SOT: Secure Overlay Tree for Application Layer Multicast - PowerPoint PPT Presentation

1 / 20
About This Presentation
Title:

SOT: Secure Overlay Tree for Application Layer Multicast

Description:

Each user holds the keys on the path from its user key to the group key ... Split/Merge mechanism is used to maintain cluster size within the bound (m/2 c ... – PowerPoint PPT presentation

Number of Views:25
Avg rating:3.0/5.0
Slides: 21
Provided by: ken106
Category:

less

Transcript and Presenter's Notes

Title: SOT: Secure Overlay Tree for Application Layer Multicast


1
SOT Secure Overlay Tree for Application Layer
Multicast
  • Ken Yiu
  • HKUST

2
Outline
  • Introduction
  • Related Work
  • Issues on ALM security
  • Two basic approaches
  • Secure Overlay Tree (SOT)
  • Simulation Results
  • Conclusion

3
Introduction
  • Lack of widely deployed multicast-capable network
  • Application Layer Multicast (ALM)
  • No data confidentiality provided in ALM
  • Applications that require secure multicast cannot
    apply ALM directly
  • SOT a simple and efficient approach to provide
    data confidentiality

4
Introduction Multicast Security
  • Multicast data is encrypted by a shared symmetric
    key
  • Forward Secrecy user cannot decrypt future
    multicast data after he leaves
  • Backward Secrecy user cannot decrypt past
    multicast data before he joins
  • Change keys (re-key) whenever there is a
    membership change

s
a
e
b
d
c
5
Related Work
  • Security on IP multicast
  • Logical Key Hierarchy (LKH)
  • Iolus
  • Assume multicast-capable network (IGMP, DVRMP,
    CBT, PIM-DM, etc.)
  • Multicasting one re-key message takes only one
    communication overhead

6
Related Work LKH
  • Each user holds the keys on the path from its
    user key to the group key
  • Re-key change all keys on the path
  • Re-key message overhead (multicast)
  • O(2 logk N) for join
  • O(k logk N) for leave

Group key
kg
Key-encryption key (KEK)
k0
k1
User key
k00
k01
k10
k11
k000
k001
k010
k011
k100
k101
k110
k111
u0
u1
u2
u3
u4
u5
u6
u7
Re-key when u6 leaves Ek111k11,
Ek10k1, Ek11k1, Ek0kg, Ek1kg
Re-key when u2 joins Ek010k01, Ek01k01,
Ek0k0, Ek01k0, Ek0kg, Ekgkg
7
Related Work Iolus
  • Multicast group is divided into subgroups (each
    governed by a GSA and has its own subgroup key)
  • Re-encryption required at GSIs
  • Join/Leave only affects one subgroup (change
    subgroup key only)
  • GSAs (special entities) are chosen a priori and
    statically configured
  • No size bound on subgroups

GSI
GSI
GSC
GSI
GSI
GSI
Decryption and re-encryption required
GSC Group Security Controller GSI Group
Security Intermediary
8
Issues on ALM security
  • Multicast is accomplished by unicast connections
    between peers
  • O(N) for each multicast re-key message
  • O(N logk N) for each re-keying in LKH
  • No GSAs in ALM
  • Can their functionalities be moved to peers?
  • How about large subgroups?
  • Minimizing average nodal processing overhead on
    peers for data confidentiality

9
Two basic approaches
Re-encryption EBCDABk
  • Host-to-host encryption
  • Large re-encryption overhead
  • Whole group encryption
  • Large re-keying overhead

A
D
EkdataEABk
EkdataECDk
B
C
EkdataEBCk
k random key generated by source XY secret
key shared by X and Y
A
D
EABg
ECDg
Egdata
EBCg
B
Egdata
C
Egdata
Re-keying EBCDABg
g group key shared by all users
10
Secure Overlay Tree (SOT)
  • Clustering peers into subgroups
  • host-to-host between clusters
  • whole group within clusters
  • Balance two kinds of overhead and obtain the
    minimum total overhead by choosing appropriate
    optimal cluster size

A
B
Source
Ingress
f
EkdataEBk
b
a
h
EkdataEdek
e
d
EkdataEAk
c
g
Egress
11
SOT (contd)
  • Split/Merge mechanism is used to maintain cluster
    size within the bound (m/2 lt c lt 2m)
  • Join/Leave only affects one cluster instead of
    the whole group
  • Leaders are elected from each cluster to
    coordinate joining, merging and splitting
  • Apply Internet coordinate system like GNP to
    obtain coordinates for clustering purpose
  • SOT is a framework, existing ALM protocols can be
    used for implementation

12
SOT architecture
S
I
L
E
13
Simulation
  • Setup
  • GT-ITM TS topology 1024 routers
  • Member Join Poisson process (avg. rate ?)
  • Holding Time Exponential (mean T sec.)
  • Random chosen data source (constant data rate R
    bps)

14
Simulation (contd)
  • Typical applications

15
Results optimal cluster size
16
Results avg. nodal processing overhead
17
Results relative delay penalty
18
Results physical link stress
19
Conclusion
  • Security schemes for IP multicast are not
    suitable for ALM
  • SOT provides data confidentiality
  • Based on clustering of peers
  • Optimal cluster size
  • Lower nodal processing overhead
  • Comparable network performance

20
Thank You !!
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2025 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "SOT: Secure Overlay Tree for Application Layer Multicast" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!