Group Protocols for Secure Wireless Ad hoc Networks
Srikanth NannapaneniSreechandu Kamisetty
Swethana pagadalaAparna kasturi
Overview
Introduction Key Management in Ad hoc networks.
Key distribution pattern. Blom`s key distribution
Secure point-point channel Examples.
Introduction
Ad hoc network- A self organized network of user terminals
(no prior infrastructure ).Group Communication in Ad hoc-
Effective support of multicast or group communication essential for most ad-hoc network applications.
Multicasting
Enables efficient delivery of data to multiple locations on a network.
Efficient utilization of bandwidth.
More efficient when compared to unicasting and broadcasting.
Introduction (contd..)
Securing Group Communication- Multicast groups are prone to security attacks.
Securing group communication is important
Military operation
Instantaneous conferences and classrooms.
Common way is to establish a cryptographic key known only to group members.
Dynamic nature of Multicast Group
Existing nodes may leave the group New nodes may join the group Compromised nodes should be eliminated from the group.
This requires efficient key management Group key must be updated whenever group membership changes. key update and rekeying is provided by group key distribution
schemes.
Decentralized scheme
Relying on a single trusted authority is not wise
Single point failure
Single point attack
Distributing the trust to all nodes in the network improves efficiency.
An attack on a single system will not bring down the whole system.
Security Goals
Session secrecy collusion temporarily revoked nodes cannot discover the
common key of the new group
Forward secrecy Collusion of nodes that leave the group cannot discover the
common keys for all future communication
Backward secrecy Collusion of nodes that join a group cannot discover the keys
used by the group in the past
Efficiency A group key distribution scheme requires low amount of
communication, computation, secure storage and smaller response time to perform security operations.
Scalability The scheme must work well for both small and large number of
nodes in the group
Key management in Ad Hoc networks
Some of the solutions proposed so far- Key Agreement in Ad Hoc Networks (shared password)
Asokan and Ginzboorg, Computer Communications 2000 On Some Methods for Unconditionally Secure key
Distribution and Broadcast Encryption (Key Pre-distribution, TA) D. R. Stinson, Univ. Of Nebraska-Lincoln, U.S.A.
What are we going to discuss- Key Distribution pattern.
Features of KDP
Self initialization Does not require a trusted authority to set up a system.
Self securing Members of a new group can determine the common key by
finding the appropriate combination of their secret keys.
Construction of KDP
Let K = {k1, …, kv} be a v-set.
B = {B1, …, Bn} be a family of subsets of K.
A system (K, B) a t-resilient (v, n, r) key distribution pattern (KDP) if the following condition holds:
⋂iΔ Bi ⊈ ⋃ jΛ Bj
where Δ and Λ are any disjoint subsets of {1, …, n} such that |Δ| = r and |Λ| = t
Construction KDP (contd..)
The KDP guarantees that
For any r subsets, {Bi1, …, Bir}, and any t subsets, {Bj1, …, Bjt}, where {Bi1, …, Bir} ⋂ {Bj1, …, Bjt} = Ø, there exists at least an element k that belongs to the r subsets, but does not belong to the t subsets.
For a given r subsets or less, an arbitrary union of at most t other subsets cannot cover elements in the r subsets.
The Key Matrix
Secure ZoneSecure ZoneSecure ZoneSecure Zone
B2B1
B3
B5B4
K={1.....9}, B={B1…B12}, r=2; t=1K={1.....9}, B={B1…B12}, r=2; t=1B1= {4,5,6,7,8,9} B7= {1,3,4,5,8,9}B2= {2,3,5,6,8,9} B8= {1,3,5,6,7,8} B3= {2,3,4,6,7,8} B9= {1,2,3,4,5,6}B4= {2,3,4,5,7,9} B10={1,2,4,5,7,8}B5= {1,2,3,7,8,9} B11={1,2,5,6,7,9}B6= {1,3,4,6,7,9} B12={1,2,4,6,8,9}
K={1...14}, B={B1..B5}, r=3; t=2K={1...14}, B={B1..B5}, r=3; t=2B1={2,3,4,5,9,11,12,13,14}B2={1,3,5,7,8,10,14}B3={1,2,4,5,6,10,13}B4={1,3,6,7,8,11,12,13}B5={2,4,6,8,9,10,11,14}
110101011
101110011
011011011
000111111
011110101
110011101
101101101
111000111
101011110
011101110
110110110
111111000
987654321
12
11
10
9
8
7
6
5
4
3
2
1
B
B
B
B
B
B
B
B
B
B
B
B
Group Key
Constraints on Group formation• The parameter r • The parameter t (t-resilient)
KEY1=B1∩B2 ∩B3=4 5 6
KEY2=B2 ∩B5 ∩B6 KEY3=B3 ∩B4 ∩B5GROUP KEY1
GROUPKEY3GROUP KEY2
B2
B1
B3
B6
B5B4
+ +
t- resilient
GK1
B1
B2
B3
B1={2,3,4,5,9,11,12,13,14}B2={1,3,5,7,8,10,14}B3={1,2,4,5,6,10,13}B4={1,3,6,7,8,11,12,13}B5={2,4,6,8,9,10,11,14}
GK1=B1∩B2 ∩B3 =[5]
B1∩B3=[2,4,5,13]
B4
GK1=B1∩B3 ∩B4 =[13]
Compromised nodesCompromised nodes
B5GK1=B1∩B3 ∩B5 =[2,4]
υ
={1,3,5,6,7,8,10,11,12,13}
⋂iΔ Bi ⊈ ⋃ jΛ Bj
Key Update
When , Why and How!
When Nodes leaves -• Temporarily, permanently, new node joins.
Why –
As discussed before to provide –• Session secrecy, Forward Secrecy, Backward Secrecy.
How?
Key Update
B5= {1,2,3,7,8,9}
B1
B3B2
B4 B7B6
B8 B9 B10 B11
B5
B1= {4,5,6,7,8,9}, k|=B1∩B5={7 8 9}
B2= {2,3,5,6,8,9} B3= {2,3,4,6,7,8}
B7= {1,3,4,5,8,9}
B11= {1,2,5,6,7,9}B10= {1,2,4,5,7,8}B9= {1,2,3,4,5,6}B8= {1,3,5,6,7,8}
B4= {2,3,4,5,7,9} B6= {1,3,4,6,7,9}
B2= {8,9} B3= {7,8}
B4= {7,9}, B6= {7,9} B7= {8,9}
B8= {7,8}, B10= {7,8}, B11= {7,9}
k|= {7,8,9},
k| =(B2∩B5 -k| )= {2,3}
B3= {2,3} B4= {2,3}
B6= {3} B7= {3}, B8= {3},
B9= {2,3} B10= {2}B11= {2},
Key Update (contd..)
B5= {1,2,3,7,8,9}B5 ,k|= {2,3,7,8,9},B1= {4,5,6,7,8,9} B7= {1,3,4,5,8,9}B2= {2,3,5,6,8,9} B8= {1,3,5,6,7,8}B3= {2,3,4,6,7,8} B9= {1,2,3,4,5,6}B4= {2,3,4,5,7,9} B10={1,2,4,5,7,8}B5= {1,2,3,7,8,9} B11={1,2,5,6,7,9}B6= {1,3,4,6,7,9} B12={1,2,4,6,8,9}
B6
B7 B8
B12B11B10B9
Blom's key
Allows any pair of users in the network form a secure point-point channel.
Users compute secret key with out any interaction. User sends a cipher text which can be decrypted only by the
user he is intended to send. The scheme uses the following symmetric polynomial over a
finite GF(q).
The polynomial holds symmetric property
Why Blom`s key distribution?
B1
B1
B1
B1B1
How many secret keys would every node in the network have to store?
nc2
Acknowledgements.
Our thanks to Dr Kris Gaj and Dr Josef Pieprzyk for their invaluable suggestions and time.