170 likes | 180 Views
Establishment of Conference Keys in Heterogeneous Networks. Wade Trappe, Yuke Wang, K. J. Ray Liu 2002. ICC 2002. IEEE International Conference. Outline. INTRODUCTION GROUP DH (Diffie-Hellman) OVERVIEW CONFERENCE TREES AND GROUP KEYS COMPUTATIONAL CONSIDERATIONS Minimizing Total Cost
E N D
Establishment of Conference Keys in Heterogeneous Networks Wade Trappe, Yuke Wang, K. J. Ray Liu 2002. ICC 2002. IEEE International Conference
Outline • INTRODUCTION • GROUP DH (Diffie-Hellman)OVERVIEW • CONFERENCE TREES AND GROUP KEYS • COMPUTATIONAL CONSIDERATIONS • Minimizing Total Cost • Budget Constraints • CONCLUSIONS
INTRODUCTION • In order to secure communication amongst members of a conference, a secret shared by all group members must be established. • In many cases, however, it is not possible to have a third party arbitrate the establishment of a group key. • In these cases, the group members make independent contributions to the formation of the group key, and the process of forming the key is called key agreement. • Typically, these conference key establishment schemes seek to minimize either the amount of rounds needed in establishing the group key, or the size of the message. • In heterogeneous networks, many conferences have participants of varying computational power and resources.
INTRODUCTION • In some applications, one should aim to minimize a cost function thatincorporates the different costs of each user. • Key establishment schemes that consider users with varying costs or budgets are designed by appropriately choosing the conference tree. • Using the two-party Diffie-Hellman protocolas the basic building block, we can establish a group key by forming intermediate keys for successively larger subgroups.
GROUP DH (Diffie-Hellman)OVERVIEW • The Diffie-Hellman key agreement protocol was developed by Diffie and Hellman in 1976 • The protocol has two system parameters p and g. They are both public and may be used by all the users in a system • Parameter p is a prime number and parameter g(usually called a generator) is an integer less than p, which is capable of generating every element from 1 to p-1 when multiplied by itself a certain number of times, modulo the prime p.
Example Since kab=kba=k, Alice and Bob now have a shared secret key k. kab=(gb)a mod p kba=(ga)b mod p ga mod p Alice Bob gb mod p Alice generates a random private valuea Bob generates a random private valueb.
CONFERENCE TREES AND GROUP KEYS Fig. 1. The radix-2 butterfly scheme for establishing a group key for 8 users. (a) Without broadcasts, (b) Using broadcasts.
u1 u2 u3 CONFERENCE TREES AND GROUP KEYS gα1y= gα1 gα2α3 y = gα2α3
CONFERENCE TREES AND GROUP KEYS We define a conference treeto be a binary tree that describes the successive subgroups and intermediate keys that are formed an route to establishing the key for the entire group. Fig. 3. The conference tree for the radix-2 butterfly scheme
COMPUTATIONAL CONSIDERATIONS • In many application environments the users will have varying amounts of computational resources available. • It is important to study the problem of efficiently establishing a conference key while considering the varying user costs. • We present methods for designing the conference tree used in establishing the group secret. • We study two problems: minimizing the total cost in establishing a group key, and the feasibility of establishing the group key in the presence of budget constraints.
Minimizing Total Cost • assume that we have n users, and that each user ujhas a cost wjassociated with performing one two-party Diffie-Hellman protocol. • Huffman coding produces the conference tree that minimizes the cost.
Example Consider a group of 8 users with costs w1 = 28, w2 = 25, w3 = 20, w4 = 16, w5 = 15, w6 = 8, w7 = 7, and w8 = 5. 124 53 71 31 40 25 28 20 15 16 20 12 8 The corresponding length vector is l* = (2, 2, 3, 3, 3, 4, 5, 5), and the total cost is 351. 7 5
Budget Constraints • In many cases, the devices wishing to establish a conference key might have a limited budget to spend. • The optimal conference key tree assignment results from Huffman coding might assign more computation to some users than they are capable of performing, while assigning less computation to other users than they are capable of performing. • In these cases, rather than minimize the total cost, one wants to ensure that one can first establish the group key, and then consider reducing the total amount of computation as a secondary issue.
Budget Constraints • bj : The amount of two-party Diffie-Hellman key establishment protocols that he is willing to participate in when establishing the group key. Lemma :
Budget Constraints • A consequence of this is that if we subtract 1 from one of the bj then choosing the largest bjleast affects 2-bj .
Example suppose n = 8 and that the initial budget is b = (1,3, 3,4,5,5,6, 8). 過了幾輪之後… b = (1,3, 3,4,5,5,6, 7) b = (1,3, 3,4,5,5,6, 6) b = (1,3, 3,4,4,4,5, 5)
CONCLUSIONS • In this paper we have studied the problem of establishing conference keys when the users have different cost profiles or different budget constraints. • It was shown that the users can use the two-party Diffie-Hellman protocol as a primitive for building a procedure that produces a group key. • A binary tree, called the conference tree, governs the order in which the subgroups combine and this observation allows for determining procedures using Huffman coding that establish the group key and minimize the total user cost. • In order for the group to establish a key, it is necessary that the budget vector satisfy the Kraft Inequality.