Yang Richard Yang - PowerPoint PPT Presentation

1 / 17
About This Presentation
Title:

Yang Richard Yang

Description:

A Lower Bound on the Communication Cost of Secure Group Key Management Yang Richard Yang Department of Computer Sciences The University of Texas at Austin – PowerPoint PPT presentation

Number of Views:83
Avg rating:3.0/5.0
Slides: 18
Provided by: yang161
Learn more at: https://people.cs.vt.edu
Category:

less

Transcript and Presenter's Notes

Title: Yang Richard Yang


1
A Lower Bound on the Communication Cost of Secure
Group Key Management
  • Yang Richard Yang
  • Department of Computer Sciences
  • The University of Texas at Austin
  • http//www.cs.utexas.edu/users/yangyang/research/T
    echReports
  • With Simon S. Lam

2
Keygem System Components
Leave
Registration
Rekey encoding
Join
Communication cost
Rekey transportation
Key update
3
Previous Works
  • Key graph, LKH, OFT showed O(ln(n)) upper bound
  • Ran Canetti, et al. proved a lower bound of
  • where c is the leave communication cost, and
    b1 denotes the maximal number of keys any user
    holds

4
Outline
  • System Model
  • Security requirements
  • System assumptions and operations
  • Rekey encryption graphs
  • Construction of the lower bound
  • Extension of System Model
  • Conclusion

5
Security Requirements
  • Backward secrecy
  • A newly joined user cannot gain access to past
    group keys
  • Forward secrecy
  • After a user has left the secure group, he should
    not be able to gain access to future group keys

6
Three types of Secure Requirements
  • Three security requirement models
  • Backward secrecy only O(1) per request
  • Forward secrecy only
  • Backward Forward secrecy
  • Prove ?(ln(n)) amortized per request lower bound
    if forward secrecy is required, no matter
    backward secrecy is required or not

7
System Assumptions and Operations
  • There is only one key server
  • Key server implements forward secrecy
  • All users in the group share a common group key
    gi
  • When updating keys, the key server uses one key k
    to encrypt another key k
  • The adversary has access to all past
    communications. However, it can access one key k
    if it has received k from the key server, or k is
    encrypted by a key k that it has access, etc.

8
Rekey Encryption Graphs
  • Need a model to capture all communications
  • Rekey encryption graphs capture all
    communications
  • A sequence of directed graphs Gi
  • Gi captures the communication cost of rekeying
    the first i requests

9
Nodes and Edges of Gi
  • Nodes
  • User nodes
  • Key nodes
  • Individual key nodes
  • Normal key nodes
  • Edges
  • A user node to its individual key node(s)
  • A key node k to key node k if key server has
    sent k by encrypting it using k

10
Subgraph Si of Graph Gi
  • User node u when u is in the group (joined and
    not left)
  • The group key gi
  • Any node or edge that is on a path from a user
    node in Si to gi

11
Si Properties
  • Denote N as the number of user nodes in Si
  • Denote i(x) as the in-degree of node x
  • Define cost of user node u as
  • Define C

i2
i2
i1
c3
c4
c4
12
Si Properties (cont)
i2, n3
  • Define n(x) as the number ofuser nodes reachable
    to x
  • We can prove that
  • Therefore,

i1,n1
i2, n2
c3
c4
c4
S(N) 11
13
Wasted Communication Cost After a User leaves
g i1
g i
  • Suppose user u left and not re-join
  • Because of forward secrecy,c(u) is the
    wastedcommunication cost in Si, not in Sj,
    for any j gt i

u
S i
S i1
14
Construction of Lower Bound Requests
  • First n joins, followed by n leaves
  • The left user has the highest cost, therefore,
    the i-th leave request gives ln(n-i) edges
  • Therefore, the number of edges in G2n is greater
    than or equal to
  • Therefore, the per request communication cost is

15
Extending the System Model
  • Previous only allow k to encrypt k
  • Now allow k1, k2, , km to encrypt k,
    Adversary has to know all k1, , km in order to
    access k
  • Example of this model is Key Management by
    Boolean function minimization by Isabella Chang,
    Robert Engel, Dilip Kandlur, Dimitrios
    Pendarakis, and Debanjan Saha from IBM Watson

16
Extending the System Model
  • Add anti-collusion requirement the combined keys
    of user outside the group cannot decrypt any
    future group key
  • Can still prove

17
Conclusion
  • Given forward secrecy, amortized per request
    communication cost is
  • Have to look under the cryptograph hook, or relax
    security requirements to further reduce
    communication cost
  • Working on Keygem system
  • Consider communication cost as a property to
    evaluate transportation overhead
  • Consider batch processing to further improve
    performance
  • The output of encoding component to
    transportation component is block size
Write a Comment
User Comments (0)
About PowerShow.com
Home About Us Terms and Conditions Privacy Policy Presentation Removal Request Contact Us
Copyright 2024 CrystalGraphics, Inc. — All rights Reserved. PowerShow.com is a trademark of CrystalGraphics, Inc.
The PowerPoint PPT presentation: "Yang Richard Yang" is the property of its rightful owner.
Do you have PowerPoint slides to share? If so, share your PPT presentation slides online with PowerShow.com. It's FREE!