1. 1 Efficient User Authentication and Key Management for Peer-to- Peer Live Streaming Systems Authors: X. Liu, Y. Hao, C. Lin, and C. Du Source: Tsinghua Science and Technology, vol. 14, no. 2, pp. 234-241, 2009 Speaker: Shu-Fen Chiou ( 邱淑芬 )

2. 2 Introduction A a.wmv Frame 1Frame 2Frame 3 … Frame N B Frame 1 Frame 2 P2P Live streaming Live to watch a.wmv

3. 3 Challenges in streaming systems High bit rates End-to-end delay Packet losses Network congestion Service guarantees Security

4. 4 Motivation For P2P live media streaming, authors proposed a secure scheme using user authentication and key managements.

5. 5 Requirements Confidentiality Data integrity Scalability Efficient

6. 6 User authentication Notation AS Authorization server PriK AS, PubK AS Private and corresponding public keys from the AS n Total number of users U i, U j i-th and j-th users PriK i, PubK i Private and corresponding public keys of U i CT i Certificate of U i H m (x) H m (x)=H(H m-1 (x)), m>1, H() is a one-way hash T s, T e certificate lifetime RS i Private number for U i only known by AS

7. 7 User authentication Certificate generation New user U i AS Generate PriK i, PubK i Generate random value R i, and calculate H m (R i ) Login request Verify U i Generate CT i CT i ={ID i |T s |T e |T|IP i |PubK i | H m (R i )|H m (RS i )|SigN i } CTi

8. 8 User authentication Certificate update user U i AS Between frames, 0<t<m {ID i |t|H m-t (R i )} Check whether H(H m-t (R i ))=H m-(t-1) (R i ) {ID i |H m-t (RS i )}

9. 9 User authentication Certificate verification (U k verify U i ) user U i user U k CT i Verify CT i CT i ={ID i |T s |T e |T|IP i |PubK i | H m (R i )|H m (RS i )|SigN i } {M i |E(M i )} Select random value M i Encrypt M i by PriK i Decrypt E(M i )by PubK i Get M i ’ Check whether Mi’=M i Select random value M k as symmetric secret key Encrypt M k by PubKi {E(Mk}{E(Mk} Decrypt E(M k )by PriK i to get M k

10. Key management Every user has a logic key tree 10 Key of secure channel Logic key tree of j before i joins

11. 11 Key management User i joins to j Logic key tree of j after i joins 1. j sends {Pubk i (K 8 ), K 8 (K’ 78 ), K’ 78 (K’ 58 ), K’ 58 (KEK’)} to i 2. j sends other key materials to its old neighbors. e.g. j sends {K 7 (K’ 78 ), K’ 78 (K’ 58 ), K’ 58 (KEK’)} to U 7

12. 12 Key management User i leaves j Logic key tree of j before i leavesLogic key tree of j after i leaves When i leaves, j changes some of the key values and send to its neighbors e.g. j sends {K 4 (K’ 34 ), K’ 34 (K’ 14 ), K’ 14 (KEK’)} to U 4

13. 13 此篇 paper 之優缺點 優點 : 延伸 authentication 及 key management 應用 在 P2P live streaming protocol 缺點 : Certificate verification 無相互驗證

14. 14 可能研究方向 Certificate verification 相互驗證 加入付費機制