weichao wang, bharat bhargava youngjoo, shin
DESCRIPTION
Contents Introduction Assumptions Straight forward approach New approach Secure group communication Key update during group changes Discussions Conclusions Key Distribution and Update for Secure Inter-group Multicast CommunicationTRANSCRIPT
KAIST
Key Distribution and Update for Secure Inter-group Multicast Communication
Weichao Wang, Bharat Bhargava
Youngjoo, Shin2006.09.12
22/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Contents
IntroductionAssumptionsStraight forward approachNew approach
Secure group communicationKey update during group changes
DiscussionsConclusions
33/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Introduction
Secure multicast has become an important component of many applications in wireless networksTwo types of group communications
Intra-group communicationInter-group communication
This paper proposes a mechanism of key distribution and update for secure group communication
Intra-group communication Inter-group communication
44/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Assumptions
Network and communication modelThe links among wireless nodes are bidirectionalTwo neighboring nodes can always send packets to each otherA centralized group manager (GM) is in charge of key distribution and key update
Threat modelEavesdroppingImpersonationBackward secrecyForward secrecy
55/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
EPubG2(M)
Straight forward approach
GM deploys a public-private key pair for each group
G1 G2 G3
GM
PubG2
PubG3
PriG1
PubG1
PubG3
PriG2
PubG1
PubG2
PriG3
EPriG1(M)
66/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Straight forward approach
Three major disadvantagesThe public-private key encryption involves exponential computation
Not efficient for a wireless node
The GM will be overwhelmed by the computation overhead for generating secure public-private key pairs when a group changes
An attacker can easily impersonate another nodeSince the public keys are known to every node
77/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
New approach
Symmetric keys are used to protect the multicast traffic in intra-group communication
Polynomials are adopted to determine the keys to protect inter-group communication
Flat tables are adopted to distribute keys via broadcast when a group changes
88/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Secure group communication
Intra-group communication
i
G2
GM
Ki-GM - pairwise key shared between node i and the GMK2 - group key shared by members of G2
EKi-GM(K2)
j
EKj-GM(K2)
k
EKk-GM(K2)EK2(M)
EK2(M)
99/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Secure group communication
Inter-group communication
h(x) - t-degree polynomial to determine the keys for decrypting the multicast traffic from other group h(i) - personal key share to encrypt multicast traffic sent to the other group
j k
G1 G2 G3
GM
h12(x)h13(x)h21(j)h31(j)
Eh21(j)(M)i
h21(x)h23(x)h12(i)h32(i)
h31(x)h32(x)h13(k)h23(k)
Dh21(j)(Eh21(j)(M))
1010/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Secure group communication
Secret keys held by node i in group G2 and their usage
1111/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Secure group communication
Secret key refreshment using the flat tableFlat table
Consists of 2r keysr : the number of bits that are required to represent a node ID (r=┌log2n┐)
E.g., (z1.0, z1.1, z2.0, z2.1, … , zr.0, zr.1)
Every group has its own flat table
Every node has a set of keys in the flat table for its groupE.g., If r=4, a node ID with 10 can be represented as (1010)2
Flat table : (z1.0, z1.1, z2.0, z2.1, z3.0, z3.1, z4.0, z4.1)
The node has a set of keys (z1.1, z2.0, z3.1, z4.0)
Every pair of nodes in the same group must have at least one different keyBecause every node has a unique ID E.g., a node ID with 10 has a set of keys (z1.1, z2.0, z3.1, z4.0) a node ID with 11 has a set of keys (z1.1, z2.0, z3.1, z4.1)
1212/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Secure group communication
Secret key refreshment (Cont’d)The flat table has brought two features
Only one node in a group can decrypt the messageNode i will have the keys (z1.i1, z1.i2, z2.i3, z2.i4, … , zr.ir)
can be decrypt by only node I
All the nodes but one node can decrypt the messageNode i will have the keys (z1.i1, z1.i2, z2.i3, z2.i4, … , zr.ir)
can be decrypt by all the nodes but node i
1313/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Key update during group changes
Group joining operations
a
G1
GM
EK1(K’1)
b
EK1(K’1)
c
EK1(K’1)
i
Step1. Update group key K1
1414/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Key update during group changes
Group joining operations
a
G1
GM
M
b
c
i
Step2. Update the new flat table for group G1
M
M
M :
1515/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Key update during group changes
Group joining operations
a
G1
GM
b
c
i
Step3. Update the polynomials for inter-group communication
EK1(h’12(x), h’13(x))
M
M
M
M :
1616/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Key update during group changes
Group joining operations
a
G1
GM
b
c
i
Step4. GM distributes the keys to node i
EK1-GM(K’1, h’12(x), h’13(x), z’1.i1,…z’r.ir)
1717/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Key update during group changes
Group leaving operations
a
G2
GM
b
c i
Step1. Update group key K2
M MM
M
M :
1818/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Key update during group changes
Group leaving operations
a
G2
GM
b
c i
Step2. Update the new flat table for group G2
M :
M MM
M
1919/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Key update during group changes
Group leaving operations
a
G2
GM
b
c i
Step3. Update the polynomials for inter-group communication
M :
M MM
M
EK’2(h’21(x), h’23(x))
2020/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Discussions
Overhead
Compared to the group changes, the encryption and decryption of the traffics happen much more frequently
Additional transmission overhead for key refreshment is totally paid off
The adoption of polynomials enables the distribution of personal key shares
Difficult for an attacker to impersonate another node
When a node changes its group, new keys must be established by the group manager
Much efficient to choose several t-polynomials
2121/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Conclusions
Adopts polynomials to support the distribution of personal key shares
Employ flat tables to achieve efficient key refreshment
Reduces the computation overhead to process the packets
Becomes more difficult for an attacker to impersonate another node
2222/22/22Key Distribution and Update for Secure Inter-group Multicast Communication
Question?