Presentation is loading. Please wait.

Presentation is loading. Please wait.

Scalable and Reliable Key Distribution 1/ Ryuzou NISHI † † Institute of Systems & Information Technologies (ISIT)

Published byChristine Joseph Modified over 8 years ago

Similar presentations

Presentation on theme: "Scalable and Reliable Key Distribution 1/ Ryuzou NISHI † † Institute of Systems & Information Technologies (ISIT)"— Presentation transcript:

1 Scalable and Reliable Key Distribution 1/ Ryuzou NISHI † † Institute of Systems & Information Technologies (ISIT)

2 2/ Introduction Appearance of a large variety of application of an information and telecommunication e.g. Internet, Home automation, Sensor network, and so on In the conventional point-to-point communication, scalability is a issue. Broadcast communication is desired Issues of broadcast security 1. Communication reliability ・ Re-transmission request is a large load to transmitter ・ In a case of failure of receiving keys, it is impossible to decrypt following messages 2. Communication overhead frequent key-update cause communication overhead, and the overhead causes a degradation of communication reliability

3 Area : Key distribution for group key update in case of members' joining in or leaving from group in channel of poor quality, e.g. wireless, power line communication. Group key is used to encrypt or decrypt messages and is shared among all the members of a group. Goal : Reliable group key update where rekey message size is independent of group size, Introduction Our work

4 Previous Work scalability 4/ □ GKMP : Group Key Management Protocol Key server distributes an updated key to each member through unicast cannel O(N) □ LKH : Logical Key Hierarchy O(N) → O(log(N)) KdKd KeKe KfKf M1M1 M2M2 M3M3 M4M4 KbKb KaKa KcKc KgKg group key

5 Previous Work reliability 5/ □ FEC : Forward Error Correction In a sender, redundancy is added into an original data. If data error occur on the way, a receiver corrects the error. method coding gain BCH 2.1 dB Convolution 5.1 dB

6 Proposal : Basic idea □ Updated key is distributed by using Direct Sequence Spread Spectrum (DS-SS) communication scheme which spreading code are M-sequences (maximal-length sequences) 6/ 1 bit 1 period t ime Updated group key secret key M-sequence secret key ID shift multiplexer Updated group key M-sequence

7 Proposal : Cyclic shift M-sequence 7/ M-sequences 1 period M-sequences' auto- correlation curve i=j point M-sequences ( u 0,u 1, ・・・,u N- 1 ) Cyclic shift M-sequences U i = ( u i,u i+1, ・・・,u N-1, u 0, ・・・, u i- 1 ) A cross-correlation between U i and U j is maximum N at i=j, and -1 at i≠ j. And a cross-correlation between - U i and U j is maximum -N at i=j, and +1 at i≠ j. u i = +1 or -1 N: sequence's length

8 Proposal : Setup 8/ 1. The key server sends the secret key to each member in secure channel where secret key is depicted by GK digits and maximum number of each digit is N-1 2. The key server regroup all member into subgroups where the maximum number of members of each subgroup is N 3. The key server sends the M-sequences and ID(1,2,...,GK) Where a different subgroup uses a different M-sequence and each member of a same subgroup uses a different cyclic shift M- sequence generated from a same M-sequence. subgroup #1 subgroup #2 subgroup #Ns ・・・ M-seq.M 1 M-seq.M 2 M-seq.M Ns ID 1 ID 2 ID Ns Key server

9 9/ Proposal : Basic idea □ Updated key is distributed by using Direct Sequence Spread Spectrum (DS-SS) communication scheme which spreading code are M-sequences (maximal-length sequences) 1 bit 1period t ime Updated group key secret key M-sequence secret key ID shift multiplexer Updated group key M-sequence

10 Proposal : Secret key → M- sequence In the case that the number of k digit of member M1's secret key is i k, cyclic shift M-sequence ( u ik,u ik+1, ・・・,u N-1, u 0, ・・・, u ik-1 ) is generated by cyclically shifting M-sequence ( u 0,u 1, ・・・,u N-1 ) i k times. About each digit of the secret key, similar process are done. time M-seq. 1 period ( u i1,u i1+1, ・・・,u N-1, u 0, ・・・, u i1-1 ) 1 -st digit ( u iGK,u iGK+1, ・・・,u N-1, u 0, ・・・, u iGK-1 ) ・・・ GK-th digit M-seq. 1 period 10/

11 11/ Proposal : Basic idea □ Updated key is distributed by using Direct Sequence Spread Spectrum (DS-SS) communication scheme which spreading code are M-sequences (maximal-length sequences) 1 bit 1period t ime Updated group key secret key M-sequence secret key ID shift multiplexer Updated group key M-sequence

12 Proposal : ID shift and multiplier □ Sequence ( K id,K id+1, ・・・,K GK-1, K 0, ・・・,K id-1 ) is generated by cyclically shifting updated group key ( K 0,K 1, ・・・,K GK-1 ) id (value of ID) times. □ k-th value GK k (= +1or -1) of the sequence is multiplied with cyclic shift M-sequence ( u ik,u ik+1, ・・・,u N-1, u 0, ・・・,u ik-1 ) 12/ time GK 1 × ( u i1,u i1+1, ・・・,u N-1, u 0, ・・・, u i1-1 ) 1 -st digit GK Nr × ( u iNr,u iNr+1, ・・・,u N-1, u 0, ・・・, u iNr-1 ) ・・・ GK-th digit M-seq. 1 period

13 13/ Proposal : Basic idea □ Updated key is distributed by using Direct Sequence Spread Spectrum (DS-SS) communication scheme which spreading code are M-sequences (maximal-length sequences) 1 bit 1period t ime Updated group key secret key M-sequence secret key ID shift multiplexer Updated group key M-sequence

14 Proposal : Multiplexer □ Multiplier's outputs of all members are multiplexed as follows. For example, multiplexing of two members whose output sequence are U ( u 0,u 1, ・・・,u N- 1 ) and U' ( u' 0,u' 1, ・・・,u' N-1 ) output seq. U ( u 0,u 1, ・・・,u N-1 ) + output seq. U' ( u' 0,u' 1, ・・・,u' N-1 ) multiplexed seq. U+U' ( u 0 +u' 0, u 1 +u' 1, ・・・, u N-1 + u' N-1 ) 14/

15 Proposal : Decoding of group key 15/ ・・ ・ 2N length shift-register 2N length reference shift-register adder ・・ ・ sampler decoded GK received signal Group key bit can be decoded from the polarity of the adder’s output

16 Proposal : Decoding of group key 16/ ・・ ・ 2N length shift-register 2N length reference shift-register adder ・・ ・ sampler decoded GK received signal Decoder's output includes the following signals ・ auto-correlation ( this corresponds to sent group key ) ・ closs-correlation between cyclic shift M-sequences which shift times are different, but original M-sequence is same. ・ closs-correlation between different M-sequences

17 Proposal : Example of decoder's output 17/ Supportable group sizeGK k (+) 1bit quant. (+) 1bit quant.(-) 126 109 44 -126 -125 -188 19-15 25-9 127 ×2 127 ×3 group key size:128 bits 、 M-sequence size 127bit group size ( number of members ) rekey message size (bit) 3 ×127 128× 3 ×127 GKMP 128× 127 proposal 127 GK k (-) 127 ×4 GK k (+) : decoder’s output when polarity of the sent group key is plus(+) GK k ( - ) : decoder’s output when polarity of the sent group key is minus( - ) 1bit quant. (+) : multiplexer’s output is quantized by 1bit when polarity of the sent group key is plus(+) 1bit quant. ( - ) : multiplexer’s output is quantized by 1bit when polarity of the sent group key is plus( - ) The larger decoder‘s output absolute becomes, the stronger the immunity to the noise becomes.

18 Proposal : Reliability ・ Conventional approach ( approach using FEC without ARQ ) improved SNR ( by coding gain ) 5 dB ( coding ratio : 0.5 、 convolutional coding ) ・ Proposal improved SNR ( by despreading effect ) 16 dB ( = 10 * log(44) ) Criterion : improved SNR for required reliability (error rate) SNR : Signal to Noise Ratio 18/

19 Proposal : Security 19/ The proposal’s security is based on that member which should be revoked, does not know the number of times of the shift of cyclic shift M-sequences of other members Can an attacker know the number of times of the shift, if he know the original M-sequence and get the receiver? …No. Because the decoder output is multiplexed signal as follows. Only legitimate member who knows the number of times of the shift, can decode group key. Decoder output

20 Conclusion We propose the scalable and reliable key distribution scheme where rekey message size is indepedent of group size by using DS-SS communication scheme which spreading code is M-sequences including cyclic shift M-sequences. The proposal improves the reliability of key and reduces the rekey message size. 20/

Download ppt "Scalable and Reliable Key Distribution 1/ Ryuzou NISHI † † Institute of Systems & Information Technologies (ISIT)"

Similar presentations

A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
Spread Spectrum Chapter 7.

Spread Spectrum Chapter 7.
Spread Spectrum Chapter 7. Spread Spectrum Input is fed into a channel encoder Produces analog signal with narrow bandwidth Signal is further modulated.

Spread Spectrum Chapter 7. Spread Spectrum Input is fed into a channel encoder Produces analog signal with narrow bandwidth Signal is further modulated.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
Computer Networking Error Control Coding

Computer Networking Error Control Coding
1 Performance Char’ of Region- Based Group Key Management --- in Mobile Ad Hoc Networks --- by Ing-Ray Chen, Jin-Hee Cho and Ding-Chau Wang Presented by.

1 Performance Char’ of Region- Based Group Key Management --- in Mobile Ad Hoc Networks --- by Ing-Ray Chen, Jin-Hee Cho and Ding-Chau Wang Presented by.
1 Wireless Sensor Networks Akyildiz/Vuran Administration Issues  Take home Mid-term Exam  Assign April 2, Due April 7  Individual work is required 

1 Wireless Sensor Networks Akyildiz/Vuran Administration Issues  Take home Mid-term Exam  Assign April 2, Due April 7  Individual work is required 
2005/12/06OPLAB, Dept. of IM, NTU1 Optimizing the ARQ Performance in Downlink Packet Data Systems With Scheduling Haitao Zheng, Member, IEEE Harish Viswanathan,

2005/12/06OPLAB, Dept. of IM, NTU1 Optimizing the ARQ Performance in Downlink Packet Data Systems With Scheduling Haitao Zheng, Member, IEEE Harish Viswanathan,
CSE 461: Error Detection and Correction. Next Topic  Error detection and correction  Focus: How do we detect and correct messages that are garbled during.

CSE 461: Error Detection and Correction. Next Topic  Error detection and correction  Focus: How do we detect and correct messages that are garbled during.
Cellular Communications

Cellular Communications
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Digital Data Transmission ECE 457 Spring 2005. Information Representation Communication systems convert information into a form suitable for transmission.

Digital Data Transmission ECE 457 Spring Information Representation Communication systems convert information into a form suitable for transmission.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Coding and Error Control

Coding and Error Control
A Secure Network Access Protocol (SNAP) A. F. Al Shahri, D. G. Smith and J. M. Irvine Proceedings of the Eighth IEEE International Symposium on Computers.

A Secure Network Access Protocol (SNAP) A. F. Al Shahri, D. G. Smith and J. M. Irvine Proceedings of the Eighth IEEE International Symposium on Computers.
Chapter 11 Error-Control CodingChapter 11 : Lecture edition by K.Heikkinen.

Chapter 11 Error-Control CodingChapter 11 : Lecture edition by K.Heikkinen.
Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.

Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.
William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Error Control.

William Stallings Data and Computer Communications 7 th Edition (Selected slides used for lectures at Bina Nusantara University) Error Control.
Reliability and Channel Coding

Reliability and Channel Coding

Similar presentations

Ads by Google