1 / 33

國立中興大學 資訊管理學系 林詠章 博士

安全群播金鑰管理. 國立中興大學 資訊管理學系 林詠章 博士. Outline . Introduction Logical Key Hierarchy (LKH) Lightweight Prepositioned Secret Sharing Tree for Multicast Key Management A Star-based Architecture for Multicast Key Management without Rekeying Processes Conclusions. Introduction. sender.

charlesperez
Télécharger la présentation

國立中興大學 資訊管理學系 林詠章 博士

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. 安全群播金鑰管理 國立中興大學 資訊管理學系 林詠章 博士

  2. Outline • Introduction • Logical Key Hierarchy (LKH) • Lightweight Prepositioned Secret Sharing Tree for Multicast Key Management • A Star-based Architecture for Multicast Key Management without Rekeying Processes • Conclusions

  3. Introduction sender • Pay-per view, distance education, real-time stock information … Music, movie, image… C1 group M C2 Confidential message C3 nongroup member A secure group communications • Sending to n members: • computational cost : n transmission : n 3 • Group Communications 2020/1/6

  4. Logical Key Hierarchy (LKH) (1/4) D. Wallner, E. Harder, and R. Agee , " Key management for multicast: Issues and architectures," Tech. Rep. RFC 2627, Internet Engineering Task Force, June 1999. manage Group key(Traffic Encryption Key ,TEK) • Logical Key Hierarchy key server key server • Multicast session M confidential message Rekeying • Logical Key Hierarchy (LKH) proposed by Wallner et al. and Wong et al. in 1997 (NSA)

  5. Logical Key Hierarchy (LKH) (2/4) • Rekeying session- member u9 leaves • Rekeying: {k1-9, k7-9} {k1-8, k7-8} key server • Rekeying messages: {k7-8}k7 {k7-8}k8 {k1-8}k1-3 Multicast u9leaves {k1-8}k4-6 {k1-8}k7-8 Computational cost (server side): d logd(n) – 1 = 5

  6. Logical Key Hierarchy (LKH) (3/4) • Rekeying session- member u9 joins • u9 joins: • Key server u9 assign k9 • Rekeying: {k1-8, k7-8} {k1-9, k7-9} key server • Rekeying messages: {k7-9}k7-8 {k7-9}k9 u9joins Multicast {k1-9}k7-9 {k1-9}k1-8 Computational cost (server side): 2logd(n) = 4

  7. Logical Key Hierarchy (LKH) (4/4) • Rekeying cost Several encryption/decryption processes (dynamic group) • Key management • Maintain hierarchical key tree andall keys in the tree • Key tree balancing • Rekeying cost may greater than O(logdn) • The problems of the hierarchical key tree

  8. Lightweight Prepositioned Secret Sharing Tree for Multicast Key Management

  9. Based on tree structure (key nodes share nodes) Randomly chosen key server prepositioned share (x, y) Prepositioned Secret Sharing Tree (1/4)

  10. Prepositioned Secret Sharing Tree (2/4) • Multicast Session • Generate a new TEK k1-3 3 shares RS1-3={AS,ADS1-3} C1-3 RS1-3 k1-3 key server PS1-3,AS M 5 shares Lagrange interpolation (1) PS1-3 = {s1-3, s1, s2,s3} f1-3(x) = ax4+bx3+cx2+dx+e (mod p) (2) AS(activating share) assign k1-3 (3) M C1-3 encrypt k1-3 2 share m : the degree of the polynomial fi(x) h : the height of the tree that includes shares in PSi (4)f1-3(x) ADS1-3 (m-(h+1))

  11. Prepositioned Secret Sharing Tree (3/4) • Member Joins • u9 joins the group • {s1-8,s7-8} {s1-9,s7-9} one-way hash function s7-8 s7-9 one-way hash function s1-8 s1-9 one-way hash function • Computational cost (server side) : • logd(n) = 2(hash function) • Transmission cost : 0

  12. Prepositioned Secret Sharing Tree (4/4) • Member Leaves • u9 leaves the group u9 leaves • {s1-9,s7-9} {s1-8,s7-8} CS1-8 CS7-8 key server CS1-8={AS,ADS1-8} CS7-8={AS,ADS7-8} f1-8 (x) = a1xn-1+b1xn-2+…+c1x+d1(mod p) assign TEK share s1-8 f7-8 (x) = a2xn'-1+b2xn'-2+…+c2x+d2(mod p) assign share s7-8

  13. Summaries • Rekeying cost Eliminate the encryption/decryption processes • Member joins • Computational cost : h (hash function) • Transmission cost : 0 • Member leaves • Computational cost : h (polynomial) • Transmission cost : h(share sets) • Tree structure • (KS needs to maintain)

  14. A Star-based Architecture for Multicast Key Management without Rekeying Processes

  15. Introduction (1/2) • Key Tree Balancing • Frequently joins and leaves rekeying costgreater than O(logdn) • [Rodeh et al. 2001]Using AVL tree for tree balancing • [Goshi and Lander 2003]Using B-tree for tree balancing • [Haibin 2005]Using non-split balancing high-order tree (HSBHO) for tree balancing But keeping the key tree balanced needs to perform other computational cost for every member joining or leaving. • Keeping the Key Tree Balanced

  16. Introduction (2/2) public key ( eA, NA) public key ( eA, NA) secret key (dA ) secret key (dA ) Bob Alice • Base on star-based architecture No unbalanced condition • RSA-like cryptosystem No need to maintain structure and each member’s key Eliminate rekeying processes • Star-based Multicast Key Management

  17. SBMK (1/12) • each peripheral node di secret key(only known by individual member) • the central node e0 TEK(public) KS: need to know the group members and one key e0 Each member: store its secret key di • SBMK1- A Star-based Architecture

  18. SBMK (2/12) • SBMK1- Key Assignment M u1,u2,…,un C d1 d2 dn e0 key server • (1) Choose a large e0 ( gcd (e0, L0)) • (2) Compute d0 • (3) Compute each member secret key di

  19. SBMK (3/12) • SBMK1- Key Assignment • Chooses 8 distinct large prime numbers u1: (p1, q1) u2: (p2, q2) TEK u3: (p3, q3) u4: (p4, q4) key server d0 d2 d3 d1 d4 • Computes the product Ø(Ni) Ø(N1) Ø(N2) Ø(N3) Ø(N4) N1 N2 N3 N4 PUBLIC e0 e0 Ø(Ni)=(pi - 1) × (qi - 1) Ni=(pi × qi) The least common multiple • Chooses KS’s public key e0 and compute secret key d0 L0 e0× d0 = 1(modL0) gcd (e0, L0) • Compute each member’s secret key d1 = d0 modØ(N1) d3 = d0 modØ(N3) d2 = d0 modØ(N2) d4 = d0 modØ(N4)

  20. SBMK (4/12) Public: • SBMK1- Multicast Session N1 N2 N3 N4 M • KS {u1,u2,u3,u4} M M d1 C e0 key server • Decrypt the encrypted message C by using its own secret key di • Encrypt the message M • u1 uses its own secret key d1 to decrypt

  21. SBMK (5/12) • SBMK1- Multicast Session Public: N1 N2 N3 N4 M • KS {u1, u3} M M M' d2 d3 d1 C e0 key server • u1 uses its own secret key d1 to decrypt • Encrypt the message M • u3 uses its own secret key d3 to decrypt • u2can not use its own secret key d2 to decrypt

  22. SBMK (6/12) • SBMK1- Member Joins (u5) • Choosing p5 and q5 • Compute N5=p5 x q5 , ø(N5)=(p5-1)(q5-1) public • The key server compute u5 secret key d5 d5 • KS u5(assign)

  23. SBMK (7/12) • SBMK1- Member Joins (u5) • TEK e0 does not need to change does not need to change • {d1,d2,d3,d4} KS and {u1,u2,u3,u4} :do not needto perform any rekeying processes

  24. SBMK (8/12) • SBMK1- Member Leaves (u5) • Delete the public information N5 • Multicast message M to whole group members • The leaving member u5: KS and {u1,u2,u3,u4} :do not need to perform any rekeying processes

  25. SBMK (9/12) • SBMK1 • SBMK1 uses RSA-like cryptosystem to solve: • (1) unbalancing condition • (2) eliminate rekeying processes Computational cost • SBMK2 to solve computational problem • ( combine the public-key with symmetric key cryptosystems)

  26. SBMK (10/12) • SBMK2- A Star-based Architecture • The key assignment is the same as SBMK1 Key server: need to know the group members and one key e0 Each member: store its secret key di • The central node k1-n TEK(a symmetric key)(shared by the key server and all group members)

  27. SBMK (11/12) Public: N1 N2 N4 N5 N6 N3 • SBMK2- Multicast Session • Generate a new TEK M CM Ck' 1-6 e0 key server • Decrypt Ck‘ 1-6 by using secret key di • Encrypt the TEK k'1-6 k'1-6 k'1-6 (2) Encrypt the message M by using k'1-6 (2) CM M

  28. Performance Comparisons (1/2) • Tree : DES • SBMK1 : RSA-like • SBMK2 : RSA-like + DES The worst case of the processing time for secure multicast a 1MB message among different group size

  29. Performance Comparisons (2/2) • Tree : DES • SBMK1 : RSA-like • SBMK2 : RSA-like + DES The worst case of the transmission size for secure multicast a 1MB message among different group size

  30. Summaries • Rekeying cost • Eliminate the rekeying processes • (using RSA-like public key cryptosystem) • Key management • The key server stores one key e0and each member stores one key di • Key tree balancing • No unbalanced (using star-based architecture) • SBMK2 solve the computational problem of SBMK1(combine public-key and symmetric key cryptosystem)

  31. Conclusion (1/2) • PSST • 1. The TEK can dynamically change • 2. No encryption/decryption processes when a member joins or leaves • SBMK • 1. Eliminate the rekeying process 2. Solve the key management problems 3. No unbalanced condition 4. The SBMK2 solves the computational cost and has good performance for secure multicast.

  32. Conclusion (2/2) PSST • Computational cost : h (hash function) • Transmission cost : 0 Join • Computational cost : h (polynomial) • Transmission cost : h(share sets) Leave SBMK • Computational cost : 1 (generate a secret key) • Transmission cost : 0 Join • Computational cost : 0 • Transmission cost : 0 Leave

  33. Thank You !

More Related