Presentation is loading. Please wait.

Presentation is loading. Please wait.

Improving MBMS Security in 3G Wenyuan Xu Rutgers University.

Published byPaula Preston Modified over 9 years ago

Similar presentations

Presentation on theme: "Improving MBMS Security in 3G Wenyuan Xu Rutgers University."— Presentation transcript:

1 Improving MBMS Security in 3G Wenyuan Xu wenyuan@winlab.rutgers.edu Rutgers University

2 2 Outline  Motivation  The security problem  The existing MBMS scheme  Our improved scheme  Experimental results

3 3 Motivation  The coming future: group-oriented applications on wireless networks  Network basis: multicast  3G: Multimedia Broadcast/Multicast Service (MBMS)  Security problem: control access to multicast data 3G Networks MB-SC MB-SC: Broadcast Multicast - Service Center

4 4 3G Networks MB-SC Session Key Security Goal – Access Control MB-SC: Broadcast Multicast - Service Center

5 5 Security Goal – Access Control 3G Networks MBSC 3G Networks MB-SC Session Key 

6 6 Dilemmas in 3G Networks  Underlying Scenario: –Mobile Equipment (ME)  Powerful  Not a secure device to store session key  An attacker who is a subscribed user can distribute the decryption keys to others. –User Services Identity Module (USIM): SIM card  Not powerful enough to decrypt bulk data  Secure device to store session key

7 7 Dilemmas in 3G Networks  Attacks: –An adversarial subscriber find out the Session Key (SK) and send it out to non-paying users.  In summary: –The need to store decryption keys in insecure memory makes it impossible to design a scheme where non- subscribed users CANNOT access the data  What can we do?

8 8 What can we do?  Dissuade  Dissuade our potential market from using illegitimate methods to access the multicast content  What is the potential market? –Users that desire cheap access to multicast services while being mobile.  Attacks we should not be concerned about: –Attacks that are expensive to mount (per-user basis) –Attacks that assume the user is not mobile.

9 9 What can we do? (cont.)  Assumption –It is not easy for an adversarial subscriber to send out the Session key (SK). Thus, we assume there is a underlying cost associated with sharing the Session Key. –There is a Registration Key established once the user subscribes to the service.  Strategy for protecting Keys –Make the Session Key change so frequently that the cost of attacking is more expensive than the cost of subscribing to the service. –This strategy is used in Qualcomm ’ s S3-030040 proposal to 3GPP.  Requirement –The overhead of changing the SK should be modest.

10 10 3G Core Network MB-SC Radio Access Network Qualcomm’s Key Hierarchy BAK (Broadcast access key) SK (Session key) f Random number RK (Registration key)

11 11 Qualcomm’s SK Distribution Scheme  BM-SC send out the encrypted multicast data together with SK_RAND, BAK_ID, BAK_EXP –CipherText = E SK (content) 3G Core Network MB-SC Radio Access Network CipherText || SK_RAND || BAK_ID || BAK_EXP

12 12 SK Distribution (Cont.)  Once ME finds that a new SK is used: –ME asks USIM to calculate the new SK  If USIM has BAK corresponding to BAK_ID –USIM: SK = f (SK_RAND, BAK) –USIM sends the new SK to ME 3G Core Network MB-SC Radio Access Network CipherText || SK_RAND || BAK_ID || BAK_EXP

13 13 Qualcomm’s BAK Distribution Scheme  Each USIM sends out a BAK request to MB-SC from the ME 3G Core Network MB-SC Radio Access Network BAK request || USIM_ID

14 14 BAK Distribution (Cont.) 3G Core Network MB-SC Session Key Radio Access Network  Once the request passes the legality check, BM-SC: –Generates temporary key: TK = f (TK_RAND, RK) –Sends: E TK (BAK) || TK_RAND

15 15 Drawbacks  Bandwidth: network resources will be wasted on sending out SK_RAND.  SK_RAND has to be appended to each package.  For higher level of security, SK_RAND has to be large.  BAK update problem: at the moment that a new BAK is used, every USIM will send out a BAK request to BMSC  BAK implosion problem  High peak bandwidth

16 16 Improvements: One Way Function  Using one way function to generate SKs within USIM –SK 0 = SK_SEED –SK 1 = f (SK 0,BAK) – … –SK i+1 = f (SK i, BAK) 3G Core Network MB-SC Radio Access Network CipherText || SK_RAND || BAK_ID || BAK_EXP

17 17 Improvements: BAK Distribution  At the moment that a new BAK is used, every USIM will request BAK from BAK distributor almost at the same time  BAK distributor pushes the new BAK to USIM instead of pulling by USIM

18 18 Improvements: Key Tree  Using additional set of keys (Key Encryption Keys KEK) to achieve key hierarchy  Join: Use old shared key (SEK) to encrypt and distribute new session key  Leave: Use lower level old key (KEK) to encrypt the higher level key, and only change the keys known by the leaving user

19 19 Simulation Setup  NS-2  Simulation Topology –Use two nodes to represent the Network since we are primarily concerned with capturing the bottleneck effect in the Network. B1N1N2 U1 U2 Ui Wired link Queue length (l) Service rate (u) Link 1Link2 Bottleneck bandwidth Loss rate Delay Users’ inter arrival time Duration time Network

20 20 Simulation Setup (cont.)  Movie session –Multicast traffic: statistical data from Star Wars IV –Group member join/leave behavior:  Inter-arrival times and session durations are modeled as exponential distributions  Inter-arrival time consists of two phases: –Beginning of movie (first 150 seconds): Users arrive more frequently –Remainder of movie: Users arrive less frequently  Session durations: –Mean duration = 46min

21 21 Simulation Results: Bandwidth Used for Group Size 760 Qualcomm’s scheme Our improved scheme Bandwidth (kb/s)

22 22 Simulation Results: Peak bandwidth vs. Group size......

23 23 Conclusions:  An improved security framework was presented that involves: –The use of chained one-way functions for generating SKs –The BM-SC pushing new BAKs to the users based on a key- tree  These improvements: –Reduce amount of bandwidth needed for updating keys –Avoid potential BAK implosion problems associated with rekeying 3G multicasts –Scales well as group size increases  The proposed mechanisms can be mapped to other network scenarios.

24 24 Future work:  We plan to formulate the relationship between the group join/leave behavior and the amount of communication overhead associated with rekeying?  Our simulations only captured the bottleneck effect in 3G Core Networks –We plan to study different multicast strategies at the Radio Access Network and how key management affects RAN network performance.

25 25 Questions?

26 Thank you!

Download ppt "Improving MBMS Security in 3G Wenyuan Xu Rutgers University."

Similar presentations

Universidade do Minho A Framework for Multi-Class Based Multicast Routing TNC 2002 Maria João Nicolau, António Costa, Alexandre Santos {joao, costa,

Universidade do Minho A Framework for Multi-Class Based Multicast Routing TNC 2002 Maria João Nicolau, António Costa, Alexandre Santos {joao, costa,
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.

A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,

An Improvement on Privacy and Authentication in GSM Young Jae Choi, Soon Ja Kim Computer Networks Lab. School of Electrical Engineering and Computer Science,
LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU 20082065 Myunghan Yoo.

LOGO Multi-user Broadcast Authentication in Wireless Sensor Networks ICU Myunghan Yoo.
Ranveer Chandra , Kenneth P. Birman Department of Computer Science

Ranveer Chandra , Kenneth P. Birman Department of Computer Science
Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.

Authentication in Mobile Ad-hoc Network (MANET) Student Ståle Jonny Berget Superviser Chik How Tan.
Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.

Federated Authentication mechanism for mobile services Dasun Weerasinghe, Saritha Arunkumar, M Rajarajan, Veselin Rakocevic Mobile Networks Research Group.
Doc.: IEEE 802.11-04/0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.

Doc.: IEEE /0408r0 Submission March 2004 Colin Blanchard, BTSlide 1 3GPP WLAN Interworking Security Colin Blanchard British Telecommunications.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.

ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang.
Page 1 3GPP2 Broadcast and Multicast Service Contact: Jun Wang, Qualcomm Inc.

Page 1 3GPP2 Broadcast and Multicast Service Contact: Jun Wang, Qualcomm Inc.
Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.

Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.
Bluenet a New Scatternet Formation Scheme * Huseyin Ozgur Tan * Zifang Wang,Robert J.Thomas, Zygmunt Haas ECE Cornell Univ*

Bluenet a New Scatternet Formation Scheme * Huseyin Ozgur Tan * Zifang Wang,Robert J.Thomas, Zygmunt Haas ECE Cornell Univ*
Group Key Distribution Chih-Hao Huang

Group Key Distribution Chih-Hao Huang
“On the Integration of MPEG-4 streams Pulled Out of High Performance Mobile Devices and Data Traffic over a Wireless Network” Spyros Psychis, Polychronis.

“On the Integration of MPEG-4 streams Pulled Out of High Performance Mobile Devices and Data Traffic over a Wireless Network” Spyros Psychis, Polychronis.

Similar presentations

Ads by Google