Document Sample
ds Powered By Docstoc
					Boolean Function Minimization

        By Sudeep Biswas
            Today's scenario
• Sender need not be in the multicast group
• Receivers do not have any mechanism to
  authenticate senders
• Responsibility lies with the routers to send
  multicast packets to all group members
• Secure approach needs to be added over IP
           Secure Approach
• Each group is associated with a group
  controller (A trusted server)
• Group controller is responsible for
  managing group membership
         Secure group joining
• Both sender and receiver has to request
  access to the group controller
• Group controller verifies credentials such as
  password,id or a digital certificate
• If the client is permitted,controller provides
  it with the session and the auxiliary keys
        Secure group removal
• De registration is initiated by the client or
  by the controller
• Removal of group members and
  communicating a new session key in a
  secure and scalable way is a non trivial task
  Our key management scheme
• Assumptions
  – The maximum group size is known (say p)
  – Each group member has an unique id:
     Xn-1Xn-2Xn-3……X0 where Xi  (0,1)
  – Length of id is lg(n),n is maximum group size
    rounded to nearest power of 2 (n > p)
             Key Distribution
• Each client receives a session key and a set of
  auxiliary keys upon joining
• The set of n auxiliary keys are:Kn-1,Kn-2,….
   K0 where Ki = ki if Xi =1 and Ki = ki if Xi = 0.
• Controller has all the keys
• Changes in keys takes place when group members
  depart or arrives
• Each time interval over which the keys remain
  fixed is called a round,denoted by a round number
  r. keys are : SK(r) & {ki(r) , ki(r) for all i}
   Individual member removal
• A member of id 101 departs having keys
  k2,k1 & k0
• Controller computes new session key
  SK(r+1) and sends different messages
  {SK(r+1)}k0 ,{SK(r+1)}k1 ,{SK(r+1)}k2
• Controller and the remaining members
  compute the new set of auxiliary keys
  ki(r+1)=f(ki(r),SK(r+1)) (why ?)
     Multiple member removal
• Set of clients {c0,c1,c2…..cN-1}
• m(Xn-1Xn-2Xn-3……X0)=0 for clients
  leaving the group.(membership function
  dynamically computed by controller)
• Minimum number of messages to send.
• This is achieved by encrypting information
  with keys common to subsets of the
  remaining members

1) c0 & c4 leaves the group.
2) Controller need to multicast only {SK(r+1)}k0 &
• General approach
• m(X2,X1,X0)=X2X1X0 + X2X1X0 +
  X2X1X0 + X2X1X0 + X2X1X0 + X2X1X0
• Terms reflect no. of messages to send
• Literals in each term reflect the keys by
  which the message is to be encrypted
• Generally better to send minimum messages
       Cont…(Karnaugh map)

K-map used to minimize m and hence number of messages to
m=X1+X0 (Hence send secret key encrypted with k0 and
then with k1)
New member arrival(My scheme)
• Controller provides a vacant uid and the auxiliary
  keys to the new member(s)
• m is modified by the controller keeping in view of
  these new member(s)
• m is minimized if required,and this minimized m
  is used to compute the no. of messages and the
  key combinations to be used
• New session key is send to each member
• Storage
   – Member : lg(n)+1
   – Controller : 2lg(n)+1
• Processing (single change)
   – Member : O(1)
   – Controller : O(lg(n))
• Processing : (O(n) changes)
   – Member : O(1)
   – Controller : O(n)
• All figures better than ‘key graphs’ method
• Collusion attack
  – A set of members previously removed from the
    group collude.
  – Combining their auxiliary keys they may get
    the next round session and hence the auxiliary
    Example of collusion attack
• Members with uid 000 and 111 are removed
• Together they have all set of auxiliary keys
• They collude and trace the next round
  session and auxiliary keys
• Elimination of collusion attack impossible
  with less than O(n) keys but its probability
  decreases with increase in auxiliary key
  space and sparse distribution of uids.

Shared By: