Scalable Secure Group Communication over IP Multicast. Authors:Suman Banerjee, Bobby Bhattacharjee. Speaker: Kun Sun

Similar documents
Mykil: A Highly Scalable Key Distribution Protocol for Large Group Multicast

Iolus: A Framework for Scalable Secure Multicasting

Efficient Secured Model For Communication In Dynamic Multicast Groups

AN OPTIMAL AND COST EFFECTIVE KEY MANAGEMENT SCHEME FOR SECURE MULTICAST COMMUNICATION

Decentralized Key Management for Large Dynamic Multicast Groups using Distributed Balanced Trees

P 5 : A Protocol for Scalable Anonymous Communications

CSC/ECE 774 Advanced Network Security

Scalable Application Layer Multicast

The Overlay Multicast Protocol (OMP): A Proposed Solution to Improving Scalability of Multicasting in MPLS Networks

Group Key Rekeying Technique with Secure Data Encryption in MANETs

Bayeux: An Architecture for Scalable and Fault Tolerant Wide area Data Dissemination

Efficient Group Rekeying Using Application-Layer Multicast

Bridge-Node Selection and Loss Recovery in Island Multicast

Why multicast? The concept of multicast Multicast groups Multicast addressing Multicast routing protocols MBONE Multicast applications Conclusions

Mobile Ad-hoc Network. WIDE project/keio University

Multicast Communications. Slide Set were original prepared by Dr. Tatsuya Susa

Enhancement of the CBT Multicast Routing Protocol

A Survey on Multicast rekeying for secure group communication

3. Evaluation of Selected Tree and Mesh based Routing Protocols

What is Multicasting? Multicasting Fundamentals. Unicast Transmission. Agenda. L70 - Multicasting Fundamentals. L70 - Multicasting Fundamentals

Application Layer Multicast with Proactive Route Maintenance over Redundant Overlay Trees

Performance Optimizations for Group Key Management Schemes for Secure Multicast

Performance Evaluation of Mesh - Based Multicast Routing Protocols in MANET s

Delaunay Triangulation Overlays

ASM. Engineering Workshops

Routing over Low Power and Lossy Networks

Institute of Computer Technology - Vienna University of Technology. L73 - IP QoS Integrated Services Model. Integrated Services Model

KEY MANAGEMENT FOR SECURE GROUP COMMUNICATION IN A WIRELESS ENVIRONMENT

Design Intentions. IP QoS IntServ. Agenda. Design Intentions. L73 - IP QoS Integrated Services Model. L73 - IP QoS Integrated Services Model

EECS 122, Lecture 13. Multicast Delivery. Multicast Delivery. Reasons for Multicast. Why not just Machine Gun? Multicast Example

Proactive Route Maintenance and Overhead Reduction for Application Layer Multicast

IP Multicast Technology Overview

#$% * #$%+ $ (% Enables community-centric applications: Military and law enforcement. Search and rescue applications.

Group Rekeying with Limited Unicast Recovery

PERFORMANCE EVALUATION OF DSR USING A NOVEL APPROACH

Chapter 7 CONCLUSION

I Metric I Explanation Robustness

Multicast overview. Introduction to multicast. Information transmission techniques. Unicast

Kapitel 5: Mobile Ad Hoc Networks. Characteristics. Applications of Ad Hoc Networks. Wireless Communication. Wireless communication networks types

Resilient Multicast using Overlays

Secure Group Key Management Scheme for Multicast Networks

A Comparative and Performance Study of On Demand Multicast Routing Protocols for Ad Hoc Networks

Distributed Systems Reliable Group Communication

Multicast Technology White Paper

Mesh-Based Content Routing Using XML

Date: June 4 th a t 1 4:00 1 7:00

IP Multicast. Overview. Casts. Tarik Čičić University of Oslo December 2001

CS4700/CS5700 Fundamentals of Computer Networks

Configuring Bidirectional PIM

Arvind Krishnamurthy Fall 2003

Master s Thesis. A Construction Method of an Overlay Network for Scalable P2P Video Conferencing Systems

CS 268: IP Multicast Routing

Scalable overlay Networks

Ad Hoc Wireless Routing CS 218- Fall 2003

Efficient Hybrid Multicast Routing Protocol for Ad-Hoc Wireless Networks

Multicast EECS 122: Lecture 16

Building Low Delay Application Layer Multicast Trees

Cluster Based Group Key Management in Mobile Ad hoc Networks

A Scalable Core Migration Protocol for Dynamic Multicast Tree *

Performance analysis of Bloom filterbased

Routing. Info 341 Networking and Distributed Applications. Addresses, fragmentation, reassembly. end-to-end communication UDP, TCP

Protocol for Tetherless Computing

Application Layer Multicast For Efficient Peer-to-Peer Applications

COMPARATIVE STUDY AND ANALYSIS OF AODTPRR WITH DSR, DSDV AND AODV FOR MOBILE AD HOC NETWORK

Multi-way Search Trees. (Multi-way Search Trees) Data Structures and Programming Spring / 25

A Survey on Efficient Group Key Management Schemes in Wireless Networks

Resource Control and Reservation

RSVP 1. Resource Control and Reservation

CMPE 257: Wireless and Mobile Networking

Tree-Based Application Layer Multicast using Proactive Route Maintenance and its Implementation

Mobile Ad-hoc and Sensor Networks Lesson 05 Mobile Ad-hoc Network (MANET) Routing Algorithms Part 2

! Naive n-way unicast does not scale. ! IP multicast to the rescue. ! Extends IP architecture for efficient multi-point delivery. !

ES623 Networked Embedded Systems

Many-to-Many Communications in HyperCast

Internet Engineering Task Force (IETF) Category: Standards Track. T. Morin France Telecom - Orange Y. Rekhter. Juniper Networks.

4.2 Multicast IP supports multicast to support one-to-many (radio, news, IP multicast was originally a many-to-many (any source MC or

Data and Computer Communications. Protocols and Architecture

Multicast as an ISP service

Request for Comments: 2004 Category: Standards Track October Minimal Encapsulation within IP. Status of This Memo

Internetworking. Problem: There is more than one network (heterogeneity & scale)

A Technique for Improving Security in Mobile Ad-hoc Networks

Efficient Group Key Management Schemes for Multicast Dynamic Communication Systems. Muhammad Yasir Malik

GIAN Course on Distributed Network Algorithms. Spanning Tree Constructions

Internet Control Message Protocol (ICMP)

Module 4: Index Structures Lecture 13: Index structure. The Lecture Contains: Index structure. Binary search tree (BST) B-tree. B+-tree.

UDLR Unidirectional Link Routing overview and examples

Key Management Schemes for Stateless Receivers Based on Time Varying Heterogeneous Logical Key Hierarchy

CS 457 Networking and the Internet. Problems. Mechanisms 9/21/16. Fall 2016 Indrajit Ray

Expanding Ring Search for Route Discovery in LOADng Routing Protocol

Introduction to Sync

Internet Protocols Fall Lectures Inter-domain routing, mobility support, multicast routing Andreas Terzis

Computer Networks Prof. Ashok K. Agrawala

Enhanced Cores Based Tree for Many-to-Many IP Multicasting

Behaviour of Routing Protocols of Mobile Adhoc Netwok with Increasing Number of Groups using Group Mobility Model

Distributed Systems 26. Mobile Ad Hoc Mesh Networks

Distributed Systems. 09. State Machine Replication & Virtual Synchrony. Paul Krzyzanowski. Rutgers University. Fall Paul Krzyzanowski

CSC 774 Network Security

Overlay Networks. Behnam Momeni Computer Engineering Department Sharif University of Technology

Dynamic Join-Exit Amortization and Scheduling for Time-Efficient Group Key Agreement

CE693: Adv. Computer Networking

Transcription:

Scalable Secure Group Communication over IP Multicast Authors:Suman Banerjee, Bobby Bhattacharjee Speaker: Kun Sun Contents Introduction Related Work Secure multicast using clustering Spatial Clustering Simulation Experiment Conclusions 2

Introduction(1/2) If assuming the network infrastructure is insecure : Non-members can eavesdrop on the multicast group and store encrypted messages The members who have left the group can continue to decrypt messages New members can decrypt messages they had stored previously Need the Group re-keying during each membership change 3 Introduction(2/2) Point-to-point Point-to-multipoint Scalability problem of key management This paper s algorithm Does not require router support Completely end-host based 4

Related Works(1/3) Group Key Management Protocol (GK MP) Group Key Controller generates group ke ys. Scalable Multicast Key Distribution (S MKD) It requires explicit router support, not sc alably solve the problem of group re-key ing. 5 Related Works(2/3) Iolus Divide the secure multicast group into m ultiple sub-groups, which is managed b y Group Security Agent (GSA). Not define size bound of subgroup MARKS Assume the duration that a member stay s in the group known apriori. 6

Related Works(3/3) Key Graphs scheme Use a tree hierarchy of keys distributed between members. Boolean Minimization Use virtual hierarchy of keys More scalably than Key Graphs scheme i n bulk membership changes 7 Secure Multicast using Clustering Member hierarchy for Key distribution The procedure terminates when there is only a single member in any layer Cluster [CEH] Cluster [ABC] Cluster [GHI] Cluster [DEJF] 8

Secure Multicast using Clustering Layer Keys and Cluster Keys : Layer key Possessed by the group members in that specific layer Generated, on-demand, by a key-server Cluster key The leader of each cluster is responsible for generating the cluster key for that cluster A pair-wise key is shared between the cluster-leader and each member 9 Secure Multicast using Clustering Key Distribution Protocol (Example 1) Assuming the cluster size : 3~5 Multicast to all members in L1 encrypted by L1 layer key 10

Secure Multicast using Clustering Key Distribution Protocol (Example 2) 11 Example 2 cont. 12

Secure Multicast using Clustering Key Distribution Protocol (Example 2) 13 Spatial Clustering Clustering algorithm Member discovery protocol Clustering protocol 14

Spatial clustering Member discovery protocol Defines parent-child relationships among the different members of the multicast tree Focus on network layer multicast scheme that creates shared bi-directional trees (e.g.cbt) d(x,y): distance between the members x and y, in router hops, then, y is considered to be parent of x, if and only if - d(s,y) d(s,x) (where, S is source) - z that satisfy d(y,x) d(z,x) 15 Spatial Clustering Member discovery protocol (Cont.) 5 4 4 3 3 2 1 16

Spatial Clustering Clustering protocol To create the clusters, the Cluster tree size is : k~2k logically traversed from the leaves upwards to the root. τ Whenever a set of members that v = C fall within the size bounds is detected, they are grouped 3k/2 + into 3k/4 = a 9k/4 cluster. > 2k τ v : subtree rooted at some node v, which cannot be joined to any cluster rooted at v, and has to be joined to a cluster that is rooted at a node upstream of node v Unstable subtree 17 Spatial Clustering Clustering protocol (Cont.) 18

Simulation Experiment Experiment setup Simulated network infrastructures that do support directed multicast sender can multicast a packet to individual subtree(s) rooted at a specific router on the multicast delivery tree do not support directed multicast using a different multicast address Instead, using TTL-scoping : scoped multicast 19 Simulation Experiment Experimental methodology Key-normalized byte count The network overhead for re-keying at a single router assuming unit(1 byte) key size Packet load A counter of the # of packets processed by the routers on the multicast tree Storage and Processing Overhead The # of keys stored at each node and the # of cryptographic operation at each node 20

Simulation Experiment Spill over Spatial-i : i different multicast addresses a simple decentralized address assignment scheme : each cluster picks one multicast address at random, independent of each other 21 Simulation Experiment <Impact of batched updates> <using multiple multicast addresses> 22

Simulation Experiment 23 Conclusions This paper s algorithm Does not require router support Completely end-host based efficient in practice Directed multicast is an useful primitive for implementing many secure multicast schemes 24

References Suman Banerjee, Bobby Bhattacharjee,Scalable Secure Group Communication over IP Multicast I. Chang, R. Engel, D. Kandlur, D. Pendarakis, and D. Saha, Key management for secure internet multicast using boolean function minimization techniques. In Proceedings of Infocom, New York, March 1999 C.K. Wong, M. Gouda, and S. Lam. Secure group communications using key graphs. Proceedings of SIGCOMM, September 1998 25

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback