Group Protocols for Secure Wireless Ad hoc NetworksOverviewIntroductionIntroduction (contd..)Dynamic nature of Multicast GroupFactors effect an ideal group key distribution schemeDecentralized schemeSecurity GoalsSlide 9Key management in Ad Hoc networksFeatures of KDPConstruction of KDPConstruction KDP (contd..)The Key MatrixGroup Keyt- resilientKey UpdateSlide 18Key Update (contd..)Blom's keyWhy Blom`s key distribution?With Blom`s KeyAcknowledgements.Slide 24Group Protocols for Secure Wireless Ad hoc NetworksSrikanth NannapaneniSreechandu KamisettySwethana pagadalaAparna kasturiOverviewIntroductionKey Management in Ad hoc networks.Key distribution pattern.Blom`s key distributionSecure point-point channelExamples.Introduction Ad hoc network-A self organized network of user terminals (no prior infrastructure ).Group Communication in Ad hoc-Effective support of multicast or group communication essential for most ad-hoc network applications. MulticastingEnables efficient delivery of data to multiple locations on a network.Efficient utilization of bandwidth. More efficient when compared to unicasting and broadcasting.Introduction (contd..)Securing Group Communication-Multicast groups are prone to security attacks.Securing group communication is important Military operationInstantaneous conferences and classrooms.Common way is to establish a cryptographic key known only to group members.Dynamic nature of Multicast GroupExisting nodes may leave the group New nodes may join the groupCompromised nodes should be eliminated from the group.This requires efficient key management Group key must be updated whenever group membership changes.key update and rekeying is provided by group key distribution schemes.Factors effect an ideal group key distribution schemeSecureDecentralizedEfficientScalablityDecentralized schemeRelying on a single trusted authority is not wiseSingle point failure Single point attackDistributing the trust to all nodes in the network improves efficiency.An attack on a single system will not bring down the whole system.Security Goals Session secrecy collusion temporarily revoked nodes cannot discover the common key of the new groupForward secrecyCollusion of nodes that leave the group cannot discover the common keys for all future communicationBackward secrecyCollusion of nodes that join a group cannot discover the keys used by the group in the pastEfficiency A group key distribution scheme requires low amount of communication, computation, secure storage and smaller response time to perform security operations.ScalabilityThe scheme must work well for both small and large number of nodes in the groupKey management in Ad Hoc networksSome of the solutions proposed so far-Key Agreement in Ad Hoc Networks (shared password) Asokan and Ginzboorg, Computer Communications 2000On Some Methods for Unconditionally Secure key Distribution and Broadcast Encryption (Key Pre-distribution, TA) D. R. Stinson, Univ. Of Nebraska-Lincoln, U.S.A.What are we going to discuss-Key Distribution pattern.Features of KDPSelf initialization Does not require a trusted authority to set up a system. Self securingMembers of a new group can determine the common key by finding the appropriate combination of their secret keys.Construction of KDPLet K = {k1, …, kv} be a v-set. B = {B1, …, Bn} be a family of subsets of K. A system (K, B) a t-resilient (v, n, r) key distribution pattern (KDP) if the following condition holds: ⋂iΔ Bi ⊈ ⋃ jΛ Bj where Δ and Λ are any disjoint subsets of {1, …, n} such that |Δ| = r and |Λ| = tConstruction KDP (contd..)The KDP guarantees that For any r subsets, {Bi1, …, Bir}, and any t subsets, {Bj1, …, Bjt}, where {Bi1, …, Bir} ⋂ {Bj1, …, Bjt} = Ø, there exists at least an element k that belongs to the r subsets, but does not belong to the t subsets.For a given r subsets or less, an arbitrary union of at most t other subsets cannot cover elements in the r subsets.The Key MatrixSecure ZoneSecure ZoneSecure ZoneSecure ZoneB2B1B3B5B4K={1.....9}, B={B1…B12}, r=2; t=1K={1.....9}, B={B1…B12}, r=2; t=1B1= {4,5,6,7,8,9} B7= {1,3,4,5,8,9}B2= {2,3,5,6,8,9} B8= {1,3,5,6,7,8} B3= {2,3,4,6,7,8} B9= {1,2,3,4,5,6}B4= {2,3,4,5,7,9} B10={1,2,4,5,7,8}B5= {1,2,3,7,8,9} B11={1,2,5,6,7,9}B6= {1,3,4,6,7,9} B12={1,2,4,6,8,9}K={1...14}, B={B1..B5}, r=3; t=2K={1...14}, B={B1..B5}, r=3; t=2B1={2,3,4,5,9,11,12,13,14}B2={1,3,5,7,8,10,14}B3={1,2,4,5,6,10,13}B4={1,3,6,7,8,11,12,13}B5={2,4,6,8,9,10,11,14} 110101011101110011011011011000111111011110101110011101101101101111000111101011110011101110110110110111111000987654321121110987654321BBBBBBBBBBBBGroup KeyConstraints on Group formation•The parameter r •The parameter t (t-resilient)KEY1=B1∩B2 ∩B3=4 5 6KEY2=B2 ∩B5 ∩B6KEY3=B3 ∩B4 ∩B5GROUP KEY1GROUPKEY3GROUP KEY2 B2B1B3B6B5B4+ +t- resilientGK1B1B2B3B1={2,3,4,5,9,11,12,13,14}B2={1,3,5,7,8,10,14}B3={1,2,4,5,6,10,13}B4={1,3,6,7,8,11,12,13}B5={2,4,6,8,9,10,11,14}GK1=B1∩B2 ∩B3 =[5]B1∩B3=[2,4,5,13]B4GK1=B1∩B3 ∩B4 =[13]Compromised nodesCompromised nodesB5GK1=B1∩B3 ∩B5 =[2,4]υ={1,3,5,6,7,8,10,11,12,13}⋂iΔ Bi ⊈ ⋃jΛ BjKey UpdateWhen , Why and How!When Nodes leaves -•Temporarily, permanently, new node joins.Why –As discussed before to provide –•Session secrecy, Forward Secrecy, Backward Secrecy.How?Key UpdateB5= {1,2,3,7,8,9}B1B3B2B4 B7B6B8B9 B10 B11B5B1= {4,5,6,7,8,9}, k|=B1∩B5={7 8 9}B2= {2,3,5,6,8,9}B3= {2,3,4,6,7,8}B7= {1,3,4,5,8,9}B11= {1,2,5,6,7,9}B10= {1,2,4,5,7,8}B9= {1,2,3,4,5,6}B8= {1,3,5,6,7,8}B4= {2,3,4,5,7,9}B6= {1,3,4,6,7,9}B2= {8,9} B3= {7,8}B4= {7,9},B6= {7,9}B7= {8,9}B8= {7,8},B10= {7,8}, B11= {7,9}k|= {7,8,9},k| =(B2∩B5 -k| )= {2,3}B3= {2,3}B4= {2,3}B6= {3}B7= {3},B8= {3},B9= {2,3}B10= {2}B11= {2},Key Update (contd..)B5= {1,2,3,7,8,9}B5,k|= {2,3,7,8,9},B1= {4,5,6,7,8,9} B7= {1,3,4,5,8,9}B2= {2,3,5,6,8,9} B8= {1,3,5,6,7,8}B3= {2,3,4,6,7,8} B9= {1,2,3,4,5,6}B4= {2,3,4,5,7,9} B10={1,2,4,5,7,8}B5= {1,2,3,7,8,9} B11={1,2,5,6,7,9}B6= {1,3,4,6,7,9} B12={1,2,4,6,8,9}B6B7B8B12B11B10B9Blom's keyAllows any pair of users in the network form a secure point-point channel.Users compute secret key with