Balanced Batch LKH: New Proposal, Implementation and Performance Evaluation.
|
|
- Sherilyn Henry
- 5 years ago
- Views:
Transcription
1 Balanced Batch LKH: New Proposal, Implementation and Performance Evaluation. Josep Pegueroles, Francisco Rico-Novella Departamento de Ingeniería Telemática. Universitat Politècnica de Catalunya. Jordi Girona 1 y 3. Campus Nord, Mod C3, UPC Barcelona josep.pegueroles@entel.upc.es Abstract Perfect Secrecy can only be achieved in multicast groups by ciphering data sent to the group with a different key every time a member joins or leaves the group. A Key Server must send the new key to all the remaining members so bandwidth efficiency concerns appear. Logical Key Tree algorithms reduce the number of messages to be sent, but in many scenarios, rekeying after each membership change has no sense. Batch rekeying algorithms are proposed as a solution to these problems. However such methods need to maintain the Logical Key Tree balanced all the time in order to achieve maximum bandwidth efficiency. This paper presents a new technique for multicast batch rekeying. This technique reallocates the tree nodes in order to keep the tree balanced all the time. 1. Introduction When adding security features to multicast communications a common secret shared by all the multicast group members is needed. The shared key provides group secrecy and source authentication [1]. This key must be updated every time the membership of the group changes. When it does, Forward and Backward Secrecy (FS and BS) are provided. FS means that the session key gives no meaningful information about future session keys, that is to say no leaving member can obtain information about future group communication. BS means that a session key provides no meaningful information about past session keys and that no joining member can obtain information about past group communication [2]. A centralized trusted entity called Key Server (KS) requires N messages each encrypted with a member private key in order to distribute initial group key to a group of N users. Same number of encrypted messages is needed for trivially distributing new group key when membership changes. Several works address the issues of initially distributing the group key to all users and rekey when group membership changes. Most of the methods trying to reduce the number of required messages for rekeying are based on multilevel logical binary trees of Key Encryption Key (KEK) [3,4,5]. When used over a reliable multicast, this approach results in a quite efficient key update mechanism in which the number of multicast messages needed for updating the Session Key is proportional to the depth of the tree. If KEK tree is balanced, depth of the tree is O(log N), where N is the number of members in the multicast group. However, for large groups, join and leave requests are very frequent and usually bursty in nature. Different scenarios, such as Web-TV, show a high volume of signon/sign-off requests at peak times. In these cases, individual rekeying after each join or leave is relatively inefficient. Batch rekeying techniques have been recently presented as a solution to overcome this problem. In such methods, a departed user will remain in the group longer, and a new user has to wait longer to be accepted. All join and leave requests received within a batch period are processed together at the same time. An example of batch rekeying is presented by Lam-Gouda in [6]. Nevertheless, this method assumes that the KEK tree is kept balanced across multiple batches. However, depending on the actual locations of the request, it is possible that the key tree may grow unbalanced after some number of batches. This work presents a new method for batch rekeying that leads to complete balanced trees. The proposed algorithm preserves the Lam-Gouda algorithm simplicity and improves efficiency since no additional rebalancing algorithm is needed. Furthermore, keeping the tree balanced at any time avoids extra rekeying messages due to tree depth beyond O(log N). The rest of this paper is organized as follows. Section 2 presents Logical Key Hierarchy methods as the most common way to increase bandwidth efficiency in secure multicast rekeying. Section 3 introduces the Batch Rekeying techniques as a method for achieving more bandwidth efficiency. Section 4 details the new Balanced Batch Rekeying algorithm. Finally in section 5, we present performance evaluation of this method and compare it to Lam-Gouda technique. 2. Rekeying in secure multicast The main problem when managing secure multicast groups is to distribute new symmetric session keys to members every time a user joins or leaves the group. The
2 trivial way of doing it involves encrypting the message containing the new session key as many times as members the multicast group has (N). Once with each secret key shared between a Key Server (KS) and the corresponding member. In many scenarios such as Web-TV or multi-party network games, N may be very large, therefore, multicast key distribution leaks scalability. In the last years, many proposals have been published in order to overcome the scalability problem in Group Key Management [7,8,9]. However, the most promising protocols are those based on logical binary trees of KEKs [3,4]. Next we briefly describe the most significant and successful technique. 2.1 Logical Key Hierarchy: LKH In key tree schemes two types of encryption keys are used: Session Encryption Keys (SEK) and Key Encryption Keys (KEK). SEKs are used to cipher the actual data that multicast groups exchange, for example, video streams in multicast videoconference sessions. KEKs are used to cipher the keying material that members need in order to get the SEK. Normally, KEKs are structured in logical binary trees. The root of the key tree is shared by all users and the leaf nodes are users' individual keys. We will adopt the next criterion as naming convention for the rest of the paper. Tree nodes will be referenced as (level number, position at level), so we will refer to root node as (1,1); sons of root node will be (2,1) and (2,2) and so on. An example of key tree is shown in Fig.1a. Key in node (X,Y) will be noted as K (X,Y). Consider a group of 8 users. See Fig. 1a. The tree has 15 nodes, each node corresponds to a KEK. Group members are located at leaf nodes. Keys in the leaves are only known by single users. K (1,1) is known by all members in the group. The rest of the keys are revealed only to users considered sons of the node. For example, K (3,1) is known only by users in leaves (4,1) and (4,2), and K (2,2) is only revealed to users in nodes (4,5) to (4,8). The LKH key management scheme works as follows. Consider the multicast group in Fig.1b with N=7 members (M1..M7) and a centralized group controller (KS). Each member must store a subset of the controller's keys. These subset of KEKs will allow the member to get the new SEK when it changes. A generic member (Mj) stores the subset of keys in the path from the leaf where he is to the root. In our example, member M1, in node (4,1), will store K (4,1),K (3,1), K (2,1) and K (1,1) Managing joinings When a new member (Suppose M8 in Fig. 1a) joins the group he must contact the KS via a secure unicast channel. Then they negotiate a shared key that they will use in later interactions (K (4,8) ). After that, the controller must update every KEK in the path from the leaf, where new member is located, to the root. See Fig 1a in which new keys are noted with quotes. The KS has to reveal the updated keys to the corresponding users. He uses the existing key hierarchy, along with reliable multicast, to efficiently distribute them as follows. He sends two messages containing the whole set of updated keys, one to each of the members in nodes (4,7) and (4,8), via a unicast channel and using their individual keys. After that, he constructs and sends a multicast message containing K (2,2) and K (1,1) ciphered with K (3,3), so only members in nodes (4,5) and (4,6) can decipher it. Finally, he also constructs and sends a multicast message containing new root key K (1,1) and ciphered with K (2,1), so members in nodes (4,1) to (4,4) can decipher it. At this point, the 8 members in the multicast group know the subset of keys from their leaves to the root. Every member knows the root key, so this is used to cipher a multicast message containing the new session key (SEK ) Managing leavings Now, assume that member M4 leaves the group. All keys along the path from node (4,4) to the root must be changed. K (4,4) is simply deleted. See Fig 1b. The updated KEKs are multicasted to the remaining group members encrypted under keys in sibling nodes of the updated ones. In our example, KS first sends the whole set of updated keys to node (4,3) via a unicast channel, and using the individual key of member M3 to cipher it. After that, constructs and sends a multicast message containing K (2,1) and K (1,1) ciphered with K (3,1), so only M1 and M2 can decipher it. Finally, he sends a multicast message containing K (1,1) ciphered with K (2,2), so members in nodes (4,5) to (4,8) can decipher it. At this point, all keys that M4 knew while he was a member of the group have been updated, so he has been excluded from any future communication. Following the example it is easy to see how the binary tree-based key management scheme can update keys using 0(log2(N)) messages, where N is the number of members in the multicast group. a) Joining b) Leaving Figure 1. LKH example
3 3. Batch Rekeying With binary key tree techniques, individual rekeying has reached his lower bound in number of required messages for rekeying (O(logN)) [10]. Recently, some works have proposed batch rekeying to overcome this limit. In batch rekeying algorithms join and leave requests are collected during a time interval and processed in a batch. Since the KS does not rekey immediately, a leaving member will remain in the group till the end of the batch period, and a new member will have to wait the same time to be accepted. However, this batch period can be adapted to dynamics in the multicast group. On the other hand, batch rekeying techniques increase efficiency in number of required messages thus it takes advantage of the possible overlap of new keys for multiple rekey requests, and thus reduces the possibility of generating new keys that will not be used. 3.1 Lam-Gouda batch rekeying In [6] Lam, Gouda et al. presented a very simple marking algorithm that updates the key tree and generates a rekey subtree. Briefly, their system can be summarized as follows. After each rekey interval the KS collects all Join and Leave requests and processes them according to the two possible cases. If the number of leavings is greater or equal than the number of joinings, new members are allocated in the places of the departed members. Empty leaves are marked as null. All node keys in the path from the replaced leaves to the root are updated following the rules in LKH. If the number of joinings is greater than the number of leavings a rekey subtree is constructed with all the remaining new members left after applying the algorithm described above. The rekey subtree is allocated under the departed user node with the smallest height. 4. Balanced Batch Rekeying The algorithm explained in the previous section aims to keep the tree balanced through different batches by allocating the rekey subtree under the shallowest node in each rekeying. However, this rebalancing system is only valid when the number of joinings and leavings are very similar, in any other case a periodic rebalancing algorithm is needed. In Fig 2, it is easy to see how the tree grows unbalanced through different batches. In this example, in the first batch, same number of joinings and leavings is requested, so the tree is kept balanced. In Fig 2b members in nodes (4,4) and (4,8) ask for departing the group, but no joining is requested; so nodes (3,2) and (3,4) become leaf nodes with private keys of remaining members. In the third step, Fig 2c, three joinings and no leavings are asked again, this time, the rekey subtree is allocated under node a) Batch with same number of leavings and joinings c) Batch with 3 requested joinings and no leaving member (3,1), the shallowest one. Finally, in Fig 4d two of the members under node (2,2) want to leave the group. After the 4 batches only 6 members are left and therefore only a 4 degree key tree is needed, instead of that, the KS must keep a tree of degree Proposed algorithm Figure 2 b) Members 4 and 8 leave the group d) 2 leavings under node (1,1) and no joining In order to overcome this inefficiency we propose a new batch rekeying algorithm that keeps the tree balanced for every batch. The algorithm updates not only node keys but also node naming or position, so rekeying nodes can change their original position after each batch following a very simple rule. The KS computered system does not have much more processing load cause he only has to update the position of the nodes using simple rules. Besides that, keeping the tree balanced reduces the total amount of required program memory. In the other side, the new algorithm slightly increases the number of operations to be done by individual members, cause they have to know all the time the position in the tree that they are occupying in order to update it properly. However, this increase is not significant for single multicast members, even if they are devices with low computation capability. Next, we will describe the atomic steps the KS and the individual members must follow to carry out the algorithm Key Server Side There are four main actions that the KS has to do every batch: marking the rekeying nodes, prune the tree, make new rekey tree and construct and send the multicast rekeying messages.
4 Mark Rekeying Nodes In the first step, nodes that should be removed have to be pointed out. After collecting the leaving requests, all nodes from leaving members leaves to root need to be updated, so they are marked for deletion. Notice that no replacement with joining members is carried out. This is why the important figure in this algorithm is the reusing of subtree nodes, and in Lam-Gouda algorithm replaced nodes and its siblings also have to be updated. Prune Tree The prune action is very simple, it consists in deleting the marked nodes and keep the subtree structures that remain unchanged. After this action, the KS has to manage three types of elements: remaining subtrees (structures with more than one members), joining members and siblings of leaving members. As the tree is a binary tree, siblings of leaving members cannot reuse any KEK but his individual key, so they should be treated the same way as new joining members. Make New Rekey tree Now, the KS has to construct the new rekey tree balanced following the next recursive criterion. Group all trees of depth j in twos. If any element is left, group it with tree of depth j+1 and treat the result as a tree of depth j+2. The criterion must begin with trees of minimum depth, that is to say, single elements, and be repeated until just only one tree is resulted. Construct and Send Rekey Messages Finally, the rekeying messages have to be sent. These messages should include three information fields: destination node, new position of destination node and rekeying material. The destination node is the node to which sons the message is addressed. This field is used by single members to decide whether the rekeying message concerns to them or not. The new position is the renaming field of the message. Using this information, users can rename themselves and their keying material. The rules used for renaming are explained in the next subsection. The Rekeying material field is the actual data of updated keys, calculated, for example, according to LKH Multicast Member Side Basically the multicast member only has to decide if a multicast rekeying message is sent to him, receive it and update his position and keying material. Receive Rekey Message A single member (located in node (m,n) will only listen to a message if the coordinates of the destination node field (say (i,j)) comply with the following conditions. m i (2) m i m i m i ( j 2 ) (2 1) n j 2 (3) Update Position and Keys After deciding if a message concerns him, node (m,n) and keys are renamed using the new position field (p,q) in rekeying message. The renaming follows the next expressions. m = p + ( m i) (4) ( m i) ( m i) n = q 2 ( j 2 n) (5) Re-used keys and new keys are also renamed according to relative position with new node name Further considerations It is important to note that the most important function from all the above described ones is the update of the tree. This function shows the main differences between the proposed balanced batch LKH algorithm and the Lam- Gouda technique. In the update tree step of the algorithm, subtrees that can be reused are treated the way they lead to a minimum number of rekeying messages and balanced new key tree. 5. Performance evaluation There is a long history of network and Internet traffic analysis. The majority of this, however, looks at packet level and network level traces, and does not examine session level user dynamics. We want to study and simulate the behavior of our new algorithm, so we had to consider different models to generate join/leave request patterns. Next we present the different considered scenarios and the used models. 5.1 Benchmark scenarios Two benchmark scenarios are given in [2] as those to consider when studying or simulating multicast systems: single source broadcast and virtual conferences. However, we have included a third one in order to fit more precisely the real multicast world. We have used three simple models to generate user behavior patterns, one for each of the mentioned scenarios. Next we briefly describe how we have considered them.
5 5.1.1 Single source broadcast In this scenario a single source continuously broadcasts data to a large number of recipients. A typical example of this scenario is Pay-TV. The number of recipients can be up to hundreds of thousands and more. The life-time of the group is usually long. Group membership is dynamic: members join and leave at a relatively high rate. At peak times a high volume of sign-on/sign-off requests are expected. Almeroth and Ammar [11] started the study of user behavior for single source multicast sessions many years ago. A simple way of modeling user behavior at session level is by means of exponential distribution interarrival time. We have used two exponential random number generators to simulate request arrivals at KS. One for joinings and another one for leavings. In Fig 3a it is shown a sample pattern of our model for single source broadcast and the histogram for Web-TV interarrival time Virtual conferences Virtual conference scenarios include on-line corporate meetings, interactive lectures... A virtual conference involves several tens to hundreds of peers. Usually most, or all, group members wish to transmit data. The group is often formed per event and is relatively short-lived (say, few minutes or hours). Membership is often static: members join at start-up, and remain signed a) Join/Leave pattern for WebTV b) Join/Leave pattern for virtual conference c). Join/Leave pattern for NetGames on throughout. We have found no studies about user behavior modeling for virtual conferences. However, according to the previously mentioned features, we have developed a very simple model that we have used for virtual conferences. A random number of users stablish a virtual conference. After a random period of time users begin to join/leave the group following an exponential interrequest time statistics. See Fig 3b Multiplayer video games In multiparty networked games the number of players strongly depends on time-of-day and network externality effects. The presence of other users alters other users behaviors. Player interarrival times are highly correlated at short lags which implies that the arrival of some users will lead to others arriving. Moreover, interarrival times and number of players in a session shows an inversely proportional relationship; as the number of players in a session increases, the interarrival time decrease. So number of players is a deteminant in other player s decisions to join a group. In [12] Henderson and Bhatti found that interarrival times for networked games follow a heavy-tailed distribution. We have used this result to generate patterns according to lognormal distribution for joinings and exponential for leavings. See Fig 3c. 5.2 Results Simulations for the comparison of our new algorithm to Lam-Gaouda batch rekeying were done. As expected, in all cases the balanced algorithm showed a better behavior than Lam-Gouda in terms of tree depth. Next, results for the three different benchmark scenarios are considered. Statistically generated join/leave patterns were used. The pattern life for network games was 12 hours considered every second (x axis). Except in case of peak times, only a joining or a leaving can be considered every second. Different batch periods were considered, from 5 minutes to 50 minutes (y axis). In Fig 4a it is plotted the tree depth behavior for the two considered algorithms (z axis). It can be seen how the balanced batch rekeying method leads to less depth for all the cases. Results for virtual conference show similar behavior. It is important to note that joining/leaving traffic pattern was generated to fit a monotonic increase in number of members. For virtual conference, only a life of an hour was considered (x axis). Measures were taken for different batch periods (y axis), and population was dynamic but always between 256 and 512 members. In Fig 4b can be easily seen how the balanced algorithm preserves the same tree depth for every time and batch, while Lam Gouda tree depth increase with time. Figure 3. Benchmark scenarios
6 Finally, web-tv environments for a period of monotonic increase of number of members have the same behavior. Fig 4c. Differences in the increase rhythm can be explained according to peak time arrivals. As new members arrive in a batch at peak times, Lam-Gouda algorithm has to construct a very big rekey subtree and allocate it in the old tree, this makes the tree grow quickly. Instead of that, balanced algorithm, reconstruct the whole tree and achieves a slowly growth. 6. Conclusions In this research, we have presented a new rekeying technique for batch joining and leavings. The new method is based on Logical Key Hierarchy protocol but avoids rekeying for every single membership change. Unlike other existing batch rekeying methods, the proposed technique keeps the Key Tree balanced all the time. Balancing the tree reduces the number of encrypted messages to be sent in order to distribute the new session key. Results for performance evaluation have also been presented. Acknowledgments This work is supported by the Spanish research council under project DISQET (CICYT TIC ) and CREDO (CICYT - TIC ) References [1] Wallner, Harder, Agee. Key Management for Multicast: Issues and Architectures. RFC [2] R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas, it Multicast security: A taxonomy and some efficient constructions INFOCOM 99. Eighteenth Annual Joint Conference of the IEEE Computer and Communications Societies. Proceedings. IEEE, vol. 2, pp , [3] Harney, Harder. Logical Key Hierarchy Protocol (LKH). I-D Harney-sparta-lkhp-sec-00. Mar 99. Work in progress. [4] Balenson, McGrew, Sherman. Key Management for large Dynamic Groups: One-Way Function Trees and Amortized Initialization. Aug 2000 I-D irtf-smuggroupkeymgmt-oft-00. Work in progress [5] Canetti, Malkin, Nissim. Efficient Communication Storage Tradeoffs for Multicast Encryption. Eurocrypt99 pp [6] Li, Yang, Gouda, Lam. Batch Rekeying for Secure Group Communications}. ACM SIGCOMM 2001, San Diego, August 2001 [7] H. Harney, A. Colegrove, E. Harder, U. Meth, R. Fleischer, it Group Secure Association Key Management Protocol (GSAKMP), draft-irtf-smug-gsakmp-00.txt, November 2000, Work in Progress. [8] H. Harney, C. Muckenhirn, Group Key Management Protocol (GKMP) Specification, IETF, RFC 2093, July [9] T. Hardjono, B. Cain, Simple Key Management Protocol for PIM}, draft-ietf-pim-simplekmp-01.txt, Feb 2000, Work in Progress. [10] Snoeyink, Suri, Varghese (2001). A Lower Bound for Multicast Key Distribution}. IEEE INFOCOM [11] Almeroth, Ammar, (1997) Multicast Group Behavior in the Internet's Multicast Backbone (MBone), IEEE Communications, June 1997 [12] Henderson, Bhatti (2001). Modelling user behavior in networked games. Proceedings of ACM Multimedia 2001, Ottawa, Canada, pp , October 2001 a) networked games environment. b ) virtual conference environment. c) Web tv environment. Figure 4. Comparison of tree depth evolution for Lam-Gouda and balanced batch rekeying algorithm
Adapting GDOI for Balanced Batch LKH
Josep Pegueroles Telematics Engineering Department. Technical University of Catalonia Barcelona, Spain Contents Introduction Benchmark Scenarios Performance of Batch Rekeying with benchmark scenarios Balanced
More informationDecentralized Key Management for Large Dynamic Multicast Groups using Distributed Balanced Trees
Decentralized Key Management for Large Dynamic Multicast Groups using Distributed Balanced Trees Thesis by Junaid Haroon MSCS018 Supervised by Mr Shafiq ur Rahman Flow of Presentation Background Proposed
More informationEfficient Group Key Management Schemes for Multicast Dynamic Communication Systems. Muhammad Yasir Malik
Efficient Group Key Management Schemes for Multicast Dynamic Communication Systems Muhammad Yasir Malik 2012 Abstract Key management in multicast dynamic groups, where users can leave or join at their
More informationMykil: A Highly Scalable Key Distribution Protocol for Large Group Multicast
Mykil: A Highly Scalable Key Distribution Protocol for Large Group Multicast Jyh-How Huang and Shivakant Mishra Department of Computer Science University of Colorado, Campus Box 0430 Boulder, CO 80309-0430,
More informationFDLKH: Fully Decentralized Key Management Scheme on Logical Key Hierarchy
FDLKH: Fully Decentralized Key Management Scheme on Logical Key Hierarchy Daisuke Inoue and Masahiro Kuroda National Institute of Information and Communications Technology, 3-4, Hikarino-oka, Yokosuka,
More informationSecure Group Key Management Scheme for Multicast Networks
International Journal of Network Security, Vol.11, No.1, PP.33 38, July 21 33 Secure Group Key Management Scheme for Multicast Networks R. Srinivasan, V. Vaidehi, R. Rajaraman, S. Kanagaraj, R. Chidambaram
More informationA Centralized Key Table based Communication Efficient Group Key Management Protocol
I. J. Computer Network and Information Security, 2015, 8, 49-55 Published Online July 2015 in MECS (http://www.mecs-press.org/) DOI: 10.5815/ijcnis.2015.08.06 A Centralized Key Table based Communication
More informationAN OPTIMAL AND COST EFFECTIVE KEY MANAGEMENT SCHEME FOR SECURE MULTICAST COMMUNICATION
AN OPTIMAL AND COST EFFECTIVE KEY MANAGEMENT SCHEME FOR SECURE MULTICAST COMMUNICATION SRIDHAR J K 1, SENTHIL KUMAR R 2, ARUN KUMAR S 3 1,2 Student, School Of Computing, SASTRA University, Thanjavur, India.
More informationEfficient Secured Model For Communication In Dynamic Multicast Groups
IOSR Journal of Engineering (IOSRJEN) ISSN (e): 2250-3021, ISSN (p): 2278-8719 Vol. 05, Issue 06 (June. 2015), V1 PP 55-59 www.iosrjen.org Efficient Secured Model For Communication In Dynamic Multicast
More informationCluster Based Group Key Management in Mobile Ad hoc Networks
42 IJCSNS International Journal of Computer Science and Network Security, VOL.9 No.4, April 2009 Cluster Based Group Key Management in Mobile Ad hoc Networks Renuka A. and K.C.Shet, Dept. of Computer Science
More informationKey Management in IP Multicast
Key Management in IP Multicast Petri Jokela Helsinki University of Technology petri.jokela@nomadiclab.com ABSTRACT The IP networking was originally designed to operate in point topoint way. However, when
More informationAn Architecture and Key Management Approach for Maintaining Privacy in Location Based Group Services
An Architecture and Key Management Approach for Maintaining Privacy in Location Based Group Services Y. Sun 1, P. Liu 1, P. Kermani 2, T. F. La Porta 1 1- Networking and Security Research Center, Penn
More informationPerformance Optimizations for Group Key Management Schemes for Secure Multicast
Performance Optimizations for Group Key Management Schemes for Secure Multicast Sencun Zhu Sanjeev Setia Sushil Jajodia Center for Secure Information Systems George Mason University Fairfax, VA 22030 {szhu1,setia,jajodia}@gmu.edu
More informationDynamic Group Key Distribution Using MDS Codes
Dynamic Group Key Distribution Using MDS Codes Lihao Xu Department of Computer Science Washington University St. Louis, MO 63130 lihao@cs.wustl.edu Abstract Efficient key distribution is an important problem
More informationMultiway Tree-Based Group Key Management Using Chinese Remainder Theorem for Multi-Privileged Group Communications
Journal of Applied Science and Engineering, Vol. 17, No. 1, pp. 81 92 (2014) DOI: 10.6180/jase.2014.17.1.10 Multiway Tree-Based Group Key Management Using Chinese Remainder Theorem for Multi-Privileged
More informationGroup Key Agreement Protocols for Dynamic Peer Groups
Nirav Jasapara jasapara@isi.edu Group Key Agreement Protocols for Dynamic Peer Groups ABSTRACT With the increased use of distributed services and applications, secure group communication over unsecured
More informationEfficient and Secure Multicast in WirelessMAN: A Cross-layer Design
Efficient and Secure Multicast in WirelessMAN: A Cross-layer Design Chin-Tser Huang, Manton Matthews, Matthew Ginley, Xinliang Zheng, Chuming Chen, and J. Morris Chang Abstract: Effectively adding security
More informationKey Management Schemes for Stateless Receivers Based on Time Varying Heterogeneous Logical Key Hierarchy
Key Management Schemes for Stateless Receivers Based on Time Varying Heterogeneous Logical Key Hierarchy Miodrag J. Mihaljević Mathematical Institute Serbian Academy of Sciences and Arts Kneza Mihaila
More informationSelf-Healing Group Key Distribution
International Journal of Network Security, Vol.1, No.2, PP.110 117, Sep. 2005 (http://isrc.nchu.edu.tw/ijns/) 110 Self-Healing Group Key Distribution Muhammad Junaid Bohio and Ali Miri (Corresponding author:
More informationEAI Endorsed Transactions on Energy Web and Information Technologies
EAI Endorsed Transactions on Research Article Multicast Hybrid Group Key Management in Wireless Networks Environment R. Mahaveerakannan 1, *, Dr. C. Suresh GnanaDhas 2 and R. Rama Devi 3 1 Research Scholar,
More informationCSC/ECE 774 Advanced Network Security
Computer Science CSC/ECE 774 Advanced Network Security Topic 4.3 Group Key Distribution Acknowledgment: Slides on LKH were originally provided by Dr. Wensheng Zhang at Iowa State. Dr. Peng Ning CSC 774
More informationAn Information Theoretic Analysis of Rooted-Tree Based Secure Multicast Key Distribution Schemes
An Information Theoretic Analysis of Rooted-Tree Based Secure Multicast ey Distribution Schemes R. Poovendran J. S. Baras Dept. of Electrical Engineering & Institute for Systems Research University of
More informationI Metric I Explanation Robustness
Towards Solving Multicast Key Management Problem Fan Du, Lionel M. Ni and Abdol-Hossein Esfahanian Department of Computer Science and Engineering Michigan State University East Lansing, M 48824 Abstract-
More informationSubnet Multicast for Delivery of One-to-Many Multicast Applications
Subnet Multicast for Delivery of One-to-Many Multicast Applications We propose a new delivery scheme for one-to-many multicast applications such as webcasting service used for the web-based broadcasting
More informationAn Information-Theoretic Approach for Design and Analysis of Rooted-Tree-Based Multicast Key Management Schemes
2824 IEEE TRANSACTIONS ON INFORMATION THEORY, VOL. 47, NO. 7, NOVEMBER 2001 An Information-Theoretic Approach for Design and Analysis of Rooted-Tree-Based Multicast Key Management Schemes Radha Poovendran,
More informationEnhancement of the CBT Multicast Routing Protocol
Enhancement of the CBT Multicast Routing Protocol Seok Joo Koh and Shin Gak Kang Protocol Engineering Center, ETRI, Korea E-mail: sjkoh@pec.etri.re.kr Abstract In this paper, we propose a simple practical
More informationRed-Black-Trees and Heaps in Timestamp-Adjusting Sweepline Based Algorithms
Department of Informatics, University of Zürich Vertiefungsarbeit Red-Black-Trees and Heaps in Timestamp-Adjusting Sweepline Based Algorithms Mirko Richter Matrikelnummer: 12-917-175 Email: mirko.richter@uzh.ch
More informationGroup Key Management Techniques
Global Journal of Computer Science and Technology Network, Web & Security Volume 13 Issue 11 Version 1.0 Year 2013 Type: Double Blind Peer Reviewed International Research Journal Publisher: Global Journals
More informationOn Dynamic Subset Difference Revocation Scheme
On Dynamic Subset Difference Revocation Scheme Weifeng Chen, Zihui Ge, Chun Zhang, Jim Kurose, Don Towsley Technical Report 2003-22 Department of Computer Science University of Massachusetts, Amherst {chenwf,
More informationKey Distribution and Update for Secure Inter-group Multicast Communication
Key Distribution and Update for Secure Inter-group Multicast Communication ABSTRACT Weichao Wang Department of EECS and ITTC University of Kansas Lawrence, KS 66045 weichaow@eecs.ku.edu Group communication
More informationA Survey on Multicast rekeying for secure group communication
S.Sasikala Devi,Dr.Antony Selvadoss Danamani, Int. J. Comp. Tech. Appl., Vol 2 (3), 385-391 A Survey on Multicast rekeying for secure group communication S.Sasikala Devi Assistant Professor CMS College
More informationSupporting Multicast in ADSL Networks
Supporting Multicast in ADSL Networks A. Banchs, M. Gabrysch, T. Dietz, B. Lange, H. J. Stiittgen NEC Europe Ltd, Computer and Communication Research Laboratories Heidelberg E-mail: adsl@ccrle.nec.de Abstract:
More informationEfficient Communication-Storage Tradeoffs for Multicast Encryption
Efficient Communication-Storage Tradeoffs for Multicast Encryption Ran Canetti 1, Tal Malkin 2, and Kobbi Nissim 3 1 IBM T. J. Watson Research Center, Yorktown Height, NY, 10598, canetti@watson.ibm.com
More informationSURVEY PAPER ON GROUP KEY MANAGEMENT
IJACE: Volume 4, No. 1, January-June 2012, pp. 57-63 SURVEY PAPER ON GROUP KEY MANAGEMENT R. Siva Ranjani 1, D. Lalitha Bhaskari 2 & P. S. Avadhani 3 Abstract: Various network applications require sending
More informationDDS Dynamic Search Trees
DDS Dynamic Search Trees 1 Data structures l A data structure models some abstract object. It implements a number of operations on this object, which usually can be classified into l creation and deletion
More informationTree-Based Minimization of TCAM Entries for Packet Classification
Tree-Based Minimization of TCAM Entries for Packet Classification YanSunandMinSikKim School of Electrical Engineering and Computer Science Washington State University Pullman, Washington 99164-2752, U.S.A.
More informationDynamic Join-Exit Amortization and Scheduling for Time-Efficient Group Key Agreement
Dynamic Join-Exit mortization and Scheduling for Time-Efficient Group Key greement Yinian Mao, Yan Sun, Min Wu and K. J. Ray Liu Department of Electrical and Computer Engineering University of Maryland,
More informationAn effective key distribution for secure internet pay-tv using access key hierarchies
SECURITY AND COMMUNICATION NETWORKS Security Comm. Networks 2016; 9:5085 5097 Published online 27 October 2016 in Wiley Online Library (wileyonlinelibrary.com)..1680 RESEARCH ARTICLE An effective key distribution
More informationApplication Layer Multicast Algorithm
Application Layer Multicast Algorithm Sergio Machado Universitat Politècnica de Catalunya Castelldefels Javier Ozón Universitat Politècnica de Catalunya Castelldefels Abstract This paper presents a multicast
More informationIP Multicast. What is multicast?
IP Multicast 1 What is multicast? IP(v4) allows a host to send packets to a single host (unicast), or to all hosts (broadcast). Multicast allows a host to send packets to a subset of all host called a
More informationConfiguring Basic IP Multicast
IP multicast is a bandwidth-conserving technology that reduces traffic by delivering a single stream of information simultaneously to potentially thousands of corporate businesses and homes. Applications
More informationDynamic Routing Tables Using Simple Balanced. Search Trees
Dynamic Routing Tables Using Simple Balanced Search Trees Y.-K. Chang and Y.-C. Lin Department of Computer Science and Information Engineering National Cheng Kung University Tainan, Taiwan R.O.C. ykchang@mail.ncku.edu.tw
More informationAn Efficient Routing Protocol with Group Management for Peer-to-Peer Multicast Applications
An Efficient Routing Protocol with Group Management for Peer-to-Peer Multicast Applications Ning Wang & George Pavlou entre for ommunication Systems Research University of Surrey United Kingdom {N.Wang,
More informationMulticast routing Draft
Multicast routing Draft Lucia Tudose Nokia Research Center E-mail: tudose@research.nokia.com Abstract Multicast routing is establishing a tree which is routed from the source node and contains all the
More informationThe questions will be short answer, similar to the problems you have done on the homework
Introduction The following highlights are provided to give you an indication of the topics that you should be knowledgeable about for the midterm. This sheet is not a substitute for the homework and the
More informationA Scalable Method for Access Control in Location-Based Broadcast Services
This full text paper was peer reviewed at the direction of IEEE Communications Society subject matter experts for publication in the IEEE INFOCOM 008 proceedings. A Scalable Method for Access Control in
More informationEFFECTIVE KEY GENERATION FOR MULTIMEDIA AND WEB APPLICATION
EFFECTIVE KEY GENERATION FOR MULTIMEDIA AND WEB APPLICATION Mr. Sagar Sharad Bhuite Department of Computer Science and Engg, College of Engg. Pandharpur Solapur University, Solapur, India Prof. Yoginath
More informationIPv6 and Multicast. Outline. IPv6 Multicast. S Computer Networks - Spring 2005
IPv6 and Multicast 188lecture5.ppt Pasi Lassila 1 Outline IPv6 Multicast 2 IPv6 overview Motivation Internet growth (address space depletion and routing information eplosion) CIDR has helped but eventually
More information(In)security of ecient tree-based group key agreement using bilinear map
Loughborough University Institutional Repository (In)security of ecient tree-based group key agreement using bilinear map This item was submitted to Loughborough University's Institutional Repository by
More informationRouting Lookup Algorithm for IPv6 using Hash Tables
Routing Lookup Algorithm for IPv6 using Hash Tables Peter Korppoey, John Smith, Department of Electronics Engineering, New Mexico State University-Main Campus Abstract: After analyzing of existing routing
More informationSource Authentication in Group Communication Systems
Source Authentication in Group Communication Systems Xin Zhao University of Michigan 1301 Beal Ave, Ann Arbor, MI, 48105, USA zhaoxin@eecs.umich.edu Atul Prakash University of Michigan 1301 Beal Ave, Ann
More informationA Key Distribution Scheme for Distributed Group with Authentication Capability
International Journal of Performability Engineering, Vol. 8, No. 2, March, 2012, pp.199-212. RAMS Consultants Printed in India A Key Distribution Scheme for Distributed Group with Authentication Capability
More informationA Survey on Efficient Group Key Management Schemes in Wireless Networks
Indian Journal of Science and Technology, Vol 9(14), DOI: 10.17485/ijst/2016/v9i14/87972, April 2016 ISSN (Print) : 0974-6846 ISSN (Online) : 0974-5645 A Survey on Efficient Group Key Management Schemes
More informationMotivation for B-Trees
1 Motivation for Assume that we use an AVL tree to store about 20 million records We end up with a very deep binary tree with lots of different disk accesses; log2 20,000,000 is about 24, so this takes
More informationEfficient Group Rekeying Using Application-Layer Multicast
Efficient Group Rekeying Using Application-Layer Multicast X. Brian Zhang, Simon S. Lam, and Huaiyu Liu Department of Computer Sciences, The University of Texas at Austin, Austin, TX 7872 {zxc, lam, huaiyu}@cs.utexas.edu
More informationWhy multicast? The concept of multicast Multicast groups Multicast addressing Multicast routing protocols MBONE Multicast applications Conclusions
Tuomo Karhapää tuomo.karhapaa@otaverkko.fi Otaverkko Oy Why multicast? The concept of multicast Multicast groups Multicast addressing Multicast routing protocols MBONE Multicast applications Conclusions
More informationAdvanced Networking. Multicast
Advanced Networking Multicast Renato Lo Cigno Renato.LoCigno@dit.unitn.it Homepage: disi.unitn.it/locigno/index.php/teaching-duties/advanced-networking Multicasting Addresses that refer to group of hosts
More informationFlaws in Some Self-Healing Key Distribution Schemes with Revocation
Flaws in Some Self-Healing Key Distribution Schemes with Revocation Vanesa Daza 1, Javier Herranz 2 and Germán Sáez 2 1 Dept. Tecnologies de la Informació i les Comunicacions, Universitat Pompeu Fabra,
More informationDistribution of the Number of Encryptions in Revocation Schemes for Stateless Receivers
Discrete Mathematics and Theoretical Computer Science DMTCS vol. (subm.), by the authors, 1 1 Distribution of the Number of Encryptions in Revocation Schemes for Stateless Receivers Christopher Eagle 1
More informationQoS-Aware Hierarchical Multicast Routing on Next Generation Internetworks
QoS-Aware Hierarchical Multicast Routing on Next Generation Internetworks Satyabrata Pradhan, Yi Li, and Muthucumaru Maheswaran Advanced Networking Research Laboratory Department of Computer Science University
More informationPerformance Analysis of Hierarchical Mobile IPv6 in IP-based Cellular Networks
Performance Analysis of Hierarchical Mobile IPv6 in IP-based Cellular Networks Sangheon Pack and Yanghee Choi School of Computer Science & Engineering Seoul National University Seoul, Korea Abstract Next-generation
More informationTECHNICAL RESEARCH REPORT
TECHNICAL RESEARCH REPORT A Scalable Extension of Group Key Management Protocol by R. Poovendran, S. Ahmed, S. Corson, J. Baras CSHCN T.R. 98-5 (ISR T.R. 98-14) The Center for Satellite and Hybrid Communication
More informationNetwork Security: Broadcast and Multicast. Tuomas Aura T Network security Aalto University, Nov-Dec 2011
Network Security: Broadcast and Multicast Tuomas Aura T-110.5241 Network security Aalto University, Nov-Dec 2011 Outline 1. Broadcast and multicast 2. Receiver access control (i.e. data confidentiality)
More informationIntroduction to IGMP for IPTV Networks
White Paper Introduction to for IPTV Networks Understanding Processing in the Broadband Access Network Juniper Networks, Inc. 1194 North Mathilda Avenue Sunnyvale, California 94089 USA 408.745.2000 1.888
More informationEfficient Packet Classification using Splay Tree Models
28 IJCSNS International Journal of Computer Science and Network Security, VOL.6 No.5B, May 2006 Efficient Packet Classification using Splay Tree Models Srinivasan.T, Nivedita.M, Mahadevan.V Sri Venkateswara
More informationEnhanced Cores Based Tree for Many-to-Many IP Multicasting
Enhanced Cores Based Tree for Many-to-Many IP Multicasting In this paper, we propose a simple and practical scheme for many-to-many IP multicasting. The proposed scheme is based on the core based tree
More informationA Source-Based Multicast Scheme in IEEE Mesh Mode
I.J. Wireless and Microwave Technologies 2012, 6, 58-65 Published Online December 2012 in MECS (http://www.mecs-press.net) DOI: 10.5815/ijwmt.2012.06.09 Available online at http://www.mecs-press.net/ijwmt
More informationReflections on Security Options for the Real-time Transport Protocol Framework. Colin Perkins
Reflections on Security Options for the Real-time Transport Protocol Framework Colin Perkins Real-time Transport Protocol Framework RTP: A Transport Protocol for Real-Time Applications RFCs 3550 and 3551
More informationAnalysis of a Multiple Content Variant Extension of the Multimedia Broadcast/Multicast Service
PUBLISHED IN: PROCEEDINGS OF THE EUROPEAN WIRELESS 2006 CONFERENCE 1 Analysis of a Multiple Content Variant Extension of the Multimedia Broadcast/Multicast Service George Xylomenos, Konstantinos Katsaros
More information9/29/2016. Chapter 4 Trees. Introduction. Terminology. Terminology. Terminology. Terminology
Introduction Chapter 4 Trees for large input, even linear access time may be prohibitive we need data structures that exhibit average running times closer to O(log N) binary search tree 2 Terminology recursive
More informationOptimal Multicast Group Communication
Optimal Multicast Group Communication Zhibin Zhou and Dijiang Huang Arizona State University Abstract Many IP multicast based applications, such as Pay- TV, Multiplayer games, require controlling the group
More informationMulticast Technology White Paper
Multicast Technology White Paper Keywords: Multicast, IGMP, IGMP Snooping, PIM, MBGP, MSDP, and SSM Mapping Abstract: The multicast technology implements high-efficiency point-to-multipoint data transmission
More informationInternet Engineering Task Force Mark Baugher(Cisco) Expires: April, 2003 October, 2002
Internet Engineering Task Force Mark Baugher(Cisco) INTERNET-DRAFT Thomas Hardjono (Verisign) Category: Standards Track Hugh Harney (Sparta) Document: draft-ietf-msec-gdoi-06.txt Brian Weis (Cisco) Expires:
More informationData Structures Lesson 7
Data Structures Lesson 7 BSc in Computer Science University of New York, Tirana Assoc. Prof. Dr. Marenglen Biba 1-1 Binary Search Trees For large amounts of input, the linear access time of linked lists
More informationImplementing NTP. Release 3.8.0
Network Time Protocol (NTP) is a protocol designed to time-synchronize devices within a network. Cisco IOS XR software implements NTPv4. NTPv4 retains backwards compatibility with the older versions of
More informationQUALITY of SERVICE. Introduction
QUALITY of SERVICE Introduction There are applications (and customers) that demand stronger performance guarantees from the network than the best that could be done under the circumstances. Multimedia
More informationMulticast Communications. Slide Set were original prepared by Dr. Tatsuya Susa
Multicast Communications Slide Set were original prepared by Dr. Tatsuya Susa Outline 1. Advantages of multicast 2. Multicast addressing 3. Multicast Routing Protocols 4. Multicast in the Internet 5. IGMP
More informationConfiguring multicast VPN
Contents Configuring multicast VPN 1 Multicast VPN overview 1 Multicast VPN overview 1 MD-VPN overview 3 Protocols and standards 6 How MD-VPN works 6 Share-MDT establishment 6 Share-MDT-based delivery
More informationMULTICAST AND IGMPv3. Announcements. Today s Lecture. Multicast (No Sharing) Unicast. I. HW5 will be online today CIDR, subnets, routing
Announcements MULTICAST AND IGMPv3 I. HW5 will be online today CIDR, subnets, routing due in one week Internet Protocols CSC / ECE 573 Fall, 2005 N. C. State University II. Correction to calendar! copyright
More informationIP Multicast Technology Overview
IP multicast is a bandwidth-conserving technology that reduces traffic by delivering a single stream of information simultaneously to potentially thousands of businesses and homes. Applications that take
More informationGroup Key Rekeying Technique with Secure Data Encryption in MANETs
Group Key Rekeying Technique with Secure Data Encryption in MANETs C. Shanmuganathan Research Scholar, CSE Manonmaniam Sundaranar University Tirunelveli, India Dr. P. Raviraj Professor / Department of
More informationCERIAS Tech Report Protection Of Multicast Scalable Video By Secret Sharing: Simulation Results by A Eskicioglu, S Dexer, E Delp Center for
CERIAS Tech Report 2001-107 Protection Of Multicast Scalable Video By Secret Sharing: Simulation Results by A Eskicioglu, S Dexer, E Delp Center for Education and Research Information Assurance and Security
More informationEfficient, Authenticated, and Fault-Tolerant Key Agreement for Dynamic Peer Groups
Efficient, Authenticated, and Fault-Tolerant Key Agreement for Dynamic Peer Groups Li Zhou and Chinya V. Ravishankar Department of Computer Science & Engineering University of California, Riverside Riverside,
More informationSecure Remote Storage Using Oblivious RAM
Secure Remote Storage Using Oblivious RAM Giovanni Malloy Mentors: Georgios Kellaris, Kobbi Nissim August 11, 2016 Abstract Oblivious RAM (ORAM) is a protocol that allows a user to access the data she
More informationBayeux: An Architecture for Scalable and Fault Tolerant Wide area Data Dissemination
Bayeux: An Architecture for Scalable and Fault Tolerant Wide area Data Dissemination By Shelley Zhuang,Ben Zhao,Anthony Joseph, Randy Katz,John Kubiatowicz Introduction Multimedia Streaming typically involves
More informationHierarchical Tree Approach to Group Key Management using the Group Diffie-Hellman Protocol
Hierarchical Tree Approach to Group Key Management using the Group Diffie-Hellman Protocol by Peter King Pong Au B.Sc., University of British Columbia, 1999 A THESIS SUBMITTED IN PARTIAL FULFILLMENT OF
More informationAVL Trees / Slide 2. AVL Trees / Slide 4. Let N h be the minimum number of nodes in an AVL tree of height h. AVL Trees / Slide 6
COMP11 Spring 008 AVL Trees / Slide Balanced Binary Search Tree AVL-Trees Worst case height of binary search tree: N-1 Insertion, deletion can be O(N) in the worst case We want a binary search tree with
More informationInternet Group Management Protocol, Version 3 <draft-ietf-idmr-igmp-v3-07.txt> STATUS OF THIS MEMO
INTERNET-DRAFT Brad Cain, Mirror Image Internet Steve Deering, Cisco Systems Bill Fenner, AT&T Labs - Research Isidor Kouvelas, Cisco Systems Ajit Thyagarajan, Ericsson Expires September 2001 March 2001
More informationCCNA Exploration Network Fundamentals. Chapter 06 Addressing the Network IPv4
CCNA Exploration Network Fundamentals Chapter 06 Addressing the Network IPv4 Updated: 20/05/2008 1 6.0.1 Introduction Addressing is a key function of Network layer protocols that enables data communication
More informationReducing IPTV Channel Zapping Time for Scrambled Services
Reducing IPTV Channel Zapping Time for Scrambled Services Y.S. Hong and T.G.Kim Dongguk University Department of Computer Engineering Seoul Korea {hongys, ashes}@dgu.edu Abstract In general, IPTV is defined
More informationEfficient Group Rekeying Using Application-Layer Multicast
Efficient Group Rekeying Using Application-Layer Multicast X. Brian Zhang, Simon S. Lam, and Huaiyu Liu Department of Computer Sciences, The University of Texas at Austin, Austin, TX 7872 {zxc, lam, huaiyu}@cs.utexas.edu
More informationDisjoint Superposition for Reduction of Conjoined Prefixes in IP Lookup for Actual IPv6 Forwarding Tables
Disjoint Superposition for Reduction of Conjoined Prefixes in IP Lookup for Actual IPv6 Forwarding Tables Roberto Rojas-Cessa, Taweesak Kijkanjanarat, Wara Wangchai, Krutika Patil, Narathip Thirapittayatakul
More informationCS301 - Data Structures Glossary By
CS301 - Data Structures Glossary By Abstract Data Type : A set of data values and associated operations that are precisely specified independent of any particular implementation. Also known as ADT Algorithm
More informationGroup Rekeying with Limited Unicast Recovery
Group Rekeying with Limited Unicast Recovery X. Brian Zhang, Simon S. Lam, and Dong-Young Lee Department of Computer Sciences The University of Texas at Austin Austin, TX 7871 Email: {zxc, lam, dylee}@cs.utexas.edu
More informationLecture 16 Notes AVL Trees
Lecture 16 Notes AVL Trees 15-122: Principles of Imperative Computation (Spring 2016) Frank Pfenning 1 Introduction Binary search trees are an excellent data structure to implement associative arrays,
More informationAlgorithms. Deleting from Red-Black Trees B-Trees
Algorithms Deleting from Red-Black Trees B-Trees Recall the rules for BST deletion 1. If vertex to be deleted is a leaf, just delete it. 2. If vertex to be deleted has just one child, replace it with that
More informationScalable Group Key Management with Partially Trusted Controllers
Scalable Group Key Management with Partially Trusted Controllers Himanshu Khurana, Rafael Bonilla, Adam Slagell, Raja Afandi, Hyung-Seok Hahm, and Jim Basney NCSA, University of Illinois, Urbana-Champaign,
More informationInternetworking. Problem: There is more than one network (heterogeneity & scale)
Internetworking Problem: There is more than one network (heterogeneity & scale) Hongwei Zhang http://www.cs.wayne.edu/~hzhang Internetworking: Internet Protocol (IP) Routing and scalability Group Communication
More informationA Flow Label Based QoS Scheme for End-to-End Mobile Services
A Flow Label Based QoS Scheme for End-to-End Mobile Services Tao Zheng, Lan Wang, Daqing Gu Orange Labs Beijing France Telecom Group Beijing, China e-mail: {tao.zheng; lan.wang; daqing.gu}@orange.com Abstract
More informationMobile Group Communication
Mobile Group Communication Mobility & Multicast Status The Multicast Mobility Problem Listener Mobility ASM Source Mobility SSM Source Mobility Conclusions & Outlook 1 Prof. Dr. Thomas Schmidt http:/www.informatik.haw-hamburg.de/~schmidt
More information