1 / 25

Combinatorial Optimization of Multicast Key Management

Combinatorial Optimization of Multicast Key Management. M. Eltoweissy, Virginia Tech., . Outline. Preliminaries Key Maintenance Structures Trees Exclusion Basis Systems Scalability Collusion Attacks Conclusions and Future Work. What is Multicasting?.

neila
Download Presentation

Combinatorial Optimization of Multicast Key Management

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Combinatorial Optimization of Multicast Key Management M. Eltoweissy, Virginia Tech.,

  2. Outline • Preliminaries • Key Maintenance Structures • Trees • Exclusion Basis Systems • Scalability • Collusion Attacks • Conclusions and Future Work

  3. What is Multicasting? Multicasting allows a source node to communicate common information to a group of recipients by means of a single message. Multicasting is implemented by designating special multicast addresses, which accommodate groups of hosts, which may be on more than one network.

  4. Why is key maintenance needed? • Forward security is required when a user leaves the multicast group. • All keys known to the evicted user must be changed • New keys must be communicated to appropriate members • Backward security • Keys changed when a user joins the group.

  5. Basic System Problem • Ensure message security for a dynamic multicast group by encrypting messages • When users join or depart encryption keys must be changed. • Minimize: (a) the number of keys users must know, and (b) the number of re-key messages

  6. Root Key Server Key A Key B1 Key B2 Key C1 Key C2 Key C3 Key C4 Key D4 Key D3 Key D2 Key D1 Key D7 Key D8 Key D6 Key D5 . . . User 3 User 4 User 7 User 6 User 1 User 2 User 5 User n Binary Tree • log2n keys per user • log2n messages to re-key

  7. Root Key Server Key A Root Key Server Key A’ Key X Key X Key B Key B’ Key Y Key C Key Y Key C’ Key E Key Z Key E’ Key Z User i User j User i X User j Binary Tree – Deleting a user • Delete User j from key management tree • Update key information • log2n keys per user • log2n re-key messages

  8. Binary Tree – Adding a user Root Key Server Key A Root Key Server Key A’ Key X Key X • Insert new user into key management tree • Update key information • log2n keys per user • log2n re-key messages Key B Key B’ Key Y Key C Key Y Key C’ Key Z Key E Key Z User i User j User i

  9. Can one do better?

  10. Exclusion Problem Let U = {1, …, n}. Given n,k,m, find a collection C of subsets of U, if possible, such that: 1. For every iU, there are m subsets in C such that the union of the m subsets equals U – {i}. 2. No element iU is in more than k subsets of C. Exclusion Basis System (EBS(n,k,m)) Problem: For given n,k,m, is there an EBS(n,k,m)?

  11. EBS(n,k,m) systems • Each subset represents a key • The elements of a subset represent users who know that key • m is the number of re-key messages needed to distribute new keys to all but one user • k is the number of keys each user knows.

  12. Example (EBS(8,3,2)) • Consider the collection C = { a = {5,6,7,8}, b = {2,3,4,8}, g ={1,3,4,6,7}, d ={1,2,4,5,7}, e ={1,2,3,5,6,8} } • The following unions are sufficient to isolate any element: ab = 1 bg = 5 a g = 2 bd = 6 a d = 3 be = 7 a e = 4 gd = 8 • Note: no element is in more than 3 subsets

  13. This can be described by a table:

  14. EBS(8,3,2) vs. A binary tree A complete binary tree of height 3, with 8 leaves, requires each user to know 3 keys and requires 3 messages to re-key. An EBS(8,3,2) requires each user to know 3 keys and requires only 2 messages to re-key.

  15. Theorem.There is an EBS(n,k,m) whenever C(k+m,m) n.

  16. Binary trees vs. EBS(n,k,m): Note: C(2n,n) = (4n/n3/2). Thus, C(log2n, (log2n)/2) = (n/log3/2n). So, EBS(cn/log3/2n, (log2n)/2, (log2n)/2) is possible, for some constant c>0. •  The parameters k and m (above) in the best EBS are half as large as in a standard binary tree system.

  17. Example: For 106 users A binary tree system requires each user to know 20 keys and needs 20 multicast re-key messages. As C(23,11) = 1,352,078, the exclusion basis system EBS(106,12,11) exists and requires 12 keys/user and 11 multicast re-key messages.

  18. Scalability We need to consider how easy it is for a system to maintain an EBS(n,k,m) when a user is added or a user is deleted. For example, consider EBS(10,3,2). What does the system do when user 11 arrives?

  19. Adding an 11th user to EBS(10,3,2)

  20. Add 11th user & create EBS(20,3,3)

  21. Add 11th user & create EBS(20,4,2)

  22. Without added features an EBS(n,k,m) is not secure from collusion If users share information, they could know all of the keys. (This is not the case with traditional binary tree logical structures.) One can design techniques to make collusion attacks difficult. For example, - one can hide the keys from the users, i.e. give the users encrypted programs containing the keys, rather than the keys themselves or - combine the advantages of an EBS with the collusion avoidance of tree based systems.

  23. A future research topic An exclusion basis system or a binary tree system is an efficient system for evicting (or adding) a single user. It is not so efficient for simultaneous evictions (or additions) of large numbers of users. For example, to evict half of the n users, current systems evict one user at a time, taking cnlog n messages, for some constant c>0. However, unicasting requires only n/2 messages. Can one design a better system?

  24. Conclusions We have introduced the concept of an Exclusion Basis System EBS(n,k,m) and proved, for which values of n,k,m, it exists. We have given a constructive lower bound for any exclusion system and hence given optimum solutions. We have shown that an optimum EBS is scalable.

More Related