Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key Agreement for Heterogeneous Mobile Ad-hoc Groups (µSTR-H) Mark Manulis Horst-Görtz Institute, Bochum (Germany)

Published byGiles Lawson Modified over 9 years ago

Similar presentations

Presentation on theme: "Key Agreement for Heterogeneous Mobile Ad-hoc Groups (µSTR-H) Mark Manulis Horst-Görtz Institute, Bochum (Germany)"— Presentation transcript:

1 Key Agreement for Heterogeneous Mobile Ad-hoc Groups (µSTR-H) Mark Manulis Horst-Görtz Institute, Bochum (Germany) http://www.hgi.rub.de

2 2 Mark Manulis, Horst-Görtz Institute, Bochum, Germany Heterogeneous Mobile Ad-Hoc Group

3 3 Outline Elliptic Curve Cryptography Performance of Mobile Devices Device Architecture µSTR-H Protocol Suite  Setting  Requirements  Protocols: Setup, Join, Leave, Merge, Partition Performance Analysis Current and Future Work Mark Manulis, Horst-Görtz Institute, Bochum, Germany

4 4 Elliptic Curve Cryptography (ECC) Elliptic curve E over a finite field F q  q  Primes : y 2 = x 3 + ax +b, x,y,a,b  F p and 4a 3 + 27b 2  0  q = 2 m, m  N : y 2 + xy = x 3 + ax 2 + b, x,y,a,b  F 2 m and b  0 Group of elliptic points E( F q ) is commutative. Let P,Q  E( F q )  Negation: –P  Addition: P + Q = R(x R, y R )  E( F q )  Doubling: 2P = R(x R, y R )  E( F q ) Let G  E( F q ) of prime order t with t | q-1  Generated additive subgroup = {O, G, 2G, …, (t-1)G}  Scalar-Point Multiplication: r  {1,…,t-1}, rG = R  G Note: R = G + … + G It is hard to compute r given R and G (EC-Discrete Logarithm Problem) r times Mark Manulis, Horst-Görtz Institute, Bochum, Germany

5 5 Performance of Mobile Devices Benchmark function F  Input: device’ hardware parameters CPU clocks memory size storage capacity battery power consumption …  Process: application-specific operations cryptographic and network operations  Output: performance ratio µ Mark Manulis, Horst-Görtz Institute, Bochum, Germany run F(input) get µ

6 6 Performance Ratio Order Mobile Ad-Hoc Group: M 1, …, M n Performance ratio order:  P = (M 1, …, M n ),  M i, M i+1 : µ i  µ i+1  e.g.: Assumption:  µ i can be figured out from P M1M1 M2M2 M3M3 M4M4 M5M5 M6M6 M7M7 M8M8 M9M9 Mark Manulis, Horst-Görtz Institute, Bochum, Germany

7 7 Homogeneous & Heterogeneous Mobile Ad-Hoc Groups Homogeneous Mobile Ad-Hoc Group:   µ i, µ j  P : |µ i - µ j |   Heterogeneous Mobile Ad-Hoc Group:   µ i, µ j  P : |µ i - µ j | >   : limit of homogeneity Mark Manulis, Horst-Görtz Institute, Bochum, Germany

8 8 CGKA Protocol Requirements Usual security requirements against passive adversary Cost fairness (performance requirement)  Homogeneous Groups: uniform distribution of protocol costs between devices  Heterogeneous Groups: distribution of protocol costs between devices with respect to P Performance Honesty (security requirement)  Adversary cannot cheat on its device performance Remark: Adversary is active  Concerns only heterogeneous groups Mark Manulis, Horst-Görtz Institute, Bochum, Germany

9 9 Abstract Device Architecture based on TCG Mark Manulis, Horst-Görtz Institute, Bochum, Germany Trusted Computing Base Components  Trusted Platform Module (TPM) Tamper-resistant Limited computational capabilities Platform Configuration Registers (PCRs) Attestation Identity Key Pair (PK AIK, SK AIK )  Trusted Software Component (TSC) Its measurement S is included in PCRs Better computational capabilities Non-Trusted Components  Application isolated from other processes Hardware Plattform PCR 1 PCR 2 PCR l... TPM TSC Common OS S Application

10 10 µSTR-H: Pre-Requisites Communication Channel  public broadcast / multicast  reliable Authentication  Every device has Cert TPMi = (ID TPMi, PK AIK, Sig CA (ID TPMi, PK AIK ))  Assumption: All protocol messages are authentic Explicit indication of authentication procedure is omitted Mark Manulis, Horst-Görtz Institute, Bochum, GermanyHGI-Seminar 2005

11 11 µSTR-H: Parameters and Notations E(F q ), q is prime or 2 m, m  N = {O, G, 2G, …, (t-1)G}, t is prime, t | q-1 public keys R1R1 K2K2 K3K3 K4K4 secret keys r1r1 k2k2 k3k3 k4k4 k5k5 k i = (k i, …, k n ) blinded session randoms R1R1 R2R2 R3R3 R4R4 R5R5 R i = (R i, …, R n ) secret session randoms r1r1 r2r2 r3r3 r4r4 r5r5 M1M1 M2M2 M3M3 M4M4 M5M5 P User M i computes:  r i  R {1, …, t-1}  R i = r i G  k i = map(r i K i-1 ); for all 2<i<j≤n: k j = map(k j-1 R j ) exception: k 2 = map(r 1 R 2 ) = map(r 2 R 1 )  K i = k i G Example M 3 :  r 3  R {1, …, t-1}  k 3 = map(r 3 K 2 )  k 4 = map(k 3 R 4 )  k 5 = map(k 4 R 5 ) group keyauxiliary keys Mark Manulis, Horst-Görtz Institute, Bochum, Germany (performance ratio order) HGI-Seminar 2005

12 12 Achieving Performance Honesty Mark Manulis, Horst-Görtz Institute, Bochum, GermanyHGI-Seminar 2005 Tasks of TPM i  Choose r i and compute R i  Seal r i under µ i and S i  Generate σ i = Sign SK_AIK_i (R i, µ i )  Compute r i K i-1 given K i-1 Tasks of TSC i  Compute all secret keys k i, …,k n  Compute all public keys K i, …, K n-1 Tasks of untrusted µSTR-H  Send and receive protocol messages  Verify received σ j  Compute P  Store R i riri Hardware Plattform PCR TPM i TSC i Common OS SiSi µSTR-H k i, …,k n riri performance ratio µ i

13 13 Message Exchange between Components Mark Manulis, Horst-Görtz Institute, Bochum, Germany TPM i TSC i µSTR-H (non trusted) K i-1 r i K i-1 µ i, R i, σ i, Cert TPMi R i+1,…,R n K i,…,K n-1 µ i, R i, σ i, Cert TPMi Hardware Plattform PCR TPM i TSC i Common OS SiSi µSTR-H k i, …,k n riri performance ratio µ i

14 14 µSTR-H: Setup TPM i selects r i, computes R i and σ i. M i broadcasts (µ i, R i, σ i, Cert TPMi ). M i verifies all σ j, computes P, stores R i+1,…, R n. TPM 1 computes r 1 R 2. TSC 1 computes k 1 = (k 2,…, k n ) and (K 2,…, K n-1 ). M 1 broadcasts (K 2,…, K n-1 ). M i stores K i-1. TPM i computes r i K i-1. TSC i computes k i = (k i,…, k n ). M1M1 M2M2 M3M3 M4M4 M5M5 M6M6 M7M7 M8M8 41328657 µiµi P k1k1 K2K2 K3K3 K4K4 K5K5 K6K6 K7K7 k2k2 k3k3 k4k4 k5k5 k6k6 k7k7 k8k8 87654321 Mark Manulis, Horst-Görtz Institute, Bochum, Germany

15 15 M1M1 M2M2 M3M3 M4M4 M5M5 µSTR-H: Join µjµj µ 3 >µ j >µ 4 M4M4 M1M1 M2M2 M3M3 M5M5 M6M6 R´ 3, K´ 3 K´ 4 K´ 5 P MjMj sponsor k´ 3 k´ 1 k´ 2 k´ 4 k´ 5 k´ 6 Mark Manulis, Horst-Görtz Institute, Bochum, Germany

16 16 M4M4 M1M1 M2M2 M3M3 M5M5 M6M6 M3M3 M1M1 M2M2 M4M4 M5M5 µSTR-H: Leave P sponsor R´ 2, K´ 2 K´ 3 K´ 4 k´ 2 k´ 1 k´ 3 k´ 4 k´ 5 Mark Manulis, Horst-Görtz Institute, Bochum, Germany

17 17 µSTR-H: Merge P1P1 R11R11 M11M11 M12M12 M13M13 M14M14 M21M21 M22M22 M23M23 M24M24 P2P2 µ1iµ1i µ2iµ2i 64328751 R21R21 M3M3 M5M5 M6M6 M7M7 M1M1 M2M2 M4M4 M8M8 P µiµi 87654321 sponsor R´ 2, K´ 2 K´ 3 K´ 4 K´ 5 K´ 6 K´ 7 k´ 2 k´ 1 k´ 3 k´ 4 k´ 5 k´ 6 k´ 7 k´ 8 Mark Manulis, Horst-Görtz Institute, Bochum, Germany

18 18 M3M3 M5M5 M6M6 M7M7 M1M1 M2M2 M4M4 M8M8 P µiµi 87654321 M2M2 M3M3 M4M4 M1M1 M5M5 P µiµi 86421 µSTR-H: Partition sponsor R´ 1 K´ 2 K´ 3 K´ 4 k´ 1 k´ 2 k´ 3 k´ 4 k´ 5 Mark Manulis, Horst-Görtz Institute, Bochum, Germany

19 19 Performance Analysis CommunicationComputationMemory RoundsMessagesSizeSP-MultiplicationsSize S 2n+12n-2 2n-1 i=1: 2n-1 i>1: n-i+2 i=1: 2n 3n-2 i>1: 2n-2i+4 3n-i J 122n-2s+3 2n i<s: n-s+2 2 i=s: 2n-2s+4 4 i>s: n-i+2 1 L 11n-s 2n-4 i<s: n-s i=s: 2n-2s i>s: n-i M 232n‘+2n‘‘-s+1 4n‘+4n‘‘-6 i<s: n‘+n‘‘-s+1 n‘‘+1 i=s: 2n‘+2n‘‘-2s+2 i>s: n‘+n‘‘-i+1 P 11n-v-s+1 2n-2v-2 i<s: n-v-s+1 i=s: 2n-2v-2s+2 i>s: n-v-i+1 S – setup, J – join, L – leave, M – merge, P – partition, original STR costs n – initial group size, i (s) – index of member (sponsor), v – size of partition Mark Manulis, Horst-Görtz Institute, Bochum, GermanyHGI-Seminar 2005

20 20 Future Work  Consider various protocols in MANETs where applied techniques (non- uniform distribution of protocol costs, enforcement of a property compliance) are useful, e.g. multicast routing, threshold crypto, … Mark Manulis, Horst-Görtz Institute, Bochum, Germany Thank You !!!

Download ppt "Key Agreement for Heterogeneous Mobile Ad-hoc Groups (µSTR-H) Mark Manulis Horst-Görtz Institute, Bochum (Germany)"

Similar presentations

Key Management Nick Feamster CS 6262 Spring 2009.

Key Management Nick Feamster CS 6262 Spring 2009.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.

Spreading Alerts Quietly and the Subgroup Escape Problem Aleksandr Yampolskiy (Yale) Joint work with James Aspnes, Zoë Diamadi, Kristian Gjøsteen, and.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.

 Alexandra Constantin  James Cook  Anindya De Computer Science, UC Berkeley.
The Attestation Mechanism in Trusted Computing. A Simple Remote Attestation Protocol Platform TPM Verifier Application A generates PK A & SK A 2) computes.

The Attestation Mechanism in Trusted Computing. A Simple Remote Attestation Protocol Platform TPM Verifier Application A generates PK A & SK A 2) computes.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.

1 Minimal TCB Code Execution Jonathan McCune, Bryan Parno, Adrian Perrig, Michael Reiter, and Arvind Seshadri Carnegie Mellon University May 22, 2007.
1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.

1 Bootstrapping Trust in a “Trusted” Platform Carnegie Mellon University November 11, 2008 Bryan Parno.
Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.

Trusted Platform Modules: Building a Trusted Software Stack and Remote Attestation Dane Brandon, Hardeep Uppal CSE551 University of Washington.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,

Cyber Security and Key Management Models Smart Grid Networks The Network System Key Management and Utilization Why Hardware Security Christopher Gorog,
20-751 ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.

ECOMMERCE TECHNOLOGY FALL 2003 COPYRIGHT © 2003 MICHAEL I. SHAMOS Cryptography.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 16 Jonathan Katz.
Position Based Cryptography* Nishanth Chandran Vipul Goyal Ryan Moriarty Rafail Ostrovsky UCLA CRYPTO ‘09.

Position Based Cryptography* Nishanth Chandran Vipul Goyal Ryan Moriarty Rafail Ostrovsky UCLA CRYPTO ‘09.
Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.

Dr. Lo’ai Tawalbeh Fall 2005 Chapter 10 – Key Management; Other Public Key Cryptosystems Dr. Lo’ai Tawalbeh Computer Engineering Department Jordan University.
Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.

Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.

Similar presentations

Ads by Google