1 / 98

Tutorial: Wireless Multicast Security

Tutorial: Wireless Multicast Security. Yan Sun University of Rhode Island May 15, 2006. Outline. Part 1: Introduction on Secure Wireless Multicast Unicast vs. Multicast Security requirements for Multicast Challenges in Wireless Networks Part 2: Multicast Key Management

neylan
Télécharger la présentation

Tutorial: Wireless Multicast Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Tutorial:Wireless Multicast Security Yan Sun University of Rhode Island May 15, 2006

  2. Outline Part 1: • Introduction on Secure Wireless Multicast • Unicast vs. Multicast • Security requirements for Multicast • Challenges in Wireless Networks Part 2: • Multicast Key Management • Generic Schemes • Network-aware Key Management • Application-aware Key Management • New Security Concerns • Multicast Authentication Part 3: More on wireless multicast

  3. Part 1. Introduction Unicast vs. Multicast Security requirements for Multicast Key Management Multicast Authentication Challenges in Wireless Networks

  4. Basic Concepts Unicast: one-to-one Multicast: one-to-many Broadcast: one-to-all Wireless Multicast Security

  5. Unicast • Point-to-point communication (Unicast) has been the dominant form of computer communication since the beginning of networking. • Distributing content, such as a popular movie, to a large audience over individual point-to-point connections is not efficient. • congestion • wasting network resources • Delay • Point-to-point communication faces scalability problem.

  6. Multicast • Multicastis an essential mechanism to achieve scalable information distribution. Multicast Multiple Unicast Orange circles represent endpoints, and green circles represent routing points.

  7. In unicast, there is a one-to-one association between network address and network endpoint: each destination address uniquely identifies a single receiver endpoint. • In multicast, there is a one-to-many association between network addresses and network endpoints: each destination address identifies a set of receiver endpoints, to which all information is replicated.

  8. Multicast Applications • Digital video and audio multicast over Internet, such as movie-on-demand and video conferences. • Widespread software distribution, such as anti-virus scanner update and security patch delivery. • Disseminating real-time financial market information to a large audience with various devices, including PDAs, cell phones, computers etc. • Transportation control where road traffic pattern or air traffic control information is distributed to many stations. • Multi-player games involving thousands of users simultaneously interacting in a virtual game world.

  9. Good News to Both Sides • Advantage: Multicast can efficient distribute information to thousands or even millions of users. • However, multicast also creates opportunities for malicious packets to reach thousands or millions of users. • Challenge: how to maintain security with dynamic group membership Wireless Multicast Security

  10. Security in Group Communications • Confidentiality: non-group members cannot read the data • Integrity: data cannot be modified or deleted in any unauthorized way • Authentication: claimed sender is the actual sender • Access Control: only authorized parties can access the group communications • Non-repudiation: The sender cannot deny sending the message • No denial-of-service

  11. Access Control Data confidentiality Access Control and Confidentiality • Among all those requirements, access controlis the first line of defense. • Basic approach: • Service provider encrypt the content using a key • This key is shared among all legitimated group members, but not known by non-group members. • Encryption • Key Management • Dynamic groups: users joining and leaving • How to generate and update the group key

  12. Key Management • Security requirements • Group key secrecy - non-group members cannot obtain any group key. • Backward secrecy - the join user cannot decrypt the content that was sent before his join. • Forward secrecy - the departure/revoked user cannot decrypt the content that is sent after his deletion from the group. • Performance requirements • Low communication, computation and storage overhead • Scalability for large dynamic groups • Reliable distribution of key update messages

  13. Authentication • Asymmetric: Digital Signature • The sender sign the communication data using his private key. • The receiver verify the communication data using the sender’s public key. • Inefficient due to high computation overhead • Symmetric: Message Authentication Code (MAC) • The sender and the receiver share a secret key, and compute a message authentication code (MAC) of all communicated data. • When a message with a correct MAC arrives, the receiver is assured that the sender generated that message. • Efficient, but not secure in Multicast.

  14. Multicast Authentication • Design Goals: • Using symmetric authentication methods • Ensure security

  15.  D1 Re-visit Security Requirements • Confidentiality: non-group members cannot read the data • Integrity: data cannot be modified or deleted in any unauthorized way • Authentication: claimed sender is the actual sender • Access Control: only authorized parties can access the group communications • Non-repudiation: The sender cannot deny sending the message • No denial-of-service Wireless Multicast Security   

  16. Wireless Multicast • Many future multicast services will take place in the wireless domain. • Challenges: Communication aspects: • Resource limitation: bandwidth, power, etc. • Diverse devices • Packet loss due to transmission errors • Mobility Security aspects • Ease of snooping on wireless transmissions • DoS attacks: Jamming, Fake collisions Wireless Multicast Security

  17. D2 Wireless  Multicast Unique Feature: Broadcast nature of wireless media

  18. History of Wireless Technologies • Marconi’s wireless telegraphy (Patented in 1896 in the UK.) • American inventor Reginald Fessenden completed the first true radio broadcast in 1906 • AMradio, the first real wireless industrial, in 1920s. FM radio in 1930s. • First wireless phone system appears in US in 1970s. • First commercial GSM network began offering service in 1991. • Late 90s, Wireless LAN and Bluetooth. 802.11 standard was finalized in 1997. ……

  19. Design Considerations Communication aspects: • Resource limitation: bandwidth, power, etc. • Diverse devices • Packet loss due to transmission errors • Mobility Security aspects • Ease of snooping on wireless transmissions • DoS attacks: Jamming, Fake collisions A potential powerful tool • Broadcast nature of wireless media Wireless Multicast Security

  20. Part 2(a). Group Key Management Generic Key Management Schemes Network-aware Key Management Application-aware Key Management New Security Concerns

  21. Key Management • Centralized schemes: relying on a trusted Key Distribution Center (KDC) • Contributory schemes: generating/updating keys in a distributed manner. Generic KM Network-aware KM Application-aware KM Other security concerns

  22. Centralized Key Management

  23. Session Key (SK) Ks User private keys K101 K110 K000 K010 K001 K011 K100 K111 u010 u011 u100 u101 u000 u001 u110 u111 Users Simplest Centralized Key Management • Ownership of the keys: • KDC: knows all keys • A User: the session key and its own private key • Data Distribution: • Communication data is encrypted by the session key

  24. Session Key (SK) Ks User private keys K101 K110 K000 K010 K001 K011 K100 K111 u010 u011 u100 u101 u000 u001 u110 u111 Users The joining user receives through a secure unicast channel during registration. Key Update for User join When a user joins the service, The current group members receive rekeying messages

  25. Session Key (SK) Ks User private keys K101 K110 K000 K010 K001 K011 K100 K111 u010 u011 u100 u101 u000 u001 u110 u111 Users Key Update for User Departure

  26. Tree-based Key Management • An important class of centralized key management protocols employ logical tree structures to maintain keying materials • Tree-based KM protocols are considered to be scalable in terms of communication, computation and storage overhead

  27. Session Key (SK) Ks K0 K1 K00 K01 K10 K11 User private keys K101 K110 K000 K010 K001 K011 K100 K111 u010 u011 u100 u101 u000 u001 u110 u111 Users Tree-based Centralized Key Management Key Encrypted Keys (KEKs) Keys: session key; users’ private key; key encrypted keys Ownership of the keys: A user: the keys on the branch from itself to the root

  28. Session Key (SK) Ks K111 u111 Operation for User Join Key Encrypted Keys (KEKs) K0 K1 K00 K01 K10 K11 User private keys K101 K110 K000 K010 K001 K011 K100 u010 u011 u100 u101 u000 u001 u110 Users • Key server • generates new versions of Ks, K1 and K11, • encrypted them using old versions • send encrypted keys to all current users.

  29. Session Key (SK) Ks K0 K1 K00 K01 K10 K11 User private keys K101 K110 K000 K010 K001 K011 K100 K111 u010 u011 u100 u101 u000 u001 u110 u111 Users D3 Operation for User Departure Key Encrypted Keys (KEKs)

  30. Security • Security Goal: only authorized parties can access group comm. • Security Assumption: • No insiders are compromised. • Attackers cannot obtain other users’ private keys. • Attackers (who are non-group members) cannot break the encryption.

  31. Variations of Tree-based Schemes • VersaKey Framework improves the user joining operation. • new keys can be calculated through a one-way function without sending rekeying messages. • Key structure {key ID, version number, revision number, key content} • One-way Function Tree (OFT) • the keys on the key tree are generated through one-way functions, rather than arbitrarily determined by the KDC. • This approach reduces the rekeying overhead from O(2log(n)) to O(log(n)). • ELK • Instead of using one-way functions, ELK uses pseudo-random functions to build and manipulate the keys. It also introduces hints, a small piece of information that improves reliability of rekeying.

  32. Clustering • members are organized into a hierarchical clustering structure. The cluster leaders are selected from group members and perform partial key management.

  33. Contributory Key Management • In many scenarios, it is not preferred to rely on a centralized key server. • group members do not explicitly trust a single entity; • there are no servers or group members who have sufficient resources to maintain, generate and distribute keying information. • Contributory Key Management • Every group member participates key establishment • The group key contains contributions from all group members. • The members’ personal keys are not disclosed to any other entities.

  34. Alice x Bob y αx (mod p) αy (mod p) K = αyx (mod p) K = αyx (mod p) Two-Party Diffie-Hellmann • Alice and Bob select a large prime number p and a primitive root α (mod p). Both p and α can be made public. • Alice choose a secrete : x with 1 x  p-2 Bob choose a secrete: y with 1 x  p-2 • Alice send αx (mod p) to Bob Bob send αy (mod p) to Alice • Alice Calculates K = ( αy )x (mod p) • Bob Calculates K = ( αx )y (mod p)

  35. Group Diffie-Hellmann • Ingemarsson et al. first introduced a conference key distribution system based on a ring topology. • Steiner et al. extended the two-party Diffie-Hellman (DH) protocol and proposed group Diffie-Hellman protocols GDH.1/2/3 • Logical tree structure is also used in the contributory setting by Kim et al in TGDH, and by Dondeti et al in DISEC.

  36. Tree-based Contributory Scheme

  37. Network-aware Key Management Wireless Multicast • In the future, many group communications will take place in the wireless domain. • Wireless scenario poses additional challenges on the key management, • High error rate • Limited bandwidth • Rekeying messages need to be delivered reliably and in a timely manner. • Communication-efficient key management schemes are motivated. Generic KM Network-aware KM Application-aware KM Other security concerns

  38. Session Key (SK) Ks K0 K1 K00 K01 K10 K11 User private keys K101 K110 K000 K010 K001 K011 K100 K111 u010 u011 u100 u101 u000 u001 u110 u111 Users Re-Visit Tree-based Approach Key Encrypted Keys (KEKs)

  39. Topology-aware Key Management • Observation • Most rekeying messages are only useful for a subset of users. • Ideas • To match the key tree with the network topology, • To localize the transmission of rekeying messages. • Goal: • To reduce the communication overhead • To improve reliability of key distribution

  40. Cellular Network Topology

  41. Topology-Matching Key Tree Step1: user-subtrees Step2: BS-subtrees Step3: SH-subtree

  42. Handoff Scheme for TMKM • In mobile environment, the user will handoff to different BSs while maintaining his subscription to the group. • Handoffs cause users’ relocation on the TMKM tree. • A simple solutions: • when a user moves from cell i to cell j, he can be treated as if he leaves the service from cell i, and join the service again to cell j. • Handoff can be done efficiently • Do not update keys immediately after handoffs. • Allow users to have more than one set of valid keys • When a user leaves the service, update all his keys.

  43. Two Effects of TMKM • Marching Key tree to Network Topology • Localizing transmission of rekeying messages– reducing the comm. cost of sending one rekeying message. • Handoff – may need to update more than one set of keys when a user leaves

  44. SH BS BS BS BS Performance Measurement wireline-message-size : the amount of the rekeying messages multicast to the BSs; wireless-message-size : the amount of the rekeying messages broadcast by BSs. (broadcast nature)

  45. Performance

  46. Scalability • Scalability: when the number of SH (N) increases • Reliability is also improved.

  47. Application-aware Key Management • Applications: many multimedia group communications contains multiple data streams. For example, • a multicast program containing several related services. Users can subscribe one or multiple services. • In military applications, access privilege depends on the rank. • How to management keys when group members have different levels of access privilege? Generic KM Network-aware KM Application-aware KM Other security concerns

  48. Top Secret Comm. Advanced Comm. Basic Comm. Lowest Access Level Moderate Access Level Highest Access Level Example 1 Data Group (DG): users that receive the same single multicast data stream Service Group (SG): users that have the same access privilege

  49. Session Key (SK) Ks K0 K1 K00 K01 K10 K11 User private keys K101 K110 K000 K010 K001 K011 K100 K111 u010 u011 u100 u101 u000 u001 u110 u111 Users • How many multicast sessions? • How to encrypt the multicast content? • How to manage keys?

  50. Another Application Example Data Group (DG): Channel 1, channel 2 and channel 3 Service Group (SG): users who subscribe channel -- {1}, {2}, {3}, {1,2}, {1,3}, {2, 3}, {1,2,3}

More Related