Batch Rekeying for Secure Group Communications - PowerPoint PPT Presentation
1 / 55
Title:
Batch Rekeying for Secure Group Communications
Description:
Key Tree Rekeying Cost. Example (fig. 6) u4 and u9 leave, u10 joins. (case 1 continued, J=L) ... of requests in a batch is not large, best tree degree is four. ... – PowerPoint PPT presentation
Number of Views:57
Avg rating:3.0/5.0
Title: Batch Rekeying for Secure Group Communications
1
Batch Rekeying for Secure Group Communications
- By X.S. Li, Y.R. Yang, M.G. Gouda, and S.S.Lam
- presented by Lori Flynn
2
Motivation
- Secure group communications is important Internet
design issue for profitable applications and
privacy of communications. - Messages made secure using keys, making rekeying
efficient is important.
3
Motivation
- When nodes leave the group, the privacy of future
messages must be assured by rekeying - When nodes join the group, the privacy of
previous messages must be assured by rekeying
4
Motivation
- Problems with individual rekeying
- inefficiency
- out-of-sync problem between keys and data
- This paper proposes solutions to these problems.
5
Rekeying
- Straightforward rekeying requires 2 encryptions
for a join and N-1 encryptions for a leave - Join new group key sent to members via multicast
(using the previous group key) and via unicast to
new member (encrypted using its individual key)
6
Rekeying
- Straightforward rekeying requires 2 encryptions
for a join and N-1 encryptions for a leave - Leave previous group key cannot be used (or it
would compromise future communications) so the
new group key must be encrypted with each
individual key.
7
Rekeying
- Straightforward rekeying requires 2 encryptions
for a join and N-1 encryptions for a leave - More scalable rekeying uses a key graph approach.
8
Key Graph
- Nodes are each given multiple keys.
- For a single leave request, key tree reduces
server processing cost to O(log N)
9
(No Transcript)
10
Key Tree Costs
- Join 2 log_d(N)
- Leave d log_d(N) -1
11
(No Transcript)
12
Key Star rekeying cost
- Join 2
- Leave N-1
13
Key Star u4 leaves
14
(No Transcript)
15
(No Transcript)
16
(No Transcript)
17
Batch Rekeying
- Wait an interval, then the key server processes
all joins and leaves at once - Leave positions cant be controlled, but joins
can be placed optimally in the key tree.
18
(No Transcript)
19
Key Stars batch rekeying server cost
20
Key Tree Rekeying Cost
21
(No Transcript)
22
Example (fig. 6) u4 and u9 leave, u10 joins.
23
(No Transcript)
24
(No Transcript)
25
(No Transcript)
26
(No Transcript)
27
(No Transcript)
28
(No Transcript)
29
(No Transcript)
30
(case 1 continued, JL)
31
(No Transcript)
32
(No Transcript)
33
(No Transcript)
34
N1024, d 2
N4096, d4
Leaves
Leaves
Joins
Joins
35
(No Transcript)
36
Case 1 J L
37
Case 2 J lt L
38
Case 3 J gt L and L 0
39
Case 4 J gt L and L gt 0
40
Rekeying batch vs. individual with key star
41
Key Tree batch rekeying costs
42
N4096, d4
N1024, d2
L
L
J
J
43
N4096, d 4
N1024, d2
44
N4096, d4
N1024, d2
L
L
J
J
45
N4096, d4
N1024, d2
L
Joins
Joins
46
N4096
N1024
J
J
47
N1024, JL
N4096, JL
L
L
48
N4096, J0
N1024, J0
L
L
49
N4096
N1024
D4 better than d2,32
D4 better than d2,8,16
J
J
50
(No Transcript)
51
Contribution
- Concept of periodic batch rekeying which can
improve efficiency and alleviate out-of-sync
problem - Marking algorithm to process batch of join/leave
requests - Analysis of key servers processing cost for
rekeying which shows substantial savings.
52
Contribution (contd)
- Show that when number of requests in a batch is
not large, best tree degree is four. Otherwise,
key star is best.
53
Conclusion
- Two problems were identified with rekeying
- inefficiency
- out-of-sync problems
- Periodic batch rekeying improves the key servers
performance substantially - The marking algorithm is efficient
54
Conclusion(contd)
- When number of requests is not large in a batch,
four is the best tree degree. Otherwise, tree
star is better.
55
Thats all.
- Questions?
