Group Protocols for Secure Wireless Ad hoc Networks

Srikanth NannapaneniSreechandu Kamisetty

Swethana pagadalaAparna kasturi

Overview

Introduction Key Management in Ad hoc networks.

Key distribution pattern. Blom`s key distribution

Secure point-point channel Examples.

Introduction

Ad hoc network- A self organized network of user terminals

(no prior infrastructure ).Group Communication in Ad hoc-

Effective support of multicast or group communication essential for most ad-hoc network applications.

Multicasting

Enables efficient delivery of data to multiple locations on a network.

Efficient utilization of bandwidth.

More efficient when compared to unicasting and broadcasting.

Introduction (contd..)

Securing Group Communication- Multicast groups are prone to security attacks.

Securing group communication is important

Military operation

Instantaneous conferences and classrooms.

Common way is to establish a cryptographic key known only to group members.

Dynamic nature of Multicast Group

Existing nodes may leave the group New nodes may join the group Compromised nodes should be eliminated from the group.

This requires efficient key management Group key must be updated whenever group membership changes. key update and rekeying is provided by group key distribution

schemes.

Factors effect an ideal group key distribution scheme

Secure

Decentralized

Efficient

Scalablity

Decentralized scheme

Relying on a single trusted authority is not wise

Single point failure

Single point attack

Distributing the trust to all nodes in the network improves efficiency.

An attack on a single system will not bring down the whole system.

Security Goals

Session secrecy collusion temporarily revoked nodes cannot discover the

common key of the new group

Forward secrecy Collusion of nodes that leave the group cannot discover the

common keys for all future communication

Backward secrecy Collusion of nodes that join a group cannot discover the keys

used by the group in the past

Efficiency A group key distribution scheme requires low amount of

communication, computation, secure storage and smaller response time to perform security operations.

Scalability The scheme must work well for both small and large number of

nodes in the group

Key management in Ad Hoc networks

Some of the solutions proposed so far- Key Agreement in Ad Hoc Networks (shared password)

Asokan and Ginzboorg, Computer Communications 2000 On Some Methods for Unconditionally Secure key

Distribution and Broadcast Encryption (Key Pre-distribution, TA) D. R. Stinson, Univ. Of Nebraska-Lincoln, U.S.A.

What are we going to discuss- Key Distribution pattern.

Features of KDP

Self initialization Does not require a trusted authority to set up a system.

Self securing Members of a new group can determine the common key by

finding the appropriate combination of their secret keys.

Construction of KDP

Let K = {k1, …, kv} be a v-set.

B = {B1, …, Bn} be a family of subsets of K.

A system (K, B) a t-resilient (v, n, r) key distribution pattern (KDP) if the following condition holds:

⋂iΔ Bi ⊈ ⋃ jΛ Bj

where Δ and Λ are any disjoint subsets of {1, …, n} such that |Δ| = r and |Λ| = t

Construction KDP (contd..)

The KDP guarantees that

For any r subsets, {Bi1, …, Bir}, and any t subsets, {Bj1, …, Bjt}, where {Bi1, …, Bir} ⋂ {Bj1, …, Bjt} = Ø, there exists at least an element k that belongs to the r subsets, but does not belong to the t subsets.

For a given r subsets or less, an arbitrary union of at most t other subsets cannot cover elements in the r subsets.

The Key Matrix

Secure ZoneSecure ZoneSecure ZoneSecure Zone

B2B1

B3

B5B4

K={1.....9}, B={B1…B12}, r=2; t=1K={1.....9}, B={B1…B12}, r=2; t=1B1= {4,5,6,7,8,9} B7= {1,3,4,5,8,9}B2= {2,3,5,6,8,9} B8= {1,3,5,6,7,8} B3= {2,3,4,6,7,8} B9= {1,2,3,4,5,6}B4= {2,3,4,5,7,9} B10={1,2,4,5,7,8}B5= {1,2,3,7,8,9} B11={1,2,5,6,7,9}B6= {1,3,4,6,7,9} B12={1,2,4,6,8,9}

K={1...14}, B={B1..B5}, r=3; t=2K={1...14}, B={B1..B5}, r=3; t=2B1={2,3,4,5,9,11,12,13,14}B2={1,3,5,7,8,10,14}B3={1,2,4,5,6,10,13}B4={1,3,6,7,8,11,12,13}B5={2,4,6,8,9,10,11,14}

110101011

101110011

011011011

000111111

011110101

110011101

101101101

111000111

101011110

011101110

110110110

111111000

987654321

12

11

10

9

8

7

6

5

4

3

2

1

B

B

B

B

B

B

B

B

B

B

B

B

Group Key

Constraints on Group formation• The parameter r • The parameter t (t-resilient)

KEY1=B1∩B2 ∩B3=4 5 6

KEY2=B2 ∩B5 ∩B6 KEY3=B3 ∩B4 ∩B5GROUP KEY1

GROUPKEY3GROUP KEY2

B2

B1

B3

B6

B5B4

+ +

t- resilient

GK1

B1

B2

B3

B1={2,3,4,5,9,11,12,13,14}B2={1,3,5,7,8,10,14}B3={1,2,4,5,6,10,13}B4={1,3,6,7,8,11,12,13}B5={2,4,6,8,9,10,11,14}

GK1=B1∩B2 ∩B3 =[5]

B1∩B3=[2,4,5,13]

B4

GK1=B1∩B3 ∩B4 =[13]

Compromised nodesCompromised nodes

B5GK1=B1∩B3 ∩B5 =[2,4]

υ

={1,3,5,6,7,8,10,11,12,13}

⋂iΔ Bi ⊈ ⋃ jΛ Bj

Key Update

When , Why and How!

When Nodes leaves -• Temporarily, permanently, new node joins.

Why –

As discussed before to provide –• Session secrecy, Forward Secrecy, Backward Secrecy.

How?

Key Update

B5= {1,2,3,7,8,9}

B1

B3B2

B4 B7B6

B8 B9 B10 B11

B5

B1= {4,5,6,7,8,9}, k|=B1∩B5={7 8 9}

B2= {2,3,5,6,8,9} B3= {2,3,4,6,7,8}

B7= {1,3,4,5,8,9}

B11= {1,2,5,6,7,9}B10= {1,2,4,5,7,8}B9= {1,2,3,4,5,6}B8= {1,3,5,6,7,8}

B4= {2,3,4,5,7,9} B6= {1,3,4,6,7,9}

B2= {8,9} B3= {7,8}

B4= {7,9}, B6= {7,9} B7= {8,9}

B8= {7,8}, B10= {7,8}, B11= {7,9}

k|= {7,8,9},

k| =(B2∩B5 -k| )= {2,3}

B3= {2,3} B4= {2,3}

B6= {3} B7= {3}, B8= {3},

B9= {2,3} B10= {2}B11= {2},

Key Update (contd..)

B5= {1,2,3,7,8,9}B5 ,k|= {2,3,7,8,9},B1= {4,5,6,7,8,9} B7= {1,3,4,5,8,9}B2= {2,3,5,6,8,9} B8= {1,3,5,6,7,8}B3= {2,3,4,6,7,8} B9= {1,2,3,4,5,6}B4= {2,3,4,5,7,9} B10={1,2,4,5,7,8}B5= {1,2,3,7,8,9} B11={1,2,5,6,7,9}B6= {1,3,4,6,7,9} B12={1,2,4,6,8,9}

B6

B7 B8

B12B11B10B9

Blom's key

Allows any pair of users in the network form a secure point-point channel.

Users compute secret key with out any interaction. User sends a cipher text which can be decrypted only by the

user he is intended to send. The scheme uses the following symmetric polynomial over a

finite GF(q).

The polynomial holds symmetric property

Why Blom`s key distribution?

B1

B1

B1

B1B1

How many secret keys would every node in the network have to store?

nc2

With Blom`s Key

B1

B2 B3

F (1, 2)=15F (3, 1)=8

F (2, 1)=15F (3, 1)=8

E15(M)

Acknowledgements.

Our thanks to Dr Kris Gaj and Dr Josef Pieprzyk for their invaluable suggestions and time.

Questions?