1 / 32

Key amplification in unstructured networks

Key amplification in unstructured networks. Shishir Nagaraja University of Cambridge. Problem statement. LiveJournal Source: Trejkaz Xaoza, Touchgraph. Alice. Bob. Problem statement. Alice and Bob are part of a common network – for instance, a social network.

terena
Download Presentation

Key amplification in unstructured networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Key amplification in unstructured networks Shishir Nagaraja University of Cambridge

  2. Problem statement LiveJournal Source: Trejkaz Xaoza, Touchgraph Alice Bob University of Cambridge

  3. Problem statement • Alice and Bob are part of a common network – for instance, a social network. • Alice shares a weak human guessable secret with Bob. • Both want to amplify their shared-key before using it. • Bob would like to ensure that Alice is not a “dodgy” node and vice-versa. University of Cambridge

  4. Threat model • Global passive adversary • Adversary arrives after network bootstraps. University of Cambridge

  5. Context… • Neither party possesses global topology information • Each node shares a strong link key with its neighbours. • There is no centralized reputation infrastructure available. University of Cambridge

  6. Background work • Prior work on password authenticated key exchange, in several waves. • EKE, SRP, OKE, AMP, S3P, GLNS … • Provably secure schemes [GL03], [GL01], [CPP04] … • Random walks on graph topologies have a rich history, security schemes based on them, less so • SybilGuard, [BF93] … University of Cambridge

  7. Intersection1David Sybil Region Intersection2Ali Scheme • Alice and Bob each carry out a random walk of k steps. University of Cambridge

  8. Desirable properties • Protocol efficiency - #collisions/walk-length • Lower the risk of manipulation from corrupt nodes • Lower the risk from localized graph sampling • Avoid key amplification with dodgy nodes University of Cambridge

  9. Key steps Alice and Bob wish to generate a link key: • Find common acquaintances. • Acquire entropy contribution from acquaintances. • Generate a common link key from the entropy contributions obtained. University of Cambridge

  10. Directed network topologies • Baseline topology – LiveJournal network of friendship ties • Scale-freeness – presence of hubs • Clustering and Weak-ties • Community structure University of Cambridge

  11. LiveJournal |V|=3.2 million |E|=55 million Source: Trejkaz Xaoza, Touchgraph Pavel Zakharov, Thermodynamic approach for community discovering within the complex networks: LiveJournal study. e-print on arxiv.org: physics/0602063. University of Cambridge

  12. Network models - 1 • Scale-free Random (SFR) model. • Based on massive call graphs from AT&T [Aiello & Chung 2000] • Choose a gamma of 3.45 after LJ network. • 3.2 million nodes and 55 million nodes • Exactly the same degree distribution as the LJ network, but random (uniformly) in all other ways. University of Cambridge

  13. Network models – 2 • Klienberg-Watts-Strogatz model of social networks p = 1 - local ties q = 0 - weak ties |V| = 3.2 million |E| ~ 55 million [Klienberg 2001] University of Cambridge

  14. Protocol 1 – Single random walk • # Collisions or intersections between two random walks each starting from Alice and Bob respectively. • Simulation: • Selecting a random node, Alice. • Bob is selected as follows: • With p=0.5, choose another node uniformly at random • With p=0.5, choose Bob as the destination of a random walk of 100 steps with Alice as the starting node • Conduct a single random walk from each node. • Measure the # collisions generated. University of Cambridge

  15. Protocol 1 – LJ vs Scale-free Scale-free Random LiveJournal University of Cambridge

  16. Protocol1 – LJ vs small-world LiveJournal KWS –Weak/Strong ties University of Cambridge

  17. Protocol 2 • Instead of a single walk, Alice and Bob conduct k walks of length t each. • We chose k=50 walks of length t=40 steps each. • The length is roughly twice that required for convergence with the stationary distribution for LJ. • The objective is to create a favourable bias in the neighbourhood of Alice and Bob. University of Cambridge

  18. LJ – Protocol 2 Shortest path distance = 4 Shortest path distance = 2 University of Cambridge Shortest path distance = 3

  19. LJ – Protocol 2 Shortest path distance = 10 Shortest path distance = 8 University of Cambridge Shortest path distance = 9

  20. Scalefree (SFR)– Protocol 2 University of Cambridge

  21. Small world (KWS)– Protocol 2 University of Cambridge

  22. Analysis • Protocol 1 (single random walk) - small-world and scale-free perform comparably. • In Protocol 2 (Multiple random walk), both scale-free and small-world seem to do far worse than LJ! • Reason – Community structure of LJ • So here it is – avoid the dodgy guys by controlling the number of walks and the walk-length – SybilGuard [YH 2006] proposed this first. University of Cambridge

  23. Analytical reasoning • We can formulate this as the “same birthday as you” problem on a heavy tailed distribution of urn sampling. • SybilGuard assumes a uniform distribution and is therefore wrong to conclude that the reqd length of random walk is sqrt(n)*logn. University of Cambridge

  24. Checking back with the framework … • Protocol efficiency - #collisions/walk-length • Avoid key amplification with dodgy nodes • Lower the risk of manipulation from corrupt nodes • Lower the risk from localized graph sampling University of Cambridge

  25. Corrupt nodes – Random selection • Probability of a walk of length t going through ts randomly selected nodes of G(V,E) - Gilbert 1998 (Upper bound) University of Cambridge

  26. Efficiency of random walks on KWSnetwork model N=5000 nodes Walk length University of Cambridge

  27. Mixing efficiency of SFR and KWS topologies University of Cambridge

  28. Mixing efficiency of LiveJournal topology University of Cambridge

  29. Protocol details • Token collection • List negotiation • Amplification University of Cambridge

  30. TokenCollection University of Cambridge

  31. List exchange & amplification • Alice and Bob now exchange the list of nodes on their random walk. • If Alice and Bob belong to different components that are weakly connected, then this list will be very small. • Amplification: University of Cambridge

  32. Conclusions • We have proposed a decentralized key amplification scheme, that combines a measure of network distance with key amplification success, to avoid dodgy nodes. • We have shown from simulations that such a scheme is practical in the real world. • We have played with a number of topology properties to conclude that community structure is vital for high efficiency. • Applications to other unstructured networks such as sensor networks. University of Cambridge

More Related