Presentation is loading. Please wait.

Presentation is loading. Please wait.

Pairwise Key Agreement in Broadcasting Networks - 2005.11.11 - Ik Rae Jeong.

Similar presentations


Presentation on theme: "Pairwise Key Agreement in Broadcasting Networks - 2005.11.11 - Ik Rae Jeong."— Presentation transcript:

1 Pairwise Key Agreement in Broadcasting Networks Ik Rae Jeong

2 Contents I.Security Notions of Key Exchange II.Type of Networks III.Key Agreement for Key Graphs

3 I.Security Notions of Key Exchange IA (Implicit Authentication) –Only a designated party can calculate the same session key. Dishonest parties can not get any information about the session key. KI (Key Independence) –security against Denning-Sacco attacks (known key attacks) –for the cases when other session keys are revealed FS (Forward Secrecy) –for the cases when long-term secrets are revealed

4 II.Types of Network half-duplex full-duplex 4 Rounds 2 Rounds Alice Bob Alice Bob

5 II.Types of Network Broadcasting Network Round 1 P1 P4 P3 P2 Round 2

6 DH (half-duplex) Alice Bob 2 Rounds

7 DH (full-duplex) Alice Bob 1 Round

8 Session Identifier The unique string per session Used to define matching session in the definition of security of key exchange In the full-duplex channel: the message concatenation by the ordering of owners

9 III. Key Agreement for Key Graphs We have constructed more efficient key exchange schemes which provides pairwise key exchange between parties via randomness re-use technique.

10 Sequential Key Exchange between Parties P1 P4P3 P2

11 Concurrent Key Exchange between Parties P1 P4P3 P2

12 Motivation How do we efficiently do concurrent execution of the two-party key exchange scheme ?

13 Our Results An efficient one-round key exchange scheme providing key independence in the standard model A two-round key exchange scheme providing forward secrecy in the standard model

14 Key Graph for Session keys (1) P1 P4 P3 P2 G={V,E} V={P1,P2,P3,P4} E={(P1,P2),(P1,P3),(P1,P4)} G={V,E} V={P1,P2,P3,P4} E={(P1,P2),(P2,P3),(P3,P4), (P4,P1)} P1 P4 P3 P2

15 Key Graph for Session keys (2) G={V,E} V={P1,P2,P3,P4} E={(P1,P2),(P1,P3), (P2,P4), (P2,P5), (P3,P6), (P3,P7)} G={V,E} V={P1,P2,P3,P4} E={(P1,P2),(P1,P3),(P1,P4), (P2,P3),(P2,P4),(P3,P4)} P1 P4 P3 P2 P1 P4 P3P2 P5 P6 P7

16 Key Exchange Model for Key Graphs Broadcasting network Several session keys in a single session

17 One-Round Two-Party Diffie- Hellman Key Exchange P1 P2

18 One-Round Concurrent Key Exchange using Two-Party Key Exchange P1 P4P3 P2 P1 requires three random values.

19 One-Round Concurrent Key Exchange using randomness re-use technique P1 P4P3 P2 P1 requires one random values.

20 Randomness Re-use under the DDH assumption Pairwise DDH assumption 1 Exp

21 Randomness Re-use under the DDH assumption Pairwise DDH assumption 2 Exp

22 PKA1 P1 P4 P3 P2 Round 1: KI in the standard model F is a pseudo random function

23 PKA2 P1 P4 P3 P2 Round 1: FS in the standard model

24 Security PKA1 and PKA2 –reduced to the DDH problem in the standard model

25 Discussion Key exchange for key graph is an extension of two-party key exchange. Key exchange for key graph can be used as a subprotocol of another protocol such as group key exchange protocols.

26 Thank You !


Download ppt "Pairwise Key Agreement in Broadcasting Networks - 2005.11.11 - Ik Rae Jeong."

Similar presentations


Ads by Google