Round-Efficient Broadcast Authentication Protocols for Fixed Topology Classes Haowen Chan, Adrian Perrig Carnegie Mellon University 1.

Slides:



Advertisements
Similar presentations
An Alternative to Short Lived Certificates By Vipul Goyal Department of Computer Science & Engineering Institute of Technology Banaras Hindu University.
Advertisements

Giuseppe Bianchi Lecture 6.1: Extras: Merkle Trees.
Computer Networking A Top-Down Approach Chapter 4.7.
Leader Election Let G = (V,E) define the network topology. Each process i has a variable L(i) that defines the leader.  i,j  V  i,j are non-faulty.
Haowen chan  cmu Outline  The Secure Aggregation Problem  Algorithm Description  Algorithm Analysis Proof (sketch) of correctness Proof (sketch) of.
Distribution and Revocation of Cryptographic Keys in Sensor Networks Amrinder Singh Dept. of Computer Science Virginia Tech.
A Survey of Secure Wireless Ad Hoc Routing
An Efficient Scheme for Authenticating Public Keys in Sensor Networks Wenliang (Kevin) Du (Syracuse) Ronghua Wang (Syracuse) Peng Ning (North Carolina.
Packet Leashes: Defense Against Wormhole Attacks Authors: Yih-Chun Hu (CMU), Adrian Perrig (CMU), David Johnson (Rice)
1 Vipul Goyal Abhishek Jain Rafail Ostrovsky Silas Richelson Ivan Visconti Microsoft Research India MIT and BU UCLA University of Salerno, Italy Constant.
SIA: Secure Information Aggregation in Sensor Networks Bartosz Przydatek, Dawn Song, Adrian Perrig Carnegie Mellon University Carl Hartung CSCI 7143: Secure.
IC-29 Security and Cooperation in Wireless Networks 1 Secure and Robust Aggregation in Sensor Networks Parisa Haghani Supervised by: Panos Papadimitratos.
1 Complexity of Network Synchronization Raeda Naamnieh.
Efficiently Authenticating Code Images in Dynamically Reprogrammed Wireless Sensor Networks PerSec 2006 Speaker: Prof. Rick Han Coauthors Jing Deng and.
Security Issues In Sensor Networks By Priya Palanivelu.
Packet Leashes: A Defense against Wormhole Attacks in Wireless Networks Yih-Chun Hu (Carnegie Mellon University) Adrian Perrig (Carnegie Mellon University)
Idit Keidar, Principles of Reliable Distributed Systems, Technion EE, Spring Principles of Reliable Distributed Systems Lecture 6: Synchronous Byzantine.
Random Key Predistribution Schemes for Sensor Networks Authors: Haowen Chan, Adrian Perrig, Dawn Song Carnegie Mellon University Presented by: Johnny Flowers.
Slide Set 15: IP Multicast. In this set What is multicasting ? Issues related to IP Multicast Section 4.4.
Sencun Zhu Sanjeev Setia Sushil Jajodia Presented by: Harel Carmit
Key Distribution in Sensor Networks (work in progress report) Adrian Perrig UC Berkeley.
1 Brief Announcement: Distributed Broadcasting and Mapping Protocols in Directed Anonymous Networks Michael Langberg: Open University of Israel Moshe Schwartz:
Distributed systems Module 2 -Distributed algorithms Teaching unit 1 – Basic techniques Ernesto Damiani University of Bozen Lesson 4 – Consensus and reliable.
Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.
1 University of Freiburg Computer Networks and Telematics Prof. Christian Schindelhauer Wireless Sensor Networks 13th Lecture Christian Schindelhauer.
1 Network Layer: Host-to-Host Communication. 2 Network Layer: Motivation Can we built a global network such as Internet by extending LAN segments using.
SPINS: Security Protocols for Sensor Networks Adrian Perrig Robert Szewczyk Victor Wen David Culler Doug TygarUC Berkeley.
A Lightweight Hop-by-Hop Authentication Protocol For Ad- Hoc Networks Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date:2005/01/20.
ITIS 6010/8010: Wireless Network Security Weichao Wang.
SIA: Secure Information Aggregation in Sensor Networks Dhiman Barman Authors: Bartosz Przydateck, Dawn Song, and Adrian Perrig CMU SenSys 2003.
CPSC 689: Discrete Algorithms for Mobile and Wireless Systems Spring 2009 Prof. Jennifer Welch.
1 Timed Efficient Stream Loss-tolerant Authentication.
Computer Science CSC 774 Adv. Net. SecurityDr. Peng Ning1 CSC 774 Advanced Network Security Topic 4. Broadcast Authentication.
Mitigating DoS Attacks against Broadcast Authentication in Wireless Sensor Networks Peng Ning, An Liu North Carolina State University and Wenliang Du Syracuse.
Computer Science Secure Hierarchical In-network Data Aggregation for Sensor Networks Steve McKinney CSC 774 – Dr. Ning Acknowledgment: Slides based on.
Distributed Algorithms 2014 Igor Zarivach A Distributed Algorithm for Minimum Weight Spanning Trees By Gallager, Humblet,Spira (GHS)
Secure Aggregation for Wireless Networks Lingxuan Hu David Evans [lingxuan, Department of Computer.
Introduction to Network Layer. Network Layer: Motivation Can we built a global network such as Internet by extending LAN segments using bridges? –No!
Securing Every Bit: Authenticated Broadcast in Wireless Networks Dan Alistarh, Seth Gilbert, Rachid Guerraoui, Zarko Milosevic, and Calvin Newport.
GZ06 : Mobile and Adaptive Systems A Secure On-Demand Routing Protocol for Ad Hoc Networks Allan HUNT Wandao PUNYAPORN Yong CHENG Tingting OUYANG.
Security for the Optimized Link- State Routing Protocol for Wireless Ad Hoc Networks Stephen Asherson Computer Science MSc Student DNA Lab 1.
A Linear Lower Bound on the Communication Complexity of Single-Server PIR Weizmann Institute of Science Israel Iftach HaitnerJonathan HochGil Segev.
Authors: Yih-Chun Hu, Adrian Perrig, David B. Johnson
Byzantine fault-tolerance COMP 413 Fall Overview Models –Synchronous vs. asynchronous systems –Byzantine failure model Secure storage with self-certifying.
Secure Routing in Wireless Sensor Networks: Attacks and Countermeasures Chris Karlof and David Wagner (modified by Sarjana Singh)
1 Broadcast. 2 3 Use a spanning tree Root 4 synchronous It takes the same time at link to send a message It takes the same time at each node to process.
On the Communication Complexity of SFE with Long Output Daniel Wichs (Northeastern) joint work with Pavel Hubáček.
Energy-Efficient Shortest Path Self-Stabilizing Multicast Protocol for Mobile Ad Hoc Networks Ganesh Sridharan
Expander Graphs for Digital Stream Authentication and Robust Overlay Networks Presented by Neeraj Agrawal, Zifei Zhong.
Multicast Security: A Taxonomy and Some Efficient Constructions By Cannetti et al, appeared in INFOCOMM 99. Presenter: Ankur Gupta.
Merkle trees Introduced by Ralph Merkle, 1979 An authentication scheme
Computer Science CSC 774 Adv. Net. Security1 Presenter: Tong Zhou 11/21/2015 Practical Broadcast Authentication in Sensor Networks.
On Detecting Pollution Attacks in Inter-Session Network Coding Anh Le, Athina Markopoulou University of California, Irvine.
Computer Science 1 TinySeRSync: Secure and Resilient Time Synchronization in Wireless Sensor Networks Speaker: Sangwon Hyun Acknowledgement: Slides were.
Shambhu Upadhyaya 1 Ad Hoc Networks – Network Access Control Shambhu Upadhyaya Wireless Network Security CSE 566 (Lecture 20)
Prepared by Dr. Lamiaa Elshenawy
Efficient and Secure Source Authentication for Multicast 報告者 : 李宗穎 Proceedings of the Internet Society Network and Distributed System Security Symposium.
Teknik Routing Pertemuan 10 Matakuliah: H0524/Jaringan Komputer Tahun: 2009.
Security for Broadcast Network
Jonathan Katz University of Maryland Andrew Lindell Aladdin Knowledge Systems and Bar-Ilan University 04/08/08 CRYP-108 Aggregate Message- Authentication.
1 Routing security against Threat models CSCI 5931 Wireless & Sensor Networks CSCI 5931 Wireless & Sensor Networks Darshan Chipade.
1 Security for Broadcast Network Most slides are from the lecture notes of prof. Adrian Perrig.
TRUSTWORTHY CYBER INFRASTRUCTURE FOR THE POWER GRID | TCIPG.ORG 1 Secure Data Collection in Constrained Tree-based Smart Grid Environments To be published.
March 9, Broadcasting with Bounded Number of Redundant Transmissions Majid Khabbazian.
Round-Efficient Multi-Party Computation in Point-to-Point Networks Jonathan Katz Chiu-Yuen Koo University of Maryland.
CIS 825 Lecture 9. Minimum Spanning tree construction Each node is a subtree/fragment by itself. Select the minimum outgoing edge of the fragment Send.
17 th -21 st July nd APAN Meeting in Singapore ’06 Forwarding State Reduction for One-to-Many Group Communications Sahar A. Al-Talib (PhD. Candidate)
Michael Langberg: Open University of Israel
Data Integrity: Applications of Cryptographic Hash Functions
Combinatorial Topology and Distributed Computing
Presentation transcript:

Round-Efficient Broadcast Authentication Protocols for Fixed Topology Classes Haowen Chan, Adrian Perrig Carnegie Mellon University 1

Talk Outline Background / Motivation Optimizations for the Path Topology Summary of Other Results 2

Talk Outline Background / Motivation Optimizations for the Path Topology Summary of Other Results 3

Multi-receiver Authentication in Sensor/Ad-hoc Networks 4 S R1R1 R4R4 R2R2 R3R3 R5R5 R6R6 R7R7 R8R8 M M M Is M from S ? Yes = accept No = drop Is M from S ? Yes = accept No = drop

Authentication Methods Signature: Sender S signs M using private key Need support for public key crypto Multi-receiver Message Authentication Codes Additional O(n) overhead in message size TESLA [Perrig et al, 2002] : Need time synchronization Communication-Efficient with Minimal Assumptions Guy Fawkes [Anderson et al. 1998] Hash Tree-based [Chan & Perrig 2008] 5

Assumptions Sender knows full network topology Sender shares a unique symmetric key K i with each receiver R i 6

Hash Tree Based Broadcast Construct a hash tree with MACs at the leaves Idea: Adversary can’t compute r for forged M’ since it does not know any of the MAC values of the legitimate nodes Hash Tree … LaLa LbLb LzLz r 7 r acts as an authenticator for M

Receiver Verification Given Message M, hash tree root vertex r Receiver R i verifies that is a leaf in hash tree with root r Verification path = all siblings on path to root 8 LiLi v1v1 u1u1 v2v2 u2u2 v3v3 u3u3 v4v4 r

General Tree Topology: 3 Passes 1.Sender broadcasts message M with hash tree root r 2.Receivers reconstruct hash tree with leaves 3.Verification paths disseminated 9 S R1R1 R5R5 R4R4 R2R2 R3R3 M, r Reconstruct hash tree Disseminate verification paths

Talk Outline Background / Motivation Optimizations for the Path Topology Summary of Other Results 10

Path Topology Common applications Actual linear topologies (roadway, corridor) Path from leaf to root in spanning tree Along a routing path 1 round = one interaction between neighbors Message from S to R n takes n rounds Unoptimized: 3 passes = 3 n rounds 11 R1R1 R2R2 R3R3 RnRn S …

Observation Can start reconstructing the hash tree immediately upon receiving M “Piggy-back” the two outgoing passes together Achieve 2 n rounds Outgoing pass: left-siblings computed Incoming pass: right-siblings computed 12

2 n -Round Protocol 13 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r S precomputes the whole tree

2 n -Round Protocol 14 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r M,r

2 n -Round Protocol 15 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r M,r L1L1

2 n -Round Protocol 16 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r M,r v1v1

2 n -Round Protocol 17 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r M,r v 1,L 3

2 n -Round Protocol 18 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r M,r v5v5

2 n -Round Protocol 19 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r M,r v 5,L 5

2 n -Round Protocol 20 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r M,r v 5,v 3

2 n -Round Protocol 21 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r M,r v 5,v 3,L 7

2 n -Round Protocol 22 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r L8L8

2 n -Round Protocol 23 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r v4v4

2 n -Round Protocol 24 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r v 4,L 6

2 n -Round Protocol 25 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r v6v6

2 n -Round Protocol 26 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r v 6,L 4

2 n -Round Protocol 27 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r v 2,v 6

2 n -Round Protocol 28 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r v 2,v 6,L 2

Further Optimizations Computation of Node v 6 causes delay If Sender precomputes and sends v 6 Nodes 1-4 can build verification paths independently of 5-8 Split apart the two subtrees 29 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 r

1.5n -Round Protocol 30 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 M,v 5,v 6

1.5n -Round Protocol 31 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 M,v 5,v 6 L1L1

1.5n -Round Protocol 32 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 M,v 5,v 6 v1v1

1.5n -Round Protocol 33 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 M,v 5,v 6 v 1, L 3

1.5n -Round Protocol 34 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 M,v 6

1.5n -Round Protocol 35 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 M,v 6 L5L5 L4L4

1.5n -Round Protocol 36 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 M,v 6 v3v3 v2v2

1.5n -Round Protocol 37 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 M,v 6 v 3, L 7 v 2, L 2

1.5n -Round Protocol 38 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 L8L8

1.5n -Round Protocol 39 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 v4v4

1.5n -Round Protocol 40 S R7R7 R1R1 R2R2 R3R3 R4R4 R5R5 R6R6 R8R8 L7L7 L1L1 L2L2 L3L3 L4L4 L5L5 L6L6 L8L8 v1v1 v4v4 v2v2 v3v3 v5v5 v6v6 v 4,L 6

General Optimization 41 ½ n 1 1/2 n rounds ½ n 1/4 n 1 1/4 n rounds 1/4 n ½ n 1/4 n 1 1/8 n rounds 1/8 n

n -Round Protocol Break the receiver set into log n groups Doubles communication overhead but halves the number of rounds No protocol can be faster than this 42

Talk Outline Background / Motivation Optimizations for the Path Topology Summary of Other Results 43

Guy Fawkes on the Path Topology Optimization to reduce Guy Fawkes to 2 n rounds Reduce that to n rounds using the same divide-and-conquer technique 44

Round Complexity Lower Bounds Any Signature-free Broadcast Authentication Protocol that completes in (2-  ) log n rounds for  must have  ( n  ) comm. overhead per node Proven using a reduction to a known result for multi-receiver MACs Protocols with polylog communication overhead must take 2 log n rounds or more 45

Tightness of the Bound Optimization of protocols for fully connected topologies Achieves 2 log n rounds with O( log 2 n ) communication per node No protocol with polylog per node communication overhead can take fewer rounds 46

Lower Bounds for Trees Any Signature-free Broadcast Authentication Protocol that completes in (2.44-  ) log n + O(1) rounds in a tree topology must have  ( n  ) comm. overhead per node Strictly more than 2 passes are needed for trees Known protocols are likely already optimal for trees 47

Thank You! Haowen Chan 48

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.