CSC 774 Network Security Reviewed Topics • Group Key Management • Broadcast Authentication
advertisement
Computer Science CSC 774 Network Security Review of Advanced Topics Dr. Peng Ning CSC 774 Network Security 1 Reviewed Topics • Group Key Management – Group Key Distribution – Group Key Agreement • Broadcast Authentication – TESLA and its extension – BiBa, better than BiBa • Wireless Security • Sensor Network Security Computer Science Dr. Peng Ning CSC 774 Network Security 2 Group Key Distribution Group key manager Group members • Group session keys are determined by one or several group managers. • Group key distribution is usually used for large groups. Computer Science Dr. Peng Ning CSC 774 Network Security 3 Group Key Agreement Group members • All group members contribute to the common group session keys. • Suitable for small, relative static groups. Computer Science Dr. Peng Ning CSC 774 Network Security 4 Group Key Distribution • Techniques covered in class – Iolus – Logical key hierarchy • Basis for many later techniques – Boolean function minimization – Blacklist – Group key distribution for IP multicast by Banerjee and Bhattacharjee • Best known solution for secure IP multicast Computer Science Dr. Peng Ning CSC 774 Network Security 5 Iolus • “1 affects n” problem – The actions of one member affects the entire group Group key manager Old members New member joins Computer Science Dr. Peng Ning CSC 774 Network Security 6 Iolus (Cont’d) • “1 does not equal n” problem – Cannot deal with the group as a whole – Must consider the conflicting demands of members on an individual basis Group members Group key manager Example: Cannot use the old group key to distribute the new group key. Computer Science Member leaves Dr. Peng Ning CSC 774 Network Security 7 Dr. Peng Ning CSC 774 Network Security 8 Iolus (Cont’d) Computer Science Logical Key Hierarchy • # broadcast messages: __________________ • # stored keys at group manager: _____________ • # stored keys at each group member: ____________ K18 K14 K12 K58 K34 K56 K78 K1 K2 K3 K4 K5 K6 K7 K8 R1 R2 R3 R4 R5 R6 R7 R8 Computer Science Dr. Peng Ning CSC 774 Network Security 9 Boolean function minimization k2, k2 k1, k1 k0, k0 Computer Science Dr. Peng Ning CSC 774 Network Security 10 Boolean Function Minimization (Cont’d) • Removal of member C5 • In each level, about half of the members need a new key. # broadcast messages: ____ # keys per member: ____ # keys at manager: ____ Computer Science Dr. Peng Ning CSC 774 Network Security 11 Boolean Function Minimization (Cont’d) • Removal of multiple group members – Convert to a Boolean function minimization problem Computer Science Dr. Peng Ning CSC 774 Network Security 12 Boolean Function Minimization (Cont’d) X0 + X1 • What keys should we use to encrypt the new group key? – _____________ Computer Science Dr. Peng Ning CSC 774 Network Security 13 Boolean Function Minimization (Cont’d) • Major Problem: Vulnerable to collusion attacks C5: removed in round 1 C2: removed in round 2 New SK in round 2 Computer Science Dr. Peng Ning CSC 774 Network Security 14 Group Key Agreement • Most techniques are based on Diffie-Hellman key exchange protocol • Techniques covered in class – Group D-H – Tree-based group D-H • Extended from group D-H Computer Science Dr. Peng Ning CSC 774 Network Security 15 Tree-based Group D-H • Each node is associated with a key K and a blind key BK – BK = gK mod p • The key of a parent node is the D-H key established by the two child nodes. – Kp = gKl*Kr mod p = BKl Kr mod p = BKr Kl mod p Group key node 0,0 1,1 1,0 2,0 2,1 M3 3,0 M1 Computer Science 3,1 2,3 2,2 M4 3,6 M5 3,7 M6 M2 Dr. Peng Ning CSC 774 Network Security 16 Tree-based Group D-H (Cont’d) • Protocols – – – – Join Leave Merge Partition • Unified protocol Computer Science Dr. Peng Ning CSC 774 Network Security 17 Broadcast Authentication One sender Multiple receivers • Public key based digital signatures – Too expensive • Message authentication code cannot be directly used. – Why? Computer Science Dr. Peng Ning CSC 774 Network Security 18 Broadcast Authentication (Cont’d) • Techniques covered in class – – – – TESLA and its extension EMSS BiBa Better than BiBa Computer Science Dr. Peng Ning CSC 774 Network Security 19 TESLA • Based on symmetric cryptography • Provide broadcast source authentication by delayed disclosure of authentication keys • Authentication of messages depends on the authenticity of the key chain commits K0. commitment Authentication Keys K0 Ki=F(Ki+1), F: pseudo random function F K1 F K2 F K3 F K4 F F Kn= R … Time Key Disclosure K1 Computer Science Dr. Peng Ning K2 CSC 774 Network Security Kn-2 20 TESLA (Cont’d) • Security condition: – When a receiver receives a message, the corresponding key should not have been disclosed yet. Computer Science Dr. Peng Ning CSC 774 Network Security 21 TESLA (Cont’d) • Major problems of TESLA – DOS attacks against receivers • How? – Overhead for receivers in heterogeneous networks • Uses many keys with different disclosure delays Computer Science Dr. Peng Ning CSC 774 Network Security 22 Extensions to TESLA • • • • Immediate Authentication Concurrent TESLA instances Time Synchronization Determining Key Disclosure Delay Computer Science Dr. Peng Ning CSC 774 Network Security 23 Extension to TESLA (Cont’d) • Immediate Authentication – Receiver authenticates packets as soon as they arrive – Sender buffers packets during one disclosure delay Computer Science Dr. Peng Ning CSC 774 Network Security 24 EMSS: Efficient Multichained Streamed Signature Computer Science Dr. Peng Ning CSC 774 Network Security 25 EMSS (Cont’d) • Sender sends periodic signature packets • Packet Pi is verifiable if there exists a path from Pi to any signature packet Sj • Can be further improved – Split hash into k chunks, – any k’ out of k chunks are sufficient to validate the information Computer Science Dr. Peng Ning CSC 774 Network Security 26 BiBa • One-time signature scheme • Setup Receivers Sender H(s1) s1 s2 … st H(s2) … H(st) A set of seals Authenticated commitments of seals Computer Science Dr. Peng Ning CSC 774 Network Security 27 BiBa (Cont’d) • Signature generation M c s1 s2 … st H h Gh Computer Science Pick one-way function Gh Do we have a k-way collision? Dr. Peng Ning Yes: signature No: increase c CSC 774 Network Security 28 Wireless Security • Topics covered – – – – – – Self-organized certificate authority Watchdog and Pathrater Pre- authentication Ariadne Confidant LHAP Computer Science Dr. Peng Ning CSC 774 Network Security 29 Self-Organized Certificate Authorities • Public-key certificates issued by users • Certificates stored and distributed by users Computer Science Dr. Peng Ning CSC 774 Network Security 30 Watchdog and Pathrater • Watchdog – Each node monitors its neighbors for forwarded packets • Pathrater – Select paths that have fewer “bad” nodes. Computer Science Dr. Peng Ning CSC 774 Network Security 31 Pre-authentication • Location-limited channel – A Æ B: Address_A, h(PKA) – B Æ A: Address_B, h(PKB) • Wireless channel – h(PKA) and h(PKB) are used to authenticate PKA and PKB. Computer Science Dr. Peng Ning CSC 774 Network Security 32 Ariadne • Source and destination use a shared key KSD. – Source authenticates the request to the destination – Destination authenticates the reply to the source • Intermediate nodes use TESLA – Intermediate nodes authenticate themselves to the source. Destination D Source S Computer Science Dr. Peng Ning CSC 774 Network Security 33 Sensor Network Security • Topics covered in class – Probabilistic key establishment – SPINS • Port of existing techniques to sensor networks Computer Science Dr. Peng Ning CSC 774 Network Security 34 Probabilistic Key Establishment • Generate a large pool of keys • Each sensor has a random subset of keys • Key establishment – find common keys shared by sensors – Establish session keys through intermediate sensors Computer Science Dr. Peng Ning CSC 774 Network Security 35
