Presentation is loading. Please wait.

Presentation is loading. Please wait.

Group Key Distribution Chih-Hao Huang

Published byPhillip Morris Modified over 8 years ago

Similar presentations

Presentation on theme: "Group Key Distribution Chih-Hao Huang"— Presentation transcript:

1 Group Key Distribution Chih-Hao Huang huang@cs.umn.edu

2 Paper List C.K.Wong et al: Secure Group Communications Using Key Graphs M.Waldvogel et al: the VersaKey Framework D.McGrew and A.T.Sherman: Key Establishment in Large Dynamic Groups Using One-way Function Trees

3 Introduction Secure group communication Pay-per-view video streaming Video On Demand (VOD) Secure teleconferencing Online games

4 Secure Group Communication Authorization Secure Multicasting Forward confidentiality (revocation) Backward confidentiality

5 Secure Group Multicasting u u2u2 u1u1

6 Our Assumptions Each node shares a Key Encryption Key with GC to encrypt TEK updates All nodes share a Traffic Encryption Key (TEK) to encrypt communication data. There is a Group Controller (GC) When membership changes, TEK needs to be updated

7 Traffic Encryption Key u A Group of Users E TEK (msg) u sends a message encrypted with TEK

8 Key Encryption Key u

9 u KEKs are used to encrypt TEK updates

10 An Easy Re-keying Scheme : Star-shaped Each user shares a secret KEK with GC When a user joins or leaves, GC sends each node a re-keying message encrypted with its own KEK

11 Star-shaped Re-keying Scheme : Join GC u u wants to join the group

12 Star-shaped: Join (Cont ’ d) GC u GC sends encrypted TEK to other nodes

13 Star-shaped: Leave GC u U tells GC that he’s leaving

14 Star-shaped: Leave (Cont ’ d) GC u GC sends encrypted TEK to other nodes

15 Analysis of Star- shaped Scheme Pros: Easy to implement Provides both forward and backward confidentiality Cons: Doesn't scale well ~ Θ(n) Oooooops!

16 Logical Key Hierarchy Proposed by C.K.Wong, M.Gouda, and S.S.Lam It provides both forward and backward confidentiality It scales well ~ Θ(logn)

17 LKH: Key Graphs u-nodes are real users k-nodes represent keys u knows k if there ’ s a path from u to k

18 LKH: Join u 9 is about to join the group

19 LKH: Leave u 9 is about to leave the group

20 Analysis of LKH Re-keying messages are sent in a top- down fashion Complexity depends on the tree height, Θ(logn) Some options may be used: user- oriented, key-oriented, and group- oriented re-keying

21 User, Key, or Group? User-oriented re-keying is nothing more than grouping re-keying messages by users ~ less but bigger messages Key-oriented re-keying is just grouping them by keys ~ more but smaller messages Group-oriented is putting all re-keying messages together to generate a big, fat message ~ only one gigantic message

22 An Improvement: LKH+ Proposed by M.Waldvogel et al in “ The VersaKey Framework ” They use a one-way function to update TEK when a ‘ join ’ happens

23 LKH+: Join When u 9 joins, u 1 ~ u 8 feed the KEK into a one-way hash function to do the update

24 Analysis of LKH+ GC doesn't need to send re-keying messages when a join happens When a join happens, every member can compute the new TEK locally The newly joined member cannot compute the old TEK ~ backward confidentiality

25 Centralized Flat Key Management Proposed by M.Waldvogel et al as well Another logical tree- based re-keying scheme It greatly reduces GC ’ s storage requirement

26 Flat Key Table TEK ID Bit #0 KEK 0.0KEK 0.1 ID Bit #1 KEK 1.0KEK 1.1 ID Bit #2 KEK 2.0KEK 2.1 ID Bit #3 KEK 3.0KEK 3.1 Bit’s Value=0Bit’s Value=1 GC maintains the following table

27 Flat Key Management TEK ID Bit #0 KEK 0.0KEK 0.1 ID Bit #1 KEK 1.0KEK 1.1 ID Bit #2 KEK 2.0KEK 2.1 ID Bit #3 KEK 3.0KEK 3.1 Bit’s Value=0Bit’s Value=1 Node 0110 knows highlighted KEKs

28 CFKM: Join Node #1101 is about to join the group

29 CFKM: Join GC first sends it the new TEK and highlighted KEKs TEK ID Bit #0 KEK 0.0KEK 0.1 ID Bit #1 KEK 1.0KEK 1.1 ID Bit #2 KEK 2.0KEK 2.1 ID Bit #3 KEK 3.0KEK 3.1 Bit’s Value=0Bit’s Value=1

30 CFKM: Join GC then encrypts new TEK with the complementary KEKs (the highlighted ones) TEK ID Bit #0 KEK 0.0KEK 0.1 ID Bit #1 KEK 1.0KEK 1.1 ID Bit #2 KEK 2.0KEK 2.1 ID Bit #3 KEK 3.0KEK 3.1 Bit’s Value=0Bit’s Value=1

31 CFKM: Join GC then broadcasts these message to everybody Since other nodes differ from it in at least 1 position, they can decrypt the re- keying message and get the updated TEK

32 CFKM: Leave Node 1010 is about to leave TEK ID Bit #0 KEK 0.0KEK 0.1 ID Bit #1 KEK 1.0KEK 1.1 ID Bit #2 KEK 2.0KEK 2.1 ID Bit #3 KEK 3.0KEK 3.1 Bit’s Value=0Bit’s Value=1

33 CFKM: Leave GC sends everybody a new TEK encrypted with complementary KEKs TEK ID Bit #0 KEK 0.0KEK 0.1 ID Bit #1 KEK 1.0KEK 1.1 ID Bit #2 KEK 2.0KEK 2.1 ID Bit #3 KEK 3.0KEK 3.1 Bit’s Value=0Bit’s Value=1

34 CFKM: Leave (Cont ’ d) Similarly, since other nodes differ from it in at least 1 position, they can decrypt the re-keying message and get the updated TEK Now, all KEKs known by the leaving node become invalid and need to be updated

35 CFKM: Leave (Cont ’ d) For each of the invalid KEKs, GC selects a new replacement encrypted with both the old KEK and the new TEK For those who are not supposed to know the replacement KEKs, they cannot decrypt the message as they don ’ t know the old value

36 CFKM: Leave (Cont ’ d) For each of the invalid KEKs, GC selects a new replacement encrypted with both the old KEK and the new TEK The evicted node cannot decrypt the message either, as it doesn't know the new TEK

37 CFKM: Pros and Cons Pros: It greatly reduces GC ’ s memory requirement ~ only one table needed It maintains the same logarithmic bound as LKH, LKH+ ~ it ’ s efficient Cons: Removal of multiple nodes

38 CFKM: Multiple Leaves Node 1001 and 0110 are leaving … TEK ID Bit #0 KEK 0.0KEK 0.1 ID Bit #1 KEK 1.0KEK 1.1 ID Bit #2 KEK 2.0KEK 2.1 ID Bit #3 KEK 3.0KEK 3.1 Bit’s Value=0Bit’s Value=1

39 One-way Function Trees Proposed by D.A.McGrew and A.T.Sherman Logical tree-based scheme as well Even it ’ s still of logarithmic bound, the coefficient is smaller than LKH

40 Structure of OFT f k left k right unblinded key gg f(g(k left ),g(k right )) G is one-way

41 Blinded & Unblinded Keys Unblinded Key: the value that hasn ’ t been passed though g Blinded Key: the value that has already been passed though g If you know the unblinded key, you can compute the blinded key The converse is not true

42 OFT Algorithm Each member knows the blinded keys which are siblings to its path to the root Each member knows its unblinded key Each member can then compute the key of the root, which is the TEK (root maintains only one key)

43 OFT Algorithm (Cont ’ d) Node u knows the blinded keys of all green nodes u

44 OFT: Join/Leave If a blinded key changes, its new value must be communicated to all members who store it For a join/leave operation, Θ(logn) nodes need to update the blinded keys, where n is the distance to the root

45 OFT: Join/Leave (Cont ’ d) If u wants to join, all green nodes must update blinded keys u

46 Analysis of OFT OFT has the same log-bound as LKH LKH ’ s leading coefficient is 2 (binary), since updates must be sent to both children along the path to the root OFT ’ s leading coefficient is 1, since updates has only to be sent to the sibling along the path to the root

47 Why OFT is better? If u wants to leave, then only the green nodes need to be updated The blue nodes can always compute the blinded key locally u

48 Conclusion Star-shaped: most na ï ve approach, no scalability LKH: the basic of everything, good performance and functionality LKH+: a slight improvement of LKH CFKM: reducing GC ’ s storage need OFT: best of all algorithms so far

Download ppt "Group Key Distribution Chih-Hao Huang"

Similar presentations

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.

A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Broadcast Encryption – an overview Niv Gilboa – BGU 1.

Broadcast Encryption – an overview Niv Gilboa – BGU 1.
Presentation By: Garrett Lund Paper By: Sandro Rafaeli and David Hutchison.

Presentation By: Garrett Lund Paper By: Sandro Rafaeli and David Hutchison.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.
Ranveer Chandra , Kenneth P. Birman Department of Computer Science

Ranveer Chandra , Kenneth P. Birman Department of Computer Science
KAIS T Scalable Key Management for Secure Multicast Communication in the Mobile Environment Jiannong Cao, Lin Liao, Guojun Wang Pervasive and Mobile Computing.

KAIS T Scalable Key Management for Secure Multicast Communication in the Mobile Environment Jiannong Cao, Lin Liao, Guojun Wang Pervasive and Mobile Computing.
KAIS T Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups IEEE/ACM Trans. on Netw., Vol. 14, No. 2, April 2006.

KAIS T Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups IEEE/ACM Trans. on Netw., Vol. 14, No. 2, April 2006.
Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.
Scribe: A Large-Scale and Decentralized Application-Level Multicast Infrastructure Miguel Castro, Peter Druschel, Anne-Marie Kermarrec, and Antony L. T.

Scribe: A Large-Scale and Decentralized Application-Level Multicast Infrastructure Miguel Castro, Peter Druschel, Anne-Marie Kermarrec, and Antony L. T.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.

1 Dynamic Key-Updating: Privacy- Preserving Authentication for RFID Systems Li Lu, Lei Hu State Key Laboratory of Information Security, Graduate School.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 22 Introduction to Computer Networks.

CMPE 150- Introduction to Computer Networks 1 CMPE 150 Fall 2005 Lecture 22 Introduction to Computer Networks.
Secure Group Communications Using Key Graphs Chung Kei Wong, Member, IEEE, Mohamed Gouda Simon S. Lam, Fellow, IEEE Evgenia Gorelik Yuksel Ucar.

Secure Group Communications Using Key Graphs Chung Kei Wong, Member, IEEE, Mohamed Gouda Simon S. Lam, Fellow, IEEE Evgenia Gorelik Yuksel Ucar.
Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.

Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.

Similar presentations

Ads by Google