Optimal subset-difference broadcast encryption with free riders

Cataloged from PDF version of article.Broadcast encryption (BE) deals with secure transmission of a message to a group of receivers such that only an authorized subset of receivers can decrypt the message. The transmission cost of a BE system can be reduced considerably if a limited number of free riders can be tolerated in the system. in this paper, we study the problem of how to optimally place a given number of free riders in a subset-difference (SD)-based BE system, which is currently the most efficient BE scheme in use and has also been incorporated in standards, and we propose a polynomial-time optimal placement algorithm and three more efficient heuristics for this problem. Simulation experiments show that SD-based BE schemes can benefit significantly from the proposed algorithms. (C) 2009 Elsevier Inc. All rights reserved

The Design and Analysis of Hash Families For Use in Broadcast Encryption

abstract: Broadcast Encryption is the task of cryptographically securing communication in a broadcast environment so that only a dynamically specified subset of subscribers, called the privileged subset, may decrypt the communication. In practical applications, it is desirable for a Broadcast Encryption Scheme (BES) to demonstrate resilience against attacks by colluding, unprivileged subscribers. Minimal Perfect Hash Families (PHFs) have been shown to provide a basis for the construction of memory-efficient t-resilient Key Pre-distribution Schemes (KPSs) from multiple instances of 1-resilient KPSs. Using this technique, the task of constructing a large t-resilient BES is reduced to finding a near-minimal PHF of appropriate parameters. While combinatorial and probabilistic constructions exist for minimal PHFs with certain parameters, the complexity of constructing them in general is currently unknown. This thesis introduces a new type of hash family, called a Scattering Hash Family (ScHF), which is designed to allow for the scalable and ingredient-independent design of memory-efficient BESs for large parameters, specifically resilience and total number of subscribers. A general BES construction using ScHFs is shown, which constructs t-resilient KPSs from other KPSs of any resilience ≤w≤t. In addition to demonstrating how ScHFs can be used to produce BESs , this thesis explores several ScHF construction techniques. The initial technique demonstrates a probabilistic, non-constructive proof of existence for ScHFs . This construction is then derandomized into a direct, polynomial time construction of near-minimal ScHFs using the method of conditional expectations. As an alternative approach to direct construction, representing ScHFs as a k-restriction problem allows for the indirect construction of ScHFs via randomized post-optimization. Using the methods defined, ScHFs are constructed and the parameters' effects on solution size are analyzed. For large strengths, constructive techniques lose significant performance, and as such, asymptotic analysis is performed using the non-constructive existential results. This work concludes with an analysis of the benefits and disadvantages of BESs based on the constructed ScHFs. Due to the novel nature of ScHFs, the results of this analysis are used as the foundation for an empirical comparison between ScHF-based and PHF-based BESs . The primary bases of comparison are construction efficiency, key material requirements, and message transmission overhead.Dissertation/ThesisM.S. Computer Science 201

Factors Impacting Key Management Effectiveness in Secured Wireless Networks

The use of a Public Key Infrastructure (PKI) offers a cryptographic solution that can overcome many, but not all, of the MANET security problems. One of the most critical aspects of a PKI system is how well it implements Key Management. Key Management deals with key generation, key storage, key distribution, key updating, key revocation, and certificate service in accordance with security policies over the lifecycle of the cryptography. The approach supported by traditional PKI works well in fixed wired networks, but it may not appropriate for MANET due to the lack of fixed infrastructure to support the PKI. This research seeks to identify best practices in securing networks which may be applied to new network architectures

Key management for restricted multicast using broadcast encryption

International audienceThe problem we address is how to communicate se- curely with a set of users (the target set) over an insecure broadcast channel. This problem occurs in two application domains: satel- lite/cable pay TV and the Internet MBone. In these systems, the parameters of major concern are the number of key transmissions and the number of keys held by each receiver. In the Internet do- main, previous schemes suggest building a separate key tree for each multicast program, thus incurring a setup cost of at least ﰂﰃﰁ  per program for target sets of size  . In the pay-TV do- main, a single key structure is used for all programs, but known theoretical bounds show that either very long transmissions are required, or that each receiver needs to keep prohibitively many keys. Our approach is targeted at both domains. Our schemes main- tain a single key structure that requires each receiver to keep only a logarithmic number of establishment keys for its entire lifetime. At the same time our schemes admit low numbers of transmissions. In order to achieve these goals, and to break away from the theo- retical bounds, we allow a controlled number of users outside the target set to occasionally receive the multicast. This relaxation is appropriate for many scenarios in which the encryption is used to force consumers to pay for a service, rather than to withhold sen- sitive information. For this purpose, we introduce  -redundant es- tablishment key allocations, which guarantee that the total number of recipients is no more than  times the number of intended recip- ients. We measure the performance of such schemes by the number of key transmissions they require, by their redundancy  , and by the probability that a user outside the target set (a free-rider) will be able to decrypt the multicast. We prove a new lower bound, present several new establishment key allocations, and evaluate our schemes' performance by extensive simulation

Key management for restricted multicast using broadcast encryption

The problem we address is how to communicate securely with a set of users (the target set) over an insecure broadcast channel. This problem occurs in two application domains: satellite/cable pay TV and the Internet MBone. In these systems, the parameters of major concern are the number of key transmissions and the number of keys held by each receiver. In the Internet domain, previous schemes suggest building a separate key tree for each multicast program, thus incurring a setup cost of at least �� � per program for target sets of size. In the pay-TV domain, a single key structure is used for all programs, but known theoretical bounds show that either very long transmissions are required, or that each receiver needs to keep prohibitively many keys. Our approach is targeted at both domains. Our schemes maintain a single key structure that requires each receiver to keep only a logarithmic number of establishment keys for its entire lifetime. At the same time our schemes admit low numbers of transmissions. In order to achieve these goals, and to break away from the theoretical bounds, we allow a controlled number of users outside the target set to occasionally receive the multicast. This relaxation is appropriate for many scenarios in which the encryption is used to force consumers to pay for a service, rather than to withhold sensitive information. For this purpose, we introduce-redundant establishment key allocations, which guarantee that the total number of recipients is no more than times the number of intended recipients. We measure the performance of such schemes by the number of key transmissions they require, by their redundancy, and by the probability that a user outside the target set (a free-rider) will be able to decrypt the multicast. We prove a new lower bound, present several new establishment key allocations, and evaluate our schemes’ performance by extensive simulation