1 / 20

CSC/ECE 774 Advanced Network Security

CSC/ECE 774 Advanced Network Security. Topic 5.2 Tree-Based Group Diffie Hellman Protocol. Acknowledgment : Slides were originally provided by Dr. Yongdae Kim at University of Minnesota. Membership Operations. Formation. Group partition. Member add. Member leave. Group merge.

agalia
Download Presentation

CSC/ECE 774 Advanced Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSC/ECE 774 Advanced Network Security Topic 5.2 Tree-Based Group Diffie Hellman Protocol Acknowledgment: Slides were originally provided by Dr. Yongdae Kim at University of Minnesota. CSC 774 Adv. Net. Security

  2. Membership Operations Formation Group partition Member add Member leave Group merge CSC 774 Adv. Net. Security

  3. Membership Operations • Join: a prospective member wants to join • Leave: a member wants to (or is forced to) leave • Partition: a group is split into smaller groups • Network failure: network event causes disconnectivity • Explicit partition: application decides to split the group • Merge: two or more groups merge to form one group • Network fault heal: previously disconnected partitions reconnect • Explicit merge: application decides to merge multiple pre-existing groups into a single group CSC 774 Adv. Net. Security

  4. Tree-Based Group Diffie Hellman • Simple: One function is enough to implement it • Fault-tolerant: Robust against cascade faults • Secure • Contributory • Provable security • Key independence • Efficient • d is the height of key tree ( < O(log 2 N)), and N is the number of users • Maximum number of exponentiations per node 3d CSC 774 Adv. Net. Security

  5. Key Tree (General) ggn1gn2n3 gn6gn4n5 gn1gn2n3 gn6gn4n5 n1 gn2n3 gn4n5 n6 n2 n3 n4 n5 CSC 774 Adv. Net. Security

  6. GROUP KEY gn1gn2n3 ggn6gn4n5 gn2n3 gn1 n3 gn2 Co-path: Set of siblings of nodes on the key-path Key-path: Set of nodes on the path from member node to root node Key Tree (n3’s view) GROUP KEY = ggn1gn2n3 gn6gn4n5 gn1gn2n3 ggn6gn4n5 gn1 gn2n3 ggn4n5 gn6 gn2 n3 gn4 gn5 Any member who knows blinded keys on every nodes and its session random can compute the group key. Member knows all keys on the key-path and all blinded keys CSC 774 Adv. Net. Security

  7. gn3gn1n2 ggn1n2 n3 gn1 gn2 Tree(n4) Join (n3’s view) n3 gn4 CSC 774 Adv. Net. Security

  8. n3 gn4 Join (n3’s view) gn3gn1n2 ggn1n2gn3n4 ggn1n2 n3 gn3n4 gn1 gn2 CSC 774 Adv. Net. Security

  9. gn3 gn1 gn4 n2 Leave (n2’s view) ggn1n2gn3n4 gn1n2 ggn3n4 gn1 n2 CSC 774 Adv. Net. Security

  10. gn3 gn4 n2 Leave (n2’s view) ggn1n2gn3n4 gn1n2 ggn3n4 n2 CSC 774 Adv. Net. Security

  11. gn3 gn4 Leave (n2’s view) gn2’gn3n4 n2’ ggn3n4 CSC 774 Adv. Net. Security

  12. gn6 n6 gn6 gn2 n2 gn2 Partition (n5’s view) ggn1gn2n3 gn6gn4n5 ggn1gn2n3 gn6gn4n5 gn1 ggn2n3 gn4n5 gn3 gn4 n5 n5 CSC 774 Adv. Net. Security

  13. Partition (n5’s view) gn1 gn2n3 gn4n5 gn3 gn4 n5 CSC 774 Adv. Net. Security

  14. gn3 n5 Partition (n5’s view) ggn1n3gn4n5’ ggn1n3 gn4n5 gn4n5’ gn1 gn3 gn4 n5 n5 n5’ Change share CSC 774 Adv. Net. Security

  15. gn6 gn2 Partition: Both Sides gn1 gn3 gn4 n5 CSC 774 Adv. Net. Security

  16. Partition: Both sides (N5 and N6) ggn1n3gn4n5’ gn2n6’ ggn1n3 gn4n5’ gn2 n6 n6’ gn1 gn3 n2 gn4 n5’ CSC 774 Adv. Net. Security

  17. ggn6n7 gn1n2 gn6 gn7 gn1 n2 n2 Merge (N2’s view) ggn1n2gn5gn3n4 gn1n2 ggn5gn3n4 gn1 n2 ggn3n4 gn5 gn3 gn4 CSC 774 Adv. Net. Security

  18. ggn6n7 gn6 gn7 Merge (to intermediate node) gggn1n2gn6n7gn5gn3n4 ggn1n2gn6n7 ggn5gn3n4 gn1n2 n1 ggn3n4 gn5 gn1 n2 n2 gn3 gn4 CSC 774 Adv. Net. Security

  19. Tree Management: do one’s best • Join or Merge Policy • Join to leaf or intermediate node, if height of the tree will not increase. • Join to root, if height of the tree increases. • Leave or Partition policy • No one can expect who will leave or be partitioned out. • No policy for leave or partition event • Successful • Still maintaining logarithmic (height < 2 log2 N) CSC 774 Adv. Net. Security

  20. Discussion • Efficiency • Average number of mod exp: 2 log2 n • Maximum number of round: log2 n • Robustness is easily provided due to self-stabilization property CSC 774 Adv. Net. Security

More Related