Presentation is loading. Please wait.

Presentation is loading. Please wait.

Establishment of Conference Keys in Heterogeneous Networks Wade Trappe, Yuke Wang, K. J. Ray Liu 2002. ICC 2002. IEEE International Conference.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Establishment of Conference Keys in Heterogeneous Networks Wade Trappe, Yuke Wang, K. J. Ray Liu 2002. ICC 2002. IEEE International Conference."— Presentation transcript:

1 Establishment of Conference Keys in Heterogeneous Networks Wade Trappe, Yuke Wang, K. J. Ray Liu 2002. ICC 2002. IEEE International Conference

2 Outline INTRODUCTION GROUP DH (Diffie-Hellman) OVERVIEW CONFERENCE TREES AND GROUP KEYS COMPUTATIONAL CONSIDERATIONS  Minimizing Total Cost  Budget Constraints CONCLUSIONS

3 INTRODUCTION In order to secure communication amongst members of a conference, a secret shared by all group members must be established. In many cases, however, it is not possible to have a third party arbitrate the establishment of a group key. In these cases, the group members make independent contributions to the formation of the group key, and the process of forming the key is called key agreement. Typically, these conference key establishment schemes seek to minimize either the amount of rounds needed in establishing the group key, or the size of the message. In heterogeneous networks, many conferences have participants of varying computational power and resources.

4 INTRODUCTION In some applications, one should aim to minimize a cost function that incorporates the different costs of each user. Key establishment schemes that consider users with varying costs or budgets are designed by appropriately choosing the conference tree. Using the two-party Diffie-Hellman protocol as the basic building block, we can establish a group key by forming intermediate keys for successively larger subgroups.

5 GROUP DH (Diffie-Hellman) OVERVIEW The Diffie-Hellman key agreement protocol was developed by Diffie and Hellman in 1976 The protocol has two system parameters p and g. They are both public and may be used by all the users in a system Parameter p is a prime number and parameter g (usually called a generator) is an integer less than p, which is capable of generating every element from 1 to p-1 when multiplied by itself a certain number of times, modulo the prime p.

6 Example AliceBob Alice generates a random private value a Bob generates a random private value b. g a mod p g b mod p k ab =(g b ) a mod pk ba =(g a ) b mod p Since k ab =k ba =k, Alice and Bob now have a shared secret key k.

7 CONFERENCE TREES AND GROUP KEYS Fig. 1. The radix-2 butterfly scheme for establishing a group key for 8 users. (a) Without broadcasts, (b) Using broadcasts.

8 CONFERENCE TREES AND GROUP KEYS y = g α2α3 g α1y = g α1 g α2α3 u1u1 u2u2 u3u3

9 CONFERENCE TREES AND GROUP KEYS We define a conference tree to be a binary tree that describes the successive subgroups and intermediate keys that are formed an route to establishing the key for the entire group. Fig. 3. The conference tree for the radix-2 butterfly scheme

10 COMPUTATIONAL CONSIDERATIONS In many application environments the users will have varying amounts of computational resources available. It is important to study the problem of efficiently establishing a conference key while considering the varying user costs. We present methods for designing the conference tree used in establishing the group secret. We study two problems: minimizing the total cost in establishing a group key, and the feasibility of establishing the group key in the presence of budget constraints.

11 Minimizing Total Cost assume that we have n users, and that each user u j has a cost w j associated with performing one two-party Diffie-Hellman protocol. Huffman coding produces the conference tree that minimizes the cost.

12 Example Consider a group of 8 users with costs w1 = 28, w2 = 25, w3 = 20, w4 = 16, w5 = 15, w6 = 8, w7 = 7, and w8 = 5. 57 8 201615 25 28 12 20 40 31 5371 124 The corresponding length vector is l* = (2, 2, 3, 3, 3, 4, 5, 5), and the total cost is 351.

13 Budget Constraints In many cases, the devices wishing to establish a conference key might have a limited budget to spend. The optimal conference key tree assignment results from Huffman coding might assign more computation to some users than they are capable of performing, while assigning less computation to other users than they are capable of performing. In these cases, rather than minimize the total cost, one wants to ensure that one can first establish the group key, and then consider reducing the total amount of computation as a secondary issue.

14 Budget Constraints b j : The amount of two-party Diffie-Hellman key establishment protocols that he is willing to participate in when establishing the group key. Lemma :

15 Budget Constraints A consequence of this is that if we subtract 1 from one of the b j then choosing the largest b j least affects  2 -b j.

16 Example suppose n = 8 and that the initial budget is b = (1,3, 3, 4, 5, 5, 6, 8). b = (1,3, 3, 4, 5, 5, 6, 7)b = (1,3, 3, 4, 5, 5, 6, 6)b = (1,3, 3, 4, 4, 4, 5, 5) 過了幾輪之後 …

17 CONCLUSIONS In this paper we have studied the problem of establishing conference keys when the users have different cost profiles or different budget constraints. It was shown that the users can use the two-party Diffie-Hellman protocol as a primitive for building a procedure that produces a group key. A binary tree, called the conference tree, governs the order in which the subgroups combine and this observation allows for determining procedures using Huffman coding that establish the group key and minimize the total user cost. In order for the group to establish a key, it is necessary that the budget vector satisfy the Kraft Inequality.

Download ppt "Establishment of Conference Keys in Heterogeneous Networks Wade Trappe, Yuke Wang, K. J. Ray Liu 2002. ICC 2002. IEEE International Conference."

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.

Diffie-Hellman Diffie-Hellman is a public key distribution scheme First public-key type scheme, proposed in 1976.
1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.

1 Key Exchange Solutions Diffie-Hellman Protocol Needham Schroeder Protocol X.509 Certification.
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,

Further improvement on the modified authenticated key agreement scheme Authors: N.Y. Lee and M.F. Lee Source: Applied Mathematics and Computation, Vol.157,
Cryptography and Network Security

Cryptography and Network Security
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
Bounds on Code Length Theorem: Let l ∗ 1, l ∗ 2,..., l ∗ m be optimal codeword lengths for a source distribution p and a D-ary alphabet, and let L ∗ be.

Bounds on Code Length Theorem: Let l ∗ 1, l ∗ 2,..., l ∗ m be optimal codeword lengths for a source distribution p and a D-ary alphabet, and let L ∗ be.
Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.

Public-key based. Public-key Techniques based Protocols –may use either weak or strong passwords –high computation complexity (Slow) –high deployment.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.

CS555Spring 2012/Topic 161 Cryptography CS 555 Topic 16: Key Management and The Need for Public Key Cryptography.
YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.

YSLInformation Security -- Public-Key Cryptography1 Elliptic Curve Cryptography (ECC) For the same length of keys, faster than RSA For the same degree.
1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.

1 Authenticated key agreement without using one-way hash functions Harn, L.; Lin, H.-Y. Electronics Letters, Volume: 37 Issue: 10, 10 May 2001 Presented.
Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.

Elliptic Curve Cryptography (ECC) Mustafa Demirhan Bhaskar Anepu Ajit Kunjal.
1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.

1 Security analysis of an enhanced authentication key exchange protocol Authors : H.Y. Liu, G.B. Horng, F.Y. Hung Presented by F.Y. Hung Date : 2005/5/20.
A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.

A Secure Fault-Tolerant Conference- Key Agreement Protocol Wen-Guey Tzeng Source : IEEE Transactions on computers Speaker : LIN, KENG-CHU.
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.

Introduction to Modern Cryptography Lecture 5 Number Theory: 1. Quadratic residues. 2. The discrete log problem. Intro to Public Key Cryptography Diffie.

Similar presentations

Ads by Google