1 / 0

Self-Healing in Wireless Networks

Self-Healing in Wireless Networks. The self-healing property is expected in many aspects in wireless networks: Encryption algorithms Key distribution mechanisms System protection. Overview of the DES. A block cipher: encrypts blocks of 64 bits using a 64 bit key

ova
Télécharger la présentation

Self-Healing in Wireless Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Self-Healing in Wireless Networks

  2. The self-healing property is expected in many aspects in wireless networks: Encryption algorithms Key distribution mechanisms System protection
  3. Overview of the DES A block cipher: encrypts blocks of 64 bits using a 64 bit key outputs 64 bits of ciphertext A product cipher basic unit is the bit performs both substitution and transposition (permutation) on the bits Cipher consists of 16 rounds (iterations), each with a 48-bit round key generated from the 64-bit key
  4. Generation of Round Keys Round keys are 48 bits each
  5. Encipherment
  6. The f Function
  7. S-Box There are eight S-Box, each maps 6-bit input to 4-bit output Each S-Box is a look-up table This is the only non-linear step in DES and contributes the most to its safety P-Box A permutation
  8. DES Modes Electronic Code Book Mode (ECB) Encipher each block independently Cipher Block Chaining Mode (CBC) Xor each plaintext block with previous ciphertext block Requires an initialization vector for the first one The initialization vector can be made public Encrypt-Decrypt-Encrypt Mode (2 keys: k, k) Encrypt-Encrypt-Encrypt Mode (3 keys: k, k, k)
  9. init. vector m1 m2 …   DES DES … c1 c2 … sent sent CBC Mode Encryption
  10. CBC Mode Decryption init. vector c1 c2 … DES DES …   m1 m2 …
  11. Self-Healing Property What will happen if a bit gets lost during transmission? All blocks will not be aligned When one bit in a block flipped, only the next two blocks will be impacted. Plaintext “heals” after 2 blocks
  12. Stateless and self-healing key distribution In wireless network, the packets can get lost because of various reasons We cannot encrypt the new key with the previous key Revocation capability: forward and backward secrecy Stateless and self-healing key distribution Resilient to collusion
  13. In secure multicast, group keys are updated periodically Reduce impacts of key compromise Adapt to group member changes How to distribute keys over unreliable channel Self-healing A user may recover the lost packet by combining information before and after the packet (imagine a sandwich)
  14. Approach: polynomial based t: resilience to collusion m: the number of sessions Rj: set of users that are revoked in session j Manager seeks to distribute group key and personal key to each user over a broadcast channel
  15. Approach 1: self healing but not revocation Generate 3m t-degree polys: H1 to Hm, L1 to Lm, and P1 to Pm Generate m session keys K1 to Km For session j, with both Pj and Kj, we can calculate Qj = Kj – Pj Every node i gets the values H1(i)+L1(i), H2(i)+L2(i), ---, Hm(i)+Lm(i)
  16. At session j, the manager broadcasts H1+P1, ---, H(j-1)+P(j-1), Hj+Pj, Lj+Qj, L(j+1)+Q(j+1), ---, Lm+Qm Every node i can evaluate Hj(i)+Lj(i)+Kj and recovers Kj At the same time, the node will get H1(i)+P1(i), H2(i)+P2(i), ---, H(j-1)(i)+P(j-1)(i), L(j+1)(i)+Q(j+1)(i), ---, Lm(i)+Qm(i) Self healing is possible since Kj = Pj(i)+Qj(i)
  17. Problem: We can easily add new nodes: just give it the values Hj(i)+Lj(i) However, we cannot kick nodes out: no revocation To support revocation, we cannot always use the same group of covering functions
  18. Revocation t-revocation capability Manager generates a large number N, and a t-degree bi-variate polynomial s(x, y) Every node gets N and s(i, i) We want to distribute f(i) to every node i if it is still in the group, where f(x) is a t-degree poly The group of revoked nodes are: w1, w2, ---, wt
  19. Manager broadcasts: f(x)+s(N, x) and {wj, s(wj, x)} (j=1 to t) For every non-revoked node i, it can calculate s(wj, i), which is a value on the polynomial s(x, i). It can get t shares. Together with s(i, i), it can recover s(x, i) Node i can calculate s(N, i), and recover f(i) All revoked nodes only get t shares, and cannot recover the polynomial
  20. Advantages Every node gets a personal key Can be combined with the self-healing approach The broadcast overhead is O(t^2), and has nothing to do with the size of the network Problem: we need t revoked nodes (or fake IDs)
  21. Efficient self-healing key distribution and revocation A novel personal key distribution approach Drastically reduce communication and storage overhead compared to the previous approach Still t revocation Still based on polynomials
  22. A personal key distribution mechanism For a t-degree poly f(x), we want to provide f(i) only to node i Each legal member gets a different personal key Revoked members cannot get their shares Through true broadcast Need a revocation poly and masking poly
  23. Notations: f(x): key share polynomial (t-degree) g(x): revocation polynomial (up to t degree) h(x): masking function (2t degree) Every node gets h(i) during initiation. Group manager broadcasts f(x) * g(x) + h(x) and the revoked nodes. Construct g(x) based on revoked nodes
  24. How does a legal node recover the personal key share? Why a revoked node cannot? It is robust against up to t colluders. Advantages: Communication overhead is only O(t) Storage overhead is constant Do not need fake IDs
  25. Self-healing with revocation capability Split each session key into two parts Support self-healing property
  26. If the network lifetime is m session We generate m(m+1) 2t-degree masking function hi,j(x). So every session we have m+1 masking function Each node v gets the values hi,j(v) during initiation For the session key Ki = pi(x) + qi(x), where p and q are t-degree polys
  27. In session j, the manager broadcasts The revoked set Rj gj(x) * pi(x) + hj, i(x) , i = 1 to j gj(x) * qi(x) + hj, i(x) , i = j to m Every non-revoked node v will recover p1(v) to pj(v), and qj(v) to qm(v) The revoked nodes cannot
  28. The nodes need to store m(m+1) values The broadcast message has the size of O(mt). And the previous approach has O(mt^2) Disadvantage The set of revoked nodes is monotonic.
  29. Reducing the storage overhead The previous approach needs m(m+1) masking functions, so every node needs to store m(m+1) values In fact, 2m masking functions are enough: m functions for the p share of the key, and m functions for the q share of the key
  30. Reducing communication overhead For short term network partition, we do not need the node to recover a key used long time ago.
More Related