Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Distribution and Update for Secure Inter- group Multicast Communication Ki-Woong Park Computer Engineering Research Laboratory Korea Advanced Institute.

Published byNickolas Watson Modified over 9 years ago

Similar presentations

Presentation on theme: "Key Distribution and Update for Secure Inter- group Multicast Communication Ki-Woong Park Computer Engineering Research Laboratory Korea Advanced Institute."— Presentation transcript:

1 Key Distribution and Update for Secure Inter- group Multicast Communication Ki-Woong Park Computer Engineering Research Laboratory Korea Advanced Institute Science & Technology Dec 11, 2007 The Third ACM Workshop on Security of Ad Hoc and Sensor Networks 1/17

2 COMPANY LOGO Prologue  Secure Group Communication  To accelerate the improve propagation speed  To improve the energy efficiency  Location based services  Location information according to the security level Location Based Services Location Free Conference In this paper,  Focus on the problem for secure intergroup communication  key distribution  Key update UFC 2005 UFC 2006 UFC 2007 2/17

3 COMPANY LOGO 1 2 3 4 Introduction to Group Communication Related Works Secure Group Communication Key Update during Group Changes Contents 3/20 5 Conclusion & Discussion  Performance Evaluation In terms of Communication / Operation Efficiency 3/17

4 COMPANY LOGO Introduction  Computation overhead  Key update (overhead for generating secure key pairs frequently) Operation Complexity – AES : 1, RSA-Private Key : 1000, Public/Private Key Generation : 3000  Identity of sender  Contribution  Switching from asymmetric  symmetric key operation Avoids heavy computation  Distributed update of the personal key  Flat table Reduce the key storage overhead  Challenge of asymmetric key based group communication 4/17

5 COMPANY LOGO Related Works  Group Key Management Protocol (GKMP)  Key Encryption Key (KEK)  Traffic Encryption Key (TEK) One-to-One Distribution  do not scale to large network Scalability Problem  Logical Key Hierarchy  Tree, flat table Broadcast traffic during key refreshment Backward and forward secrecy Avoid single point of failure  Divide the nodes into multiple subgroups –inter-subgroup traffic must be translated by the agents  Dual Encryption protocol To deal with the trust of the third parties Re-Keying Mechanism  Cipher Sequences Time-Synchronized group key distribution protocol periodically rekeying of the group GKMP Re-Keying Mechanism ScalabilityRobustness Today’s Paper Considering - Node mobility - Frequent link changes - Limited resources 5/17

6 COMPANY LOGO Notations G1G1  F q : Finite Field:  E K (msg) /D K (msg) : Encryption / Decryption of the message with K  H(msg) : Hash Function  h(x) : t-degree polynomial in F q [x]  GM : Group Manager  S GM (msg) : digital signature of the group manager  r : the number of bits required to record a node ID  i 1, i 2, …, i r : node i’s ID G2G2 G3G3 GM i1i1 i2i2 i3i3 i4i4 i5i5 00110 r = 5 ID : (6) 10 6/17

7 COMPANY LOGO Secure Group Communication (1/2)  Network Initiation Procedure  Every node will get a set of secret keys from the centralized manager through secure channel such as the physical contact TEK (Traffic encryption keys) : protect the group communication packets KEK (Key Encryption Keys) : support secret refreshment  t-degree polynomial : to determine the personal key shares (inter group traffic)  h 21 (x) : determine the personal key shares of the members in G 1 to G 2  To recover the multicast packets sent by the nodes in G 1 and G 3  h 21 (x), h 23 (x)  Ex) Node v in G 1 sends a packet to the nodes in G 2 G1G1 G2G2 G3G3 GM v i h 21 (v) ( v,G 2,E h 21 (v) (msg,H(msg)) ) E K2 (h 21 (x)) h 21 (v) K 2 : used to encrypt/decrypt the multicast traffic within the group 7/17

8 COMPANY LOGO Secure Group Communication (2/2)  Personal Key Shares  For multicast packets to G 2 Different personal keys h 21 (v), h 21 (w) –Information Isolation  More difficult for attacker to impersonate another node in the same group Unless it can collect t+1 personal keys G1G1 G2G2 v ( v,G 2,E h 21 (v) (msg,H(msg)) ) h 21 (v) z ( x,G 2,E h 21 (x) (msg,H(msg)) ) h 21 (z) GM h 21 (x) 8/17

9 COMPANY LOGO Refresh of the keys  Using flat tables  One flat table per a group r: required bits to represent a node ID Flat table : consists of 2r keys z1z1 z2z2 z3z3 z4z4 z5z5 z 1.0 z 1.1 z 2.0 z 2.1 z 3.0 z 3.1 z 4.0 z 4.1 z 5.0 z 5.1 Position of the bit Binary Value  Ex) Node ID = 10 (01010) 2  Keys: z 1.0, z 2.1, z 3.0, z 4.1, z 5.0  Every Node will have exactly a half of the bits in its node ID  Transmission E z1.0 E z2.1 E z3.0 E z4.1 E z5.0 (msg)  Only “Node 10” has all the keys to decrypt the packet E z1.1 (msg) ||E z2.1 (msg) ||E z3.0 (msg) ||E z4.1 (msg)||E z5.0 (msg)  Send a message to all the members but Node 10  9/17

10 COMPANY LOGO Key Update during Group Changes (1/4)  Joining operations (1/2)  Node i want to joining the group G 1  K1’ should be established For backward secrecy  To establish the new flat table Node can get an entry in the new flat table only if it has the old key at the same position. G1G1 i GM z1z1 z2z2 z3z3 z4z4 z’ 1.0 z’ 1.1 z’ 2.0 z' 2.1 z' 3.0 z' 3.1 z' 4.0 z' 4.1 10/17

11 COMPANY LOGO Key Update during Group Changes (2/4)  Joining operations (2/2)  Update of h 12 (x), h 13 (x) GM choose 2 t-degree polynomials  With the h 12 (x), h 13 (x) Personal key shares of the nodes in G 2 and G 3 must be updated as well. Propose a distributed mechanism to release new polynomials –GM broadcast an authenticated message and notification for new personal key shares –v acquire new personal key share from w –Intersection of theh 12 (v) and h 21 (w)  Secure Channel between two nodes  GM distribute the keys to node i using K i-GM G1G1 E h 12 (x) (Msg) E h 13 (x) (Msg) G1G1 G2G2 v w h’ 12 (v) request 11/17

12 COMPANY LOGO Key Update during Group Changes (3/4)  Leaving Operations (1/2)  Node i leaves group G 2  Key replacement of K 2  Broadcast generated the new flat table to the remaining nodes in G 2  Replacement of h 21 (x), h 23 (x) z1z1 z2z2 z3z3 z4z4 z’ 1.0 z’ 1.1 z’ 2.0 z' 2.1 z' 3.0 z' 3.1 z' 4.0 z' 4.1 G2G2 E h 21 (x) (Msg) E h 23 (x) (Msg) 12/17

13 COMPANY LOGO Key Update during Group Changes (4/4)  Leaving Operations (2/2)  Distributed broadcast of h 21 (x), h 23 (x) GM broadcast an authenticated message and notification for new personal key shares v : acquire new personal key share from w  To prevent usage of h 12 (i), h 32 (i) Maintain a list of the expelled nodes until the new h’ 12 (i) and h’ 32 (i) are established. G2G2 G1G1 v w h’ 21 (v) request 13/17

14 COMPANY LOGO Conclusion & Discussion (1/3)  Overhead Consideration  Reduce the data processing time at the wireless nodes Improve the system efficiency  Switching to symmetric ciphers Consumed energy by 100 times  Additional transmission and reception overhead for key refreshment is totally paid off Scheme using public/private key Proposed Mechanism Key Storage overhead (r + 4) log q(r + 4 + 1 + 2t) log q Broadcast traffic during join (2r + 2) log q(2r + 2 + 1 + 2t) log q Broadcast traffic during leaving event (3r + 1) log q(3r + 1 + 1 + 2t) log q Encryption/Decryption overhead Asymmetric key operationst-degree polynomial+ symmetric 14/17

15 COMPANY LOGO  A new key distribution and update for secure inter-group communication  Polynomials to support the distribution of personal key shares  Flat tables to achieve efficient key refreshment  Reduce the computation overhead  Power usage  Discussion (1/2)  Overhead by Group Manager (GM) Important role in the proposed mechanism –Generation of the polynomials and flat tables Who? ( Base Station / Election ) in Mobile Environment Conclusion & Discussion (2/3) [1] “PKASSO: Towards Seamless Authentication providing Non-Repudiation on Resource-Constrained Devices," 21st IEEE Pervasive Computing and Ad Hoc Communications, May 2007. [2] "Computationally Efficient PKI-Based Single Sign-On Protocol, PKASSO, for Mobile Devices," IEEE Transactions on Computers (under minor revision)"Computationally Efficient PKI-Based Single Sign-On Protocol, PKASSO, for Mobile Devices," [1,2]

16 COMPANY LOGO Conclusion & Discussion (3/3)  Discussion (2/2)  Ratio of client operation to server operation  Vulnerable to DoS Attacks  Defending against Collusive Attacks Collusion by reconstructing the polynomials of other group – t-degree polynomial is resistant to the coalition up to t compromised members  Multiple Changes Simultaneously PKIX(RSA) KerberosM-PKINITPKASSO : Server : Client 76% 24% This Paper 16/17

17 COMPANY LOGO 17/17

18 COMPANY LOGO 18/23 Symmetric KeyAsymmetric Key Key One Key - One Key to encrypt the data - One Key to decrypt the data Two keys - Public key to encrypt the data - Private key to decrypt the data ConfidentialityYes Digital Signature NoYes Non-repudiationNoYes Key DistributionNoYes Speed (ARM PXA270) 3ms472ms Usage T-money (300ms), SpeedPass (100ms) [1] Internet Banking, E-Commerce  Symmetric Key vs. Asymmetric Key [1] F.Vieira, J.Bonnet, C.Lobo, R.Schmitz, and T.Wall “ Security Requirements for Ubiquitous Computing, ” EURESCOM. 2005 [2] A.Pirzada and C.McDonald, “ Kerberos Assisted Authentication in Mobile Ad-hoc Networks," in Proceedings of ACM International Conference Proceeding Series; Vol. 56, 2004. Discussion 18/18

19 COMPANY LOGO  Security Aspect  Computation Efficiency Additional Experiment Authentication Digital signature Non- repudiation Secure key distribution Kerberos YESNo PKIX YES M-PKINIT YES No YES ARSA YES No YES System MobileService Device Total Operation Time PuPrSPuPrS PKIX(RSA-1024bit)221200 34491035 ms Kerberos008006 8.122.4 ms M-PKINIT TGT117115 3305.1991.53 ms M-PKINIT SGT008004 8.082.42 ms ARSA Inter-domain AKA210111 3373.021011.9 ms ARSA Intra-domain AKA200110 1799539.7 ms ARSA Client-Client AKA201201 301.0290.31 ms 19/19

Download ppt "Key Distribution and Update for Secure Inter- group Multicast Communication Ki-Woong Park Computer Engineering Research Laboratory Korea Advanced Institute."

Similar presentations

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.

A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.

Kerberos Assisted Authentication in Mobile Ad-hoc Networks Authors: Asad Amir Pirzada and Chris McDonald Sources: Proceedings of the 27th Australasian.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Presentation By: Garrett Lund Paper By: Sandro Rafaeli and David Hutchison.

Presentation By: Garrett Lund Paper By: Sandro Rafaeli and David Hutchison.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Multicasting in Mobile Ad-Hoc Networks (MANET)

Multicasting in Mobile Ad-Hoc Networks (MANET)
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Security Issues In Sensor Networks By Priya Palanivelu.

Security Issues In Sensor Networks By Priya Palanivelu.
Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.

Wireless Security In wireless networks. Security and Assurance - Goals Integrity Modified only in acceptable ways Modified only by authorized people Modified.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
A Secure Network Access Protocol (SNAP) A. F. Al Shahri, D. G. Smith and J. M. Irvine Proceedings of the Eighth IEEE International Symposium on Computers.

A Secure Network Access Protocol (SNAP) A. F. Al Shahri, D. G. Smith and J. M. Irvine Proceedings of the Eighth IEEE International Symposium on Computers.

Similar presentations

Ads by Google