Presentation is loading. Please wait.

Presentation is loading. Please wait.

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

Similar presentations


Presentation on theme: "1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang"— Presentation transcript:

1 1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang (hhuang3@eos.ncsu.edu)hhuang3@eos.ncsu.edu

2 2 Outline Introduction Group key distribution overview Self-healing key distribution Revocation capability Novel personal key distribution Contribution and conclusion Future work

3 3 Introduction Common way to ensure communication security: encrypt and authenticate messages Challenge: –how to distribute keys to valid nodes Challenges in ensuring communication security for mobile wireless ad hoc networks over unreliable channels –Volatile membership –Disruption of communication by adversary –Resource constraints

4 4 Group Key Distribution Techniques Group controller –Can’t scale to large groups Iolus –subgroup hierarchy Logical Key Hierarchy(LKH) or Key Graph –Keys are organized into a tree hierarchy Self-healing key distribution Stateless key distribution

5 5 Self-healing Key Distribution Users are capable of recovering lost group keys on their own No need to request additional transmissions from the group manager –Lower network traffic –Decrease the load on the group manager To recover the key via self-healing –A user must be a member both before and after the session in which a particular key is sent

6 6 Revocation Capability The ability to revoke users and thus prevent them from learning new keys t-revocation capability –Possible to prevent at most t users at a time from learning new session key –With the revocation polynomial g(x) constructed as g(x)=(x-r 1 )(x-r 2 )…(x-r w )

7 7 Personal Key Share Distribution-Scheme 1 t-revocation capability To distribute keys to selected group members so that each member shares a distinct personal key with the group manage But the other(revoked) group members and adversary cannot get any information of the keys Choose a random t-degree polynomial f(x) from Fq[x] and select f(i) to be the personal key share for each member Group manager broadcasts a single polynomial w(x) so that –Valid group member Ui can recover f(i) from w(x) and personal secret Si –Revoked group member Ui’ will NOT be able to recover f(i’)

8 8 Personal Key Share Distribution-Scheme 1(cont) Construct w(x) with the help of a revocation polynomial g(x) and a masking polynomial h(x) by computing w(x)=g(x)*f(x)+h(x) g(x) is constructed in such a way that –For valid member U i, g(i) <> 0 –For revoked member U i’, g(i’)==0 Choose a random t-degree polynomial f(x) from Fq[x] and select f(i) to be the personal key share for each member Group manager broadcasts a single polynomial w(x) so that –Valid group member U i can recover f(i) from w(x) and personal secret S i : f(i) = ( w(i) - h(i) ) / g(i) –Revoked group member U i’ will NOT be able to recover f(i’) as g(i’)==0

9 9 How to achieve self-healing Use secret sharing –Based on polynomial interpolation –Bind the ability of users to recover from packet loss to the user’s membership status

10 10 How to achieve self-healing(2) Split group session key K j into two t-degree polynomials, p j (x) and q j (x) such that K j =p j (x)+q j (x) In session j 1 : broadcast polynomials {p 1 (x),…,p j1 (x),q j1 (x),…, q j (x),…q j2 (x),…, q m (x)} In session j 2 (j 2 >j 1 ): broadcast polynomials {p 1 (x),…,p j1 (x), …, p j (x),…,p j2 (x),q j2 (x),…,q m (x)} For any session j(j 1 { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/12/3361873/slides/slide_10.jpg", "name": "10 How to achieve self-healing(2) Split group session key K j into two t-degree polynomials, p j (x) and q j (x) such that K j =p j (x)+q j (x) In session j 1 : broadcast polynomials {p 1 (x),…,p j1 (x),q j1 (x),…, q j (x),…q j2 (x),…, q m (x)} In session j 2 (j 2 >j 1 ): broadcast polynomials {p 1 (x),…,p j1 (x), …, p j (x),…,p j2 (x),q j2 (x),…,q m (x)} For any session j(j 1 j 1 ): broadcast polynomials {p 1 (x),…,p j1 (x), …, p j (x),…,p j2 (x),q j2 (x),…,q m (x)} For any session j(j 1

11 11 Personal Key Share Distribution- Scheme 2 Self-healing key distribution with t-revocation capability In the j th session key distribution, given a set of revoked member Ids, R j ={r 1,r 2,…,r wj ), |R j |=w j { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/12/3361873/slides/slide_11.jpg", "name": "11 Personal Key Share Distribution- Scheme 2 Self-healing key distribution with t-revocation capability In the j th session key distribution, given a set of revoked member Ids, R j ={r 1,r 2,…,r wj ), |R j |=w j

12 12 Reducing Storage Requirement In Scheme 2, the storage overhead in each group member is O(m 2 logq). –m: total sessions –logq: session key size Use only ONE masking polynomial for each p i (x),q i (x) Reduce the storage requirement in each member from O(m 2 logq) to O(mlogq) in Scheme 3

13 13 Personal Key Share Distribution- Scheme 3 Improved self-healing key distribution with t- revocation capability In the j th session key distribution, given a set of revoked member Ids, R j ={r 1,r 2,…,r wj ), |R j |=w j { "@context": "http://schema.org", "@type": "ImageObject", "contentUrl": "http://images.slideplayer.com/12/3361873/slides/slide_13.jpg", "name": "13 Personal Key Share Distribution- Scheme 3 Improved self-healing key distribution with t- revocation capability In the j th session key distribution, given a set of revoked member Ids, R j ={r 1,r 2,…,r wj ), |R j |=w j

14 14 Personal Key Share Distribution- Scheme 4 Trading off self-healing capability for less broadcast size Introduce a “sliding window” of l sessions –only redundant information for the sessions that fall into this window is broadcasted –Can NOT ensure the same self-healing property as in previous schemes –Reduce storage overhead to (2m+2l-1)logq

15 15 Personal Key Share Distribution- Scheme 5 Aimed at situations where they are relatively long term but infrequent communication failures Introduce a “sliding window” of (l-1)d sessions –Assume each group member can receive at least d consecutive broadcast key distribution messages –Selectively include the same amount of redundant information from a large “window” of session(i.e. 2(l-1)d+1) in each key distribution message –storage overhead : (2m+2(l-1)d+1)logq

16 16 Conclusion Presented several group key distribution schemes for very large and dynamic groups over reliable channels Developed several efficient unconditionally secure and self-healing group key distribution schemes that significantly improved over the previous approaches Developed 2 techniques that allow trade-offs between broadcast message size and recoverabilities of lost session keys

17 17 Future work Develop a model that characterizes failures in large and highly mobile wireless networks Further investigate the performance of the proposed schemes in this model Seek more efficient ways to perform the initial key distribution for the proposed schemes

18 18 Questions?


Download ppt "1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang"

Similar presentations


Ads by Google