1 / 25

A secure re-keying scheme

A secure re-keying scheme. Introduction Background Re-keying scheme User revocation User join Conclusion. Introduction. Multicast is the preferred mode for group communication services A group key is known to all users in the group, but is unknown to non-group users

flavio
Télécharger la présentation

A secure re-keying scheme

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. A secure re-keying scheme • Introduction • Background • Re-keying scheme • User revocation • User join • Conclusion

  2. Introduction • Multicast is the preferred mode for group communication services • A group key is known to all users in the group, but is unknown to non-group users • Ensure this while the group membership changes • A re-keying scheme is an algorithm to securely and efficiently update the group key

  3. Background Approaches to form authorized subgroups: • Broadcast Enable a single source to securely broadcast to an arbitrary and dynamically changing subset of users • Secure sharing Requires a user to store only one key • Logical key hierarchy Use tree structure to update a group key in order to revoke or join users

  4. Re-keying scheme • Based on the logical key hierarchy approach • Uses a one-way hash chain to generate all the keys of a user from a seed value • hv(x), where h() is a one-way hash function, is a one-way hash chain when h is applied v times to x. hv(x) = h(h(…(h(x)…)).

  5. Model • U: set of users • GC:group controller • A users hold a unique set of keys, K is the set of keys in the system • of users sharing a session key

  6. Group operation Re-keying consists of two group operations: • User revocation A subset of users Ri is revoked from Mi resulting a new session consisting of Mi+1 = Mi \ Ri sharing a new session key Ks+1 • User join A subset of users Ji is join Mi resulting a new session consisting of Mi+1 = Mi U Ji sharing a new session key Ks+1

  7. System operation • During the initial session, GC generates the keys K and sends a subset of keys to user via a secure unicast channel • In all subsequence session, GC sending a re-keying message over an insecure multicast channel. A user user his set of keys and the re-keying message to calculate the new session key ki+1

  8. A LKH re-keying scheme • A logical key hierarchy(LKH) is a tree where each node logically corresponds to a key and each leaf logically corresponds to a user. • A user knows the keys of nodes along the path from the user’s leaf to the root.

  9. A LKH re-keying scheme

  10. A LKH re-keying scheme • Each node is given a label Iw(l) and a key Kw(l) . Node label is public and node keys are private. • The user holds the set of node keys along the path. • All user have a common root key Kw(0) .

  11. Re-keying algorithm for GC • GC choose a random number where b is the security parameter. • For level l = s, …,0 and node , updates Kw(l) to K’w(l) = hs-l (r) • Generate the re-keying message: E() denotes the encryption algorithm.

  12. Re-keying algorithm for users • A user U find the nodes that are both in N(U) and Mrkey • User decrypts using his node key. • User needs to update keys of node Iw(y) and all it’s ancestors, i.e., Iw(y-1) ,… Iw(0) • For level l= y-1, … 0 and every node User updates the node key

  13. System Initialization • Let • GC construct a tree structure with n0 leaves, given a unique label to each node, attaches a randomly generated key to each node and corresponds each leaf to a user. • GC publishes the tree structure in a public bulletin board and keeps all node keys secret. • GC sends to user U, a set of node keys along the path from U’s leaf to the root over a secure unicast channel.

  14. User revocation • Group controller • Updates the tree structure • Updating the session key Ksi to Ksi+1 (updating root key) All internal keys belong to the users in Ri require to be updated • User • Each affected user remove the redundant nodes and keys and rearranged the levels of the affected nodes and keys. • Each user receives the re-keying message and perform the re-keying scheme, obtaining the new session key.

  15. User revocation

  16. User revocation

  17. User revocation • Suppose • Node have been pruned. Nodes in dashed line have been arranged to new levels • Keys require to be updated • Re-keying: • Re-keying message:

  18. User revocation • U1, U2: have , calculate • U4: have, and calculate • U7 ,U8: have • The session key is

  19. User join • Group controller • Updates the tree structure • Produce a randomly chosen key for each new leaf, and associates each new user to a new leaf • Updating the session key • User • Each new user performs the re-keying operation to obtain the updated keys and the new session key. • Each affected user adds the new nodes and rearranges the levels of the affected nodes and keys. • The rest of the users perform the re-keying operation to update the keys and obtain the new session key.

  20. User join

  21. User join

  22. User join • Suppose • Node have been added. Nodes in dashed line have been arranged to new levels • Keys require to be updated • Re-keying: • Re-keying message:

  23. User join • U6, U9: have,calculate • U7,U8,U10: have, and calculate • U1 …. U5: have • The session key is

  24. Conclusion • A re-keying scheme for multiple user revocation and multiple user join. • Employs logical key hierarchy with one way hash chain to achieve higher efficiency. • The scheme satisfies forward secrecy, backward secrecy and forward-backward secrecy.

  25. Reference • H. Kurnio, R. Safavi-Naini, Huaxiong Wang, A Secure Re-keying Scheme with Key Recovery Property , 7th Australasian Conference on Information Security and Privacy, ACISP 2002, Vol. 2384, pages 40--55. • Adrian Perrig, Dawn Song, J.D. Tygar ELK, a New Protocol for Efficient Large-Group Key Distribution. IEEE symposium on security and privacy 2001. Page 247-262 • Kurnio H and Safavi-Naini R, Huaxiong Wang, A group key distribution scheme with decentralised user join. Third Conference on Security in Communication Networks '02 September 12-13, 2002 • Dalit Naor, Moni Naor, Jeff Lotspiech,Revocation and Tracing Schemes for Stateless Receivers. Advances in Cryptology – CRYPTO 2001,Lecture Notes in Computer Science 2139, pages 41-62

More Related