presented by rebecca, singh & julián
DESCRIPTION
On Optimal Batch Rekeying for Secure Group Communications in Wireless Networks Authors: Jin-Hee Cho, Ing-ray Chen, Mohamed Eltoweissy. Presented by Rebecca, Singh & Julián. Outline. Background System Model and Assumptions Threshold-Based Periodic Batch Rekeying Performance Model - PowerPoint PPT PresentationTRANSCRIPT
On Optimal Batch Rekeying for Secure Group Communications
in Wireless NetworksAuthors: Jin-Hee Cho, Ing-ray Chen,
Mohamed Eltoweissy
Presented byRebecca, Singh & Julián
Outline
BackgroundSystem Model and AssumptionsThreshold-Based Periodic Batch RekeyingPerformance ModelResults & AnalysisConclusions
Group Communications/ApplicationsOver Wireless Networks
Issue To provide secure and efficient group
communication mechanisms that satisfy application requirements while minimizing communication costs.
Solution Periodic batch rekeying to alleviate rekeying
overhead in these wireless networks
Other Solutions
Group Key Forward Secrecy
Group key management property that ensures that a “bad guy” that knows a contiguous subset of old group keys cannot identify subsequent group keys
Backward Secrecy Group key management property that ensures that a
“bad guy” that knows a subset of group keys cannot discover previous group keys
Other Solutions (cont.)
Individual Rekeying Problems:
Significant communication overhead due to frequent join/leave request events
Authentication after each rekey Synchronization
Periodic Batch Rekeying Problem:
Forward and backward secrecy constraints may not be satisfied
Author’s Solutions
Develop an analytical model to address the issue of how often batch rekeying should occur
Use threshold-based batch rekeying schemes Show that an optimal rekey interval exists for each scheme
Compare the schemes to identify the best scheme to minimize the communications cost of rekeying
Develop a SPN model to measure and analyze performance metrics Maintain:
Confidentiality Authenticity Integrity
Optimal batch rekey interval (OBRI)
Relationship between OBRI and environmental conditions
System Model and Assumptions
Wireless environmentCentral key distribution server
Authenticate Authorize
If member joins, server sends group key Confidentiality Integrity Authenticity
System Model and Assumptions (II)
Logical Key Hierarchy distribution protocol Forward and backward secrecy satisfied
System Model and Assumptions (III)
Inter-arrival times exponentially distributed Join request rate λ Leave request rate μ
Batch rekeying is employed Minimize overhead
User cannot join the group unless authorized Always trusted joins in this model
System Model and Assumptions (and IV)
User can also leave the group Trusted if voluntarily Untrusted if not
Forward secrecy risk
Server computes probability of trustworthiness for leave operations Pt=trusted / (trusted + untrusted)
Threshold-basedPeriodic Batch Rekeying
Thresholds for the number of requests Join Leave If a threshold is exceeded, perform rekeying
Three parameters considered a = trusted join requests b = trusted leave requests c = untrusted leave requests
Schemes
Untrusted Leave Threshold-based (ULT) k3 = untrusted leave requests (c) If k3=1 degenerates to individual rekeying
Trusted and Untrusted Double Threshold-based (TAUDT) k1 = trusted requests (a+b) k2 = untrusted requests (c)
Join and Leave Double Threshold-based (JALDT) k1 = trusted join requests (a) k2 = leave requests (b+c)
Rekeying
Only at the end of the batch interval T Probability of secrecy violation Pv
Proportion of time with secrecy violation risk Only forward secrecy
Delay D Latency per join or leave request (the same)
J
Risk
L
D
T
Rekeying (II)
Find the optimal period T Satisfies probability of secrecy violation and delay due to postponed rekeying
If join and leave request at the same time Reuse the position Generate keys for the old member’s path
If a>b+c then b+c join-leave and a-b-c join If a=b+c then b+c join-leave If a<b+c then a join-leave and b+c-a leave
Performance MetricsDerivation: Communication Overhead for ULT
The average batch rekey interval :
T =
Where, is the average inter arrival time of an un-trusted leave request.
K3 is threshold used by ULT
Derivation: Communication Overhead for ULT (Contd.)
Derivation: Communication Overhead for ULT (Contd.)
At the end of each batch interval, the total communication overhead bits (Cm) can be computed as:
if a >= (b + c),
then J × (b + c) × 2 log2N + J × (a − b − c) ×(2 log2N − 1)
= J × a × 2 log2N − J × (a − b − c)
else if a < (b + c),
then J × a × 2 log2N + J × (b + c − a) × 2 log2N
= J × (b + c) × 2 log2N
N :Total number of members in the group J : Length of each key (bits)
Derivation: Communication Overhead for ULT (Contd.)
Finally, the communication overhead required for performing batch rekeying with the unit of time is:
Tb : Overhead for broadcasting in the wireless network
BW : Network bandwidth (Mbps)
The average communication overhead :
Probability of Secrecy Violation in ULT
T+Scm in the denominator is a base observation period [(k3–1)/k3]×T+Scm in the numerator is the duration within the base observation
period in which forward secrecy is violated.
Note: For K3 = 1,
Pv = Scm /(T+Scm)
Delay in ULT
The delay per join/leave operation :
Here T/2 is the average wait time for batch rekeying S is the average communication overhead
SPN Model for TAUDT & JALDT Both have too many states because of more than one thresholds used. SPN model is developed to measure performance metrics including Pv, D, T, and S.
Working of SPN
When a trusted join request arrives, a token is created to move to place ‘a’modeled by transition T1 with rate λPt.
Pt denotes the probability of trustworthiness When a trusted or untrusted leave request arrives, a token is created to move to “tmp”, modeled by transition T2 with rate μ.
Trusted leave request : move from tmp to b Untrusted leave request : move from tmp to c
Rekeying is performed when either K1 or K2 thresholdis reached. This is modeled by associating an enabling function with transition T3
For TAUDT :
If mark(a)+mark(b) = k1 or mark(c) = k2, then return true; otherwise return false.
For JALDT: If mark(a) = k1 or mark(b)+ mark(c) = k2, then return true; otherwise return false.
After rekeying, all tokens are removed through T3 and systems returns back to initial state (0,0,0).
Computing S and Pv
The average communication overhead per operation:
R - Set of rekeying states P(i) - The steady-state probability of the system being in state I
The Secrecy of Violation:
V denotes the set of states in which mark(c)>0 ri = 1
Computing Avg Batch Rekeying Interval (T)
Transform the SPN model such that all rekeying states become absorbing states
Assign a reward of 1 to all states except absorbing states:
S denotes the set of all states except the absorbing states ri = 1 Pi(t) is the probability of state i at time t.
System Parameters
Group Members (N) = 1024Key Length (J) = 64 bitsAvg. Overhead for broadcasting in the
wireless network due to wireless channel contention and propagation Tb = 5 msec
Bandwidth (BW) = 1 Mbps
ULT: Secrecy Violation Constraint
Pv: Average probability of secrecy violation PV =((k3 − 1) k3) × T + Scm
(T + Scm)
NOTE: k3=1 Pv = 0
Λ:µ = 1:0.5
Pt = 0.9
Forward secrecy: property that assures that a “bad guy” that knows a contiguous subset of old group keys cannot identify subsequent group keys
rekey
ULT: Delay As a Result of Periodic Batch Rekeying
D = S +T
2
ULT: Minimum Communication Overhead/Operation
S = Scm
(a + b + c)
ULT: Optimal Batch Rekey Interval
The optimal batch rekey interval (T) is the interval at which the overhead is minimized while satisfying the two application-level constraints
T = 1
μ(1 − Pt ) × k3
EX: Given D= 5, Pv = .05 k3 = 1 T = 6.67 seconds
TAUDT: Secrecy Violation Constraint
Pv: Average probability of secrecy violation PV =((k3 − 1) k3) × T + Scm
(T + Scm)
Λ:µ = 1:0.5Pt = 0.9
TAUDT: Delay As a Result of Periodic Batch Rekeying
D = S +T
2
TAUDT: Minimum Communication Overhead/Operation
S = Scm
(a + b + c)
TAUDT: Optimal Batch Rekey Interval
The optimal batch rekey interval (T) is the interval at which the overhead is minimized while satisfying the two application-level constraints
EX: Given D= 5, Pv = .05 (k1,k2) = (16,1) T = 8.83 seconds
JALDT: Secrecy Violation Constraint
Pv: Average probability of secrecy violation PV =((k3 − 1) k3) × T + Scm
(T + Scm)
JALDT: Delay As a Result of Periodic Batch Rekeying
D = S +T
2
JALDT: Minimum Communication Overhead/Operation
S = Scm
(a + b + c)
JALDT: Optimal Batch Rekey Interval
The optimal batch rekey interval (T) is the interval at which the overhead is minimized while satisfying the two application-level constraints
EX: Given D= 5, Pv = .05 (k1,k2) = (13,2) T = 3.96 seconds
Comparison: Optimal Batch Rekey Interval
Scheme T
Untrusted Leave Threshold-based (ULT)
6.67 seconds
Trust and Untrusted Double Threshold-based
(TAUDT)
8.83 seconds
Join and Leave Double Threshold-based
(JALDT)
3.96 seconds
Head-to-Head
Statistical Conclusion: TAUDT has the longest optimal T compared with the other two schemes, by reducing the batch rekeying overhead more efficiently.
Conclusion
This scheme successfully reduces communication overhead per leave/join operation while satisfying delay and secrecy requirements for wireless group communication systems.
Proved that an optimal rekeying interval (T) exists under each of Batch-rekeying schemes.
TAUDT is able to produce the minimum S and maximum T, which makes it the most efficient scheme among all.
Future Work
SPN model can be augmented to take reliability and availability designs into consideration and analyze their effects on optimal batch rekeying interval.
Analyzing the effect of insider attacks and intrusion detection system design on the security and performance properties of group communications in wireless systems.
Investigating the issue of optimal batch rekeying for the case in which a group consists of multiple subgroups.
ThankYou