240 likes | 364 Vues
Performance 2002 in Rome. Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication. C. Zhang*, B. DeCleene + , J. Kurose*, D. Towsley*. * Dept. Computer Science University of Massachusetts/Amherst Amherst MA USA + ALPHATECH Burlington MA USA. Overview.
E N D
Performance 2002 in Rome Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene+, J. Kurose*, D. Towsley* * Dept. Computer Science University of Massachusetts/Amherst Amherst MA USA + ALPHATECH Burlington MA USA
Overview • introduction: hierarchical key management in a mobile environment • four key management algorithms • performance models • results • summary
Scenario: many mobile nodes requiring encrypted communication symmetric data key used for encryption rekey when member joins domain (backward confidentiality) rekey when member leaves domain (forward confidentiality) Scalable, Secure Group Management DKD AKD 1 AKD 3 AKD 7 AKD 8 … … Q: How to perform scalable rekeying given mobility?
AKD 1 AKD 3 AKD 7 AKD 8 join leave transfer Efficient, scalable, secure group management DKD … … • Hierarchical key distribution: domain divided into areas • area key distributor (AKD) distributes data key within area • per-area key to encrypt rekeying within area • exploit multicast communication within area • Q:key management given mobility in/out/among areas
Overview • introduction: hierarchical key distribution in a mobile environment • four key management algorithms • performance models • results • summary and future work
move • performance degradation: multiple data keys sent to an AS ( …) SR: Static Rekeying AKD AKD data key • inter-AS communication during rekeying: inter-AS multicast AS 1 AS 2 Static (SR) • node always belongs to same area
leave join transfer • inter-area-transfer implemented as domain leave/join • domain leave: area key rekey, data key rekey • domain join : area key rekey, data key rekey BR: Baseline Rekeying AKD AKD data key AS 2 AS 1 Baseline Rekeying (BR) • AS = area • move between ASs = transition between areas
IR: Immediate Rekeying AKD AKD data key Immediate Rekeying (IR) • no data key rekeying during transition • area keys ( ) are rekeyed AS 2 AS 1 leave join transfer • credentials passed between AKDs to implement transfer of security relationship
transfer • no area key rekeying when transferring out • mobile holds area keys while moving within domain • no area key rekey for visit other than 1st time FEDRP: First Entry Delayed Rekey (Periodic) AKD AKD data key AS 2 AS 1 First Entry Delayed Rekey (FEDRP) • area key rekeyed only on first entry to area and domain leave holding the area key • periodic rekey (optional): bound outside member area key holding time
Overview • introduction: hierarchical key distribution in a mobile environment • four key management algorithms • performance models • results • summary and future work
Analysis Overview Modeling approach: • M areas • Poisson arrivals () of new members to domain • exponential sojourn time within AS • inter-AS member mobility: Markov process Performance metrics: • communication: • key-related msg rate within AS i • key-related msg rate out of AS i • computation: area key rekey rate • security: #(area keys) held by area member
Analysis Details • model each AS as M/M/∞ queue • 1/i(i {1,…,M}) : average sojourn time in AS i per visit • state i(i {1,…,M}) : inside domain, in AS i state M+1: outside domain • P = [pi,j] (i,j {1,…,M+1}) : state transition probability • = [i ] (i {1,…,M}) : area key periodic rekey interval (FEDRP) • compute occupancy probabilities for AS i • achieve performance metric of interest
Analysis Summary: • SR, BR, IR • closed form solutions • FEDRP • further assumptions needed: (domain leave and period rekey) area rekeying is Poisson • solved as a fixed point problem • validated by DaSSF simulator
Overview • introduction: hierarchical key distribution in a mobile environment • four key management algorithms • performance models • results • summary
10m Foot Urban 100m Foot Urban HWY 1km Urban HWY Foot Message Rate within an AS M=16, =100, 1/ = 1, HOMOGEMEOUS FEDRP(1/δ=0): smallest msg rate, except with high mobility
Message Rate out of an AS SR: higher inter-AS communication
1200=2*100+1000 300=2*100+100 200=2*100+0 Area Key Rekey Rate FEDRP: rekey rate bounded by 2+1/i
Average #Area Keys held by a member FEDRP: # area keys held small except with high mobility
A B B A B C C B B C C B A B B A Heterogeneous Case : 2D Random Walk • thus far: “transporter” mobility model - member can move directly from any AS to any other AS • 2D random walk: only move to neighboring AS IR FEDRP • same trend as homogeneous case • small difference among areas
Summary performance analysis of four inter-area rekey algorithms addressing the mobility issue • analytic performance models • modeling heterogeneous mobility such as “2D random walk” • FEDRP has lowest communication costs, and low computation costs • FEDRP allows to hold small number of area keys • SR performs better in highly mobile scenarios • cost: higher inter-AS communication
Applications • large scale military • law enforcement • disaster recovery • business
Future Work • data throughput • impact of loss and latency • authentication overhead • effect of LKH