Embed Size (px)
DESCRIPTION
Secure Group Communications Using Key Graphs. Chung Kei Wong, Member, IEEE, Mohamed Gouda Simon S. Lam, Fellow, IEEE Evgenia Gorelik Yuksel Ucar. Introduction. - PowerPoint PPT Presentation
Citation preview
Secure Group Communications Secure Group Communications Using Key GraphsUsing Key Graphs
Chung Kei Wong, Member, IEEE,Chung Kei Wong, Member, IEEE,Mohamed GoudaMohamed GoudaSimon S. Lam, Fellow, IEEESimon S. Lam, Fellow, IEEE
Evgenia GorelikEvgenia GorelikYuksel UcarYuksel Ucar
IntroductionIntroduction
Most emerging applications are based upon the group Most emerging applications are based upon the group communications model. As a result, securing group communications model. As a result, securing group communications i.e., providing confidentiality, authenticity communications i.e., providing confidentiality, authenticity and integrity of messages delivered between group and integrity of messages delivered between group members, will become critical networking issue.members, will become critical networking issue.
For secure group communications, a symmetric key is For secure group communications, a symmetric key is created and shared by server and clients. Authenticated created and shared by server and clients. Authenticated and accepted into a group, each member shares with the and accepted into a group, each member shares with the server the key called that member’s server the key called that member’s individual keyindividual key. For . For group communications the server distributes to each group communications the server distributes to each member a member a group keygroup key to be shared by all members of to be shared by all members of group. group. To achieve a high level of security in a group To achieve a high level of security in a group communications, the group key should be changed after communications, the group key should be changed after every join and leave.every join and leave.
Key GraphsKey Graphs
A key graphs is a directed acyclic graphs G with A key graphs is a directed acyclic graphs G with two types of nodes: two types of nodes: u-nodes u-nodes representing users representing users and and k-nodesk-nodes representing keys. representing keys.
Special Classes of Key GraphsSpecial Classes of Key Graphs
Star Star is a special class of secure group where is a special class of secure group where each user has only two keys: its individual key and each user has only two keys: its individual key and a group key that is shared by every user.a group key that is shared by every user.
Tree Tree is a special class of secure group whose is a special class of secure group whose key graph is a single-root treekey graph is a single-root tree The The height h height h of the tree is the length of the tree is the length
(in number of edges) of the longest (in number of edges) of the longest directed path in the tree.directed path in the tree.
The The degree d degree d of the tree is the maximum of the tree is the maximum number of incoming edges of a node in the treenumber of incoming edges of a node in the tree
Key Trees Before and After JoinKey Trees Before and After Join
Joining a Tree Key GraphJoining a Tree Key Graph
After granting a join request from After granting a join request from uu, server , server ss creates new creates new node node uu-node for user -node for user uu and a new and a new kk-node for its -node for its individual key individual key kkuu. Server . Server ss finds an existing finds an existing kk-node (called -node (called the joining point for this join request) in the key tree and the joining point for this join request) in the key tree and attaches attaches kk-node -node kkuu to the joining point as its child. to the joining point as its child.
User-Oriented Rekeying:User-Oriented Rekeying: For each user, the server For each user, the server constructs a rekey message that contains precisely constructs a rekey message that contains precisely the new keys needed by the user and encrypts them the new keys needed by the user and encrypts them using a key held by the user.using a key held by the user.
Key-Oriented Rekeying:Key-Oriented Rekeying: Each new key is encrypted Each new key is encrypted individually (except keys for the joining user)individually (except keys for the joining user)
Group-Oriented Rekeying:Group-Oriented Rekeying: Server constructs a single Server constructs a single rekey message containing all new keys, this rekey rekey message containing all new keys, this rekey message is then multicasted to the entire group.message is then multicasted to the entire group.
Leaving a Tree Key GraphLeaving a Tree Key Graph
After granting a leave request from user After granting a leave request from user uu, server , server ss updates the key graph by deleting the updates the key graph by deleting the uu-nodes for -nodes for user user uu and the and the kk-node for its individual key from the -node for its individual key from the key graph. The parent of the k-node for its individual key key graph. The parent of the k-node for its individual key is called the is called the leaving pointleaving point..
User-Oriented Rekeying: User-Oriented Rekeying: Each user gets a rekey Each user gets a rekey message in which all the new keys it needs are message in which all the new keys it needs are encrypted using a key it holds.encrypted using a key it holds.
Key-Oriented Rekeying:Key-Oriented Rekeying: Each new key is encrypted Each new key is encrypted individually.individually.
Group-Oriented Rekeying:Group-Oriented Rekeying: A single rekey message is A single rekey message is constructed containing all new keys.constructed containing all new keys.
Experiments and Performance ComparisonsExperiments and Performance Comparisons
The experiments were carried out on two lightly The experiments were carried out on two lightly loaded SGI Origin 200 machines running IRIX 6.4. loaded SGI Origin 200 machines running IRIX 6.4. The machines were connected by a 100-Mbps Ethernet. The machines were connected by a 100-Mbps Ethernet. The key server process runs on one SGI machine.The key server process runs on one SGI machine. Group sizeGroup size Rekeying strategyRekeying strategy Key tree degreeKey tree degree Encryption algorithm Encryption algorithm Message digest algorithmMessage digest algorithm Digital signature algorithmDigital signature algorithm
Each experiment was performed with three different Each experiment was performed with three different sequences of 1000 join/leave requests. For fair sequences of 1000 join/leave requests. For fair comparisons (between different rekeying strategies, comparisons (between different rekeying strategies, key trees of different degrees), same three sequences key trees of different degrees), same three sequences were used for a given group size.were used for a given group size.
Number and size of Rekey Messages, with Encryption and Number and size of Rekey Messages, with Encryption and Signature Sent by the ServerSignature Sent by the Server
Number and size of Rekey Messages, with Encryption and Number and size of Rekey Messages, with Encryption and Signature Sent by ClientSignature Sent by Client
Server Processing time per request versus group size Server Processing time per request versus group size (key tree degree 4) (a) Encryption only (b) encryption and signature(key tree degree 4) (a) Encryption only (b) encryption and signature
Server processing time per join versus key tree degree (initial group Server processing time per join versus key tree degree (initial group size 8192) (a) Encryption only and (b) encryption and signaturesize 8192) (a) Encryption only and (b) encryption and signature
Server processing time per leave versus key tree degree (initial group Server processing time per leave versus key tree degree (initial group size 8192) (a) Encryption only and (b) encryption and signaturesize 8192) (a) Encryption only and (b) encryption and signature
Server processing time per request versus key tree degree (initial groupServer processing time per request versus key tree degree (initial groupsize 8192) (a) Encryption only and (b) encryption and signaturesize 8192) (a) Encryption only and (b) encryption and signature
Number of key changes by a client per requestNumber of key changes by a client per request
Performance and ConclusionPerformance and Conclusion
The problem was reduced from The problem was reduced from O(n)O(n) to to O(log n)O(log n) We conclude that our group key server using any of the We conclude that our group key server using any of the
three rekeying strategies is scalable to very large groups three rekeying strategies is scalable to very large groups with frequent joins and leaves. In particular, the average with frequent joins and leaves. In particular, the average server processing time per join/leave increases linearly server processing time per join/leave increases linearly with the logarithm of group size. We found that the with the logarithm of group size. We found that the optimal key tree degree is around four.optimal key tree degree is around four.
On the On the serverserver side, side, group-oriented rekeyinggroup-oriented rekeying provides the provides the best performance, with best performance, with key-oriented rekeyingkey-oriented rekeying in second in second place, and place, and user-oriented rekeyinguser-oriented rekeying in third place. in third place.
On the On the clientclient side, side, user-oriented rekeyinguser-oriented rekeying provides the provides the best performance, with best performance, with key-oriented rekeyingkey-oriented rekeying in second in second place, and place, and group-oriented rekeyinggroup-oriented rekeying in third place. in third place.
