decentralized key management for large dynamic multicast
play

Decentralized Key Management for Large Dynamic Multicast Groups - PowerPoint PPT Presentation

Jan 11, 2024 •273 likes •840 views

Decentralized Key Management for Large Dynamic Multicast Groups using Distributed Balanced Trees Thesis by Junaid Haroon MSCS018 Supervised by Mr Shafiq ur Rahman Flow of Presentation Background Proposed Scheme Analysis

  1. Decentralized Key Management for Large Dynamic Multicast Groups using Distributed Balanced Trees Thesis by Junaid Haroon MSCS018 Supervised by Mr Shafiq ur Rahman

  2. Flow of Presentation • Background • Proposed Scheme • Analysis • References

  3. Background • Two Party Secure Communication • Multicast Groups (Without Security) • Secure Multicast • Key Management for Secure Multicast • Logical Key Hierarchy • Problems in Existing Scheme

  4. Two Party Secure Communication • Both parties generate a pair of keys such that data encrypted with one of them can be decrypted with the other

  5. Two Party Secure Communication • Both parties register one key with a trusted third party. This key is called the public key while the other is called private key. Trusted Third Party Sender Public key Receiver Receiver Public key Sender data data Sender Public key Receiver Public key Sender Private key Receiver Private key

  6. Two Party Secure Communication • Both parties acquire the public key of the other party from the trusted third party Trusted Third Party Sender Public key Receiver Receiver Public key Sender data data Sender Public key Receiver Public key Sender Private key Receiver Private key Receiver Public key Sender Public key

  7. Two Party Secure Communication • Both parties use the Deffie Hellman protocol to arrive at a common key at both ends Receiver Sender data data Sender Public key Receiver Public key Diffie Hellman Sender Private key Receiver Private key Key Exchange Receiver Public key Sender Public key

  8. Two Party Secure Communication • Both parties use the Deffie Hellman protocol to arrive at a common key at both ends Receiver Sender data data Symmetric key Symmetric key Sender Public key Receiver Public key Diffie Hellman Sender Private key Receiver Private key Key Exchange Receiver Public key Sender Public key

  9. Two Party Secure Communication • Both parties use the Deffie Hellman protocol to arrive at a common key at both ends Receiver Sender data data Symmetric key Symmetric key

  10. Two Party Secure Communication • Both parties use symmetric encryption using this generated key to transfer data over the public channel Receiver Sender data data channel Symmetric key Symmetric key Security Transformations

  11. Two Party Secure Communication • The opponent is unable to decipher encrypted data passing over the channel Opponent Receiver Sender data data channel Symmetric key Symmetric key Security Transformations

  12. Multicast Groups (Without Security)

  13. Multicast Groups (Without Security) • Multicast is the delivery of a packet to all hosts which have shown interest in receiving it

  14. Multicast Groups (Without Security) • Multicast capable routers construct each group’s delivery tree • Hosts can join or leave a multicast group by informing their nearest router

  15. Multicast Groups (Without Security) • In multicast there is no authentication or authorization for group membership and for sending data to a group

  16. Secure Multicast • All transmitted data must be encrypted and only group members should possess the key used to encrypt and decrypt, also called the group key • After every member join or leave in the secure group, key must be changed otherwise – A joining member can decrypt accumulated traffic – A leaving member can continue to decrypt data • The mechanism by which the new key is generated and distributed is called key management • The message containing the new key is called key update

  17. Key Management for Multicast Groups • In simple schemes key updates are sent in a single multicast packet containing the group key encrypted by each member’s public key. Size of key update is proportional to group size K18 K1 K2 K3 K4 K5 K6 K7 K8 M1 M2 M3 M4 M5 M6 M7 M8

  18. Key Management for Multicast Groups • For example, if M8 wants to leave the group, the new K18 is sent encrypted with each of K1 through K7 but not with K8 • These seven encrypted copies of K18 are sent in a single multicast packet to the whole group K18 K1 K2 K3 K4 K5 K6 K7 K8 M1 M2 M3 M4 M5 M6 M7 M8

  19. Key Management for Multicast Groups • If every pair of hosts know a common key, the required encryptions reduce K18 K1 K2 K3 K4 K5 K6 K7 K8 M1 M2 M3 M4 M5 M6 M7 M8

  20. Key Management for Multicast Groups • If every pair of hosts know a common key, the required encryptions reduce K18 K12 K34 K56 K78 K1 K2 K3 K4 K5 K6 K7 K8 M1 M2 M3 M4 M5 M6 M7 M8

  21. Key Management for Multicast Groups • If every pair of hosts know a common key, the required encryptions reduce • If this is extended to form a tree the number of encryptions become logarithmic K18 K14 K58 K12 K34 K56 K78 K1 K2 K3 K4 K5 K6 K7 K8 M1 M2 M3 M4 M5 M6 M7 M8

  22. Key Management for Multicast Groups • However two more keys need to be changed which were known by the leaving member • The whole process goes like this K18 K14 K58 K12 K34 K56 K78 K1 K2 K3 K4 K5 K6 K7 K8 M1 M2 M3 M4 M5 M6 M7 M8

  23. Key Management for Multicast Groups • A total of five encryptions were needed • Size of message is 2 lg n • The scheme is called Logical Key Hierarchy K18 K14 K58 K12 K34 K56 K78 K1 K2 K3 K4 K5 K6 K7 K8 M1 M2 M3 M4 M5 M6 M7 M8

  24. Logical Key Hierarchy (LKH) • Each member knows all keys on its path to the root • On member join or leave all keys on that member’s path to the root are updated • A changed key is sent encrypted by both its children keys therefore message size becomes 2 log n

  25. Problems in Existing Scheme • Single controller responsible for storing keys for the whole group and generating key updates for them – Performance deteriorates as group size increases • Key update message size is logarithmic only when the key tree is balanced which is not guaranteed in this scheme – Performance deteriorates as tree gets out of balance

  26. Proposed Scheme • Distributed Nature of Key Tree • Balancing of Key Tree • Key Updates • Member Joins • Member Leaves

  27. Distributed Nature of Key Tree C18/4 K18 – C58/3 K14 K58 – – C12/2 C56/2 K12 K34 K56 K78 – – – – K1 K2 K3 K4 K5 K6 K7 K8 – – – – – – – – M1 M2 M3 M4 M5 M6 M7 M8

  28. Distributed Nature of Key Tree • Every controller has a key as allotted to it by the parent and another key that it generates to be used in the key tree C18/4 C58/3 K18 – K14 – C12/2 K34 – K3 K4 – – M3 M4

  29. Balancing of Key Tree • There is no order in members so there is a single case of rotation which is like single rotation in an AVL tree R S H h SH HH h / h h +1 +1

  30. Balancing of Key Tree • There is no order in members so there is a single case of rotation which is like single rotation in an AVL tree H HH R h S SH +1 h h / h +1

  31. Key Updates • Assume all keys need to updated C18/4 K18 – C58/3 K14 K58 – – C12/2 C56/2 K12 K34 K56 K78 – – – – K1 K2 K3 K4 K5 K6 K7 K8 – – – – – – – – M1 M2 M3 M4 M5 M6 M7 M8

  32. Member Joins C18/4 K18 – C58/3 K14 – C12/2 K34 – K3 K4 – – M3 M4 M8

  33. Member Joins • Sub controller takes a random decision since the node is balanced C18/4 K18 – C58/3 K58 / C56/2 K56 – K5 K6 – – M5 M6 M8

  34. Member Joins • Node cannot be added here since height increase is not allowed C18/4 K18 – C58/3 K58 / C56/2 K56 – K5 K6 – – M5 M6 M8

  35. Member Joins • Request is passed on to parent controller C58 C18/4 K18 – C58/3 K58 / C56/2 K7 – M7 M8

  36. Member Joins • Controller must add the new member on right side with height increase allowed C18/4 K18 – C58/3 K58 / C56/2 K7 – M7 M8

  37. Member Joins • Leaf node K7 must be split to accommodate for the new member C18/4 K18 – C58/3 K58 / C56/2 K7 – M7 M8

  38. Member Joins • Leaf node K7 must be split to accommodate for the new member C18/4 K18 – C58/3 K58 – C56/2 K78 – K7 K8 – – M7 M8

  39. Member Joins • To balance load the root controller forwards join requests to different controllers • Height increase is only allowed when moving in a smaller sub-tree or when starting from root • If insertion without height increase is impossible request is forwarded to parent controller • Parent controller repeats the same algorithm except that it does not send the member back to the same controller

  40. Member Leaves • M6 wants to leave the group and informs its parent controller C56 C18/4 K18 / C58/3 K58 / C56/2 K56 – K5 K6 – – M5 M6

  41. Member Leaves • Controller merges nodes to remove M6 from the tree C18/4 K18 / C58/3 K58 / C56/2 K5 – M5 M6

  42. Member Leaves • Sub controller height is changed so parent controller is informed C18/4 K18 / K58 / C58/3 C56/1 C56/2 K5 K7 – – M6 M7

  43. Member Leaves • Parent adjusts the balance of its nodes C18/4 K18 / K58 K58 – / C58/3 C56/1 C56/2 K5 K7 – – M6 M7

Recommend

Introduction Resilient Multicast Support for IP multicast presents opportunity for large-

Introduction Resilient Multicast Support for IP multicast presents opportunity for large-

Introduction Resilient Multicast Support for IP multicast presents opportunity for large- Continuous-Media Applications scale continuous media Tools: nv, vat, vic ivs Real-time assumed that no retransmission Retransmissions

411 views • 6 slides
Decentralized Trust Management for Decentralized Trust Management for Ad-Hoc Peer-to-Peer

Decentralized Trust Management for Decentralized Trust Management for Ad-Hoc Peer-to-Peer

Decentralized Trust Management for Decentralized Trust Management for Ad-Hoc Peer-to-Peer Networks Ad-Hoc Peer-to-Peer Networks Thomas Repantis Vana Kalogeraki Department of Computer Science & Engineering University of California,

1.41k views • 29 slides
Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance

Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance

Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance Vector Multicast Routing Protocol (DVMRP) Last Modified: Core Based Trees (CBT) Protocol Independent Multicast (PIM) 4/9/2003 1:15:00 PM

619 views • 12 slides
IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to

IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to

IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to many propagation of data Uses of multicast Financial data IPTV Gaming T ypes of multicast Any-source multicast (ASM)

297 views • 17 slides
Large Scale Multicast Large Scale Multicast over UDL over UDL Asian Institute of Technology

Large Scale Multicast Large Scale Multicast over UDL over UDL Asian Institute of Technology

Large Scale Multicast Large Scale Multicast over UDL over UDL Asian Institute of Technology Asian Institute of Technology Satellite network & IP Satellite network & IP Wide Area Coverage Wide Area Coverage Broadcast

901 views • 53 slides
Profiling and diagnosing large-scale decentralized systems David Oppenheimer ROC Retreat

Profiling and diagnosing large-scale decentralized systems David Oppenheimer ROC Retreat

Profiling and diagnosing large-scale decentralized systems David Oppenheimer ROC Retreat Thursday, June 5, 2003 1 Why focus on P2P systems? There are a few real ones file trading, backup, IM Look a lot like other decentralized

685 views • 22 slides
Multicast Protocols IGMP - IP Group Membership Protocol DVMRP - DV Multicast Routing Protocol

Multicast Protocols IGMP - IP Group Membership Protocol DVMRP - DV Multicast Routing Protocol

Multicast Protocols IGMP - IP Group Membership Protocol DVMRP - DV Multicast Routing Protocol MOSPF - Multicast OSPF (see notes pages for some slides!) S38.122/RKantola/s00 9 - 1 IGMPv2 - Internet Group Management Protocol implements Group

474 views • 14 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.2121 / Fall-2007 / RKa, NB Multicast2-1 Multicast in local area networks

489 views • 25 slides
Attacking Multicast Group Key Management Protocols Graham Steel and Alan Bundy I V N E U R

Attacking Multicast Group Key Management Protocols Graham Steel and Alan Bundy I V N E U R

Attacking Multicast Group Key Management Protocols Graham Steel and Alan Bundy I V N E U R S E I H T Y T O H F G R E U D B I N 1 Multicast Key Management Protocols Aim: To maintain a secure key for multicast within a

164 views • 15 slides
PERPETUAL PERPETUAL DECENTRALIZED MANAGEMENT OF DIGITAL OBJECTS DECENTRALIZED MANAGEMENT OF

PERPETUAL PERPETUAL DECENTRALIZED MANAGEMENT OF DIGITAL OBJECTS DECENTRALIZED MANAGEMENT OF

PERPETUAL PERPETUAL DECENTRALIZED MANAGEMENT OF DIGITAL OBJECTS DECENTRALIZED MANAGEMENT OF DIGITAL OBJECTS FOR FOR COLLABORATIVE OPEN-SCIENCE COLLABORATIVE OPEN-SCIENCE Michael Hanke Psychoinformatics lab, Institute of Psychology,

595 views • 38 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.121 / Fall-04 / RKa, NB Multicast2-1 Multicast in local area networks

621 views • 24 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.121 / S-03 / RKa, NB Multicast2-1 Multicast in local area networks

529 views • 26 slides
Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode

Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode

Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode Source Tree, Shared Tree Reliable Multicast Polly Huang Whiteboard, File Transfer AT&T Labs Research huang@catarina.usc.edu

510 views • 6 slides
Dynamic Workload Management for Very Large Data Warehouses Juggling Feathers and Bowling Balls

Dynamic Workload Management for Very Large Data Warehouses Juggling Feathers and Bowling Balls

Technische Universitt Mnchen + Hewlett Packard Laboratories Dynamic Workload Management for Very Large Data Warehouses Juggling Feathers and Bowling Balls Stefan Krompass Harumi Kuno Alfons Kemper Umeshwar Dayal TU Mnchen HP Labs,

541 views • 41 slides
Decentralized Dynamic Scheduling across Heterogeneous Multi core across Heterogeneous Multi

Decentralized Dynamic Scheduling across Heterogeneous Multi core across Heterogeneous Multi

Decentralized Dynamic Scheduling across Heterogeneous Multi core across Heterogeneous Multi core Desktop Grids J Jaehwan Lee , Pete Keleher, Alan Sussman h L P t K l h Al S Department of Computer Science University of Maryland Multi

357 views • 25 slides
DyMRA: Dynamic Market Deployment for Decentralized Resource Allocation Daniel Lzaro, Xavier

DyMRA: Dynamic Market Deployment for Decentralized Resource Allocation Daniel Lzaro, Xavier

DyMRA: Dynamic Market Deployment for Decentralized Resource Allocation Daniel Lzaro, Xavier Vilajosana and Joan Manuel Marqus Universitat Oberta de Catalunya Introduction Virtual communities: Formed by users with common goals that

428 views • 22 slides
KOLLAPS Decentralized and Dynamic Topology Emulation Paulo Gouveia*, Joo Neves*, Carlos

KOLLAPS Decentralized and Dynamic Topology Emulation Paulo Gouveia*, Joo Neves*, Carlos

KOLLAPS Decentralized and Dynamic Topology Emulation Paulo Gouveia*, Joo Neves*, Carlos Segarra, Luca Liechti Shady Issa*, Valerio Schiavoni, and Miguel Matos* *: INESC-ID & IST, University of Lisbon, Portugal : University of

1.22k views • 40 slides
SCRIBE A Large-Scale and Decentralised Application-Level Multicast Infrastructure Joo Nogueira

SCRIBE A Large-Scale and Decentralised Application-Level Multicast Infrastructure Joo Nogueira

SCRIBE A Large-Scale and Decentralised Application-Level Multicast Infrastructure Joo Nogueira Tecnologias de Middleware DI - FCUL - 2006 1 Agenda Motivation Pastry Scribe Scribe Protocol Experimental Evaluation

1.32k views • 109 slides
Dynamic and Decentralized Global Analytics via Machine Learning Hao Wang 1 , Di Niu 2 , Baochun Li

Dynamic and Decentralized Global Analytics via Machine Learning Hao Wang 1 , Di Niu 2 , Baochun Li

SoCC18, Carlsbad, CA, USA Dynamic and Decentralized Global Analytics via Machine Learning Hao Wang 1 , Di Niu 2 , Baochun Li 1 1 University of Toronto, 2 University of Alberta Query Processing Query Plan startName , studioName 1.CREATE

516 views • 27 slides
Multicast Implementation Saqib Chughtai Optical Regional Advanced Network of Ontario Introduction

Multicast Implementation Saqib Chughtai Optical Regional Advanced Network of Ontario Introduction

Multicast Implementation Saqib Chughtai Optical Regional Advanced Network of Ontario Introduction - Multicast Bandwidth conserving technology Delivering a single stream of information to large number of recipients. Applications

298 views • 18 slides
Dynamic Decentralized Functional Encryption Jrmy Chotard, Edouard Dufour Sans , Romain Gay,

Dynamic Decentralized Functional Encryption Jrmy Chotard, Edouard Dufour Sans , Romain Gay,

Dynamic Decentralized Functional Encryption Jrmy Chotard, Edouard Dufour Sans , Romain Gay, Duong Hieu Phan, and David Pointcheval CRYPTO 2020, Monday August 17th 2020 The technological landscape of the early 21st century Lots of data. +

667 views • 48 slides
Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department

Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department

Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department of Computer Sciences The University of Texas at Austin Overlay Multicast IP multicast overlay multicast N unicast Bottleneck How to

519 views • 18 slides
A Decentralized Solution for Integrating Large Scale UAS Operations into Future Aviation System

A Decentralized Solution for Integrating Large Scale UAS Operations into Future Aviation System

ICAO DRONE ENABLE/2 Symposium Chengdu, China September 13, 2018 White Paper Presentation A Decentralized Solution for Integrating Large Scale UAS Operations into Future Aviation System Presentation is Developed in Technical Collaboration with

269 views • 8 slides
CS 356: Computer Network Architectures Lecture 24: IP Multicast and QoS [PD] Chapter 4.2, 6.5

CS 356: Computer Network Architectures Lecture 24: IP Multicast and QoS [PD] Chapter 4.2, 6.5

CS 356: Computer Network Architectures Lecture 24: IP Multicast and QoS [PD] Chapter 4.2, 6.5 Xiaowei Yang xwy@cs.duke.edu Overview Two historic important topics in networking Multicast QoS Limited Deployment IP Multicast

832 views • 70 slides

More recommend