Csc 774 advanced network security
This presentation is the property of its rightful owner.
Sponsored Links
1 / 28

CSC 774 Advanced Network Security PowerPoint PPT Presentation


  • 65 Views
  • Uploaded on
  • Presentation posted in: General

CSC 774 Advanced Network Security. Topic 5 Group Key Management. Group Communication. A group consists of multiple members Messages sent by one sender are received by all the other group members Example application: Pay per view. Secure Group Communication.

Download Presentation

CSC 774 Advanced Network Security

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Csc 774 advanced network security

CSC 774 Advanced Network Security

Topic 5 Group Key Management

CSC 774 Adv. Net. Security


Group communication

Group Communication

  • A group consists of multiple members

  • Messages sent by one sender are received by all the other group members

  • Example application: Pay per view

CSC 774 Adv. Net. Security


Secure group communication

Secure Group Communication

  • Messages sent by a valid group member can only be understood by the other valid members

    • Others may receive the messages, but are unable to understand them

    • Typical approach: Encrypt the group messages with a key only known to the valid group members

CSC 774 Adv. Net. Security


Group key management

Group Key Management

  • Group key management

    • Ensure only valid group members have access to the group key

    • The REAL problem for secure group communication

CSC 774 Adv. Net. Security


Desired properties of group key management

Desired Properties of Group Key Management

  • Group key secrecy

    • It is at least computationally infeasible for an adversary to discover any group key

  • Forward secrecy

    • A passive adversary who knows a contiguous subset of old group keys cannot discover subsequent group keys

    • Do not confuse with PFS

  • Backward secrecy

    • A passive adversary who knows a contiguous subset of group keys cannot discover preceding group keys

  • Group key independence

    • The combination of forward and backward secrecy.

CSC 774 Adv. Net. Security


Statefule v s stateless

Statefule v.s. Stateless

  • Stateful

    • Decryption of new key depends on previous keys

    • Group member should keep track of all rekeying messages

    • Members should be online

  • Stateless

    • Decryption of new key depends on establishment key setthat is assigned when member join

    • Group members don’t need to keep track of rekeying messages

    • Members can be offline

CSC 774 Adv. Net. Security


Types of group key management

Types of Group Key Management

  • Group key agreement

    • Group keys are determined collectively by all group members

    • Usually extended from D-H key exchange

  • Group key distribution

    • Group keys are determined and distributed by a group key manager

CSC 774 Adv. Net. Security


Csc 774 advanced network security1

CSC 774 Advanced Network Security

Topic 5.1 Group Diffie-Hellman Protocols

CSC 774 Adv. Net. Security


Outline

Outline

  • Review of the basic two-party D-H key exchange

  • Generic n-party D-H key agreement

  • Three specific protocols

    • GDH.1

    • GDH.2

    • GDH.3

CSC 774 Adv. Net. Security


Two party diffie hellman key exchange

Two-Party Diffie-Hellman Key Exchange

Alice

Bob

Pick secret Sb randomly

Compute TB = gSb mod p

Send TB to Bob

Compute TASb mod p

Pick secret Sa randomly

Compute TA = gSa mod p

Send TA to Bob

Compute TBSa mod p

Shared key is reached at both parties: gSaSb mod p

CSC 774 Adv. Net. Security


Notations

Notations

  • n: number of participants in the protocol

  • : exponentiation base

  • q: order of the algebraic group

  • Mi: i-th group member, i is the index

  • Ni: random exponent generated by group member Mi

  • S: subsets of {N1, …, Nn}

  • (S): product of all elements in subset S

  • Kn: group key shared among n members

CSC 774 Adv. Net. Security


Generic n party d h key agreement

Generic n-Party D-H Key Agreement

  • Setup

    • Alln participants agree on a cyclic group G, of order q and the base 

    • Each member Mi chooses a random value Ni G

CSC 774 Adv. Net. Security


Generic n party d h key agreement cont d

Generic n-Party D-H Key Agreement (Cont’d)

  • Generic Protocol:

    • Distributively revealing and computing a subset of {(S)|S{N1, …, Nn}}

    • From these subsets, member Mi computes

      N1…Ni-1Ni+1…Nn mod q

    • Finally, Mi computes the shared key

      K = N1…Nn mod q

CSC 774 Adv. Net. Security


Generic n party d h key agreement cont d1

Generic n-Party D-H Key Agreement (Cont’d)

  • Security

    • The generic n-party D-H protocol is secure if the 2-party D-H protocol is security

    • Proof: by induction on n

  • Remaining problem

    • Consider {(S)|S{N1, …, Nn}}

    • What (S) to distribute, and how?

CSC 774 Adv. Net. Security


Gdh 1

GDH.1

  • Consists of an upflow stage and a downflow stage

Mn

Upflow:

M1

M2

M3

Mn

M1

M2

M3

Downflow:

CSC 774 Adv. Net. Security


Gdh 1 cont d

GDH.1 (Cont’d)

  • Upflow

    • Mi receives the set {N1, N1N2, …, N1…Ni-1} and forwards to Mi+1 {N1, N1N2, …, N1…Ni}, i  [1, n-1]

  • Example

    • M4 receives the set

      {N1, N1N2, N1N2N3}

    • and forwards to M5

      {N1, N1N2, N1N2N3, N1N2N3N4}

CSC 774 Adv. Net. Security


Gdh 1 cont d1

GDH.1 (Cont’d)

  • Downflow

    • Mi uses the last intermediate value to compute Kn (1<i<=n)

    • Mi then raises all remaining values to the power of Ni and forwards the resulting set to Mi-1

  • Example

    • M4 receives the set

      {N5, N1N5, N1N2N5, N1N2N3N5}

    • and forwards to M3

      {N5N4, N1N5N4, N1N2N5N4}

CSC 774 Adv. Net. Security


Gdh 1 cont d2

GDH.1 (Cont’d)

  • How many rounds?

    • __________

  • How many messages in GDH.1?

    • __________

  • How many exponentiations per Mi?

    • __________

Mn

Upflow:

M1

M2

M3

Mn

M1

M2

M3

Downflow:

CSC 774 Adv. Net. Security


Gdh 2

GDH.2

  • Consists of an upflow stage and a broadcast stage

    • Use broadcast to reduce communication overhead

Mn

Upflow:

M1

M2

M3

Mn

M1

M2

M3

Broadcast:

CSC 774 Adv. Net. Security


Gdh 2 cont d

GDH.2 (Cont’d)

  • Upflow

    • Mi composes i intermediate values and one cardinal value and forwards the resulting set to Mi+1 (i < n)

  • Example:

    • M4 receives the set

      {N1N2N3, N1N2, N1N3, N2N3}

    • and forwards to M5

      {N1N2N3N4, N1N2N3, N1N2N4, N1N3N4, N2N3N4}

CSC 774 Adv. Net. Security


Gdh 2 cont d1

GDH.2 (Cont’d)

  • Downflow

    • Mn raises every intermediate value to the power of Nn broadcasts the resulting values to all group members, in another word

    • Mn broadcasts the set {N1…Ni-1Ni+1…Nn} to Mi (i < n)

  • Example

    • M4 receives the set {N1N2N3N5 } from M5 (Assume n=5)

CSC 774 Adv. Net. Security


Gdh 2 cont d2

GDH.2 (Cont’d)

  • How many rounds?

    • __________

  • How many messages in GDH.2?

    • __________

  • How many exponentiations per Mi?

    • __________

Mn

Upflow:

M1

M2

M3

Mn

M1

M2

M3

Broadcast:

CSC 774 Adv. Net. Security


Gdh 3

GDH.3

  • Consists of an upflow stage, a broadcast stage, a response stage, and final broadcast stage

    • Reduce the number of exponentiations per group member.

Mn-1

Upflow:

M1

M2

M3

Mn-1

M1

M2

M3

Broadcast:

M1

M2

M3

Mn

Response:

Mn

M1

M2

M3

Broadcast:

CSC 774 Adv. Net. Security


Gdh 3 cont d

GDH.3 (Cont’d)

  • Upflow

    • Mi (i  [1, n-2]) receives N1…Ni-1, and

    • forwards to Mi+1N1…Ni,

  • Broadcast

    • Mn-1 broadcasts N1…Nn-1to Mi (in-1)

CSC 774 Adv. Net. Security


Gdh 3 cont d1

GDH.3 (Cont’d)

  • Response

    • Mi (i < n) factors out its own component and forwards N1…Ni-1Ni+1…Nn-1to Mn

  • Broadcast

    • Mn raises every input to the power of Nn and broadcasts the resulting set {N1…Ni-1Ni+1…Nn} to Mi (i < n)

CSC 774 Adv. Net. Security


Gdh 3 cont d2

GDH.3 (Cont’d)

  • How many rounds?

    • __________

  • How many messages in GDH.2?

    • __________

  • How many exponentiations per Mi?

    • __________

CSC 774 Adv. Net. Security


Comparison

Comparison

GDH.1 GDH.2 GDH.3

Rounds 2(n-1) n n+1

Messages 2(n-1) n 2n-1

Total message size n(n-1) (n-1)(n/2+2)-1 3(n-1)

Exp ops per Mi i+1, n i+1, n 4, 2, n

Total exp ops (n+3)n/2-1 (n+3)n/2-1 5n-6

CSC 774 Adv. Net. Security


Alteration of group membership

Alteration of Group Membership

  • GDH.1 does not support efficient member addition/deletion.

  • GDH.2 & GDH.3

    • Member addition

      • Consider the new member as the new Mn+1

    • Member deletion

      • Mn regenerates its secret Nn and re-executes the protocol from the second stage.

CSC 774 Adv. Net. Security


  • Login