Boolean Function Minimization Technique

1
Boolean Function Minimization Technique

• By Sudeep Biswas
• (02329020)

2
Today's scenario

• Sender need not be in the multicast group
• Receivers do not have any mechanism to
  authenticate senders
• Responsibility lies with the routers to send
  multicast packets to all group members
• Secure approach needs to be added over IP
  multicast

3
Secure Approach

• Each group is associated with a group controller
  (A trusted server)
• Group controller is responsible for managing
  group membership

4
Secure group joining

• Both sender and receiver has to request access to
  the group controller
• Group controller verifies credentials such as
  password,id or a digital certificate
• If the client is permitted,controller provides it
  with the session and the auxiliary keys

5
Secure group removal

• De registration is initiated by the client or by
  the controller
• Removal of group members and communicating a new
  session key in a secure and scalable way is a non
  trivial task

6
Our key management scheme

• Assumptions
• The maximum group size is known (say p)
• Each group member has an unique id
• Xn-1Xn-2Xn-3X0 where Xi ? (0,1)
• Length of id is lg(n),n is maximum group size
  rounded to nearest power of 2 (n gt p)

7
Key Distribution

• Each client receives a session key and a set of
  auxiliary keys upon joining
• The set of n auxiliary keys areKn-1,Kn-2,.
• K0 where Ki ki if Xi 1 and Ki ki? if Xi
  0.
• Controller has all the keys
• Changes in keys takes place when group members
  depart or arrives
• Each time interval over which the keys remain
  fixed is called a round,denoted by a round number
  r. keys are SK(r) ki(r) , ki?(r) for all i

8
Example
9
Individual member removal

• A member of id 101 departs having keys k2,k1?
  k0
• Controller computes new session key SK(r1) and
  sends different messages SK(r1)k0?
  ,SK(r1)k1 ,SK(r1)k2?
• Controller and the remaining members compute the
  new set of auxiliary keys ki(r1)f(ki(r),SK(r1)
  ) (why ?)

10
Example
11
Multiple member removal

• Set of clients c0,c1,c2..cN-1
• m(Xn-1Xn-2Xn-3X0)0 for clients leaving the
  group.(membership function dynamically computed
  by controller)
• Minimum number of messages to send.
• This is achieved by encrypting information with
  keys common to subsets of the remaining members

12
Example

• c0 c4 leaves the group.
• Controller need to multicast only SK(r1)k0
  ,SK(r1)k1

13
Cont..

• General approach
• m(X2,X1,X0)X2?X1?X0 X2?X1X0? X2?X1X0
  X2X1?X0 X2X1X0? X2X1X0
• Terms reflect no. of messages to send
• Literals in each term reflect the keys by which
  the message is to be encrypted
• Generally better to send minimum messages

14
Cont(Karnaugh map)
K-map used to minimize m and hence number of
messages to send. mX1X0 (Hence send secret key
encrypted with k0 and then with k1)
15
New member arrival(My scheme)

• Controller provides a vacant uid and the
  auxiliary keys to the new member(s)
• m is modified by the controller keeping in view
  of these new member(s)
• m is minimized if required,and this minimized m
  is used to compute the no. of messages and the
  key combinations to be used
• New session key is send to each member

16
Analysis

• Storage
• Member lg(n)1
• Controller 2lg(n)1
• Processing (single change)
• Member O(1)
• Controller O(lg(n))
• Processing (O(n) changes)
• Member O(1)
• Controller O(n)
• All figures better than key graphs method

17
Limitations

• Collusion attack
• A set of members previously removed from the
  group collude.
• Combining their auxiliary keys they may get the
  next round session and hence the auxiliary keys.

18
Example of collusion attack

• Members with uid 000 and 111 are removed
• Together they have all set of auxiliary keys
• They collude and trace the next round session and
  auxiliary keys
• Elimination of collusion attack impossible with
  less than O(n) keys but its probability decreases
  with increase in auxiliary key space and sparse
  distribution of uids.