Establishment of Conference Keys in Heterogeneous Networks Wade Trappe, Yuke Wang, K. J. Ray Liu ICC IEEE International Conference
Outline INTRODUCTION GROUP DH (Diffie-Hellman) OVERVIEW CONFERENCE TREES AND GROUP KEYS COMPUTATIONAL CONSIDERATIONS Minimizing Total Cost Budget Constraints CONCLUSIONS
INTRODUCTION In order to secure communication amongst members of a conference, a secret shared by all group members must be established. In many cases, however, it is not possible to have a third party arbitrate the establishment of a group key. In these cases, the group members make independent contributions to the formation of the group key, and the process of forming the key is called key agreement. Typically, these conference key establishment schemes seek to minimize either the amount of rounds needed in establishing the group key, or the size of the message. In heterogeneous networks, many conferences have participants of varying computational power and resources.
INTRODUCTION In some applications, one should aim to minimize a cost function that incorporates the different costs of each user. Key establishment schemes that consider users with varying costs or budgets are designed by appropriately choosing the conference tree. Using the two-party Diffie-Hellman protocol as the basic building block, we can establish a group key by forming intermediate keys for successively larger subgroups.
GROUP DH (Diffie-Hellman) OVERVIEW The Diffie-Hellman key agreement protocol was developed by Diffie and Hellman in 1976 The protocol has two system parameters p and g. They are both public and may be used by all the users in a system Parameter p is a prime number and parameter g (usually called a generator) is an integer less than p, which is capable of generating every element from 1 to p-1 when multiplied by itself a certain number of times, modulo the prime p.
Example AliceBob Alice generates a random private value a Bob generates a random private value b. g a mod p g b mod p k ab =(g b ) a mod pk ba =(g a ) b mod p Since k ab =k ba =k, Alice and Bob now have a shared secret key k.
CONFERENCE TREES AND GROUP KEYS Fig. 1. The radix-2 butterfly scheme for establishing a group key for 8 users. (a) Without broadcasts, (b) Using broadcasts.
CONFERENCE TREES AND GROUP KEYS y = g α2α3 g α1y = g α1 g α2α3 u1u1 u2u2 u3u3
CONFERENCE TREES AND GROUP KEYS We define a conference tree to be a binary tree that describes the successive subgroups and intermediate keys that are formed an route to establishing the key for the entire group. Fig. 3. The conference tree for the radix-2 butterfly scheme
COMPUTATIONAL CONSIDERATIONS In many application environments the users will have varying amounts of computational resources available. It is important to study the problem of efficiently establishing a conference key while considering the varying user costs. We present methods for designing the conference tree used in establishing the group secret. We study two problems: minimizing the total cost in establishing a group key, and the feasibility of establishing the group key in the presence of budget constraints.
Minimizing Total Cost assume that we have n users, and that each user u j has a cost w j associated with performing one two-party Diffie-Hellman protocol. Huffman coding produces the conference tree that minimizes the cost.
Example Consider a group of 8 users with costs w1 = 28, w2 = 25, w3 = 20, w4 = 16, w5 = 15, w6 = 8, w7 = 7, and w8 = The corresponding length vector is l* = (2, 2, 3, 3, 3, 4, 5, 5), and the total cost is 351.
Budget Constraints In many cases, the devices wishing to establish a conference key might have a limited budget to spend. The optimal conference key tree assignment results from Huffman coding might assign more computation to some users than they are capable of performing, while assigning less computation to other users than they are capable of performing. In these cases, rather than minimize the total cost, one wants to ensure that one can first establish the group key, and then consider reducing the total amount of computation as a secondary issue.
Budget Constraints b j : The amount of two-party Diffie-Hellman key establishment protocols that he is willing to participate in when establishing the group key. Lemma :
Budget Constraints A consequence of this is that if we subtract 1 from one of the b j then choosing the largest b j least affects 2 -b j.
Example suppose n = 8 and that the initial budget is b = (1,3, 3, 4, 5, 5, 6, 8). b = (1,3, 3, 4, 5, 5, 6, 7)b = (1,3, 3, 4, 5, 5, 6, 6)b = (1,3, 3, 4, 4, 4, 5, 5) 過了幾輪之後 …
CONCLUSIONS In this paper we have studied the problem of establishing conference keys when the users have different cost profiles or different budget constraints. It was shown that the users can use the two-party Diffie-Hellman protocol as a primitive for building a procedure that produces a group key. A binary tree, called the conference tree, governs the order in which the subgroups combine and this observation allows for determining procedures using Huffman coding that establish the group key and minimize the total user cost. In order for the group to establish a key, it is necessary that the budget vector satisfy the Kraft Inequality.