290 likes | 552 Vues
Current Trends in Theory and Practice of Computer Science. Efficient Group Key Agreement for Dynamic TETRA Networks. Su Youn Lee , Su Mi Lee and Dong Hoon Lee 2007.1.24. Baekseok College of Cultural Studies GSIS Korea University. Agenda. TETRA Networks Efficient Group Key Agreement for
E N D
Current Trends in Theory and Practice of Computer Science Efficient Group Key Agreement for Dynamic TETRA Networks Su Youn Lee, Su Mi Lee and Dong Hoon Lee2007.1.24 Baekseok College of Cultural StudiesGSIS Korea University
Agenda • TETRA Networks • Efficient Group Key Agreement for Dynamic TETRA Networks (AGKA); - Background and Motivation - Set up, Join and Leave Algorithms
What is TETRA? • TErrestrial Trunked RAdio (TETRA) is a new digital transmission standard developed by ETSI and it is becoming the system for public safety organisation TETRA GSM Mobile Radio Mobile Data UMTS Mobile Telephony DECT
PABX, PSTN, ISDN Intranet / Internet Other TETRA network What is TETRA? • Architecture Network Management Line Dispatcher SwMI IP gateway, Firewall
TETRA Security Mechanisms Air Interface Encryption Securing the link between a handset and the network Key Management Center Controlled emission of keys, enabling decentralized authorisation and enforcing the high security level. End-to-End Encryption Securing the communication across a network, independent of the switching infrastructure
TETRA Security Mechanisms • Authentication SwMI Authentication Centre (AuC) k Session authentication keys Switch 1 Switch 2 Challenge and response from Switch MS Authentication • Authentication provides proof identity of all MS in TETRA network • AuC securely send session authentication key to Switch1 and should storage secret key. - Secret key need never be exposed • All MS and AuC operate mutual authentication using secret key K
Authentication process SwMI Mobile Station K Random Seed (RS) K RS Rand TA11 KS Rand RS TA12 TA12 TA11 KS (Session authentication key) DCK, XRES RES DCK RES RES ≠XRES
Air Interface Keys • Derived Cipher Key (DCK) derived from authentication procedure. • Common Cipher Key(CCK) generated by the SwMI and distributed to all MS. • Group Cipher Key(GCK) linked to a specific closed MS group. • Static Cipher Key(SCK) is a predetermined key
K2 Key Management Mechanism SwMI GCK=fn(K1) GCK=fn(K3) GCK=fn(K4) GCK=fn(K2) CCK’=fn(DCK3) CCK’=fn(DCK4) CCK=fn(DCK1) CCK=fn(DCK2) GCK Group call1 Group call2 CCK’ CCK K4 DCK3 DCK4 K3 DCK1 K1 DCK2 MGCK’=fn(GCK, CCK’) MGCK=fn(GCK, CCK)
Over the Air Re-Keying (OTAR) KSO (GSKO) DCK GCK CCK SwMI AI CCK GCK MS DCK KSO (GSKO) MGCK CCK
Efficient Group Key Agreement for Dynamic TETRA Networks (AGKA);- Background and Motivation
Background and Motivation • Group Key Agreement • MS communicating over a public, easily- monitored network • MS needs to establish a common secret key (session key) to secure communication • Group Key Agreement Protocol sk sk sk sk
adversary Background and Motivation • Authenticated Group Key Agreement (AGKA) • AGKA guarantees security against an active adversary who can modify, insert or remove messages • For providing authentication, we can construct AGKA based on PW or signature
Background and Motivation • In AGKA, there are two concerns with regard to efficiency : Communication and Computation efficiency • Communication Efficiency • the number and length of messages • few rounds • Computation Efficiency • needs to complete the protocol • depends on the cryptographic algorithms
Background and Motivation • AGKA for Dynamic TETRA networks • Provides Setup, Leave and Join Algorithms • In a Leave event, removing MS do not know new sk’ • Forward Secrecy
Background and Motivation • AGKA for Dynamic TETRA networks • In Join event, joining MS do not know previous sk • Backward Secrecy
An Efficient Group Key Agreement for Dynamic TETRA Networks (AGKA);- Set up, Join and Leave Algorithms
KEK3 KEK4 KEK2 An Efficient AGKA • Setup SwMI KEK1
KEK3 KEK4 KEK2 An Efficient AGKA • Setup : Group Key Computation Process KEK1
An Efficient AGKA • Setup; • Security • MS verifies signature of SwMI • Assume that a signature scheme is secure • All signature cannot be used twice • Only MS who knows KEK can compute a group key • An adversary can not get any information about a group key from Zi-1,i • XOR Encryption Scheme
KEK3 KEK4 KEK5 KEK2 An Efficient AGKA • Join Algo. SwMI Joining MS5 KEK1
An Efficient AGKA • Join ; • Security • Backward Secrecy • Joining MS should not know a previous group key • Our scheme provides Backward Secrecy • All MS re-calculate T value using different session ID (Ij) per session • Although MS5 knows all T values in current session, MS5 does not compute a previous group key.
KEK3 Leaving MS3 KEK4 KEK2 An Efficient AGKA • Leave Algo. SwMI KEK1
An Efficient AGKA • Leave ; • Security • Forward Secrecy • Leaving MS should not know a current group key • Our scheme provides Forward Secrecy • Leaving MS3 knows all T values of previous session • All MS re-calculate T value using new session ID (Il) per session
An Efficient AGKA • Useful properties • Allows SwMI and MS to agree a group with low complexity • Needs only XOR operation dependent on a number of group MS • Construct a special AGKA scheme including join and leave algorithms
AGKA • AGKAprotocol • Security Theorem • # of send, execute queries :
Thank you ! • Questions? Comments? sylee@bcc.ac.kr.