220 likes | 324 Vues
Key Distribution and Update for Secure Inter-group Multicast Communication. Weichao Wang, Bharat Bhargava Youngjoo, Shin 2006.09.12. Contents. Introduction Assumptions Straight forward approach New approach Secure group communication Key update during group changes Discussions
E N D
Key Distribution and Update for Secure Inter-group Multicast Communication Weichao Wang, Bharat Bhargava Youngjoo, Shin 2006.09.12
Contents • Introduction • Assumptions • Straight forward approach • New approach • Secure group communication • Key update during group changes • Discussions • Conclusions Key Distribution and Update for Secure Inter-group Multicast Communication
Introduction • Secure multicast has become an important component of many applications in wireless networks • Two types of group communications • Intra-group communication • Inter-group communication • This paper proposes a mechanism of key distribution and update for secure group communication Intra-group communication Inter-group communication Key Distribution and Update for Secure Inter-group Multicast Communication
Assumptions • Network and communication model • The links among wireless nodes are bidirectional • Two neighboring nodes can always send packets to each other • A centralized group manager (GM) is in charge of key distribution and key update • Threat model • Eavesdropping • Impersonation • Backward secrecy • Forward secrecy Key Distribution and Update for Secure Inter-group Multicast Communication
Straight forward approach • GM deploys a public-private key pair for each group GM PubG2PubG3PriG1 PubG1PubG2PriG3 PubG1PubG3PriG2 EPubG2(M) EPriG1(M) G1 G2 G3 Key Distribution and Update for Secure Inter-group Multicast Communication
Straight forward approach • Three major disadvantages • The public-private key encryption involves exponential computation • Not efficient for a wireless node • The GM will be overwhelmed by the computation overhead for generating secure public-private key pairs when a group changes • An attacker can easily impersonate another node • Since the public keys are known to every node Key Distribution and Update for Secure Inter-group Multicast Communication
New approach • Symmetric keys are used to protect the multicast traffic in intra-group communication • Polynomials are adopted to determine the keys to protect inter-group communication • Flat tables are adopted to distribute keys via broadcast when a group changes Key Distribution and Update for Secure Inter-group Multicast Communication
Secure group communication • Intra-group communication GM EKi-GM(K2) EKj-GM(K2) EK2(M) i j EK2(M) EKk-GM(K2) k G2 Ki-GM - pairwise key shared between node i and the GM K2 - group key shared by members of G2 Key Distribution and Update for Secure Inter-group Multicast Communication
Secure group communication • Inter-group communication GM h12(x)h13(x)h21(j)h31(j) h21(x)h23(x)h12(i)h32(i) h31(x)h32(x)h13(k)h23(k) Dh21(j)(Eh21(j)(M)) j i k Eh21(j)(M) G1 G2 G3 h(x) - t-degree polynomial to determine the keys for decrypting the multicast traffic from other group h(i) - personal key share to encrypt multicast traffic sent to the other group Key Distribution and Update for Secure Inter-group Multicast Communication
Secure group communication • Secret keys held by node i in group G2 and their usage Key Distribution and Update for Secure Inter-group Multicast Communication
Secure group communication • Secret key refreshment using the flat table • Flat table • Consists of 2r keys • r : the number of bits that are required to represent a node ID (r=┌log2n┐) • E.g., (z1.0, z1.1, z2.0, z2.1, … , zr.0, zr.1) • Every group has its own flat table • Every node has a set of keys in the flat table for its group • E.g., If r=4, a node ID with 10 can be represented as (1010)2 • Flat table : (z1.0, z1.1, z2.0, z2.1, z3.0, z3.1, z4.0, z4.1) • The node has a set of keys (z1.1, z2.0, z3.1, z4.0) • Every pair of nodes in the same group must have at least one different key • Because every node has a unique ID • E.g., a node ID with 10 has a set of keys (z1.1, z2.0, z3.1, z4.0) a node ID with 11 has a set of keys (z1.1, z2.0, z3.1, z4.1) Key Distribution and Update for Secure Inter-group Multicast Communication
Secure group communication • Secret key refreshment (Cont’d) • The flat table has brought two features • Only one node in a group can decrypt the message • Node i will have the keys (z1.i1, z1.i2, z2.i3, z2.i4, … , zr.ir) • can be decrypt by only node I • All the nodes but one node can decrypt the message • Node i will have the keys (z1.i1, z1.i2, z2.i3, z2.i4, … , zr.ir) • can be decrypt by all the nodes but node i Key Distribution and Update for Secure Inter-group Multicast Communication
Key update during group changes • Group joining operations GM EK1(K’1) EK1(K’1) a b i EK1(K’1) c G1 Step1. Update group key K1 Key Distribution and Update for Secure Inter-group Multicast Communication
Key update during group changes • Group joining operations GM M : M M a b i M c G1 Step2. Update the new flat table for group G1 Key Distribution and Update for Secure Inter-group Multicast Communication
Key update during group changes • Group joining operations GM M : EK1(h’12(x), h’13(x)) M M a b i M c G1 Step3. Update the polynomials for inter-group communication Key Distribution and Update for Secure Inter-group Multicast Communication
Key update during group changes • Group joining operations GM EK1-GM(K’1, h’12(x), h’13(x), z’1.i1,…z’r.ir) a b i c G1 Step4. GM distributes the keys to node i Key Distribution and Update for Secure Inter-group Multicast Communication
Key update during group changes • Group leaving operations GM M : M M M M a b i c G2 Step1. Update group key K2 Key Distribution and Update for Secure Inter-group Multicast Communication
Key update during group changes • Group leaving operations GM M : M M M M a b i c G2 Step2. Update the new flat table for group G2 Key Distribution and Update for Secure Inter-group Multicast Communication
Key update during group changes • Group leaving operations GM M : EK’2(h’21(x), h’23(x)) M M M M a b i c G2 Step3. Update the polynomials for inter-group communication Key Distribution and Update for Secure Inter-group Multicast Communication
Discussions • Overhead • Compared to the group changes, the encryption and decryption of the traffics happen much more frequently • Additional transmission overhead for key refreshment is totally paid off • The adoption of polynomials enables the distribution of personal key shares • Difficult for an attacker to impersonate another node • When a node changes its group, new keys must be established by the group manager • Much efficient to choose several t-polynomials Key Distribution and Update for Secure Inter-group Multicast Communication
Conclusions • Adopts polynomials to support the distribution of personal key shares • Employ flat tables to achieve efficient key refreshment • Reduces the computation overhead to process the packets • Becomes more difficult for an attacker to impersonate another node Key Distribution and Update for Secure Inter-group Multicast Communication
Question? Key Distribution and Update for Secure Inter-group Multicast Communication