1 / 43

Presented by Rebecca, Singh & Julián

On Optimal Batch Rekeying for Secure Group Communications in Wireless Networks Authors: Jin-Hee Cho, Ing-ray Chen, Mohamed Eltoweissy. Presented by Rebecca, Singh & Julián. Outline. Background System Model and Assumptions Threshold-Based Periodic Batch Rekeying Performance Model

shiela
Télécharger la présentation

Presented by Rebecca, Singh & Julián

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. On Optimal Batch Rekeying for Secure Group Communications in Wireless NetworksAuthors: Jin-Hee Cho, Ing-ray Chen, Mohamed Eltoweissy Presented byRebecca, Singh & Julián

  2. Outline • Background • System Model and Assumptions • Threshold-Based Periodic Batch Rekeying • Performance Model • Results & Analysis • Conclusions

  3. Group Communications/ApplicationsOver Wireless Networks • Issue • To provide secure and efficient group communication mechanisms that satisfy application requirements while minimizing communication costs. • Solution • Periodic batch rekeying to alleviate rekeying overhead in these wireless networks

  4. Other Solutions • Group Key • Forward Secrecy • Group key management property that ensures that a “bad guy” that knows a contiguous subset of old group keys cannot identify subsequent group keys • Backward Secrecy • Group key management property that ensures that a “bad guy” that knows a subset of group keys cannot discover previous group keys

  5. Other Solutions (cont.) • Individual Rekeying • Problems: • Significant communication overhead due to frequent join/leave request events • Authentication after each rekey • Synchronization • Periodic Batch Rekeying • Problem: • Forward and backward secrecy constraints may not be satisfied

  6. Author’s Solutions ? Optimal batch rekey interval (OBRI) Relationship between OBRI and environmental conditions ? • Develop an analytical model to address the issue of how often batch rekeying should occur • Use threshold-based batch rekeying schemes • Show that an optimal rekey interval exists for each scheme • Compare the schemes to identify the best scheme to minimize the communications cost of rekeying • Develop a SPN model to measure and analyze performance metrics • Maintain: • Confidentiality • Authenticity • Integrity

  7. System Model and Assumptions • Wireless environment • Central key distribution server • Authenticate • Authorize • If member joins, server sends group key • Confidentiality • Integrity • Authenticity

  8. System Model and Assumptions (II) • Logical Key Hierarchy distribution protocol • Forward and backward secrecy satisfied

  9. System Model and Assumptions (III) • Inter-arrival times exponentially distributed • Join request rate λ • Leave request rate μ • Batch rekeying is employed • Minimize overhead • User cannot join the group unless authorized • Always trusted joins in this model

  10. System Model and Assumptions (and IV) • User can also leave the group • Trusted if voluntarily • Untrusted if not • Forward secrecy risk • Server computes probability of trustworthiness for leave operations • Pt=trusted / (trusted + untrusted)

  11. Threshold-basedPeriodic Batch Rekeying • Thresholds for the number of requests • Join • Leave • If a threshold is exceeded, perform rekeying • Three parameters considered • a = trusted join requests • b = trusted leave requests • c = untrusted leave requests

  12. Schemes • Untrusted Leave Threshold-based (ULT) • k3 = untrusted leave requests (c) • If k3=1 degenerates to individual rekeying • Trusted and Untrusted Double Threshold-based (TAUDT) • k1 = trusted requests (a+b) • k2 = untrusted requests (c) • Join and Leave Double Threshold-based (JALDT) • k1 = trusted join requests (a) • k2 = leave requests (b+c)

  13. Rekeying • Only at the end of the batch interval T • Probability of secrecy violation Pv • Proportion of time with secrecy violation risk • Only forward secrecy • Delay D • Latency per join or leave request (the same) T D Risk J L

  14. Rekeying (II) • Find the optimal period T • Satisfies probability of secrecy violation • and delay due to postponed rekeying • If join and leave request at the same time • Reuse the position • Generate keys for the old member’s path • If a>b+c then b+c join-leave and a-b-c join • If a=b+c then b+c join-leave • If a<b+c then a join-leave and b+c-a leave

  15. Performance MetricsDerivation: Communication Overhead for ULT The average batch rekey interval : T = Where, is the average inter arrival time of an un-trusted leave request. K3 is threshold used by ULT

  16. Derivation: Communication Overhead for ULT (Contd.) At the end of each batch rekeying interval, the state of the system represented by (a, b, c) is given by

  17. Derivation: Communication Overhead for ULT (Contd.) At the end of each batch interval, the total communication overhead bits (Cm) can be computed as: if a >= (b + c), then J × (b + c) × 2 log2N + J × (a − b − c) ×(2 log2N − 1) = J × a × 2 log2N − J × (a − b − c) else if a < (b + c), then J × a × 2 log2N + J × (b + c − a) × 2 log2N = J × (b + c) × 2 log2N • N :Total number of members in the group • J : Length of each key (bits)

  18. Derivation: Communication Overhead for ULT (Contd.) Finally, the communication overhead required for performing batch rekeying with the unit of time is: Tb : Overhead for broadcasting in the wireless network BW : Network bandwidth (Mbps) The average communication overhead :

  19. Probability of Secrecy Violation in ULT T+Scm in the denominator is a base observation period [(k3–1)/k3]×T+Scm in the numerator is the duration within the base observation period in which forward secrecy is violated. Note: For K3 = 1, Pv =Scm /(T+Scm)

  20. Delay in ULT The delay per join/leave operation : • Here T/2 is the average wait time for batch rekeying • S is the average communication overhead

  21. SPN Model for TAUDT & JALDT Both have too many states because of more than one thresholds used. SPN model is developed to measure performance metrics including Pv, D, T, and S.

  22. Working of SPN • When a trusted join request arrives, a token is created to move to place ‘a’ modeled by transition T1 with rate λPt. • Pt denotes the probability of trustworthiness • When a trusted or untrusted leave request arrives, a token is created to move to “tmp”, modeled by transition T2 with rate μ. • Trusted leave request : move from tmp to b • Untrusted leave request : move from tmp to c • Rekeying is performed when either K1 or K2 threshold is reached. This is modeled by associating an enabling function with transition T3 For TAUDT : If mark(a)+mark(b) = k1 or mark(c) = k2, then return true; otherwise return false. For JALDT: If mark(a) = k1 or mark(b)+ mark(c) = k2, then return true; otherwise return false. • After rekeying, all tokens are removed through T3 and systems returns back to initial state (0,0,0).

  23. Computing S and Pv • The average communication overhead per operation: • R - Set of rekeying states • P(i) - The steady-state probability of the system being in state I • The Secrecy of Violation: • V denotes the set of states in which mark(c)>0 • ri = 1

  24. Computing Avg Batch Rekeying Interval (T) • Transform the SPN model such that all rekeying states become absorbing states • Assign a reward of 1 to all states except absorbing states: • S denotes the set of all states except the absorbing states • ri = 1 • Pi(t) is the probability of state i at time t.

  25. System Parameters • Group Members (N) = 1024 • Key Length (J) = 64 bits • Avg. Overhead for broadcasting in the wireless network due to wireless channel contention and propagation • Tb = 5 msec • Bandwidth (BW) = 1 Mbps

  26. ULT: Secrecy Violation Constraint • Pv: Average probability of secrecy violation • PV=((k3 − 1) k3) × T + Scm (T + Scm) NOTE: k3=1  Pv = 0 Λ:µ = 1:0.5 Pt = 0.9

  27. Forward secrecy: property that assures that a “bad guy” that knows a contiguous subset of old group keys cannot identify subsequent group keys rekey

  28. ULT: Delay As a Result of Periodic Batch Rekeying • D = S +T 2

  29. ULT: Minimum Communication Overhead/Operation • S = Scm (a + b + c)

  30. ULT: Optimal Batch Rekey Interval • The optimal batch rekey interval (T) is the interval at which the overhead is minimized while satisfying the two application-level constraints • T = 1 μ(1 − Pt) × k3 • EX: Given D= 5, Pv = .05  k3 = 1 • T = 6.67 seconds

  31. TAUDT: Secrecy Violation Constraint • Pv: Average probability of secrecy violation • PV=((k3 − 1) k3) × T + Scm (T + Scm) Λ:µ = 1:0.5 Pt = 0.9

  32. TAUDT: Delay As a Result of Periodic Batch Rekeying • D = S +T 2

  33. TAUDT: Minimum Communication Overhead/Operation • S = Scm (a + b + c)

  34. TAUDT: Optimal Batch Rekey Interval • The optimal batch rekey interval (T) is the interval at which the overhead is minimized while satisfying the two application-level constraints • EX: Given D= 5, Pv = .05  (k1,k2) = (16,1) • T = 8.83 seconds

  35. JALDT: Secrecy Violation Constraint • Pv: Average probability of secrecy violation • PV=((k3 − 1) k3) × T + Scm (T + Scm)

  36. JALDT: Delay As a Result of Periodic Batch Rekeying • D = S +T 2

  37. JALDT: Minimum Communication Overhead/Operation • S = Scm (a + b + c)

  38. JALDT: Optimal Batch Rekey Interval • The optimal batch rekey interval (T) is the interval at which the overhead is minimized while satisfying the two application-level constraints • EX: Given D= 5, Pv = .05  (k1,k2) = (13,2) • T = 3.96 seconds

  39. Comparison: Optimal Batch Rekey Interval

  40. Head-to-Head Statistical Conclusion: TAUDT has the longest optimal T compared with the other two schemes, by reducing the batch rekeying overhead more efficiently.

  41. Conclusion This scheme successfully reduces communication overhead per leave/join operation while satisfying delay and secrecy requirements for wireless group communication systems. Proved that an optimal rekeying interval (T) exists under each of Batch-rekeying schemes. TAUDT is able to produce the minimum S and maximum T, which makes it the most efficient scheme among all.

  42. Future Work SPN model can be augmented to take reliability and availability designs into consideration and analyze their effects on optimal batch rekeying interval. Analyzing the effect of insider attacks and intrusion detection system design on the security and performance properties of group communications in wireless systems. Investigating the issue of optimal batch rekeying for the case in which a group consists of multiple subgroups.

  43. ThankYou

More Related