Presentation is loading. Please wait.

Presentation is loading. Please wait.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Similar presentations


Presentation on theme: "Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi."— Presentation transcript:

1 Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi

2 Overview Introduction Key Management in Ad hoc networks.  Key distribution pattern. Blom`s key distribution  Secure point-point channel Examples.

3 Introduction Ad hoc network-  A self organized network of user terminals (no prior infrastructure ). Group Communication in Ad hoc-  Effective support of multicast or group communication essential for most ad-hoc network applications.  Multicasting Enables efficient delivery of data to multiple locations on a network. Efficient utilization of bandwidth. More efficient when compared to unicasting and broadcasting.

4 Introduction (contd..) Securing Group Communication-  Multicast groups are prone to security attacks.  Securing group communication is important Military operation Instantaneous conferences and classrooms.  Common way is to establish a cryptographic key known only to group members.

5 Dynamic nature of Multicast Group Existing nodes may leave the group New nodes may join the group Compromised nodes should be eliminated from the group. This requires efficient key management Group key must be updated whenever group membership changes. key update and rekeying is provided by group key distribution schemes.

6 Factors effect an ideal group key distribution scheme Secure Decentralized Efficient Scalablity

7 Decentralized scheme Relying on a single trusted authority is not wise  Single point failure  Single point attack Distributing the trust to all nodes in the network improves efficiency. An attack on a single system will not bring down the whole system.

8 Security Goals Session secrecy  collusion temporarily revoked nodes cannot discover the common key of the new group Forward secrecy  Collusion of nodes that leave the group cannot discover the common keys for all future communication Backward secrecy  Collusion of nodes that join a group cannot discover the keys used by the group in the past

9 Efficiency  A group key distribution scheme requires low amount of communication, computation, secure storage and smaller response time to perform security operations. Scalability  The scheme must work well for both small and large number of nodes in the group

10 Key management in Ad Hoc networks Some of the solutions proposed so far-  Key Agreement in Ad Hoc Networks (shared password) Asokan and Ginzboorg, Computer Communications 2000  On Some Methods for Unconditionally Secure key Distribution and Broadcast Encryption (Key Pre- distribution, TA) D. R. Stinson, Univ. Of Nebraska-Lincoln, U.S.A. What are we going to discuss-  Key Distribution pattern.

11 Features of KDP Self initialization  Does not require a trusted authority to set up a system. Self securing  Members of a new group can determine the common key by finding the appropriate combination of their secret keys.

12 Construction of KDP Let K = {k 1, …, k v } be a v-set. B = {B 1, …, B n } be a family of subsets of K. A system (K, B) a t-resilient (v, n, r) key  distribution pattern (KDP) if the following condition holds: ⋂ i  Δ B i ⊈ ⋃ j  Λ B j where Δ and Λ are any disjoint subsets of {1, …, n} such that | Δ | = r and | Λ | = t

13 Construction KDP (contd..) The KDP guarantees that  For any r subsets, {B i 1, …, B i r }, and any t subsets, {B j 1, …, B j t }, where {B i 1, …, B i r } ⋂ {B j 1, …, B j t } = Ø, there exists at least an element k that belongs to the r subsets, but does not belong to the t subsets.  For a given r subsets or less, an arbitrary union of at most t other subsets cannot cover elements in the r subsets.

14 The Key Matrix B2 B1 B3 B5 B4 K={ }, B={B1…B12}, r=2; t=1 B1= {4,5,6,7,8,9} B7= {1,3,4,5,8,9} B2= {2,3,5,6,8,9}B8= {1,3,5,6,7,8} B3= {2,3,4,6,7,8}B9= {1,2,3,4,5,6} B4= {2,3,4,5,7,9}B10={1,2,4,5,7,8} B5= {1,2,3,7,8,9} B11={1,2,5,6,7,9} B6= {1,3,4,6,7,9}B12={1,2,4,6,8,9} K={1...14}, B={B1..B5}, r=3; t=2 B1={2,3,4,5,9,11,12,13,14} B2={1,3,5,7,8,10,14} B3={1,2,4,5,6,10,13} B4={1,3,6,7,8,11,12,13} B5={2,4,6,8,9,10,11,14}

15 Group Key Constraints on Group formation The parameter r The parameter t (t-resilient) KEY1=B1∩B2 ∩B3 =4 5 6 KEY2=B2 ∩B5 ∩B6 KEY3=B3 ∩B4 ∩B5 GROUP KEY1 GROUPKEY3 GROUP KEY2 B2 B1 B3 B6 B5 B4 ++

16 t- resilient GK1 B1 B2 B3 B1={2,3,4,5,9,11,12,13,14} B2={1,3,5,7,8,10,14} B3={1,2,4,5,6,10,13} B4={1,3,6,7,8,11,12,13} B5={2,4,6,8,9,10,11,14} GK1=B1∩B2 ∩B3 =[5] B1∩B3=[2,4,5,13] B4 GK1=B1∩B3 ∩B4 =[13] Compromised nodes B5 GK1=B1∩B3 ∩B5 =[2,4] υ ={1,3,5,6,7,8,10,11,12,13} ⋂ i  Δ B i ⊈ ⋃ j  Λ B j

17 Key Update When, Why and How! When Nodes leaves - Temporarily, permanently, new node joins. Why – As discussed before to provide – Session secrecy, Forward Secrecy, Backward Secrecy. How?

18 Key Update B5= {1,2,3,7,8,9} B1 B3B2 B4B7B6 B8 B9B10B11 B5 B1= {4,5,6,7,8,9}, k | =B1∩B5={7 8 9} B2= {2,3,5,6,8,9} B3= {2,3,4,6,7,8} B7= {1,3,4,5,8,9} B11= {1,2,5,6,7,9} B10= {1,2,4,5,7,8}B9= {1,2,3,4,5,6}B8= {1,3,5,6,7,8} B4= {2,3,4,5,7,9} B6= {1,3,4,6,7,9} B2= {8,9}B3= {7,8} B4= {7,9}, B6= {7,9} B7= {8,9} B8= {7,8}, B10= {7,8},B11= {7,9} k | = {7,8,9}, k | =(B2∩B5 -k | )= {2,3} B3= {2,3} B4= {2,3} B6= {3} B7= {3}, B8= {3}, B9= {2,3} B10= {2} B11= {2},

19 Key Update (contd..) B5= {1,2,3,7,8,9} B5,k | = {2,3,7,8,9}, B1= {4,5,6,7,8,9} B7= {1,3,4,5,8,9} B2= {2,3,5,6,8,9}B8= {1,3,5,6,7,8} B3= {2,3,4,6,7,8}B9= {1,2,3,4,5,6} B4= {2,3,4,5,7,9}B10={1,2,4,5,7,8} B5= {1,2,3,7,8,9} B11={1,2,5,6,7,9} B6= {1,3,4,6,7,9}B12={1,2,4,6,8,9} B6 B7 B8 B12B11B10B9

20 Blom's key Allows any pair of users in the network form a secure point- point channel. Users compute secret key with out any interaction. User sends a cipher text which can be decrypted only by the user he is intended to send. The scheme uses the following symmetric polynomial over a finite GF(q). The polynomial holds symmetric property

21 Why Blom`s key distribution? B1 How many secret keys would every node in the network have to store? n c 2

22 With Blom`s Key B1 B2B3 F (1, 2)=15 F (3, 1)=8 F (2, 1)=15 F (3, 1)=8 E 15 (M)

23 Acknowledgements. Our thanks to Dr Kris Gaj and Dr Josef Pieprzyk for their invaluable suggestions and time.

24 Questions?


Download ppt "Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi."

Similar presentations


Ads by Google