Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides.

Published byDaniel Morris Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides."— Presentation transcript:

1 Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides from Donggang Liu, Peng Ning, and Kun Sun

2 Computer Science 2 Outline Motivation and background –Secure group communication in MANET Proposed solutions –Novel personal key distribution –Self-healing group key distribution –Improvements to reduce storage and communication overheads Conclusions and future work

3 Computer Science 3 Secure Group Communications in MANET Problem –How to distribute group keys? Challenges in MANET –Dynamic and volatile –Unreliable communication Lost packets, network partitions, relatively long term failures due to active attacks, …

4 Computer Science 4 Related Work Extensive results on group key management –Group key distribution Tree-based scheme: LKH, Iolus, … Secret sharing-based scheme: Self-healing, … –Group key agreement GDH,TGDH, … Most existing techniques are not suitable for MANET –No fault tolerance => not applicable –Simple fault tolerance => easy to disrupt, cannot deal with network partitions and active attacks

5 Computer Science 5 Related Work (cont’d) Two potential candidates for MANET –Self-healing group key distribution Ability to recover lost session keys Staddon et al., Oakland 2002 –Stateless group key distribution Ability to rejoin the group Cannot recover lost keys Naor, Naor, and Lotspiech (SDR), Crypto 2001

6 Computer Science 6 Desirable Properties Unconditionally secure Self-healing t-revocation capability t-wise forward secrecy t-wise backward secrecy K 1, K 2, …, K i, K i+1 …, K m t comp. users revoked  K 1, K 2, …, K i, K i+1 …, K m t comp. users  join

7 Computer Science 7 Property of proposed scheme Processing,Communication and Storage overheads depend on number of compromised nodes that may collude together and not on group size.

8 Computer Science 8 Scheme I: Personal Key Distribution Goal: distribute distinct keys to different members with one broadcast message –A key is a point on polynomial f(x), e.g., f(j) Idea: construct a single polynomial w(x) to distribute shares on f(x) such that –A valid member can only get its own key –Revoked members know nothing about Valid members’ keys Their own keys

9 Computer Science 9 Scheme I (cont’d) Method: w(x)=g(x)f(x)+h(x) –h(x) is called a masking polynomial. Degree 2t Each member i has one share on h(x), which is h(i). –g(x) is called a revocation polynomial. Degree w(w<=t).If member v is revoked, g(v) =0; otherwise g(v)!=0

10 Computer Science 10 Scheme I (cont’d) Group manager broadcasts –Revoked user ids {r 1,…,r w } => g(x)=(x-r 1 )(x-r 2 )…(x-r w ) –w(x)=g(x)f(x)+h(x) Communication overhead O(tlogq) Member v is not compromised, but member v’ is compromised w(x)=g(x)f(x)+h(x) v v’ 0

11 Computer Science 11 Property of Scheme I Scheme I is an unconditionally secure personal key distribution scheme with t-revocation capability

12 Computer Science 12 Scheme II: (Basic Session Key Distribution) Main idea –Combine the new personal key distribution scheme with the self-healing technique. Distribute p(x) part for all old session and q(x) part for all future sessions K=K= p(x) p(x)g(x)+h(x) q(x) q(x)g(x)+h’(x) +

13 Computer Science 13 Self Healing Property Group key K j = p j (i) + q j (i) (m+1) polynomials broadcasted for all ‘m’ sessions –{ p 1 (i)… p j (i), q j (i) …. q m (i)} U i receives messages from j 1 and j 2 but not j;where j 1 < j < j 2 How to recover session key for ‘j’? –p j (i) from j 2 and q j (i) from j 1

14 Computer Science 14 Broadcast Bj = {R j } {P j,i (x) = g j (x)p i (x) + h i,j (x)} i=1…j {Q i,j (x) = g j (x)q i (x) + h j,i+1 (x)} i=j…m

15 Computer Science 15 Scheme II (cont’d) In session j, given a set of revoked member ids R j ={r 1,…,r wj }, the group manager broadcasts R j and m +1 polynomials Communication overhead O(mtlogq) Storage overhead O(m 2 logq) Member KjKj

16 Computer Science 16 Properties of Scheme II Unconditionally secure, t-revocation capability Self-healing session key distribution t-wise forward secrecy and t-wise backward secrecy

17 Computer Science 17 Scheme III: Reduce Storage Overhead Goal: reduce the storage overhead in scheme II Source of storage overhead: shares on masking polynomials Observation: each p i (x) or q i (x) is masked by different masking polynomials in different sessions –Having one masking polynomial for each p i (x) or q i (x) is sufficient –The broadcast messages are public. So it is unnecessary to protect the same polynomial multiple times using different masking polynomial

18 Computer Science 18 Scheme III (cont’d) In session j, given the sets of revoked member ids {R i } i=1,…,j, the group manager broadcasts {R i } i=1,…,j and m+1 polynomials Communication overhead is still O(mtlogq) Storage overhead is O(mlogq) instead of O(m 2 logq) in scheme II Member KjKj

19 Computer Science 19 Properties of Scheme III Unconditionally secure, self-healing session key distribution and t-revocation capability t-wise forward secrecy and t-wise backward secrecy

20 Computer Science 20 Scheme IV: (Less Broadcast Size) Goal: further reduce the communication overhead Observation: having redundant information for all the sessions may be unnecessary –Short term communication failures –Long term but infrequent communication failures Idea: –Sliding window. –Trade off between broadcast size and self-healing capability

21 Computer Science 21 Variant I For short term communication failures l-session self-healing: self-healing capability in terms of l consecutive sessions

22 Computer Science 22 Variant II For long-term but infrequent communication failures (l,d)-session self-healing: Can recover the lost session keys if a member receives d consecutive messages within ld sessions

23 Computer Science 23 Conclusions Our new personal key distribution scheme can be used to –Develop more efficient self healing key distribution schemes Reduced the communication and the storage overhead of session key distribution scheme Proposed two ways to trade off the broadcast size with the self-healing ability

24 Computer Science 24 Future Work Long-lived self-healing key distribution Stateless group key distribution Supporting multiple groups Performance evaluation

25 Computer Science 25 Thank You! QUESTIONS?

Download ppt "Computer Science 1 Efficient Self-healing Group Key Distribution With Revocation Capability Archana Rajagopal CSC 774 Presentation Based on Original Slides."

Similar presentations

Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.

Attacking Cryptographic Schemes Based on Perturbation Polynomials Martin Albrecht (Royal Holloway), Craig Gentry (IBM), Shai Halevi (IBM), Jonathan Katz.
A key agreement protocol using mutual Authentication for Ad-Hoc Networks IEEE 2005 Authors : Chichun Lo, Chunchieh Huang, Yongxin Huang Date : 2005_11_29.

A key agreement protocol using mutual Authentication for Ad-Hoc Networks IEEE 2005 Authors : Chichun Lo, Chunchieh Huang, Yongxin Huang Date : 2005_11_29.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.

Authors: Yanchao Zhang, Member, IEEE, Wei Liu, Wenjing Lou,Member, IEEE, and Yuguang Fang, Senior Member, IEEE Source: IEEE TRANSACTIONS ON DEPENDABLE.
Self-Healing in Wireless Networks. The self-healing property is expected in many aspects in wireless networks: – Encryption algorithms – Key distribution.

Self-Healing in Wireless Networks. The self-healing property is expected in many aspects in wireless networks: – Encryption algorithms – Key distribution.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.

Self-Organized Anonymous Authentication in Mobile Ad Hoc Networks Julien Freudiger, Maxim Raya and Jean-Pierre Hubaux SECURECOMM, 2009.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7.3 Secure and Resilient Location Discovery in Wireless.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.

Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
Robust Group Key Management with Revocation and Collusion Resistance for SCADA in Smart Grid Rong Jiang 2013.07.31.

Robust Group Key Management with Revocation and Collusion Resistance for SCADA in Smart Grid Rong Jiang
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
URSA: Providing Ubiquitous and Robust Security Support for MANET

URSA: Providing Ubiquitous and Robust Security Support for MANET
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
Broadcast Encryption and Traitor Tracing 2001. 12. 2001507 Jin Kim.

Broadcast Encryption and Traitor Tracing Jin Kim.
Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.

Network Access Control for Mobile Ad Hoc Network Pan Wang North Carolina State University.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

A Pairwise Key Pre-Distribution Scheme for Wireless Sensor Networks Wenliang (Kevin) Du, Jing Deng, Yunghsiang S. Han and Pramod K. Varshney Department.

Similar presentations

Ads by Google