Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying."— Presentation transcript:

1 Secure Multicast Xun Kang

2 Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying Group key management in n-to-n multicast Recent progress in wired and wireless networks Other related issues

3 Unicast to Multicast What is Multicast? Currently, unicast is dominant, while the requirement for IP multicast is increasing –Audio and video distribution –Push application –Tele conferencing –Group collaboration applications –Some file transfer applications

4 Obstacles for Deployment Scalability: group management Group Management Security (why?) Address Allocation Network Management Billing Multicast Service

5 What to protect? Group management: –Authorization for group creation –Receiver authorization –Sender authorization Security: –Protection against attacks on multicast routes and sessions –Support for data integrity mechanisms

6 Factors affect Design of Security Multicast Application Type: –(1to n) or (n to n) –Confidentiality, or source-authentication –Frequency and rate of data transmission Group Size and Group Dynamics –Affect the scalability of security –Join/leave –Nodes distribution Trust Model

7 Secure Group Communications Using Key Graphs Center point is GM and GKM –Scalability –Independence –Reliability –Security

8 Basic Design of SGC Assume that the S(ource) is trusted Each node shares a secret individual key with S A shared key used for the whole group Source

9 Shortcoming of one Group Key When updating key, requires n messages encrypted with individual keys While it must be updated frequently: –Group session is longer than peer session –Forward access control: Leave –Backward access control: Join

10 Solution: A hierarchy of keys A full and balanced d-ary tree (directed) kept on server For each user, a directed path to the root –The root key is shared by the whole group –The leave key belongs to an individual user –Some intermediate keys shared by a subgroup of users Server needs to perform O(dlog d (n) ) encryption

11 Some terms using Key Graph Extend to U’ and K’: keyset(U’) userset(K’) For (U, K, R), and a subset S of U, find a minimum size subset K’ of K, such that userset(K’)=S

12 Key Graph Types Star Tree –Height h –Degree d Complete –Each combination of users has at least a key

13 Rekeying Strategies - Star KG Joining or leaving a star key graph Join: Leaving:

14 Rekeying Strategies - tree KG

15 Joining: User-oriented rekeying –For each user, creates a rekey msg that contains all needed This approach needs h rekey messages. The encryption cost for the server is: –1+2+…+(h-1)+(h-1) = h(h+1)/2-1

16 Rekeying Strategies - tree KG Joining: Key-oriented rekeying –Each new key is encrypted individually. –A user may have to get multiple rekey messages. This approach needs 2(h-1) rekey messages. The encryption cost for the server is: –2(h-1)

17 Rekeying Strategies - tree KG Joining: Group-oriented rekeying –Construct a single rekey message containing all new keys. –Do we need to consider whether the message will be too large? What is the size of the msg? This approach needs 2 rekey messages. The encryption cost for the server is: –2(h-1) What’s the advantage of group-based over other two kinds?

18 Rekeying Strategies - tree KG Leaving: User-oriented rekeying –For each user, creates a rekey msg that contains all needed This approach needs (d-1)(h-1) rekey messages. The encryption cost for the server is: –(d-1)(1+2+…+(h-1)) = (d-1)h(h-11)/2

19 Rekeying Strategies - tree KG Leaving: Key-oriented rekeying –Each new key is encrypted individually. –A user may have to get multiple rekey messages. This approach needs (d-1)(h-1) rekey messages. The encryption cost for the server is: –d(h-1)

20 Rekeying Strategies - tree KG Leaving: Group-oriented rekeying –Construct a single rekey message containing all new keys. This approach needs 1 rekey messages. The encryption cost for the server is: –d(h-1)

21 Encryption cost

22 How to Sign Rekey Messages Use Merkle hash tree –Root of the tree is the hash of all msgs –Leaves are the hash for each individual msg –Root is signed by the Server –For each rekey msg, the server will combine it with a path to the root of the tree

23 Performance conclusion Server side, group-oriented rekeying is the best, then key-oriented, then user-oriented; Client side, exactly reversed; Optimal key tree degree is around four? For certain number of node, or for all? If large number of clients are slow, then group-oriented rekeying is not good;

24 Batch Updates of Key Trees Any problem in previous solution? –Synchronization problems among rekey msgs and between rekey and data msgs; How? –Individual rekeying can be inefficient; especially when join/leave happens frequently, there will be a huge burden on server for signing keys;

25 Periodic batch rekeying Rekey subtree; Collect requests during a rekey interval and rekey them in a batch; Advantage: –For a J join and L leave, only needs 1 signing; –Less number of encrypted keys; Disadvantage: –Delayed group access control; A balance between rekeying overhead and group access control, the degree of forward access control vulnerability.

26 Three ways of Batch Rekeying Periodic batch rekeying; Periodic bath leave rekeying; Periodic bath join rekeying; Question: –What’s the advantage and disadvantage of each one? Which one is better?

27 Batch Rekeying Algorithm Strategy 1: always keep a balanced tree

28 Batch Rekeying Algorithm Strategy 2 –New nodes form a subtree –Grafted to a departed node with smallest height? Strategy 3 –?

29 Reliable rekey protocol Eventual reliability –A receiver should receive all needed keys; Soft real-time requirement –A rekey msg is finished before the start of the next rekey interval Solution –Send re-synchronization requests when cannot recover a rekey msg in time; –Proactive FEC for reducing recovery latency;

30 Proactive FEC Partition rekey msgs into blocks Generate  ( p-1 )k  PARITY packets (FEC) for each block

31 Conclusion

Download ppt "Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying."

Similar presentations

Multicasting in Mobile Ad hoc Networks By XIE Jiawei.

Multicasting in Mobile Ad hoc Networks By XIE Jiawei.
Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
Push Technology Humie Leung Annabelle Huo. Introduction Push technology is a set of technologies used to send information to a client without the client.

Push Technology Humie Leung Annabelle Huo. Introduction Push technology is a set of technologies used to send information to a client without the client.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Network Layer Routing Issues (I). Infrastructure vs. multi-hop Infrastructure networks: Infrastructure networks: ◦ One or several Access-Points (AP) connected.

Network Layer Routing Issues (I). Infrastructure vs. multi-hop Infrastructure networks: Infrastructure networks: ◦ One or several Access-Points (AP) connected.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.
Optimizing Buffer Management for Reliable Multicast Zhen Xiao AT&T Labs – Research Joint work with Ken Birman and Robbert van Renesse.

Optimizing Buffer Management for Reliable Multicast Zhen Xiao AT&T Labs – Research Joint work with Ken Birman and Robbert van Renesse.
Ranveer Chandra , Kenneth P. Birman Department of Computer Science

Ranveer Chandra , Kenneth P. Birman Department of Computer Science
KAIS T Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups IEEE/ACM Trans. on Netw., Vol. 14, No. 2, April 2006.

KAIS T Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups IEEE/ACM Trans. on Netw., Vol. 14, No. 2, April 2006.
Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.

Page # Advanced Telecommunications/Information Distribution Research Program (ATIRP) Authentication Scheme for Distributed, Ubiquitous, Real-Time Protocols.
Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.

Web Caching Schemes1 A Survey of Web Caching Schemes for the Internet Jia Wang.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
Towards Scalable and Reliable Secure Multicast Presenter: Yang Richard Yang Network Research Lab Department of Computer Sciences The University of Texas.

Towards Scalable and Reliable Secure Multicast Presenter: Yang Richard Yang Network Research Lab Department of Computer Sciences The University of Texas.
Network Coding for Large Scale Content Distribution Christos Gkantsidis Georgia Institute of Technology Pablo Rodriguez Microsoft Research IEEE INFOCOM.

Network Coding for Large Scale Content Distribution Christos Gkantsidis Georgia Institute of Technology Pablo Rodriguez Microsoft Research IEEE INFOCOM.
Secure Multimedia Multicast: Interface and Multimedia Transmission GROUP 2: Melissa Barker Norman Lo Michael Mullinix server router client router client.

Secure Multimedia Multicast: Interface and Multimedia Transmission GROUP 2: Melissa Barker Norman Lo Michael Mullinix server router client router client.
Secure Group Communications Using Key Graphs Chung Kei Wong, Member, IEEE, Mohamed Gouda Simon S. Lam, Fellow, IEEE Evgenia Gorelik Yuksel Ucar.

Secure Group Communications Using Key Graphs Chung Kei Wong, Member, IEEE, Mohamed Gouda Simon S. Lam, Fellow, IEEE Evgenia Gorelik Yuksel Ucar.
Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.

Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.
ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

ITIS 6200/8200. time-stamping services Difficult to verify the creation date and accurate contents of a digital file Required properties of time-stamping.

Similar presentations

Ads by Google