Group Protocols for Secure Wireless Ad hoc NetworksOverviewIntroductionIntroduction (contd..)Dynamic nature of Multicast GroupFactors effect an ideal group key distribution schemeDecentralized schemeSecurity GoalsSlide 9Key management in Ad Hoc networksFeatures of KDPConstruction of KDPConstruction KDP (contd..)The Key MatrixGroup Keyt- resilientKey UpdateSlide 18Key Update (contd..)Blom's keyWhy Blom`s key distribution?With Blom`s KeyAcknowledgements.Slide 24Group Protocols for Secure Wireless Ad hoc NetworksSrikanth NannapaneniSreechandu KamisettySwethana pagadalaAparna kasturiOverviewIntroductionKey Management in Ad hoc networks.Key distribution pattern.Blom`s key distributionSecure point-point channelExamples.Introduction Ad hoc network-A self organized network of user terminals (no prior infrastructure ).Group Communication in Ad hoc-Effective support of multicast or group communication essential for most ad-hoc network applications. MulticastingEnables efficient delivery of data to multiple locations on a network.Efficient utilization of bandwidth. More efficient when compared to unicasting and broadcasting.Introduction (contd..)Securing Group Communication-Multicast groups are prone to security attacks.Securing group communication is important Military operationInstantaneous conferences and classrooms.Common way is to establish a cryptographic key known only to group members.Dynamic nature of Multicast GroupExisting nodes may leave the group New nodes may join the groupCompromised nodes should be eliminated from the group.This requires efficient key management Group key must be updated whenever group membership changes.key update and rekeying is provided by group key distribution schemes.Factors effect an ideal group key distribution schemeSecureDecentralizedEfficientScalablityDecentralized schemeRelying on a single trusted authority is not wiseSingle point failure Single point attackDistributing the trust to all nodes in the network improves efficiency.An attack on a single system will not bring down the whole system.Security Goals Session secrecy collusion temporarily revoked nodes cannot discover the common key of the new groupForward secrecyCollusion of nodes that leave the group cannot discover the common keys for all future communicationBackward secrecyCollusion of nodes that join a group cannot discover the keys used by the group in the pastEfficiency A group key distribution scheme requires low amount of communication, computation, secure storage and smaller response time to perform security operations.ScalabilityThe scheme must work well for both small and large number of nodes in the groupKey management in Ad Hoc networksSome of the solutions proposed so far-Key Agreement in Ad Hoc Networks (shared password) Asokan and Ginzboorg, Computer Communications 2000On Some Methods for Unconditionally Secure key Distribution and Broadcast Encryption (Key Pre-distribution, TA) D. R. Stinson, Univ. Of Nebraska-Lincoln, U.S.A.What are we going to discuss-Key Distribution pattern.Features of KDPSelf initialization Does not require a trusted authority to set up a system. Self securingMembers of a new group can determine the common key by finding the appropriate combination of their secret keys.Construction of KDPLet K = {k1, …, kv} be a v-set. B = {B1, …, Bn} be a family of subsets of K. A system (K, B) a t-resilient (v, n, r) key distribution pattern (KDP) if the following condition holds: ⋂iΔ Bi ⊈ ⋃ jΛ Bj where Δ and Λ are any disjoint subsets of {1, …, n} such that |Δ| = r and |Λ| = tConstruction KDP (contd..)The KDP guarantees that For any r subsets, {Bi1, …, Bir}, and any t subsets, {Bj1, …, Bjt}, where {Bi1, …, Bir} ⋂ {Bj1, …, Bjt} = Ø, there exists at least an element k that belongs to the r subsets, but does not belong to the t subsets.For a given r subsets or less, an arbitrary union of at most t other subsets cannot cover elements in the r subsets.The Key MatrixSecure ZoneSecure ZoneSecure ZoneSecure ZoneB2B1B3B5B4K={1.....9}, B={B1…B12}, r=2; t=1K={1.....9}, B={B1…B12}, r=2; t=1B1= {4,5,6,7,8,9} B7= {1,3,4,5,8,9}B2= {2,3,5,6,8,9} B8= {1,3,5,6,7,8} B3= {2,3,4,6,7,8} B9= {1,2,3,4,5,6}B4= {2,3,4,5,7,9} B10={1,2,4,5,7,8}B5= {1,2,3,7,8,9} B11={1,2,5,6,7,9}B6= {1,3,4,6,7,9} B12={1,2,4,6,8,9}K={1...14}, B={B1..B5}, r=3; t=2K={1...14}, B={B1..B5}, r=3; t=2B1={2,3,4,5,9,11,12,13,14}B2={1,3,5,7,8,10,14}B3={1,2,4,5,6,10,13}B4={1,3,6,7,8,11,12,13}B5={2,4,6,8,9,10,11,14} 110101011101110011011011011000111111011110101110011101101101101111000111101011110011101110110110110111111000987654321121110987654321BBBBBBBBBBBBGroup KeyConstraints on Group formation•The parameter r •The parameter t (t-resilient)KEY1=B1∩B2 ∩B3=4 5 6KEY2=B2 ∩B5 ∩B6KEY3=B3 ∩B4 ∩B5GROUP KEY1GROUPKEY3GROUP KEY2 B2B1B3B6B5B4+ +t- resilientGK1B1B2B3B1={2,3,4,5,9,11,12,13,14}B2={1,3,5,7,8,10,14}B3={1,2,4,5,6,10,13}B4={1,3,6,7,8,11,12,13}B5={2,4,6,8,9,10,11,14}GK1=B1∩B2 ∩B3 =[5]B1∩B3=[2,4,5,13]B4GK1=B1∩B3 ∩B4 =[13]Compromised nodesCompromised nodesB5GK1=B1∩B3 ∩B5 =[2,4]υ={1,3,5,6,7,8,10,11,12,13}⋂iΔ Bi ⊈ ⋃jΛ BjKey UpdateWhen , Why and How!When Nodes leaves -•Temporarily, permanently, new node joins.Why –As discussed before to provide –•Session secrecy, Forward Secrecy, Backward Secrecy.How?Key UpdateB5= {1,2,3,7,8,9}B1B3B2B4 B7B6B8B9 B10 B11B5B1= {4,5,6,7,8,9}, k|=B1∩B5={7 8 9}B2= {2,3,5,6,8,9}B3= {2,3,4,6,7,8}B7= {1,3,4,5,8,9}B11= {1,2,5,6,7,9}B10= {1,2,4,5,7,8}B9= {1,2,3,4,5,6}B8= {1,3,5,6,7,8}B4= {2,3,4,5,7,9}B6= {1,3,4,6,7,9}B2= {8,9} B3= {7,8}B4= {7,9},B6= {7,9}B7= {8,9}B8= {7,8},B10= {7,8}, B11= {7,9}k|= {7,8,9},k| =(B2∩B5 -k| )= {2,3}B3= {2,3}B4= {2,3}B6= {3}B7= {3},B8= {3},B9= {2,3}B10= {2}B11= {2},Key Update (contd..)B5= {1,2,3,7,8,9}B5,k|= {2,3,7,8,9},B1= {4,5,6,7,8,9} B7= {1,3,4,5,8,9}B2= {2,3,5,6,8,9} B8= {1,3,5,6,7,8}B3= {2,3,4,6,7,8} B9= {1,2,3,4,5,6}B4= {2,3,4,5,7,9} B10={1,2,4,5,7,8}B5= {1,2,3,7,8,9} B11={1,2,5,6,7,9}B6= {1,3,4,6,7,9} B12={1,2,4,6,8,9}B6B7B8B12B11B10B9Blom's keyAllows any pair of users in the network form a secure point-point channel.Users compute secret key with
View Full Document