Title: Optimal Batch Rekeying for Secure Group Communications in Wireless Networks Authors: JinHee Cho, Ing
1Optimal Batch Rekeying for Secure Group
Communications in Wireless NetworksAuthors
Jin-Hee Cho, Ing-ray Chen, Mohamed Eltoweissy
- Presented by
- Niharika Gujarati
- and
- Sindhu Motupalli
2Agenda
- Introduction and previous work
- System model and assumptions
- Threshold-based periodic batch rekeying
- Performance model
- Numerical results and analysis
- Conclusion
31.Group Communication
- Applications inherently based on group
communication. - Wireless networks
- Network functionality
- Assure confidentiality, authenticity and
intergrity - User End-user / network node.
4- Symmetric key
- Group key shared by members.
- Group key dist by key server.
- Dedicated key server or existing server employed
- Multiple key servers can co-exist in clustered
network. - Group key used to encrypt and decrypt messages
only by group members.
5- Forward secrecy - Group key management property
that ensures that an intruder that knows a
contiguous subset of old group keys cannot
identify subsequent group keys. - Backward secrecy - Group key management property
that ensures that an intruder that knows a subset
of group keys cannot discover previous group keys
6Individual Rekeying
- Performs a rekey operation for every join or
leave. - Not scalable because of significant communication
overhead. - Synchronization difficult to maintain.
- To Remedy periodic batch rekeying
7Periodic Batch Rekeying
- Joins and leaves aggregated.
- Rekeying done only periodically.
- Thus communication overhead is reduced when
compared to individual rekeying. - Improves efficiency and reduces out-of sync
problem. - Consequence forward and backward secrecy not
strictly satisfied.
8Contributions of paper.
- Develops new threshold-based batch rekeying
schemes. - Finding an optimal rekey interval to reduce
communication costs while maintaining intergrity. - SPN model to measure performance metrics.
92.System Model and Assumption
10- KS maintains a key tree based on LKH (logical key
hierarchy) protocol.
11- Each node cryptographic sym key
- KS connects each member with one tree node
- Each node knows all keys from leaf to root node
12- No other nodes keys are known
- This key set is called key path
- Root node key plays as group key
- Example key path of M2 is K5 , K2 and K1.
13- When member joins, KS sends all the keys in
keypath - Msg length k(2log2 (N) -1)
- When member leaves, KS updates all the keys in
the key path - Msg length 2klog2 (N)
- k length of key
- N - number of members
- Therefore each updates msg length is
logarithimic in no of group members.
14- Assume periodic batch rekeying is used
- User cannot join without authorisation, ie no
Untrusted Joins. - Leaves can be Trusted or Untrusted.
- Trusted leave - User voluntarily leaves the
group. - Untrusted leave User is evicted from the group.
- if rekeying doesnt take place immediately after
an untrusted leave it will result in a period of
security vulnerability.
15- Probability of trustworthiness.
- Pt number of trusted leave oprns
-
- total number of trusted and
untrusted leaves - Data is periodically collected by the KS
163.Threshold-based periodic batch rekeying
- Based on notion of thresholds that govern the max
number of leave and join requests to be
accumulated beyond which rekeying is done - Rekeying scheme using only one threshold k3
- Rekeying schemes using two thresholds k1 and k2
17- This scheme identifies the set of states in which
rekeying is performed thus implicitly determining
time between two rekeying oprns. - State machine with 3 component state
representation ( a , b , c) - a ? number of trusted join requests.
- b ? number of trusted leave requests.
- c ? number of untrusted leave requests.
18Threshold based rekeying
JALDT Join and Leave Double Threshold based
ULT Untrusted Leave Threshold Based
TAUDT Trusted and Untrusted Double Threshold based
19ULT
- One Threshold k3 that guards only untrusted leave
- K3 ? number of untrusted leave requests
( state variable c) - Special case k31 , individual rekeying is used.
- Used as a baseline to compare other two schemes.
20TAUDT
- Two thresholds k1 and k2.
- k1 ? number of trusted requests a b state
variables - k2 ? number of untrusted leave requests c
state variable
21JALDT
- Two thresholds k1 and k2.
- k1? number of trusted join requests state
variable a - k2 ? number of trusted and untrusted leaves b
c state variables.
22Rekeying
- Only at the end of the batch interval T
23- Two application specific constraints are
- Probability of secrecy violation Pv
- Proportion of time with secrecy violation risk
- Only forward secrecy
- Delay D
- Latency per join or leave request (the same)
- Joins and leaves are not distinguished as they
are aggregated. - Optimal batch rekeying interval (T) interval in
which overhead is minimised while satisfying Pv
and D
24- Simple optimization feature used to reduce
communication overhead - New join member can take the place of leave
member in a key tree. - Thus for each join-leave pairs, KS only generates
new keys along the keypath and a new key to the
new member.
25- KS applies following procedure while rekeying.
- if a gt bc, then the server will process bc
join-leave request pairs before processing a
(bc) join requests - if a bc, then the server will process bc
join-leave request pairs - if a lt bc, then the server will process a
join-leave
26Performance Model
27- For ULT we derive analytical closed from solution
- Average Batch Rekey interval
- T
- average inter-arrival ime of
untrusted leave requests
28- Thus at end of each batch rekeying the state
variables have the values
29- The communication overhead bits Cm is calc as
-
30- Scm is the communication overhead
- Tb is overhead for broadcast
- Thus Scm is calculated as the sum of this
overhead and packet transmission time. -
- Scm Tb Cm / BW
31- Average communication overhead per join or leave
- S Scm
- a b c
- Probability of secrecy violation is the propotion
of time in which fwd secrecy has been violated - Pv (k3-1) / k3 T Scm
- (T Scm)
32- Delay per join / leave
- D S T/2
- T/2 average wait time for batch rekeying for an
operation - S average communication overhead per join/
leave - Calculated D is almost the same as resp time per
operation
33- For TAUDT and JALDT there are too many states to
yield closed-form analytical expressions, hence
the use of SPN model.
34- Places
- tmp is a temporary place holder not
corresponding to any state component just to hold
newly arriving leave requests.
35 36 37- Firing Rule for any of the transactions in the
model - There are atleast m tokens in each of its input
places connected by an input arc of multiplicity
m - The associate enabling function of that
transaction
38- when trusted join arrives-token in a
- Modelled by transition T1 with rate ? Pt
because there are no untrusted joins, only
trusted ones.
39- Any leave token in tmp
- Modelled by T2 with rate µ
- If leave trusted go to b with immediate
transition (T4) rate of Pt. - If untrusted go to c with immediate transition
rate (T5) of 1 Pt.
40- For both schemes rekeying is performed when
rekeying condition is satisfied. - Modelled by using an enabling function that has
to be satisfied to fire the transition T3.
41- Enbling function for T3
- TAUDT ? if mark(a) mark(b) k1
- or if mark(c) k2 then true
- else
false - JALDT? if mark(a) k1
- or if mark(b) mark(c) k2 then true
- else false
42 43(No Transcript)
44- Average communication overhead
- R Set of rekeying states
- P(i) The steady-state probability of the
system being in state i. - The Secrecy of Violation
- V denotes the set of states in which mark(c)gt0
- ri 1
45- To obtain T , convert all rekeying states to
absorbing states. - Assign a reward value of 1 to all states other
than absorbing states. - T is computed as expected cumulative reward until
absorption.
46Numerical results and analysis
- Analyze numerical results obtained from applying
mathematical models developed for ULT, - TAUDT and JALDT.
- Following system parameters are used
- number of members in the group (N) 1024
- length of each key (J) is 64 bits
- Tb 5 msec
- bandwidth (BW) is 1 Mbps
47ULT Analysis
- Baseline scheme which TAUDT and JALDT will be
compared against. - Assumed - ? µ 1 0.5 and Pt 0.9
-
- D is Delay
- k3 increases ? D increases
- Hence takes more time to accumulate c to
reach the threshold
- Pv is Secrecy Voilation
- k3 increases ? c increases
- When k3 0 ? Pv 0
48- The optimal batch rekey interval (T) is the
interval at which the overhead is minimized while
satisfying the two application-level constraints - T 1
- µ(1 - Pt ) k3
- At D 5, Pv .05 , k3 1
- T 6.67 seconds
49TAUDT Analysis
- Two thresholds k1 number of trusted requests
(ab)and k2 number of untrusted requests (c).
- K1 increases ? Pv increases since high threshold
means more states voilated secrecy requirement. - As K2 increases, Pv increases too, until k2
reaches a threshold ( k2 gt 2).
D increases as k1 increases and k2 increases. K2
not significant as k1 due to high Pt used.
50- As k1 increases, S decreases since aggregating
join and leave events reduces rekeying overhead - S is insensitive to incresing k2 since c is
very small - optimal batch rekey interval
- At D 5, Pv .05 ? (k1,k2) (16,1)
- T 8.83 seconds
51JALDT Analysis
- two thresholds - k1 number of join requests (a)
and k2 the number of leave requests (bc)
- Pv and D increase when either k1 or k2 increases
52S decreases as both k1 and k2 increase because
aggregating more join and leave events for a
batch rekeying operation will amortize the cost
per operation. optimal batch rekey interval
At D 5, Pv .05 ? (k1,k2) (13,2) T 3.96
seconds
53Comparison
- Calculated Optimal batch rekey intervals
- ULT 6.67 seconds
- TAUDT 8.83 seconds
- JALDT 3.96 seconds
- TAUDT has the highest optimal T
- JALDT shows the second highest optimal T,
followed by ULT
54TAUDT is able to produce the minimum S and the
maximum T, which makes it the most efficient
scheme among all.
55Conclusion
- By varying the Pv and (? µ), TAUDT is able to
produce the minimum S and the maximum T. - As Pt increases, minimum S decreases and T
increases. - As µ increases, minimum S increases and optimal T
decreases
56Future Works
- Augment by taking reliability and availability
considerations to the SPN model. - Analyzing the effects of insider attacks and
intrusion detection system design on the security
and performance prosperities of group
communications in wireless systems. - Investing the issue of optimal batch rekeying for
the case in which a group consists of multiple
subgroups.