Download presentation

Presentation is loading. Please wait.

Published byMarcos Dravis Modified over 2 years ago

1
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang (hhuang3@eos.ncsu.edu)hhuang3@eos.ncsu.edu

2
2 Outline Introduction Group key distribution overview Self-healing key distribution Revocation capability Novel personal key distribution Contribution and conclusion Future work

3
3 Introduction Common way to ensure communication security: encrypt and authenticate messages Challenge: –how to distribute keys to valid nodes Challenges in ensuring communication security for mobile wireless ad hoc networks over unreliable channels –Volatile membership –Disruption of communication by adversary –Resource constraints

4
4 Group Key Distribution Techniques Group controller –Can’t scale to large groups Iolus –subgroup hierarchy Logical Key Hierarchy(LKH) or Key Graph –Keys are organized into a tree hierarchy Self-healing key distribution Stateless key distribution

5
5 Self-healing Key Distribution Users are capable of recovering lost group keys on their own No need to request additional transmissions from the group manager –Lower network traffic –Decrease the load on the group manager To recover the key via self-healing –A user must be a member both before and after the session in which a particular key is sent

6
6 Revocation Capability The ability to revoke users and thus prevent them from learning new keys t-revocation capability –Possible to prevent at most t users at a time from learning new session key –With the revocation polynomial g(x) constructed as g(x)=(x-r 1 )(x-r 2 )…(x-r w )

7
7 Personal Key Share Distribution-Scheme 1 t-revocation capability To distribute keys to selected group members so that each member shares a distinct personal key with the group manage But the other(revoked) group members and adversary cannot get any information of the keys Choose a random t-degree polynomial f(x) from Fq[x] and select f(i) to be the personal key share for each member Group manager broadcasts a single polynomial w(x) so that –Valid group member Ui can recover f(i) from w(x) and personal secret Si –Revoked group member Ui’ will NOT be able to recover f(i’)

8
8 Personal Key Share Distribution-Scheme 1(cont) Construct w(x) with the help of a revocation polynomial g(x) and a masking polynomial h(x) by computing w(x)=g(x)*f(x)+h(x) g(x) is constructed in such a way that –For valid member U i, g(i) <> 0 –For revoked member U i’, g(i’)==0 Choose a random t-degree polynomial f(x) from Fq[x] and select f(i) to be the personal key share for each member Group manager broadcasts a single polynomial w(x) so that –Valid group member U i can recover f(i) from w(x) and personal secret S i : f(i) = ( w(i) - h(i) ) / g(i) –Revoked group member U i’ will NOT be able to recover f(i’) as g(i’)==0

9
9 How to achieve self-healing Use secret sharing –Based on polynomial interpolation –Bind the ability of users to recover from packet loss to the user’s membership status

10
10 How to achieve self-healing(2) Split group session key K j into two t-degree polynomials, p j (x) and q j (x) such that K j =p j (x)+q j (x) In session j 1 : broadcast polynomials {p 1 (x),…,p j1 (x),q j1 (x),…, q j (x),…q j2 (x),…, q m (x)} In session j 2 (j 2 >j 1 ): broadcast polynomials {p 1 (x),…,p j1 (x), …, p j (x),…,p j2 (x),q j2 (x),…,q m (x)} For any session j(j 1

11
11 Personal Key Share Distribution- Scheme 2 Self-healing key distribution with t-revocation capability In the j th session key distribution, given a set of revoked member Ids, R j ={r 1,r 2,…,r wj ), |R j |=w j

12
12 Reducing Storage Requirement In Scheme 2, the storage overhead in each group member is O(m 2 logq). –m: total sessions –logq: session key size Use only ONE masking polynomial for each p i (x),q i (x) Reduce the storage requirement in each member from O(m 2 logq) to O(mlogq) in Scheme 3

13
13 Personal Key Share Distribution- Scheme 3 Improved self-healing key distribution with t- revocation capability In the j th session key distribution, given a set of revoked member Ids, R j ={r 1,r 2,…,r wj ), |R j |=w j

14
14 Personal Key Share Distribution- Scheme 4 Trading off self-healing capability for less broadcast size Introduce a “sliding window” of l sessions –only redundant information for the sessions that fall into this window is broadcasted –Can NOT ensure the same self-healing property as in previous schemes –Reduce storage overhead to (2m+2l-1)logq

15
15 Personal Key Share Distribution- Scheme 5 Aimed at situations where they are relatively long term but infrequent communication failures Introduce a “sliding window” of (l-1)d sessions –Assume each group member can receive at least d consecutive broadcast key distribution messages –Selectively include the same amount of redundant information from a large “window” of session(i.e. 2(l-1)d+1) in each key distribution message –storage overhead : (2m+2(l-1)d+1)logq

16
16 Conclusion Presented several group key distribution schemes for very large and dynamic groups over reliable channels Developed several efficient unconditionally secure and self-healing group key distribution schemes that significantly improved over the previous approaches Developed 2 techniques that allow trade-offs between broadcast message size and recoverabilities of lost session keys

17
17 Future work Develop a model that characterizes failures in large and highly mobile wireless networks Further investigate the performance of the proposed schemes in this model Seek more efficient ways to perform the initial key distribution for the proposed schemes

18
18 Questions?

Similar presentations

OK

Improving MBMS Security in 3G Wenyuan Xu Rutgers University.

Improving MBMS Security in 3G Wenyuan Xu Rutgers University.

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google

Ppt on total internal reflection Ppt on matrix organizational structure Ppt on advertisement of honda city Ppt on save heritage of india Ppt on water fuelled car Ppt on eddy current test Ppt on enterprise java beans Ppt on andhra pradesh Ppt on duty roster samples Ppt on renewable energy for today and tomorrow