Presentation is loading. Please wait.

Presentation is loading. Please wait.

Project guide Dr. G. Sudha Sadhasivam Asst Professor, Dept of CSE Presented by C. Geetha Jini (07MW03)

Published byMervyn Dennis Modified over 9 years ago

Similar presentations

Presentation on theme: "Project guide Dr. G. Sudha Sadhasivam Asst Professor, Dept of CSE Presented by C. Geetha Jini (07MW03)"— Presentation transcript:

1 Project guide Dr. G. Sudha Sadhasivam Asst Professor, Dept of CSE Presented by C. Geetha Jini (07MW03)

2  Objective  Grid Security Issues  Dynamic VO in Grid  Group Communication in Grid  Tree Based Group Diffie Hellman Protocol  Interval based Rekeying  Domain to domain Communication  Establishment of Trust  Results  Conclusion  Future Work  References 2

3  To use Tree Based Group Diffie Hellman Protocol to generate and update the group key dynamically.  To compare the performance of individual and interval based rekeying approachs.  Securing domain to domain communication by establishing trust relationship among entities.  Simulating the protocol using GridSim toolkit. 3

4 The activities that need to be secured in a grid environment are:  Naming and authentication  Secure communication – TLS/SSL  Trust, policy, and authorization  Access control. 4

5 Virtual organizations (VOs) are collections of diverse and distributed individuals that seek to share and use diverse resources in a coordinated fashion. Users can join into several VOs, while resource providers also partition their resources to several Vos. 5

6  Dynamic VO establishment ◦ A VO is organized for some goal and disorganized after the goal is achieved. ◦ Users can join into or leave VOs. ◦ Resource providers can join into or leave VOs.  Dynamic policy management ◦ Resource providers dynamically change their resources policies. ◦ VO managers manage VO users’ rights dynamically.  Interoperability with different host environments 6

7 7

8  A binary key tree is formed. Each node v represents a secret (private) key K v and a blinded (public) key BK v.  BK v = α K v mod p, where α and p are public parameters.  Every member holds the secret keys along the key path  Assume each member knows the all blinded keys in the key tree. 0 M1M1 M2M2 2 46 7 1 53 81112 M3M3 M4M4 M5M5 M6M6 0 1 3 7 K 0 = Group Key 8

9 K v = (BK 2v+1 ) K 2v+2 = (α K 2v+1 ) K 2v+2 mod p v The secret key of a non-leaf node v can be generated by: K v = (BK 2v+2 ) K 2v+1 = (α K 2v+2 ) K 2v+1 mod p 2v+12v+2 BK 2v+1 BK 2v+2 K v = α K 2v+1 K 2v+2 mod p The secret key of a leaf node is randomly selected by the corresponding member. 9

10 E.g., M 1 generates the group key via: 0 M1M1 M2M2 2 46 7 1 53 81112 M3M3 M4M4 M5M5 M6M6 K 7, BK 8  K 3 K 3, BK 4  K 1 K 1, BK 2  K 0 (Group Key) 7 3 1 0 4 2 8 10

11  Rekeying (renewing the keys of the nodes) is performed at every single join/leave event to ensure backward and forward confidentiality.  A special member called sponsor is elected to be responsible for broadcasting updated blinded keys. 11

12 M4M4 0  M 8 broadcasts its individual blinded key BK 12 on joining.  M 4 becomes the sponsor. It rekeys K 5, K 2 and K 0 and broadcasts the blinded keys.  Now everyone can compute the new group key. 12 11 M 4(S) M 8 joins 2 5 M8M8 M1M1 M2M2 46 7 1 3 8 M3M3 M6M6 1314 M7M7 5 2 0 12

13  M 4 becomes the sponsor. It rekeys the secret keys K 2 and K 0 and broadcasts the blinded keys.  M 1, M 2 and M 3 compute K 0 given BK 2.  M 6 and M 7 compute K 2 and then K 0 given BK 5. 5 11 12 M4M4 M5M5 0 2 M1M1 M2M2 46 7 1 3 8 M3M3 M6M6 1314 M7M7 5 12 2 0 M 5 leaves 5 M 4(S) 13

14 Tree T * 3 M2M2 M5M5 M3M3 sponsor M6M6 sponsor Tree T 3 M1M1 M3M3 M4M4 M6M6 sponsor M2M2 sponsor M5M5 14

15 15

16  Interval-based rekeying is proposed such that rekeying is performed on a batch of join and leave requests at regular rekey intervals.  Interval-based rekeying improves system performance.  Queue-batch algorithm is used for interval based rekeying. 16

17  T’ is attached to node 6.  M 10, the sponsor, will broadcast BK 6.  M 1 rekeys K 1. M 6 rekeys K 2.  M 1 broadcasts BK 1. M 6 broadcasts BK 2. 0 21 0 M1M1 M2M2 2 46 7 1 53 81112 M3M3 M4M4 M5M5 M6M6 2324 M7M7 M 8, M 9, M 10 join M 2, M 7 leave 36 8 M 1(S) 3 6 1314 M8M8 M9M9 T’ 2728 M 10(S) 17 M8M8 6 1314 M9M9 T’ 2728 M 10(S)

18  Group key Secrecy  Forward Secrecy  Backward Secrecy  Key Independence 18

19 Domain1 d1 Domain2 d2 Domain3 d3 Admin 1 2 3 4 5 VO1 Group2 19

20 Trust Evaluation Entity A’s opinion about entity B’s trustworthiness Combining Trust If b A > b B ; d A < d B and u A < u B, then opinion O A is over a threshold presented by O B. Comparing Trust 20

21 Initialize the GridSim Package Create grid entities- users and resources Build the Network topology (mesh) Form the group Entity joins to different domain Evaluate trust Joins the entity to group Join the entity to group Perform rekeying Initialize the GridSim Package Create grid entities- users and resources Build the Network topology (mesh) Form the group Entity joins to different domain Evaluate trust Joins the entity to group Join the entity to group Perform rekeying yes No 21

22 Leave = 0Leave = 5 Leave = 10 22

23 Leave = 10 23

24 24

25 25

26 26

27  TGDH is used for securing group communication in grid.  Here each member contribute an equal share to the common group session key. This will enhance the security and avoid the problems with centralized trust and single point failure.  In order to reduce rekeying complexity, interval based approach is carried out.  Simulations are done using GridSim toolkit.  Domain to domain communication is enhanced by establishing a trust relationship. 27

28  The group key management protocol can be further enhanced by coupling the session based group key with permanent private components of the group members to improve security.  Groups can be formed within a virtual organization based on trust relationships, separate keys can be generated for each group and these keys can be managed hierarchically based on trust.  The proposed system can be tested in a real grid environment using globus. 28

29 [1] Y. Kim, A. Perrig, and G. Tsudik. Tree-Based Group Key Agreement. ACM Trans. on Information and System Security, 7(1):60–96, Feb 2004. [2] Distributed and Collaborative Key Agreement Protocols with Authentication and Implementation for Dynamic Peer Groups by Patrick P. C. Lee, John C. S. Lui, and David K. Y. Yau,, Vol. 14, No. 2, April 2006 [3] Grid Security Services Simulator (G3S) – A Simulation Tool for the Design and Analysis of Grid Security Solutions, Syed Naqvi, Michel Riguidel Proceedings of the First International Conference on e-Science and Grid Computing (e- Science’05) 2005 IEEE [4] http://www.gridbus.org/gridsim [5] Ching Lin, Vijay Varadharajan and Yan Wang, Vineet Pruthi, “Enhancing Grid Security with Trust Management”, Proceedings of the 2004 IEEE International Conference on Services Computing (SCC’04). [6] Marty Humphrey, Mary R. Thompson, and Keith R. Jackson, Security for Grids, Proceedings of the IEEE, Vol. 93, No. 3, March 2005 29

30 THANK YOU 30

Download ppt "Project guide Dr. G. Sudha Sadhasivam Asst Professor, Dept of CSE Presented by C. Geetha Jini (07MW03)"

Similar presentations

A key agreement protocol using mutual Authentication for Ad-Hoc Networks IEEE 2005 Authors : Chichun Lo, Chunchieh Huang, Yongxin Huang Date : 2005_11_29.

A key agreement protocol using mutual Authentication for Ad-Hoc Networks IEEE 2005 Authors : Chichun Lo, Chunchieh Huang, Yongxin Huang Date : 2005_11_29.
Fast and Secure Universal Roaming Service for Mobile Internet Yeali S. Sun, Yu-Chun Pan, Meng-Chang Chen.

Fast and Secure Universal Roaming Service for Mobile Internet Yeali S. Sun, Yu-Chun Pan, Meng-Chang Chen.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.

TAODV: A Trusted AODV Routing Protocol for MANET Li Xiaoqi, GiGi March 22, 2004.
Policy-based Virtual Network Embedding across Multiple Domains

Policy-based Virtual Network Embedding across Multiple Domains
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
KAIS T Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups IEEE/ACM Trans. on Netw., Vol. 14, No. 2, April 2006.

KAIS T Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups IEEE/ACM Trans. on Netw., Vol. 14, No. 2, April 2006.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.

Military Technical Academy Bucharest, 2006 SECURITY FOR GRID INFRASTRUCTURES - Grid Trust Model - ADINA RIPOSAN Department of Applied Informatics.
1.1 Distributed and Collaborative Key Agreement Protocols with Authentication and Implementation for Dynamic Peer Groups Patrick Pak-Ching LEE.

1.1 Distributed and Collaborative Key Agreement Protocols with Authentication and Implementation for Dynamic Peer Groups Patrick Pak-Ching LEE.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.

1 Key Management in Mobile Ad Hoc Networks Presented by Edith Ngai Spring 2003.
An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.

An Authentication Service Based on Trust and Clustering in Wireless Ad Hoc Networks: Description and Security Evaluation Edith C.H. Ngai and Michael R.
Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.

Introduction and Overview “the grid” – a proposed distributed computing infrastructure for advanced science and engineering. Purpose: grid concept is motivated.
Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.

Dept. of Computer Science & Engineering, CUHK1 Trust- and Clustering-Based Authentication Services in Mobile Ad Hoc Networks Edith Ngai and Michael R.
Scalable Application Layer Multicast Suman Banerjee Bobby Bhattacharjee Christopher Kommareddy ACM SIGCOMM Computer Communication Review, Proceedings of.

Scalable Application Layer Multicast Suman Banerjee Bobby Bhattacharjee Christopher Kommareddy ACM SIGCOMM Computer Communication Review, Proceedings of.

Similar presentations

Ads by Google