Presentation is loading. Please wait.

Presentation is loading. Please wait.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Published byEugenia Gilbert Modified over 9 years ago

Similar presentations

Presentation on theme: "Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management."— Presentation transcript:

1 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management

2 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security2 Group Communication A group consists of multiple members Messages sent by one sender are received by all the other group members Example application: Pay per view

3 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security3 Secure Group Communication Messages sent by a valid group member can only be understood by the other valid members –Others may receive the messages, but are unable to understand them –Typical approach: Encrypt the group messages with a key only known to the valid group members

4 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security4 Group Key Management Group key management –Ensure only valid group members have access to the group key –The REAL problem for secure group communication

5 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security5 Desired Properties of Group Key Management Group key secrecy –It is at least computationally infeasible for an adversary to discover any group key Forward secrecy –A passive adversary who knows a contiguous subset of old group keys cannot discover subsequent group keys –Do not confuse with PFS Backward secrecy –A passive adversary who knows a contiguous subset of group keys cannot discover preceding group keys Group key independence –The combination of forward and backward secrecy.

6 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security6 Statefule v.s. Stateless Stateful –Decryption of new key depends on previous keys –Group member should keep track of all rekeying messages –Members should be online Stateless –Decryption of new key depends on establishment key set that is assigned when member join –Group members don’t need to keep track of rekeying messages –Members can be offline

7 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security7 Types of Group Key Management Group key agreement –Group keys are determined collectively by all group members –Usually extended from D-H key exchange Group key distribution –Group keys are determined and distributed by a group key manager

8 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security8 CSC 774 Advanced Network Security Topic 5.1 Group Diffie-Hellman Protocols

9 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security9 Outline Review of the basic two-party D-H key exchange Generic n-party D-H key agreement Three specific protocols –GDH.1 –GDH.2 –GDH.3

10 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security10 Two-Party Diffie-Hellman Key Exchange AliceBob Pick secret S a randomly Compute T A = g S a mod p Send T A to Bob Compute T B S a mod p Pick secret S b randomly Compute T B = g S b mod p Send T B to Bob Compute T A S b mod p Shared key is reached at both parties: g S a S b mod p

11 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security11 Notations n: number of participants in the protocol –  : exponentiation base –q: order of the algebraic group –M i : i-th group member, i is the index –N i : random exponent generated by group member M i –S: subsets of {N 1, …, N n } –  (S): product of all elements in subset S –K n : group key shared among n members

12 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security12 Generic n-Party D-H Key Agreement Setup  All n participants agree on a cyclic group G, of order q and the base   Each member M i chooses a random value N i  G

13 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security13 Generic n-Party D-H Key Agreement (Cont’d) Generic Protocol:  Distributively revealing and computing a subset of {   (S) |S  {N 1, …, N n }}  From these subsets, member M i computes  N 1 … N i-1 N i+1 … N n mod q  Finally, M i computes the shared key K =  N 1 … N n mod q

14 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security14 Generic n-Party D-H Key Agreement (Cont’d) Security –The generic n-party D-H protocol is secure if the 2-party D-H protocol is security –Proof: by induction on n Remaining problem –Consider {   (S) |S  {N 1, …, N n }} –What (S) to distribute, and how?

15 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security15 GDH.1 Consists of an upflow stage and a downflow stage M1M1 M2M2 M3M3 MnMn … M1M1 M2M2 M3M3 MnMn … Upflow: Downflow:

16 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security16 GDH.1 (Cont’d)  Upflow  M i receives the set {  N 1,  N 1 N 2, …,  N 1 … N i-1 } and forwards to M i+1 {  N 1,  N 1 N 2, …,  N 1 … N i }, i  [1, n-1]  Example  M 4 receives the set {  N 1,  N 1 N 2,  N 1 N 2 N 3 }  and forwards to M 5 {  N 1,  N 1 N 2,  N 1 N 2 N 3,  N 1 N 2 N 3 N 4 }

17 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security17 GDH.1 (Cont’d) Downflow  M i uses the last intermediate value to compute K n (1<i<=n)  M i then raises all remaining values to the power of N i and forwards the resulting set to M i-1  Example  M 4 receives the set {  N 5,  N 1 N 5,  N 1 N 2 N 5,  N 1 N 2 N 3 N 5 }  and forwards to M 3 {  N 5 N 4,  N 1 N 5 N 4,  N 1 N 2 N 5 N 4 }

18 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security18 GDH.1 (Cont’d) How many rounds? –__________ How many messages in GDH.1? –__________ How many exponentiations per M i ? –__________ M1M1 M2M2 M3M3 MnMn … M1M1 M2M2 M3M3 MnMn … Upflow: Downflow:

19 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security19 GDH.2 Consists of an upflow stage and a broadcast stage –Use broadcast to reduce communication overhead M1M1 M2M2 M3M3 MnMn … M1M1 M2M2 M3M3 MnMn … Upflow: Broadcast:

20 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security20 GDH.2 (Cont’d)  Upflow  M i composes i intermediate values and one cardinal value and forwards the resulting set to M i+1 (i < n)  Example:  M 4 receives the set {  N 1 N 2 N 3,  N 1 N 2,  N 1 N 3,  N 2 N 3 }  and forwards to M 5 {  N 1 N 2 N 3 N 4,  N 1 N 2 N 3,  N 1 N 2 N 4,  N 1 N 3 N 4,  N 2 N 3 N 4 }

21 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security21 GDH.2 (Cont’d) Downflow  M n raises every intermediate value to the power of N n broadcasts the resulting values to all group members, in another word  M n broadcasts the set {  N 1 … N i-1 N i+1 … N n } to M i (i < n)  Example  M 4 receives the set {  N 1 N 2 N 3 N 5 } from M 5 (Assume n=5)

22 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security22 GDH.2 (Cont’d) How many rounds? –__________ How many messages in GDH.2? –__________ How many exponentiations per M i ? –__________ M1M1 M2M2 M3M3 MnMn … M1M1 M2M2 M3M3 MnMn … Upflow: Broadcast:

23 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security23 GDH.3 Consists of an upflow stage, a broadcast stage, a response stage, and final broadcast stage –Reduce the number of exponentiations per group member. M1M1 M2M2 M3M3 M n-1 … M1M1 M2M2 M3M3 … Upflow: Broadcast: M1M1 M2M2 M3M3 MnMn … M1M1 M2M2 M3M3 Response: MnMn

24 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security24 GDH.3 (Cont’d)  Upflow  M i (i  [1, n-2]) receives  N 1 … N i-1, and  forwards to M i+1  N 1 … N i,  Broadcast  M n-1 broadcasts  N 1 … N n-1 to M i (i  n-1)

25 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security25 GDH.3 (Cont’d)  Response  M i (i < n) factors out its own component and forwards  N 1 … N i-1 N i+1 … N n-1 to M n  Broadcast  M n raises every input to the power of N n and broadcasts the resulting set {  N 1 … N i-1 N i+1 … N n } to M i (i < n)

26 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security26 GDH.3 (Cont’d) How many rounds? –__________ How many messages in GDH.2? –__________ How many exponentiations per M i ? –__________

27 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security27 Comparison GDH.1 GDH.2 GDH.3 Rounds 2(n-1) n n+1 Messages 2(n-1) n 2n-1 Total message size n(n-1) (n-1)(n/2+2)-1 3(n-1) Exp ops per M i i+1, n i+1, n 4, 2, n Total exp ops (n+3)n/2-1 (n+3)n/2-1 5n-6

28 Computer Science Dr. Peng NingCSC 774 Adv. Net. Security28 Alteration of Group Membership GDH.1 does not support efficient member addition/deletion. GDH.2 & GDH.3 –Member addition Consider the new member as the new M n+1 –Member deletion M n regenerates its secret N n and re-executes the protocol from the second stage.

Download ppt "Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management."

Similar presentations

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 4.2 BiBa.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
Secure Multiparty Computations on Bitcoin

Secure Multiparty Computations on Bitcoin
Pairwise Key Agreement in Broadcasting Networks - 2005.11.11 - Ik Rae Jeong.

Pairwise Key Agreement in Broadcasting Networks Ik Rae Jeong.
ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.

ECE454/CS594 Computer and Network Security Dr. Jinyuan (Stella) Sun Dept. of Electrical Engineering and Computer Science University of Tennessee Fall 2011.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
1 Performance Char’ of Region- Based Group Key Management --- in Mobile Ad Hoc Networks --- by Ing-Ray Chen, Jin-Hee Cho and Ding-Chau Wang Presented by.

1 Performance Char’ of Region- Based Group Key Management --- in Mobile Ad Hoc Networks --- by Ing-Ray Chen, Jin-Hee Cho and Ding-Chau Wang Presented by.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 3.3: Fair Exchange.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 3.3: Fair Exchange.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Preparation for In-class Presentations.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Preparation for In-class Presentations.
Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.

Authentication and Digital Signatures CSCI 5857: Encoding and Encryption.
1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU.

1 Asynchronous Broadcast Protocols in Distributed System Oct. 10, 2002 JaeHyrk Park ICU.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 7. Wireless Sensor Network Security.
KAIS T Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups IEEE/ACM Trans. on Netw., Vol. 14, No. 2, April 2006.

KAIS T Distributed Collaborative Key Agreement and Authentication Protocols for Dynamic Peer Groups IEEE/ACM Trans. on Netw., Vol. 14, No. 2, April 2006.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.

CSCE 715 Ankur Jain 11/16/2010. Introduction Design Goals Framework SDT Protocol Achievements of Goals Overhead of SDT Conclusion.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Similar presentations

Ads by Google