Add to collection(s) Add to saved
  1. Engineering & Technology
  2. Computer Science

CSC 774 Advanced Network Security Topic 5.2 Tree-Based Group Diffie Hellman Protocol

advertisement 
Computer Science
CSC 774 Advanced Network Security
Topic 5.2 Tree-Based Group Diffie Hellman
Protocol
Acknowledgment: Slides were originally provided by Dr. Yongdae Kim at University of Minnesota.
Dr. Peng Ning
CSC 774 Adv. Net. Security
1
Membership Operations
Formation
Member add
Group partition
Member leave
Computer Science
Dr. Peng Ning
Group merge
CSC 774 Adv. Net. Security
2
Membership Operations
• Join: a prospective member wants to join
• Leave: a member wants to (or is forced to) leave
• Partition: a group is split into smaller groups
– Network failure: network event causes disconnectivity
– Explicit partition: application decides to split the group
• Merge: two or more groups merge to form one group
– Network fault heal: previously disconnected partitions
reconnect
– Explicit merge: application decides to merge multiple preexisting groups into a single group
Computer Science
Dr. Peng Ning
CSC 774 Adv. Net. Security
3
Tree-Based Group Diffie Hellman
• Simple: One function is enough to implement it
• Fault-tolerant: Robust against cascade faults
• Secure
– Contributory
– Provable security
– Key independence
• Efficient
– d is the height of key tree ( < O(log 2 N)), and N is the
number of users
– Maximum number of exponentiations per node 3d
Computer Science
Dr. Peng Ning
CSC 774 Adv. Net. Security
4
Key Tree (General)
ggn gn n gn gn n
1
gn g
1
2 3
4 5
6
n2n3
gn g
6
gn n
n1
gn n
2 3
n2
Computer Science
n4n5
n6
4 5
n3
n4
Dr. Peng Ning
n5
CSC 774 Adv. Net. Security
5
Key Tree (n3’s view)
=g
GROUP KEY
gn g
1
gn1gn2n3 gn6gn4n5
n2n3
g
gn1
n 4n 5
g
g
gn2n3
gn
2
gn6gn4n5
n3
gn
4
gn
gn
6
5
Any member
who
knows
blinded
keysonon
every
nodes and
Co-path:
Set
of
siblings
of
nodes
the
key-path
Member
knows
all
keys
on
the
key-path
and
all
blinded
keys
Key-path: Set of nodes on the path from member node to root node
its session random can compute the group key.
Computer Science
Dr. Peng Ning
CSC 774 Adv. Net. Security
6
Join (n3’s view)
n1n2
n
g
3
g
gg
gn
1
n 1n 2
n3
gn
2
Tree(n4)
gn
Computer Science
Dr. Peng Ning
4
CSC 774 Adv. Net. Security
7
Join (n3’s view)
nn1ng2ng1nn32n4
g
gg 3
gg
gn
1
n 1n 2
gnn 3n
3 4
gn
Computer Science
2
n3
Dr. Peng Ning
gn
4
CSC 774 Adv. Net. Security
8
Leave (n2’s view)
n1n2gn3n4
g
g
gn n
gg
1 2
gn
1
n2
Computer Science
gn
3
Dr. Peng Ning
n3n4
gn
4
CSC 774 Adv. Net. Security
9
Leave (n2’s view)
n1n2gn3n4
g
g
gn n
gg
1 2
n2
Computer Science
gn
3
Dr. Peng Ning
n3n4
gn
4
CSC 774 Adv. Net. Security
10
Leave (n2’s view)
gn2’gn n
3 4
ggn n
n2’
3 4
gn
Computer Science
3
Dr. Peng Ning
gn
4
CSC 774 Adv. Net. Security
11
Partition (n5’s view)
g
g
gn1g
g n1g
n2n3 n gn4n5
g 6
n2n3
gn g
6
n 2n 3
g
g
gn1
gnn2
2
n4n5
gn n
gnn6
4 5
gn
Computer Science
3
gn
Dr. Peng Ning
4
6
n5
CSC 774 Adv. Net. Security
12
Partition (n5’s view)
gn
1
gn n
gn n
2 3
4 5
gn
Computer Science
3
Dr. Peng Ning
gn
4
n5
CSC 774 Adv. Net. Security
13
Partition (n5’s view)
n1n3gn4n5’
g
g
n1n3
g
g
gn
1
gn n
44 5’
5
gngn
gn
3 3
n5’5
4
Change
share
Computer Science
Dr. Peng Ning
CSC 774 Adv. Net. Security
14
Partition: Both Sides
gn
gn
1
gn
2
gn
Computer Science
3
gn
Dr. Peng Ning
4
6
n5
CSC 774 Adv. Net. Security
15
Partition: Both sides (N5 and N6)
ggn n gn n
1 3
gn n
4 5’
2 6’
ggn n
gn n
1 3
gn
1
gn
4 5’
gn
3
gnn2
4
Computer Science
2
n6’6
n5’
Dr. Peng Ning
CSC 774 Adv. Net. Security
16
Merge (N2’s view)
ggn n
6 7
g
gn1n2gn5g
n3n4
gn
g n 1 n2
ggnnn
gn
1
g
gg
n2
112
gn
n2
3
Computer Science
Dr. Peng Ning
gn
6
n3n4
g n 5g
7
n3n4
gn
5
gn
4
CSC 774 Adv. Net. Security
17
Merge (to intermediate node)
g
gg
n1n2gn6n7 n gn3n4
g 5
ggn n gn n
1 2
g
6 7
ggn n
gnn1n
gn
1
n2
gn
6
Computer Science
n3n4
ggn n
6 7
1 2
g n 5g
gn
3 4
gn
7
gn
Dr. Peng Ning
3
5
gn
4
CSC 774 Adv. Net. Security
18
Tree Management: do one’s best
• Join or Merge Policy
– Join to leaf or intermediate node, if height of the
tree will not increase.
– Join to root, if height of the tree increases.
• Leave or Partition policy
– No one can expect who will leave or be
partitioned out.
– No policy for leave or partition event
• Successful
– Still maintaining logarithmic (height < 2 log2 N)
Computer Science
Dr. Peng Ning
CSC 774 Adv. Net. Security
19
Discussion
• Efficiency
– Average number of mod exp: 2 log2 n
– Maximum number of round: log2 n
• Robustness is easily provided due to selfstabilization property
Computer Science
Dr. Peng Ning
CSC 774 Adv. Net. Security
20
Related documents
CSC 774 Advanced Network Security About the Presentation • Will be graded.
CSC 774 Advanced Network Security About the Presentation • Will be graded.
CSC 774 -- Network Security About the Presentation • Will be graded.
CSC 774 -- Network Security About the Presentation • Will be graded.
CSC 474/574 Information Systems Security Approaches to Multi-level Databases • Partitioning
CSC 474/574 Information Systems Security Approaches to Multi-level Databases • Partitioning
CSC 474/574 Information Systems Security COVERT CHANNELS
CSC 474/574 Information Systems Security COVERT CHANNELS
Download
advertisement