group key agreement
play

Group Key Agreement Ph.D. Dissertation Proposal June 20, 2001 - PowerPoint PPT Presentation

Jan 02, 2024 •252 likes •940 views

Group Key Agreement Ph.D. Dissertation Proposal June 20, 2001 Yongdae Kim 1 Outline Definitions and concepts Motivations and goals Related work Work done Protocols Implementation and Integration Research plan

  1. Group Key Agreement Ph.D. Dissertation Proposal June 20, 2001 Yongdae Kim 1

  2. Outline Definitions and concepts � Motivations and goals � Related work � Work done � � Protocols � Implementation and Integration Research plan and expected contribution � 2/55

  3. Background ? 3/55

  4. Group Communication Settings 1-to-Many � � Single-source broadcast: Cable/sat., TV, radio Few-to-Many � � Multi-source broadcast: Televised debates, GPS Any-to-Any � � Collaborative applications need inherently underlying peer groups. � Video/Audio conferencing, collaborative workspaces, interactive chat, network games and gambling � Rich communication semantics, tighter control, more emphasis on reliability and security 4/55

  5. Dynamic Peer Groups (DPG) Relatively small (<100 of members) � No hierarchy � Frequent membership changes � Any member can be sender and receiver � My focus: key management in DPGs 5/55

  6. Key Management is a building block Secure Applications Authorization, Access control, Non-repudiation … Encryption, Authentication Key Management 6/55

  7. Group Key Management Group key: a secret quantity known only to current group � members Group Key Distribution � � One party generates a secret key and distributes to others. Group Key Agreement � � Secret key is derived jointly by two or more parties. � Key is a function of information contributed by each member. � No party can pre-determine the result. 7/55

  8. Can we use Key Distribution in DPG? Centralized key server � � Single point of failure � Attractive attack target Can key server be sufficiently replicated? ⇒ Very costly � � Availability of a key server in any and all possible partitions � Network can have arbitrary faults! 8/55

  9. Settings for Group Key Management nature Static Dynamic Distributed Centralized authority size Large Small Stronger Weaker security setting Few-to-many Any-to-Any Agreement Distribution key Research Focus 9/55

  10. Secure Group Communication Group key agreement protocols rely on the underlying � group communication systems. � Protocol message transport � Strong membership semantics (Notification of a group membership) � Not for security reasons Group communication system needs specialized security � mechanisms. Mutual benefit and interdependency 10/55

  11. Membership Operations Formation Group partition Member add Member leave Group merge 11/55

  12. Motivation We need group key agreement methods satisfying the � following: � Strong security � Dynamic operation � Robustness � Efficiency in communication and computation � Implementation, integration, and measurement 12/55

  13. Why care about computation overhead? Most group key agreement methods rely on modular � exponentiation. � 512 bit modular exponentiation on Pentium 400 Mhz = 2 msec � 1024 bit modular exponentiation = 8 msec Most methods require a lot of modular exponentiations for � each membership operation. � Cliques: When current group size is n , join of a member to this group requires 2 n + 1 modular exponentiation. 13/55

  14. Goals To design efficient group key agreement protocols � � Low communication and computation overhead � Suitable for various network environments Rigorous proof of security � Development of group key management software � Integration with group communication systems � Evaluation of the group key agreement methods � 14/55

  15. Security Requirements Group key secrecy � � computationally infeasible for a passive adversary to discover any group key Backward secrecy � � Any subset of group keys cannot be used to discover previous group keys. Forward secrecy � � Any subset of group keys cannot be used to discover subsequent group keys. Key Independence � � Any subset of group keys cannot be used to discover any other group keys. � Forward + Backward secrecy 15/55

  16. Functional Requirements Group key agreement � Dynamic membership operation � Robustness against cascaded failures � Cascade faults: when a membership event occurs while handling prior one. 16/55

  17. Outline Definitions and notions � Motivation and goals � Related work � Work done � � Protocols � Implementation and Integration Research and evaluation plan � 17/55

  18. Related Work Only provide formation of a group key � � Steer et. al (1988): fast join, slow leave � Burmester and Desmedt (BD, 1993): fast but too many broadcasts � Becker and Wille (1998): always log n communication rounds and computation overhead � Tzeng and Tzeng (1999, 2000): Fast but does not provide forward and backward secrecy 18/55

  19. Related Work Cliques project � � DARPA-sponsored project (1997 ~ 2000) � Follow-on project from 2000 co-work with JHU Cliques protocol: Foundation of the proposed work � � Key Agreement in Dynamic Peer Groups (1996, 1997, 2000) Steiner, Tsudik and Waidner Group Diffie-Hellman key agreement protocols Dynamic membership operations � New Multi-party Authentication Services and Key Agreement Protocols (1998, 2000) Ateniese, Steiner and Tsudik A notion of group key authentication is considered � Drawbacks Slow computation: O(n) computation for each membership event Communication overhead: k rounds for merge (k: # of new members) 19/55

  20. Outline Definitions and notions � Motivation and goals � Related work � Work done � � Protocols � Implementation and Integration Research and evaluation plan � 20/55

  21. Work done: Protocols Simple and Fault-Tolerant Key Agreement for Dynamic � Collaborative Groups � TGDH (Tree-based Group Diffie-Hellman) � Y. Kim, A. Perrig, G. Tsudik � ACM CCS 2000, Nov. 2000 � Computation overhead reduced from O(n) to O(log n) � Providing robustness against cascaded failure inherently Communication-Efficient Group Key Agreement � � STR � Y. Kim, A. Perrig, G. Tsudik � In submission � Communication overhead is lower than any other methods 21/55

  22. Work done: Implementations The Design of a Group Key Agreement API � � CLQ_API (Cliques Application Program Interface) � G. Ateniese, O. Chevassut, D. Hasse, Y. Kim, and G. Tsudik � DARPA DISCEX 2000, Jan. 2000 Related APIs � � TREE_API: Implementation of TGDH, May 2000 � STR_API: Implementation of STR, June 2000 � BD_API: Implementation of BD, Aug. 2000 22/55

  23. Work done: Integration Secure Group Communication in Asynchronous Networks with � Failures: Integration and Experiments � Y. Amir, G. Ateniese, D. Hasse, Y. Kim, C. Nita-Rotaru, T. Schlossnagle, J. Schultz, J. Stanton and G. Tsudik � IEEE ICDCS 2000, April 2000 � Integrating Cliques with Spread � Have some measurement ⇒ Will be used in our evaluation Exploring Robustness in Group Key Agreement � � Y. Amir, C. Nita-Rotaru, Y. Kim, J. Schultz, J. Stanton and G. Tsudik � Accepted to IEEE ICDCS 2001 � First paper which provides robustness in secure group communication 23/55

  24. Outline Definitions and notions � Motivation and goals � Related work � Work done � � Protocols � Implementation and Integration Research and evaluation plan � 24/55

  25. Diffie-Hellman Setting � � p – large prime (e.g. 512 or 1024 bits) � Zp* = {1, 2, … , p – 1} � g – base generator A → B : N A = g n1 mod p � g n 1 n 2 B → A : N B = g n2 mod p � n1 = g n1n2 mod p A : N B � n 1 n 2 n2 = g n1n2 mod p B : N A � Diffie-Hellman Key : g n1 n2 � Blinded Key of n1 : N A = g n1 mod p � 25/55

  26. Diffie-Hellman Problem Computational Diffie-Hellman Assumption (CDH) � � Loose Definition: Having known g a , g b , computing g ab is hard. � CDH is not sufficient to prove that Diffie-Hellman Key can be used as secret key. � Eve may recover part of information with some confidence � One cannot simply use bits of g ab as a shared key Decision Diffie-Hellman Assumption (DDH) � � Loose Definition Knowing g a and g b , and guessing g c , can you check g c = g ab ? � Stronger than CDH 26/55

  27. Proof in Cryptography Common Assumption � � Factorization is hard ⇒ RSA � Computing discrete logarithm is hard ⇒ ElGamal � DDH problem is hard ⇒ Diffie-Hellman, Group key agreement methods We usually prove that the given problem can be formally � reduced to a known common assumption. � If our system is broken, then the common assumption will be broken. 27/55

  28. Cliques Steiner, Tsudik, and Waidner in ACM CCS ’96 � Contributory group key agreement protocol � Security � � Formal proof of security � Authentication � Key Independence Efficiency � � Small communication round except merge Introduce dynamic group operation � 28/55

  29. TGDH Simple: One function is enough to implement it � Fault-tolerant: Robust against cascaded faults � Secure � � Contributory � Provable security � Key independence Efficient � � d is the height of key tree ( < O(log 2 N)), N is the number of users � Maximum number of exponentiation = 4(d-1) � # of exp. in Cliques = 2N+1 29/55

  30. Key Tree (General) g gn 1 gn 2 n 3 gn 6 gn 4 n 5 g n 1 gn 2 n 3 g n 6 gn 4 n 5 g n 2 n 3 g n 4 n 5 n 1 n 6 n 2 n 3 n 4 n 5 30/55

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

@VCOSS /VCOSS What is the Service Agreement? About the Service Agreement? What is VCOSS

@VCOSS /VCOSS What is the Service Agreement? About the Service Agreement? What is VCOSS

@VCOSS /VCOSS What is the Service Agreement? About the Service Agreement? What is VCOSS and the Service Agreement Working Group (SAWG) role? Members of the SAWG VCOSS, ECMS, CFECFW, Launch Housing, VACCHO, Mackillop, Justice

470 views • 11 slides
SCOPE OF THE TBT AGREEMENT TRADE IN GOODS GATT 1994 TBT Agreement lex specialis SCOPE OF THE

SCOPE OF THE TBT AGREEMENT TRADE IN GOODS GATT 1994 TBT Agreement lex specialis SCOPE OF THE

T RAINING P ROGRAMME F OR T HE G OVERNMENT O F I NDONESIA The TBT Agreement Jogjakarta, Indonesia 26-29 March 2019 SCOPE OF THE TBT AGREEMENT TRADE IN GOODS GATT 1994 TBT Agreement lex specialis SCOPE OF THE TBT AGREEMENT The TBT Agreement

689 views • 49 slides
CYCLING WORKING GROUP -MEETING 1- 03/12/2013 Agenda 1. Call to order 2. Agreement on

CYCLING WORKING GROUP -MEETING 1- 03/12/2013 Agenda 1. Call to order 2. Agreement on

CYCLING WORKING GROUP -MEETING 1- 03/12/2013 Agenda 1. Call to order 2. Agreement on appointment of a Chair 3. Appointment of a recording secretary 4. Discuss and agree on mandate of working group 5. Roles and responsibilities of group

538 views • 15 slides
: Group Key Agreement API based on CLIQUES protocol suite CLQ_API Formation Member add Member

: Group Key Agreement API based on CLIQUES protocol suite CLQ_API Formation Member add Member

CLQ_API : : Group Key Agreement API based on CLIQUES protocol suite CLQ_API Formation Member add Member leave Group fusion Group fission 7/ 8/ 99 1 CLQ_API prerequisites Underlying group communication subsystem must

71 views • 6 slides
Agreement July 1 1 , 2017 Agreement Key Terms Agreement between TJPA and salesforce.com 25-Year

Agreement July 1 1 , 2017 Agreement Key Terms Agreement between TJPA and salesforce.com 25-Year

CAC Naming &amp; Signage Rights Agreement July 1 1 , 2017 Agreement Key Terms Agreement between TJPA and salesforce.com 25-Year Term Projected more than $110,000,000 $1,010,000 upon signing $9,112,700 on the commencement date

650 views • 19 slides
(6) a. ERG agreement ABS agreement (not encoded in (3)) SUBJ OBJ [!] F ROM S YNTAX TO E

(6) a. ERG agreement ABS agreement (not encoded in (3)) SUBJ OBJ [!] F ROM S YNTAX TO E

Bobaljik, Exponence Network (6) a. ERG agreement ABS agreement (not encoded in (3)) SUBJ OBJ [!] F ROM S YNTAX TO E XPONENCE : S OME C HUKCHI E VIDENCE b. OBJ agreement SUBJ agreement (encoded in (3)) Jonathan David Bobaljik /

444 views • 8 slides
AFFILIATION AGREEMENT This Affiliation Agreement is entered into by and between Presentation

AFFILIATION AGREEMENT This Affiliation Agreement is entered into by and between Presentation

AFFILIATION AGREEMENT This Affiliation Agreement is entered into by and between Presentation Medical Center (Herein after PMC/Hospital) and Turtle Mountain Community College (Herein after TMCC/College). I. PURPOSE AND SCOPE This agreement is made

392 views • 8 slides
Talking Your Way into Agreement: Preference Merge as Group Belief Revision by

Talking Your Way into Agreement: Preference Merge as Group Belief Revision by

1 ICLA/LSI Chennai 2009 Talking Your Way into Agreement: Preference Merge as Group Belief Revision by Communication Alexandru Baltag, Oxford University Based on recent joint work with J. van Benthem and S. Smets. 2 ICLA/LSI

1.31k views • 94 slides
The Bonn Agreement 1969 and BE-AWARE Project Alexander von Buxhoeveden Representing the Bonn

The Bonn Agreement 1969 and BE-AWARE Project Alexander von Buxhoeveden Representing the Bonn

The Bonn Agreement 1969 and BE-AWARE Project Alexander von Buxhoeveden Representing the Bonn Agreement HELCOM OpenRisk Workshop June 2017 History of the Bonn-Agreement The Bonn Agreement is the oldest regional agreement established by

617 views • 23 slides
interventions in primary care 2 ACTIVITY 1. INTRODUCTION, COURSE OVERVIEW, GROUP AGREEMENT 20

interventions in primary care 2 ACTIVITY 1. INTRODUCTION, COURSE OVERVIEW, GROUP AGREEMENT 20

WHO training on alcohol brief interventions in primary care 2 ACTIVITY 1. INTRODUCTION, COURSE OVERVIEW, GROUP AGREEMENT 20 minutes 3 Trainer introductions [Insert your name] [Insert your professional background] [Describe your

1.02k views • 77 slides
SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2

SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2

SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2 University of Tartu 1 Helsinki University of Technology 3 Ecole Polytechnique F ed erale de Lausanne Brief outline User-aided data

137 views • 13 slides
SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2

SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2

SAS-Based Group Authentication and Key Agreement Protocols Sven Laur 1 , 2 and Sylvain Pasini 3 2 University of Tartu 1 Helsinki University of Technology 3 Ecole Polytechnique F ed erale de Lausanne Brief outline User-aided data

304 views • 16 slides
STL Airport Lease Agreement October 31, 2019 Overview of Key Documents Lease Agreement : The

STL Airport Lease Agreement October 31, 2019 Overview of Key Documents Lease Agreement : The

STL Airport Lease Agreement October 31, 2019 Overview of Key Documents Lease Agreement : The primary transaction document, which defines the relationship between the City and the lessee (the Operator ) for the term of the agreement.

537 views • 12 slides
The Consolidated Agreement Agreement between DPH and Local Health Departments

The Consolidated Agreement Agreement between DPH and Local Health Departments

The Consolidated Agreement Agreement between DPH and Local Health Departments Incorporates all environmental health requirements and funding as a part of DPH/DHHS Contains general terms and conditions for activities related to any

604 views • 13 slides
Formation of contract Structuring the agreement . Essentials to be kept before drafting an

Formation of contract Structuring the agreement . Essentials to be kept before drafting an

Formation of contract Structuring the agreement . Essentials to be kept before drafting an agreement. Relevant clauses of the agreement. 1. Preamble. 2. Interpretation and definitions. 3. Scope of the works. 4. Price 5. Payment terms.

526 views • 14 slides
Agreement in HPSG Introduction to HPSG, WS 2007/2008 Monica L. L au Universitt Tbingen

Agreement in HPSG Introduction to HPSG, WS 2007/2008 Monica L. L au Universitt Tbingen

Two Views of Agreement Derivation-Based Agreement Agreement Mismatches Agreement in English Agreement in HPSG Introduction to HPSG, WS 2007/2008 Monica L. L au Universitt Tbingen (mlau@sfs.uni-tuebingen.de) December 2007 Two Views

1.42k views • 100 slides
for the Internet of Things David J. Wu Ankur Taly Asim Shankar Dan Boneh Stanford University

for the Internet of Things David J. Wu Ankur Taly Asim Shankar Dan Boneh Stanford University

Privacy, Discovery, and Authentication for the Internet of Things David J. Wu Ankur Taly Asim Shankar Dan Boneh Stanford University Google Google Stanford University The Internet of Things (IoT) Lots of smart devices, but only useful if

352 views • 31 slides
Key Agreement Protocols Key Agreement Two people want symmetric-key keying material to have a

Key Agreement Protocols Key Agreement Two people want symmetric-key keying material to have a

Key Agreement Protocols Key Agreement Two people want symmetric-key keying material to have a fast, secure conversation How can they agree on a shared symmetric key without it being transmitted in the clear? How can they be sure who

767 views • 27 slides
Independent Performance Validation for Robust and Resilient DP Systems Steven Cargill DNV GL

Independent Performance Validation for Robust and Resilient DP Systems Steven Cargill DNV GL

DYNAMIC POSITIONING CONFERENCE OCTOBER 911, 2017 DESIGN Independent Performance Validation for Robust and Resilient DP Systems Steven Cargill DNV GL Noble Denton Marine Services Chunying Li Aspin Kemp &amp; Associats The three pegs The

914 views • 31 slides
DISCIPLINED GROWTH + SHAREHOLDER RETURNS OUR 10 YEAR JOURNEY AGM PRESENTATION MAY 8, 2019 1

DISCIPLINED GROWTH + SHAREHOLDER RETURNS OUR 10 YEAR JOURNEY AGM PRESENTATION MAY 8, 2019 1

DISCIPLINED GROWTH + SHAREHOLDER RETURNS OUR 10 YEAR JOURNEY AGM PRESENTATION MAY 8, 2019 1 AGM PRESENTATION | MAY 2019 WHAT PAREX HAS ACCOMPLISHED IN 10 YEARS Parex as of: Inception Today Since inception Production(boe/d) Nil

421 views • 25 slides
On the Security of Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics,

On the Security of Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics,

On the Security of Supersingular Isogeny Cryptosystems Yan Bo Ti Department of Mathematics, University of Auckland AsiaCrypt 2016, 5th of December 1/17 Outline Joint work with Steven Galbraith , Christophe Petit and Barak Shani . 1

242 views • 23 slides
What Is the Future of Computers? 1 Introduction Moore's Law states, that the number of

What Is the Future of Computers? 1 Introduction Moore's Law states, that the number of

What Is the Future of Computers? 1 Introduction Moore's Law states, that the number of transistors on a microprocessor double every 18 months. 2 Introduction The year 2020 or 2030 will find the circuits on a microprocessor measured on

336 views • 18 slides
Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in

Secure Cryptographic Protocol Execution based on Runtime Verification Secure Communication in the Quantum Era (SPS G5448) February 5th, 2020 Christian Colombo Mark Vella Cryptographic Protocols Design Proofs to validate design against

467 views • 20 slides
Finite field multiplication combining AMNS and DFT approach for Pairing Based Cryptography Nadia

Finite field multiplication combining AMNS and DFT approach for Pairing Based Cryptography Nadia

Finite field multiplication combining AMNS and DFT approach for Pairing Based Cryptography Nadia El Mrabet (1) and Christophe Negre (2) (1) Team Arith/LIRMM, Universit e Montpellier 2 (2) Team DALI/ELIAUS, Universit e de Perpignan

753 views • 49 slides

More recommend