Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.

Slides:

Advertisements

Similar presentations

Revocation Mechanisms for Hybrid Group Communication with Asymmetric Links Abstract Wildcard identity-based encryption (IBE) provides an effective means.

Advertisements

A key agreement protocol using mutual Authentication for Ad-Hoc Networks IEEE 2005 Authors : Chichun Lo, Chunchieh Huang, Yongxin Huang Date : 2005_11_29.

Fast and Secure Universal Roaming Service for Mobile Internet Yeali S. Sun, Yu-Chun Pan, Meng-Chang Chen.

A Survey of Key Management for Secure Group Communications Celia Li.

A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

1 Performance Char’ of Region- Based Group Key Management --- in Mobile Ad Hoc Networks --- by Ing-Ray Chen, Jin-Hee Cho and Ding-Chau Wang Presented by.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.

Sec-TEEN: Secure Threshold sensitive Energy Efficient sensor Network protocol Ibrahim Alkhori, Tamer Abukhalil & Abdel-shakour A. Abuznied Department of.

Presentation By: Garrett Lund Paper By: Sandro Rafaeli and David Hutchison.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

KAIS T Scalable Key Management for Secure Multicast Communication in the Mobile Environment Jiannong Cao, Lin Liao, Guojun Wang Pervasive and Mobile Computing.

KAIS T Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups IEEE/ACM Trans. on Netw., Vol. 14, No. 2, April 2006.

Secure and Efficient Key Management in Mobile Ad Hoc Networks Bing Wu, Jie Wu, Eduardo B. Fernandez, Mohammad Ilyas, Spyros Magliveras Department of Computer.

Small-world Overlay P2P Network

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Scalable Application Layer Multicast Suman Banerjee Bobby Bhattacharjee Christopher Kommareddy ACM SIGCOMM Computer Communication Review, Proceedings of.

Secure Multimedia Multicast: Interface and Multimedia Transmission GROUP 2: Melissa Barker Norman Lo Michael Mullinix server router client router client.

Distributed Collaborative Key Agreement Protocols for Dynamic Peer Groups Patrick P. C. Lee, John C. S. Lui and David K. Y. Yau IEEE ICNP 2002.

Scalable Secure Bidirectional Group Communication Yitao Duan and John Canny Berkeley Institute of Design Computer Science.

Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.

Group Key Distribution Chih-Hao Huang

Multicast Transport Protocols: A Survey and Taxonomy Author: Katia Obraczka University of Southern California Presenter: Venkatesh Prabhakar.

Multicast Security Issues and Solutions. Outline Explain multicast and its applications Show why security is needed Discuss current security implementations.

Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer.

Multimedia Broadcast/Multicast Service (MBMS)

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Design Extensions to Google+ CS6204 Privacy and Security.

Communication (II) Chapter 4

Computer Science 1 CSC 774 Advanced Network Security Secure Group Communications Using Key Graphs Presented by: Siddharth Bhai 9 th Nov 2005.

Key Distribution and Update for Secure Inter- group Multicast Communication Ki-Woong Park Computer Engineering Research Laboratory Korea Advanced Institute.

Hierarchical agent-based secure and reliable multicast in wireless mesh networks Yinan LI, Ing-Ray Chen Robert Weikel, Virginia Sistrunk, Hung-Yuan Chung.

Simple and Fault-Tolerant Key Agreement for Dynamic Collaborative Groups David Insel John Stephens Shawn Smith Shaun Jamieson.

Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science Cryptographic Security Secret Sharing, Vanishing Data.

TRIGON BASED AUTHENTICATION, AUTHORIZATION AND DISTRIBUTION OF ENCRYPTED KEYS WITH GLOBUS MIDDLEWARE Anitha Kumari K 08MW01 II ME – Software Engineering.

Overlay Network Physical LayerR : router Overlay Layer N R R R R R N.

Secure Group Communication: Key Management by Robert Chirwa.

Project guide Dr. G. Sudha Sadhasivam Asst Professor, Dept of CSE Presented by C. Geetha Jini (07MW03)

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Collusion-Resistant Group Key Management Using Attribute-

Group Rekeying for Filtering False Data in Sensor Networks: A Predistribution and Local Collaboration-Based Approach Wensheng Zhang and Guohong Cao.

Improving MBMS Security in 3G Wenyuan Xu Rutgers University.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Key-Policy Attribute-Based Encryption Present by Xiaokui.

A secure re-keying scheme Introduction Background Re-keying scheme User revocation User join Conclusion.

This paper appears in: Computer Communications and Networks, ICCCN Proceedings.15th International Conference on 指導教授 : 許子衡報告者 : 黃群凱 1.

TOPOLOGY MANAGEMENT IN COGMESH: A CLUSTER-BASED COGNITIVE RADIO MESH NETWORK Tao Chen; Honggang Zhang; Maggio, G.M.; Chlamtac, I.; Communications, 2007.

Scalable and Reliable Key Distribution 1/ Ryuzou NISHI † † Institute of Systems & Information Technologies (ISIT)

Self-Healing Group-Wise Key Distribution Schemes with Time-Limited Node Revocation for Wireless Sensor Networks Minghui Shi, Xuemin Shen, Yixin Jiang,

Group Key Distribution Xiuzhen Cheng The George Washington University.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Cryptographic Security Identity-Based Encryption.

J.-H. Cho, I.-R. Chen, M. Eltoweissy ACM/Springer Wireless Networks, 2007 Presented by: Mwaffaq Otoom CS5214 – Spring © 2007 On optimal batch re-keying.

An Adaptive Protocol for Efficient & Secure Multicasting in Wireless LANS Sandeep Gupta & Sriram Cherukuri Arizona State University

Weichao Wang, Bharat Bhargava Youngjoo, Shin

Efficient Group Key Management in Wireless LANs Celia Li and Uyen Trang Nguyen Computer Science and Engineering York University.

Security Kim Soo Jin. 2 Contents Background Introduction Secure multicast using clustering Spatial Clustering Simulation Experiment Conclusions.

Efficient Pairwise Key Establishment Scheme Based on Random Pre-Distribution Keys in Wireless Sensor Networks Source: Lecture Notes in Computer Science,

Design and Implementation of Secure Layer over UPnP Networks Speaker: Chai-Wei Hsu Advisor: Dr. Chin-Laung Lei.

Fall 2006CS 395: Computer Security1 Key Management.

VANETs. Agenda System Model → What is VANETs? → Why VANETs? Threats Proposed Protocol → AOSA → SPCP → PARROTS Evaluation → Entropy → Anonymity Set → Tracking.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Source: Computers & Security, vol.23, pp , 2004 Author: Heba K. Aslan

NSF Faculty Career Award

Qiong Zhang, Yuke Wang Jason P, Jue 2008

Group Key Management Scheme for Simultaneous Multiple Groups with Overlapped Membership Andrew Moore 9/27/2011.

به نام آنکه هستی نام از او یافت

Design and Implementation of SUPnP Networks

Scalable Group Key Management with Partially Trusted Controllers

Combinatorial Optimization of Multicast Key Management

Presentation transcript:

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes Presented by: Anurodh Joshi

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Paper by Ling Cheung et. al presented a Decentralized group key management scheme which uses Cipher Attribute based encryption (CP-ABE)  Critique  The Group Controller (GC) is actively involved in management of the group (Join and Leave) and becomes a bottleneck for large groups. Are there schemes that reduce the load on GC?  How do the other schemes handle member(s) joining and leaving the group (rekeying)?  *In this paper, if the SGC leaves the group, all members lose their membership and have to rejoin. Do other schemes handle this problem in a more elegant way?  Goal:  To answer above questions  Get a broad idea of Decentralized Group Key Management Scheme  Provide a starting point for further exploration of Group Key Management 2 Motivation

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Overview of Group Key management schemes (why Decentralized Scheme?)  Taxonomy of Decentralized Group Key Management Scheme  Membership-driven Rekeying  Time-driven Rekeying  Membership Driven Rekeying Vs Time Driven Rekeying  Group Key Sharing  Concluding Remarks 3 Presentation Outline

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Group Key Management requirements (Challal et. Al [1]) 4 Introduction

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science 5 Group Key Management Schemes Taxonomy of Group Key Management Protocols  Centralized Protocols  A single entity Group Controller (GC) is responsible for managing Data Encryption key (DEK) and the group  Approach such as Logical Key Hierarchy (LKH) reduces the overhead of rekeying  Has a Single point of failure -> GC

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science 6 Group Key Management Schemes  Distributed Scheme Characterized by having no group controller; members generate group key in a contributory manner Solves the problem of single point of failure Reduces bottlenecks in the network in comparison to centralized schemes Problem: 1. Generating keys entails that each member be aware of the list of current members (Trust issues) 2. Each member does not have the computational resources to generate keys Overall, hard to manage the group

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Decentralized Scheme  A hierarchy of key managers share the labor of distributing the DEK and managing the group  Avoids bottlenecks as well as single point of failure*  Each subgroup (centralized node) is managed using a centralized scheme  Uses the advantages of both centralized and distributed scheme 7 Group Key Management Schemes An example of Decentralized Group Key Management Architecture

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Taxonomy  Membership-Driven Re-keying The DEK is changed each time a join or a leave occurs  Time-Driven Re-keying Periodic refresh  Discuss the protocols based on: Involvement of Group Controller and Sub-group controller in managing the group Rekeying Sharing of the DEK Forward and Backward secrecy, Data transmission (security) 8 Decentralized Group Key Management Scheme

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  XU Yanyan et al. [2] (core tree based approach)  Core tree  GC and SGC  DEK is shared among core members  SGC K_{IND}  Subgroups  Subgroup Key  GMs K_{u}.  DEK is not shared with GMs.  Join:  The Subgroup Key is refreshed  For existing members, the new Subgroup key is encrypted with K_{u}  For new member, K_{u} provided through secure unicast and Subgroup is encrypted with K_{u}  Data Transmission:  Within a subgroup, use Subgroup Key to encrypt data.  Between subgroups, first DEK is used to transmit the message to the core tree. Other SGCs can encrypt it using Subgroup key and transmit it to GMs.  Leave:  Local  Subgroup Key is refreshed  SGC leave: the GC updates the DEK and sends it to all SGCs by encrypting it with K_{IND}. The subgroup is then merged to the adjacent core 9 Membership-Driven Re-keying Protocols

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Xingfeng Guo et al. [3] propose a simple RSA key based (public, private keys) decentralized key management scheme  The DEK is shared with everyone within the group.  The GC shares the DEK with SGC by encrypting the DEK with SGCs RSA public key  Join  Member contacts the RSA server and sends its public key to the RSA server  The SGC re-purchases the public keys updates its child nodes list  The GC will generate a new DEK and distribute it to SGC. SGC distributes it to GMs (using GMs public key)  Data Transmission: Data is encrypted using RSA public key of the GM within a subgroup  Leave  SGC updates child nodes list  DEK is updated and distributed  Periodic DEK refresh for added security 10 Membership-Driven Re-keying Protocols

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Hydra:  Subgroups managed by Hydra Servers  GC is only involved during group creation phase and not in key management The GC distributes the group policies, and certificates to the HSs. 11 Membership-Driven Re-keying Protocols

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  The group key is shared among the whole group in this scheme.  Hydra key: is used to encrypt messages between HSs during communication  Subgroup key: protects the group key within a subgroup. Each subgroup has a unique subgroup key.  Key Distribution: The HSs agree on a common group key and distribute the group key to subgroup members  Backward and Forward Secrecy:  Each new group key is completely independent of the previous ones  Since the group key is common, the group key has to be changed if membership changes  The HS of the subgroup whose membership changes generates a new key and sends it to other HSs. The HSs will then distribute this to their group members  Data Transmission  Hydra Key is used to encrypt messages during communication between HSs  A subgroup key is used to encrypt group key in the subgroup. When a new group key is distributed among HSs, then each HS will encrypt the group key with subgroup key and distribute it to the subgroup members. 12 Hydra contd..

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science Time-Driven Re-keying Protocols 13

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Peravyian et. al. [4]  No central GC.  Multiple subgroups managed by Group Managers  A random secret key K (session based) is generated and distributed to group members in all groups by encrypting K with the public key of group members  Working Key (DEK): Generated based on a random value ‘n’, and secret key, K. The encrypted message contains ‘n’  Backward and Forward Secrecy:  Each new secret Key, and ‘n’ is completely independent of the previous ones  If a new member joins, he is given the current group key.  Even if a member leaves, the group key is kept intact till next session  Collusion: Each session has independent keys  The group key is shared among the whole group in this scheme. 14 Time-Driven Re-keying Protocols

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Kronos:  Works with existing framework such as Intra domain group key management protocols (IGKMP)  Targeted for handling large groups spread across the internet for example pay per view multicast groups.  Decouples membership size change from rekeying 15 Time-Driven Re-keying Protocols

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  The DEK is shared across the group.  Join: the Area Key Distributor (AKD) establishes a private key for the new member and sends him the DEK by encrypting it with the private key  The joins and leaves are processed in batches during rekey events  Periodic key refresh: All AKDs have their clocks synchronized. Hence, at the refresh time, each AKD independently refreshes the group key by using the same encryption algorithm and the old group key i.e. DEK_{i+1} = E_{K}(DEK_i) where i>= 0, where E is the encryption algorithm K is the secret key distributed by the Domain Key Distributor (DKD)  Backward and Forward Secrecy:  The DKD can refresh K, and DEK.  Periodic refresh  Disadvantage: The new keys depend on the old keys. Hence, it may not be too hard to hack a new key if one knows the old key. Refreshing the K and R does help to some extent. 16 Kronos contd..

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Depends on the need of the group as well as its scale  Time Driven Rekeying: Decouples the rekeying from size and dynamics of the group -> scalable to large groups Is applicable to multicasts groups such as pay per view, sports events and so on For large groups spread across the internet this approach reduces the overhead of constant rekeying due to membership change Processes membership requests (joins & leaves) in batches, so membership takes time to come into effect 17 Membership Driven Rekeying Vs Time Driven Rekeying  Membership Driven Rekeying For groups where backward and forward secrecy is critical, for example -> intelligence data Applicable for small to medium groups

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  If the group key shared across the group, i.e. if each member in every subgroup knows the DEK, it usually entails refreshing the DEK with change in membership  Can be avoided by creating two sets of encryption keys  DEK -> shared between GC and SGC only  Subgroup key is shared between SGC and Group Members  Problem ? 18 Group Key Sharing

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  However, this means that to share messages between subgroups, the SGC will have to convert the messages and this can prove to be a bottleneck 19 Group Key Sharing Subgroup 1 (Key1) Subgroup 2 (Key 2) GM3 GM2 GM1 GM2 DEK

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Decentralized approach makes it easy to manage group keys  Avoids single point of failure  Has a hierarchy which makes it easy to manage the group  Membership-driven rekeying is apt for small to medium size groups  Time-driven rekeying is suitable for very large groups as it decouples rekeying from size and dynamics of the group  * When the SGC leaves?  Most papers do not focus on SGC leave (trusted few -> rare)  Xu Yanyan et. Al -> If a member in the core tree (subgroup contoller) leaves, the Group controller updates the DEK in the core tree. The GC then encrypts it with each core nodes' individual key K_{IND} and distributes it. The subgroup whose SGC left is merged to an adjacent core.  Hydra: If a Hydra Server leaves the group, then the subgroup members in that subgroup will join another HS by using the Expand Searching Ring Protocol (ERSP) to find the closest HS 20 Conclusion

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  1. Y Challal, and H. Seba: “Group Key Management Protocols: A Novel Taxonomy,” Int’l Journal of IT, Vol. 2,  2. X. Yanyan, X. Zhengquan, C. Xi, and Y. Zhanwu: “A Scalable De-Centralized Multicast Key Management Scheme,” Proc. Of First Int’l Conference on Innovative Computing, Information, and Control,  3. X. Guo, X. Liu, and Q. Dai: “A Decentralized Key Management Scheme in Overlay Multicast Network,” IEEE, 2006  4. M. Peyravian, S. M. Matyas, and N. Zunic: “Decentralized Group Key Management for Secure Multicast Communications,” Computer Communications, References

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style Fall, Privacy&Security - Virginia Tech – Computer Science  Questions? 22 Thank You!