1 / 11

ITIS 6010/8010 Wireless Network Security

A novel personal key distribution approach that drastically reduces communication and storage overhead compared to previous approaches, while still supporting revocation and based on polynomials.

valenza
Télécharger la présentation

ITIS 6010/8010 Wireless Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. ITIS 6010/8010 Wireless Network Security Dr. Weichao Wang

  2. Efficient self-healing key distribution and revocation • A novel personal key distribution approach • Drastically reduce communication and storage overhead compared to the previous approaches • Still t revocation • Still based on polynomials

  3. A personal key distribution mechanism • For a t-degree poly f(x), we want to provide f(i) only to node i • Each legal member gets a different personal key • Revoked members cannot get their shares • Through true broadcast • Need a revocation poly and masking poly

  4. Notations: • f(x): key share polynomial (t-degree) • g(x): revocation polynomial (up to t degree) • h(x): masking function (2t degree) • Every node gets h(i) during initiation. • Group manager broadcasts f(x) * g(x) + h(x) and the revoked nodes. • Construct g(x) based on revoked nodes

  5. How does a legal node recover the personal key share? • Why a revoked node cannot? • It is robust against up to t colluders. • Advantages: • Communication overhead is only O(t) • Storage overhead is constant • Do not need fake IDs

  6. Self-healing with revocation capability • Split each session key into two parts • Support self-healing property

  7. If the network lifetime is m session • We generate m(m+1) 2t-degree masking function hi,j(x). So every session we have m+1 masking function • Each node v gets the values hi,j(v) during initiation • For the session key Ki = pi(x) + qi(x), where p and q are t-degree polys

  8. In session j, the manager broadcasts • The revoked set Rj • gj(x) * pi(x) + hj, i(x) , i = 1 to j • gj(x) * qi(x) + hj, i(x) , i = j to m • Every non-revoked node v will recover p1(v) to pj(v), and qj(v) to qm(v) • The revoked nodes cannot

  9. The nodes need to store m(m+1) values • The broadcast message has the size of O(mt). And the previous approach has O(mt^2) • Disadvantage • The set of revoked nodes is monotonic.

  10. Reducing the storage overhead • The previous approach needs m(m+1) masking functions, so every node needs to store m(m+1) values • In fact, 2m masking functions are enough: m functions for the p share of the key, and m functions for the q share of the key • Can we use the same group of functions to protect both p and q??

  11. Reducing communication overhead • For short term network partition, we do not need the node to recover a key used long time ago.

More Related