server and receiver bandwidth requirement Rekey latency Rekey latency q System effectiveness constraints give upper bound on T: E.g. T/m < 0.1, m is the mean time each user in the group E.g. T/m < 0.1, m is the mean time each user in the group If the lower bounds < upper bound, choose the upper bound as T, otherwise, have to reduce the number of users in the groupIf the lower bounds < upper bound, choose the upper bound as T, otherwise, have to reduce the number of users in the group

20 11/02/2000Towards a Scalable and Reliable Group Key Management20 Extend to Distributed Key Servers Objective: improve scalability and reliabilityObjective: improve scalability and reliability Issue: how to coordinate different groups?Issue: how to coordinate different groups? Two distributed architectures:Two distributed architectures: q Multiple key servers based on clock synchronization, larger virtual group q iolus agents with RMX like topology

21 11/02/2000Towards a Scalable and Reliable Group Key Management21 Conclusion Investigated scalability and reliability issues of a single key server systemInvestigated scalability and reliability issues of a single key server system q Registration: distributed registars q Rekey encoding: period batch processing q Rekey transport: proactive FEC + re-synchronization Determine T and N by system constraintsDetermine T and N by system constraints Two distributed key server architectures to further improve scalability and reliabilityTwo distributed key server architectures to further improve scalability and reliability

Download ppt "Towards Scalable and Reliable Secure Multicast Presenter: Yang Richard Yang Network Research Lab Department of Computer Sciences The University of Texas."

Similar presentations

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.

Adapted Multimedia Internet KEYing (AMIKEY): An extension of Multimedia Internet KEYing (MIKEY) Methods for Generic LLN Environments draft-alexander-roll-mikey-lln-key-mgmt-01.txt.
Push Technology Humie Leung Annabelle Huo. Introduction Push technology is a set of technologies used to send information to a client without the client.

Push Technology Humie Leung Annabelle Huo. Introduction Push technology is a set of technologies used to send information to a client without the client.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.

A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
Building Cloud-ready Video Transcoding System for Content Delivery Networks(CDNs) Zhenyun Zhuang and Chun Guo Speaker: 饒展榕.

Building Cloud-ready Video Transcoding System for Content Delivery Networks(CDNs) Zhenyun Zhuang and Chun Guo Speaker: 饒展榕.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
Scalable On-demand Media Streaming with Packet Loss Recovery Anirban Mahanti Department of Computer Science University of Calgary Calgary, AB T2N 1N4 Canada.

Scalable On-demand Media Streaming with Packet Loss Recovery Anirban Mahanti Department of Computer Science University of Calgary Calgary, AB T2N 1N4 Canada.
U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts Amherst Operating Systems CMPSCI 377 Lecture.

U NIVERSITY OF M ASSACHUSETTS, A MHERST Department of Computer Science Emery Berger University of Massachusetts Amherst Operating Systems CMPSCI 377 Lecture.
What’s the Problem Web Server 1 Web Server N Web system played an essential role in Proving and Retrieve information. Cause Overloaded Status and Longer.

What’s the Problem Web Server 1 Web Server N Web system played an essential role in Proving and Retrieve information. Cause Overloaded Status and Longer.
KAIS T Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups IEEE/ACM Trans. on Netw., Vol. 14, No. 2, April 2006.

KAIS T Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups IEEE/ACM Trans. on Netw., Vol. 14, No. 2, April 2006.
Optimal Communication Complexity of Generic Multicast Key Distribution Saurabh Panjwani UC San Diego (Joint Work with Daniele Micciancio)

Optimal Communication Complexity of Generic Multicast Key Distribution Saurabh Panjwani UC San Diego (Joint Work with Daniele Micciancio)
12/2/2003chow1 Network and System Support for Multi-Level Security C. Edward Chow Department of Computer Science University of Colorado At Colorado Springs.

12/2/2003chow1 Network and System Support for Multi-Level Security C. Edward Chow Department of Computer Science University of Colorado At Colorado Springs.
Multicasting in Mobile Ad-Hoc Networks (MANET)

Multicasting in Mobile Ad-Hoc Networks (MANET)
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
A Comparison of Layering and Stream Replication Video Multicast Schemes Taehyun Kim and Mostafa H. Ammar.

A Comparison of Layering and Stream Replication Video Multicast Schemes Taehyun Kim and Mostafa H. Ammar.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Scalable Application Layer Multicast Suman Banerjee Bobby Bhattacharjee Christopher Kommareddy ACM SIGCOMM Computer Communication Review, Proceedings of.

Scalable Application Layer Multicast Suman Banerjee Bobby Bhattacharjee Christopher Kommareddy ACM SIGCOMM Computer Communication Review, Proceedings of.
Secure Group Communications Using Key Graphs Chung Kei Wong, Member, IEEE, Mohamed Gouda Simon S. Lam, Fellow, IEEE Evgenia Gorelik Yuksel Ucar.

Secure Group Communications Using Key Graphs Chung Kei Wong, Member, IEEE, Mohamed Gouda Simon S. Lam, Fellow, IEEE Evgenia Gorelik Yuksel Ucar.

Similar presentations

Ads by Google