1 / 24

Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication

Performance 2002 in Rome. Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication. C. Zhang*, B. DeCleene + , J. Kurose*, D. Towsley*. * Dept. Computer Science University of Massachusetts/Amherst Amherst MA USA + ALPHATECH Burlington MA USA. Overview.

binta
Télécharger la présentation

Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Performance 2002 in Rome Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene+, J. Kurose*, D. Towsley* * Dept. Computer Science University of Massachusetts/Amherst Amherst MA USA + ALPHATECH Burlington MA USA

  2. Overview • introduction: hierarchical key management in a mobile environment • four key management algorithms • performance models • results • summary

  3. Scenario: many mobile nodes requiring encrypted communication symmetric data key used for encryption rekey when member joins domain (backward confidentiality) rekey when member leaves domain (forward confidentiality) Scalable, Secure Group Management DKD AKD 1 AKD 3 AKD 7 AKD 8 … … Q: How to perform scalable rekeying given mobility?

  4. AKD 1 AKD 3 AKD 7 AKD 8 join leave transfer Efficient, scalable, secure group management DKD … … • Hierarchical key distribution: domain divided into areas • area key distributor (AKD) distributes data key within area • per-area key to encrypt rekeying within area • exploit multicast communication within area • Q:key management given mobility in/out/among areas

  5. Overview • introduction: hierarchical key distribution in a mobile environment • four key management algorithms • performance models • results • summary and future work

  6. move • performance degradation: multiple data keys sent to an AS ( …) SR: Static Rekeying AKD AKD data key • inter-AS communication during rekeying: inter-AS multicast AS 1 AS 2 Static (SR) • node always belongs to same area

  7. leave join transfer • inter-area-transfer implemented as domain leave/join • domain leave: area key rekey, data key rekey • domain join : area key rekey, data key rekey BR: Baseline Rekeying AKD AKD data key AS 2 AS 1 Baseline Rekeying (BR) • AS = area • move between ASs = transition between areas

  8. IR: Immediate Rekeying AKD AKD data key Immediate Rekeying (IR) • no data key rekeying during transition • area keys ( ) are rekeyed AS 2 AS 1 leave join transfer • credentials passed between AKDs to implement transfer of security relationship

  9. transfer • no area key rekeying when transferring out • mobile holds area keys while moving within domain • no area key rekey for visit other than 1st time FEDRP: First Entry Delayed Rekey (Periodic) AKD AKD data key AS 2 AS 1 First Entry Delayed Rekey (FEDRP) • area key rekeyed only on first entry to area and domain leave holding the area key • periodic rekey (optional): bound outside member area key holding time

  10. Overview • introduction: hierarchical key distribution in a mobile environment • four key management algorithms • performance models • results • summary and future work

  11. Analysis Overview Modeling approach: • M areas • Poisson arrivals () of new members to domain • exponential sojourn time within AS • inter-AS member mobility: Markov process Performance metrics: • communication: • key-related msg rate within AS i • key-related msg rate out of AS i • computation: area key rekey rate • security: #(area keys) held by area member

  12. Analysis Details • model each AS as M/M/∞ queue • 1/i(i {1,…,M}) : average sojourn time in AS i per visit • state i(i {1,…,M}) : inside domain, in AS i state M+1: outside domain • P = [pi,j] (i,j {1,…,M+1}) : state transition probability •  = [i ] (i {1,…,M}) : area key periodic rekey interval (FEDRP) • compute occupancy probabilities for AS i • achieve performance metric of interest

  13. Analysis Summary: • SR, BR, IR • closed form solutions • FEDRP • further assumptions needed: (domain leave and period rekey) area rekeying is Poisson • solved as a fixed point problem • validated by DaSSF simulator

  14. Overview • introduction: hierarchical key distribution in a mobile environment • four key management algorithms • performance models • results • summary

  15. 10m Foot Urban 100m Foot Urban HWY 1km Urban HWY Foot Message Rate within an AS M=16, =100, 1/ = 1, HOMOGEMEOUS FEDRP(1/δ=0): smallest msg rate, except with high mobility

  16. Message Rate out of an AS SR: higher inter-AS communication

  17. 1200=2*100+1000 300=2*100+100 200=2*100+0 Area Key Rekey Rate FEDRP: rekey rate bounded by 2+1/i

  18. Average #Area Keys held by a member FEDRP: # area keys held small except with high mobility

  19. A B B A B C C B B C C B A B B A Heterogeneous Case : 2D Random Walk • thus far: “transporter” mobility model - member can move directly from any AS to any other AS • 2D random walk: only move to neighboring AS IR FEDRP • same trend as homogeneous case • small difference among areas

  20. Summary performance analysis of four inter-area rekey algorithms addressing the mobility issue • analytic performance models • modeling heterogeneous mobility such as “2D random walk” • FEDRP has lowest communication costs, and low computation costs • FEDRP allows to hold small number of area keys • SR performs better in highly mobile scenarios • cost: higher inter-AS communication

  21. Thanks

  22. Applications • large scale military • law enforcement • disaster recovery • business

  23. Future Work • data throughput • impact of loss and latency • authentication overhead • effect of LKH

  24. Thanks

More Related