1 / 28

Efficient Group Key Agreement for Dynamic TETRA Networks

Current Trends in Theory and Practice of Computer Science. Efficient Group Key Agreement for Dynamic TETRA Networks. Su Youn Lee , Su Mi Lee and Dong Hoon Lee 2007.1.24. Baekseok College of Cultural Studies GSIS Korea University. Agenda. TETRA Networks Efficient Group Key Agreement for

argus
Download Presentation

Efficient Group Key Agreement for Dynamic TETRA Networks

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Current Trends in Theory and Practice of Computer Science Efficient Group Key Agreement for Dynamic TETRA Networks Su Youn Lee, Su Mi Lee and Dong Hoon Lee2007.1.24 Baekseok College of Cultural StudiesGSIS Korea University

  2. Agenda • TETRA Networks • Efficient Group Key Agreement for Dynamic TETRA Networks (AGKA); - Background and Motivation - Set up, Join and Leave Algorithms

  3. TETRA Networks

  4. What is TETRA? • TErrestrial Trunked RAdio (TETRA) is a new digital transmission standard developed by ETSI and it is becoming the system for public safety organisation TETRA GSM Mobile Radio Mobile Data UMTS Mobile Telephony DECT

  5. PABX, PSTN, ISDN Intranet / Internet Other TETRA network What is TETRA? • Architecture Network Management Line Dispatcher SwMI IP gateway, Firewall

  6. TETRA Security Mechanisms Air Interface Encryption Securing the link between a handset and the network Key Management Center Controlled emission of keys, enabling decentralized authorisation and enforcing the high security level. End-to-End Encryption Securing the communication across a network, independent of the switching infrastructure

  7. TETRA Security Mechanisms • Authentication SwMI Authentication Centre (AuC) k Session authentication keys Switch 1 Switch 2 Challenge and response from Switch MS Authentication • Authentication provides proof identity of all MS in TETRA network • AuC securely send session authentication key to Switch1 and should storage secret key. - Secret key need never be exposed • All MS and AuC operate mutual authentication using secret key K

  8. Authentication process SwMI Mobile Station K Random Seed (RS) K RS Rand TA11 KS Rand RS TA12 TA12 TA11 KS (Session authentication key) DCK, XRES RES DCK RES RES ≠XRES

  9. Air Interface Keys • Derived Cipher Key (DCK) derived from authentication procedure. • Common Cipher Key(CCK) generated by the SwMI and distributed to all MS. • Group Cipher Key(GCK) linked to a specific closed MS group. • Static Cipher Key(SCK) is a predetermined key

  10. K2 Key Management Mechanism SwMI GCK=fn(K1) GCK=fn(K3) GCK=fn(K4) GCK=fn(K2) CCK’=fn(DCK3) CCK’=fn(DCK4) CCK=fn(DCK1) CCK=fn(DCK2) GCK Group call1 Group call2 CCK’ CCK K4 DCK3 DCK4 K3 DCK1 K1 DCK2 MGCK’=fn(GCK, CCK’) MGCK=fn(GCK, CCK)

  11. Over the Air Re-Keying (OTAR) KSO (GSKO) DCK GCK CCK SwMI AI CCK GCK MS DCK KSO (GSKO) MGCK CCK

  12. Efficient Group Key Agreement for Dynamic TETRA Networks (AGKA);- Background and Motivation

  13. Background and Motivation • Group Key Agreement • MS communicating over a public, easily- monitored network • MS needs to establish a common secret key (session key) to secure communication • Group Key Agreement Protocol sk sk sk sk

  14. adversary Background and Motivation • Authenticated Group Key Agreement (AGKA) • AGKA guarantees security against an active adversary who can modify, insert or remove messages • For providing authentication, we can construct AGKA based on PW or signature

  15. Background and Motivation • In AGKA, there are two concerns with regard to efficiency : Communication and Computation efficiency • Communication Efficiency • the number and length of messages • few rounds • Computation Efficiency • needs to complete the protocol • depends on the cryptographic algorithms

  16. Background and Motivation • AGKA for Dynamic TETRA networks • Provides Setup, Leave and Join Algorithms • In a Leave event, removing MS do not know new sk’ • Forward Secrecy

  17. Background and Motivation • AGKA for Dynamic TETRA networks • In Join event, joining MS do not know previous sk • Backward Secrecy

  18. An Efficient Group Key Agreement for Dynamic TETRA Networks (AGKA);- Set up, Join and Leave Algorithms

  19. KEK3 KEK4 KEK2 An Efficient AGKA • Setup SwMI KEK1

  20. KEK3 KEK4 KEK2 An Efficient AGKA • Setup : Group Key Computation Process KEK1

  21. An Efficient AGKA • Setup; • Security • MS verifies signature of SwMI • Assume that a signature scheme is secure • All signature cannot be used twice • Only MS who knows KEK can compute a group key • An adversary can not get any information about a group key from Zi-1,i • XOR Encryption Scheme

  22. KEK3 KEK4 KEK5 KEK2 An Efficient AGKA • Join Algo. SwMI Joining MS5 KEK1

  23. An Efficient AGKA • Join ; • Security • Backward Secrecy • Joining MS should not know a previous group key • Our scheme provides Backward Secrecy • All MS re-calculate T value using different session ID (Ij) per session • Although MS5 knows all T values in current session, MS5 does not compute a previous group key.

  24. KEK3 Leaving MS3 KEK4 KEK2 An Efficient AGKA • Leave Algo. SwMI KEK1

  25. An Efficient AGKA • Leave ; • Security • Forward Secrecy • Leaving MS should not know a current group key • Our scheme provides Forward Secrecy • Leaving MS3 knows all T values of previous session • All MS re-calculate T value using new session ID (Il) per session

  26. An Efficient AGKA • Useful properties • Allows SwMI and MS to agree a group with low complexity • Needs only XOR operation dependent on a number of group MS • Construct a special AGKA scheme including join and leave algorithms

  27. AGKA • AGKAprotocol • Security Theorem • # of send, execute queries :

  28. Thank you ! • Questions? Comments? sylee@bcc.ac.kr.

More Related