210 likes | 369 Views
CSC/ECE 774 Advanced Network Security. Topic 5.2 Tree-Based Group Diffie Hellman Protocol. Acknowledgment : Slides were originally provided by Dr. Yongdae Kim at University of Minnesota. Membership Operations. Formation. Group partition. Member add. Member leave. Group merge.
E N D
CSC/ECE 774 Advanced Network Security Topic 5.2 Tree-Based Group Diffie Hellman Protocol Acknowledgment: Slides were originally provided by Dr. Yongdae Kim at University of Minnesota. CSC 774 Adv. Net. Security
Membership Operations Formation Group partition Member add Member leave Group merge CSC 774 Adv. Net. Security
Membership Operations • Join: a prospective member wants to join • Leave: a member wants to (or is forced to) leave • Partition: a group is split into smaller groups • Network failure: network event causes disconnectivity • Explicit partition: application decides to split the group • Merge: two or more groups merge to form one group • Network fault heal: previously disconnected partitions reconnect • Explicit merge: application decides to merge multiple pre-existing groups into a single group CSC 774 Adv. Net. Security
Tree-Based Group Diffie Hellman • Simple: One function is enough to implement it • Fault-tolerant: Robust against cascade faults • Secure • Contributory • Provable security • Key independence • Efficient • d is the height of key tree ( < O(log 2 N)), and N is the number of users • Maximum number of exponentiations per node 3d CSC 774 Adv. Net. Security
Key Tree (General) ggn1gn2n3 gn6gn4n5 gn1gn2n3 gn6gn4n5 n1 gn2n3 gn4n5 n6 n2 n3 n4 n5 CSC 774 Adv. Net. Security
GROUP KEY gn1gn2n3 ggn6gn4n5 gn2n3 gn1 n3 gn2 Co-path: Set of siblings of nodes on the key-path Key-path: Set of nodes on the path from member node to root node Key Tree (n3’s view) GROUP KEY = ggn1gn2n3 gn6gn4n5 gn1gn2n3 ggn6gn4n5 gn1 gn2n3 ggn4n5 gn6 gn2 n3 gn4 gn5 Any member who knows blinded keys on every nodes and its session random can compute the group key. Member knows all keys on the key-path and all blinded keys CSC 774 Adv. Net. Security
gn3gn1n2 ggn1n2 n3 gn1 gn2 Tree(n4) Join (n3’s view) n3 gn4 CSC 774 Adv. Net. Security
n3 gn4 Join (n3’s view) gn3gn1n2 ggn1n2gn3n4 ggn1n2 n3 gn3n4 gn1 gn2 CSC 774 Adv. Net. Security
gn3 gn1 gn4 n2 Leave (n2’s view) ggn1n2gn3n4 gn1n2 ggn3n4 gn1 n2 CSC 774 Adv. Net. Security
gn3 gn4 n2 Leave (n2’s view) ggn1n2gn3n4 gn1n2 ggn3n4 n2 CSC 774 Adv. Net. Security
gn3 gn4 Leave (n2’s view) gn2’gn3n4 n2’ ggn3n4 CSC 774 Adv. Net. Security
gn6 n6 gn6 gn2 n2 gn2 Partition (n5’s view) ggn1gn2n3 gn6gn4n5 ggn1gn2n3 gn6gn4n5 gn1 ggn2n3 gn4n5 gn3 gn4 n5 n5 CSC 774 Adv. Net. Security
Partition (n5’s view) gn1 gn2n3 gn4n5 gn3 gn4 n5 CSC 774 Adv. Net. Security
gn3 n5 Partition (n5’s view) ggn1n3gn4n5’ ggn1n3 gn4n5 gn4n5’ gn1 gn3 gn4 n5 n5 n5’ Change share CSC 774 Adv. Net. Security
gn6 gn2 Partition: Both Sides gn1 gn3 gn4 n5 CSC 774 Adv. Net. Security
Partition: Both sides (N5 and N6) ggn1n3gn4n5’ gn2n6’ ggn1n3 gn4n5’ gn2 n6 n6’ gn1 gn3 n2 gn4 n5’ CSC 774 Adv. Net. Security
ggn6n7 gn1n2 gn6 gn7 gn1 n2 n2 Merge (N2’s view) ggn1n2gn5gn3n4 gn1n2 ggn5gn3n4 gn1 n2 ggn3n4 gn5 gn3 gn4 CSC 774 Adv. Net. Security
ggn6n7 gn6 gn7 Merge (to intermediate node) gggn1n2gn6n7gn5gn3n4 ggn1n2gn6n7 ggn5gn3n4 gn1n2 n1 ggn3n4 gn5 gn1 n2 n2 gn3 gn4 CSC 774 Adv. Net. Security
Tree Management: do one’s best • Join or Merge Policy • Join to leaf or intermediate node, if height of the tree will not increase. • Join to root, if height of the tree increases. • Leave or Partition policy • No one can expect who will leave or be partitioned out. • No policy for leave or partition event • Successful • Still maintaining logarithmic (height < 2 log2 N) CSC 774 Adv. Net. Security
Discussion • Efficiency • Average number of mod exp: 2 log2 n • Maximum number of round: log2 n • Robustness is easily provided due to self-stabilization property CSC 774 Adv. Net. Security