DOC PREVIEW
UT CS 395T - Multicast Security: A Taxonomy and Some Efficient Constructions

This preview shows page 1-2-3-25-26-27 out of 27 pages.

Save
View full document
View full document
Premium Document
Do you want full access? Go Premium and unlock all 27 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 27 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 27 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 27 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 27 pages.
Access to all documents
Download any document
Ad free experience
View full document
Premium Document
Do you want full access? Go Premium and unlock all 27 pages.
Access to all documents
Download any document
Ad free experience
Premium Document
Do you want full access? Go Premium and unlock all 27 pages.
Access to all documents
Download any document
Ad free experience

Unformatted text preview:

Multicast Security: A Taxonomy and Some Efficient ConstructionsMuliticast CommunicationMulticast IssuesMulticast Security IssuesMulticast Security Issues: Contd.Performance IssuesGeneral Solution Impossible!Single source bcast: IssuesIssues in Single source bcastVirtual ConferencingEfficient Authentication SchemesMAC AttacksQ-per message unforgeableAuthentication scheme for single sourcePerformance Analysis of the schemeSecurity of schemeProof: ContdMultiple Dynamic SourcesDynamic Secrecy: User RevocationTree based schemeGraphic View of Initial KeysDeleting a memberGraphical View for DeletionImproved SchemeGraphical view of improved schemeConclusionsThank You!Multicast Security: A Taxonomy and Some Efficient Constructions By Cannetti et al, appeared in INFOCOMM 99.Presenter:Ankur GuptaMuliticast Communicationz Examples: Internet video transmissions, news feed, stock quotes, live broadcast, on-line video games, etc.z Challenges: 1. Security: Authentication, secrecy, anonymity, etc.2. Efficiency: the overhead associated in providing security must be minimized: communication cost, authentication/verification time.Multicast Issuesz Member characteristics: similar computing power or some more powerful than others? z Membership static or dynamic? Key revocation is an issue for dynamic scenes.z Number and type of senders? Single or multiple? Can non-members send data?z Volume and type of traffic? Is communication in real-time?Multicast Security Issuesz Secrecy1. Ephemeral: Avoid easy access to non-members. Ok if non-members receive after a delay.2. Long-term: protecting confidentiality of data for a long duration.z Authenticity:1. Group authenticity: each member can recognize if a message was sent by a group member.2. Source authenticity: each member can identify the particular sender in the group.Multicast Security Issues: Contd.z Anonymity: keeping identity of group members secret from non-members and/or from other group members. z Non-repudiation: ability of receivers of data to prove to 3rdparties that data was received from a particular entity. Contradicts anonymity.z Access control: only registered and legitimate users have access to group communication. Requires authentication of users.z Service Availability: keeping service available in presence of clogging attacks.Performance Issuesz Latencyz Work overhead per sendingz Bandwidth overheadz Group management activity should be minimized:1. Member initialization2. Member addition/deletionGeneral Solution Impossible!z Impossible to find a general solution that address all the above issues.z Identify scenes representative of practical multicast communication.1. Single source broadcast.2. Virtual Conference.Single source bcast: Issues1. Source: high-end machine, expensive computation ok at server end.2. Recipients low-end. Efficiency at recipients is a concern.3. Membership is dynamic and changes rapidly.4. High volume of sign-in/sign-off possible.5. Ephemeral secrecy generally suffices.6. Authenticity of data critical (e.g. stock quotes).Issues in Single source bcastz Ephemeral secrecy: solved by having a group management center that handles access control and key management. z How to authenticate messages?z How to make sure that a leaving member loses the capability to decrypt?Virtual Conferencingz Online meeting of executives, interactive lectures and classes, multiparty video games.z Membership usually static. No. of receivers far less than single source bcast.z Authenticity of data and sender is critical.z Sender and receiver of similar computation power.Efficient Authentication Schemesz Public key cryptography signatures is very expensive.z Instead, we will use message authentication codes (MAC),MAC(k,M)= secure hashz MACs are computationally much more efficient than digital signatures.MAC Attacksz Per-Message unforgeability of MAC scheme1. Complete attack: an attacker can break any message of its choice. 2. Probabilistic attack: an attacker can forge a random message with some fixed but small probability.Q-per message unforgeablez A MAC scheme is q-per message unforgeable if an adversary can guess its MAC value with probability at most q.z Assumption: we will assume there are at most w corrupted users.Authentication scheme for single sourcez Source knows l=e(w+1)log(1/q) keys, R=hK1,…,Kli.z Each recipient u knows a subset of keys Ru½R. Every key Kiis included in Ruwith probability 1/(w+1), independently for every i and u.z Message M is authenticated by S with each key Kiusing MAC and hMAC(K1,M),…,MAC(Kl,M)i is transmitted.z Each recipient u verifies the all MACs which were created with keys in Ru. If any of them is incorrect then rejects the message.Performance Analysis of the schemez Source holds MS= l = e(w+1) log(1/q) keys.z Each receiver holds MV= e log(1/q) keys.z Communication overhead per message C= e(w+1)log(1/q) MACs.z Running time overhead TS= e(w+1)log(1/q) MAC computations for source and TV= e log(1/q) per receiver.Security of schemez Theorem: Assume probability of computing MAC without knowing key is q’. Then probability that a coalition of w users can falsely authenticate a message to a user is at most q+q’.Proof: Probability that key is good (contained in user u’s subset but not in any of colluders set) is:Proof: Contdz Therefore probability that Ruis completely covered by subsets held by colluders is (1-g)l< q. If Ruis not covered completely, then there is a key Kinot known to any colluder. Therefore, its corresponding MAC can be guessed with probability at most q’. By union bound, we get guessing probability as q+q’. QED.Multiple Dynamic Sourcesz Assumption: Pseudo-random one-way hash functions {fk}z Distinguishes between set of senders and receivers. Only a coalition of w or more receivers can falsely authenticate a message to a receiver.z l primary keys hK1,…, Kli where l is as in single source scheme.z Receiver initialization: each receiver v obtains a subset Rvof primary keys where each key Kiis included with probability 1/(w+1) in Rvz Sender Initialization: every u receives a secondary set of keys hfk1(u), …, fkl(u)i. Can be sent whenever a sender joins.z Message authentication: each receiver verifies all MACs whose key its has.Dynamic Secrecy: User Revocationz How to manage keys when a user leaves a group? z We want that the old user is not able to decrypt the current communication in the group.z Application: pay-TV applications.z Solution: A tree based scheme will be presented


View Full Document

UT CS 395T - Multicast Security: A Taxonomy and Some Efficient Constructions

Documents in this Course
TERRA

TERRA

23 pages

OpenCL

OpenCL

15 pages

Byzantine

Byzantine

32 pages

Load more
Download Multicast Security: A Taxonomy and Some Efficient Constructions
Our administrator received your request to download this document. We will send you the file to your email shortly.
Loading Unlocking...
Login

Join to view Multicast Security: A Taxonomy and Some Efficient Constructions and access 3M+ class-specific study document.

or
We will never post anything without your permission.
Don't have an account?
Sign Up

Join to view Multicast Security: A Taxonomy and Some Efficient Constructions 2 2 and access 3M+ class-specific study document.

or

By creating an account you agree to our Privacy Policy and Terms Of Use

Already a member?