![Page 1: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/1.jpg)
slide 1
Comparison of Inter-Area Rekeying Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Algorithms for Secure Mobile Group
CommunicationCommunication
C. Zhang*, B. DeCleene+, J. Kurose*, D. Towsley*
* Dept. Computer Science University of Massachusetts/Amherst Amherst MA USA
+ ALPHATECH Burlington MA USA
Performance 2002 in Rome
![Page 2: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/2.jpg)
slide 2
Overview
introduction: hierarchical key management in a mobile environment
four key management algorithmsperformance modelsresultssummary
![Page 3: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/3.jpg)
slide 3
Scenario: many mobile nodes requiring encrypted communication symmetric data key used for encryption rekey when member joins domain (backward confidentiality) rekey when member leaves domain (forward confidentiality)
Scalable, Secure Group Management
Q: How to perform scalable rekeying given mobility?
DKD
… …
AKD 1 AKD 3 AKD 7 AKD 8
![Page 4: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/4.jpg)
slide 4
AKD 1 AKD 3 AKD 7 AKD 8
Efficient, scalable, secure group management
Hierarchical key distribution: domain divided into areas area key distributor (AKD) distributes data key within area per-area key to encrypt rekeying within area exploit multicast communication within area
DKD
… …
transferleavejoin
Q: key management given mobility in/out/among areas
![Page 5: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/5.jpg)
slide 5
Overview
introduction: hierarchical key distribution in a mobile environment
four key management algorithmsperformance modelsresultssummary and future work
![Page 6: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/6.jpg)
slide 6
SR: Static Rekeying
inter-AS communication during rekeying: inter-AS multicast
AKD AKD
Static (SR)
node always belongs to same area
move
data key
AS 1 AS 2
performance degradation: multiple data keys sent to an AS ( …)
![Page 7: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/7.jpg)
slide 7
BR: Baseline Rekeying
Baseline Rekeying (BR) AS = area move between ASs = transition between areas
AKD AKD
join
transfer
leave
data key
AS 2AS 1
inter-area-transfer implemented as domain leave/join domain leave: area key rekey, data key rekey domain join : area key rekey, data key rekey
![Page 8: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/8.jpg)
slide 8
IR: Immediate Rekeying
Immediate Rekeying (IR) no data key rekeying during transition area keys ( ) are rekeyed
credentials passed between AKDs to implement transfer of security relationship
AKD AKD data key
AS 2AS 1
join
transfer
leave
![Page 9: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/9.jpg)
slide 9
FEDRP: First Entry Delayed Rekey (Periodic)
First Entry Delayed Rekey (FEDRP)area key rekeyed only on first entry to area and domain
leave holding the area key
AKD AKDdata key
AS 2AS 1
transfer
periodic rekey (optional): bound outside member area key holding time
no area key rekey for visit other than 1st time
no area key rekeying when transferring outmobile holds area keys while moving within domain
![Page 10: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/10.jpg)
slide 10
Overview
introduction: hierarchical key distribution in a mobile environment
four key management algorithmsperformance modelsresultssummary and future work
![Page 11: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/11.jpg)
slide 11
Analysis Overview
Performance metrics:communication:
key-related msg rate within AS i
key-related msg rate out of AS i
computation: area key rekey rate
security: #(area keys) held by area member
Modeling approach:
M areas Poisson arrivals () of
new members to domain exponential sojourn
time within AS inter-AS member
mobility: Markov process
![Page 12: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/12.jpg)
slide 12
Analysis Details model each AS as M/M/∞ queue
1/i (i {1,…,M}) : average sojourn time in AS i per visit
state i (i {1,…,M}) : inside domain, in AS i state M+1: outside domain
P = [pi,j] (i,j {1,…,M+1}) : state transition probability
= [i ] (i {1,…,M}) : area key periodic rekey interval (FEDRP)
compute occupancy probabilities for AS i
achieve performance metric of interest
![Page 13: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/13.jpg)
slide 13
Analysis Summary:
SR, BR, IRclosed form solutions
FEDRPfurther assumptions needed: (domain leave
and period rekey) area rekeying is Poissonsolved as a fixed point problem
validated by DaSSF simulator
![Page 14: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/14.jpg)
slide 14
Overview
introduction: hierarchical key distribution in a mobile environment
four key management algorithmsperformance modelsresultssummary
![Page 15: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/15.jpg)
slide 15
100
1000
10000
100000
1 10 100 1000
avg #ASs visited per member
msg
ra
te w
ith
in A
S i
SRBRIRFEDRP 1/δ=0FEDRP 1/δ=100FEDRP 1/δ=1000
Message Rate within an AS
FEDRP(1/δ=0): smallest msg rate, except with high mobility
M=16, =100, 1/ = 1, HOMOGEMEOUS
10m
100m
1kmFoot Urban HWY
Foot Urban HWY
Foot Urban
![Page 16: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/16.jpg)
slide 16
Message Rate out of an AS
SR: higher inter-AS communication
0
50
100
150
200
250
1 10 100
avg #ASs visited per member
msg
ra
te o
ut
of
AS i
SR
FEDRP
![Page 17: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/17.jpg)
slide 17
Area Key Rekey Rate
FEDRP: rekey rate bounded by 2+1/i
1
10
100
1000
10000
1 10 100 1000
avg #ASs visited per member
area
key
rek
ey r
ate
of a
rea
i
SR BR,IRFEDRP 1/δ=0 FEDRP 1/δ=100FEDRP 1/δ=1000
1200=2*100+1000
300=2*100+100
200=2*100+0
![Page 18: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/18.jpg)
slide 18
Average #Area Keys held by a member
FEDRP: # area keys held small except with high mobility
1
1.5
2
2.5
3
3.5
4
1 10 100
avg #ASs visited per member
av
g #
are
a k
eys
hel
d b
y a
mem
ber
FEDRP 1/δ=0
FEDRP 1/δ=100
FEDRP 1/δ=1000
![Page 19: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/19.jpg)
slide 19
10
100
1000
10000
1 10 100
avg #ASs visited per member
area
rek
ey r
ate
of a
rea
i
IR AIR BIR CFEDRP 1/δ=0 AFEDRP 1/δ=0 BFEDRP 1/δ=0 C
• same trend as homogeneous case• small difference among areas
Heterogeneous Case : 2D Random Walk
thus far: “transporter” mobility model - member can move directly from any AS to any other AS
2D random walk: only move to neighboring AS
IR
FEDRP
A B
B C
B A
C B
B C
A B
C B
B A
![Page 20: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/20.jpg)
slide 20
Summary
performance analysis of four inter-area rekey algorithms addressing the mobility issue
analytic performance models modeling heterogeneous mobility such as “2D random walk” FEDRP has lowest communication costs, and low
computation costs FEDRP allows to hold small number of area keys SR performs better in highly mobile scenarios
cost: higher inter-AS communication
![Page 21: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/21.jpg)
slide 21
Thanks
![Page 22: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/22.jpg)
slide 22
Applications
large scale military
law enforcement
disaster recovery
business
![Page 23: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/23.jpg)
slide 23
Future Work
data throughput
impact of loss and latency
authentication overhead
effect of LKH
![Page 24: Slide 1 Comparison of Inter-Area Rekeying Algorithms for Secure Mobile Group Communication C. Zhang*, B. DeCleene +, J. Kurose*, D. Towsley* * Dept. Computer](https://reader030.vdocument.in/reader030/viewer/2022032600/56649dc35503460f94ab5f98/html5/thumbnails/24.jpg)
slide 24
Thanks