1 / 18

Presented by Haihui Huang ( hhuang3@eos.ncsu )

Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun. Presented by Haihui Huang ( hhuang3@eos.ncsu.edu ). Outline. Introduction Group key distribution overview Self-healing key distribution Revocation capability

hetal
Download Presentation

Presented by Haihui Huang ( hhuang3@eos.ncsu )

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Efficient Self-Healing Group Key Distribution with Revocation Capabilityby Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang (hhuang3@eos.ncsu.edu)

  2. Outline • Introduction • Group key distribution overview • Self-healing key distribution • Revocation capability • Novel personal key distribution • Contribution and conclusion • Future work

  3. Introduction • Common way to ensure communication security: encrypt and authenticate messages • Challenge: • how to distribute keys to valid nodes • Challenges in ensuring communication security for mobile wireless ad hoc networks over unreliable channels • Volatile membership • Disruption of communication by adversary • Resource constraints

  4. Group Key Distribution Techniques • Group controller • Can’t scale to large groups • Iolus • subgroup hierarchy • Logical Key Hierarchy(LKH) or Key Graph • Keys are organized into a tree hierarchy • Self-healing key distribution • Stateless key distribution

  5. Self-healing Key Distribution • Users are capable of recovering lost group keys on their own • No need to request additional transmissions from the group manager • Lower network traffic • Decrease the load on the group manager • To recover the key via self-healing • A user must be a member both before and after the session in which a particular key is sent

  6. Revocation Capability • The ability to revoke users and thus prevent them from learning new keys • t-revocation capability • Possible to prevent at most t users at a time from learning new session key • With the revocation polynomial g(x) constructed as g(x)=(x-r1)(x-r2)…(x-rw)

  7. Personal Key Share Distribution-Scheme 1 • t-revocation capability • To distribute keys to selected group members so that each member shares a distinct personal key with the group manage • But the other(revoked) group members and adversary cannot get any information of the keys • Choose a random t-degree polynomial f(x) from Fq[x] and select f(i) to be the personal key share for each member • Group manager broadcasts a single polynomial w(x) so that • Valid group member Ui can recover f(i) from w(x) and personal secret Si • Revoked group member Ui’ will NOT be able to recover f(i’)

  8. Personal Key Share Distribution-Scheme 1(cont) • Construct w(x) with the help of a revocation polynomial g(x) and a masking polynomial h(x) by computing w(x)=g(x)*f(x)+h(x) • g(x) is constructed in such a way that • For valid member Ui, g(i) <> 0 • For revoked member Ui’, g(i’)==0 • Choose a random t-degree polynomial f(x) from Fq[x] and select f(i) to be the personal key share for each member • Group manager broadcasts a single polynomial w(x) so that • Valid group member Ui can recover f(i) from w(x) and personal secret Si : f(i) = ( w(i) - h(i) ) / g(i) • Revoked group member Ui’ will NOT be able to recover f(i’) as g(i’)==0

  9. How to achieve self-healing • Use secret sharing • Based on polynomial interpolation • Bind the ability of users to recover from packet loss to the user’s membership status

  10. How to achieve self-healing(2) • Split group session key Kj into two t-degree polynomials, pj(x) and qj(x) such that Kj=pj(x)+qj(x) • In session j1: broadcast polynomials {p1(x),…,pj1(x),qj1(x),…, qj(x),…qj2(x),…, qm(x)} • In session j2(j2>j1): broadcast polynomials {p1(x),…,pj1(x), …, pj(x),…,pj2(x),qj2(x),…,qm(x)} • For any session j(j1<j<j2), we can recover Kj=pj(x)+qj(x)

  11. Personal Key Share Distribution- Scheme 2 • Self-healing key distribution with t-revocation capability • In the jth session key distribution, given a set of revoked member Ids, Rj={r1,r2,…,rwj), |Rj|=wj<t • Group manager broadcasts message Bj= {Rj} ∪{Pj,i(x) = gj(x)pi(x) + hj,i(x)}i=1,...,j ∪{Qj,i(x) = gj(x)qi(x) + hj,i+1(x)}i=j,…m where gj(x) = (x − r1)(x − r2)...(x − rwj).

  12. Reducing Storage Requirement • In Scheme 2, the storage overhead in each group member is O(m2logq). • m: total sessions • logq: session key size • Use only ONE masking polynomial for each pi(x),qi(x) • Reduce the storage requirement in each member from O(m2logq) to O(mlogq) in Scheme 3

  13. Personal Key Share Distribution- Scheme 3 • Improved self-healing key distribution with t-revocation capability • In the jth session key distribution, given a set of revoked member Ids, Rj={r1,r2,…,rwj), |Rj|=wj<t • Group manager broadcasts message Bj= {Rj} ∪{Pi(x) = gj(x)pi(x) + hi(x)}i=1,...,j ∪{Qj,i(x) = qi(x) + fi(x)}i=j,…m where gj(x) = (x − r1)(x − r2)...(x − rwj).

  14. Personal Key Share Distribution- Scheme 4 • Trading off self-healing capability for less broadcast size • Introduce a “sliding window” of l sessions • only redundant information for the sessions that fall into this window is broadcasted • Can NOT ensure the same self-healing property as in previous schemes • Reduce storage overhead to (2m+2l-1)logq

  15. Personal Key Share Distribution- Scheme 5 • Aimed at situations where they are relatively long term but infrequent communication failures • Introduce a “sliding window” of (l-1)d sessions • Assume each group member can receive at least d consecutive broadcast key distribution messages • Selectively include the same amount of redundant information from a large “window” of session(i.e. 2(l-1)d+1) in each key distribution message • storage overhead : (2m+2(l-1)d+1)logq

  16. Conclusion • Presented several group key distribution schemes for very large and dynamic groups over reliable channels • Developed several efficient unconditionally secure and self-healing group key distribution schemes that significantly improved over the previous approaches • Developed 2 techniques that allow trade-offs between broadcast message size and recoverabilities of lost session keys

  17. Future work • Develop a model that characterizes failures in large and highly mobile wireless networks • Further investigate the performance of the proposed schemes in this model • Seek more efficient ways to perform the initial key distribution for the proposed schemes

  18. Questions?

More Related