Dynamic Conferences Extension to Broadcasting Encryption

1
Dynamic Conferences - Extension to Broadcasting
Encryption -

• 2005 . 11 . 18
• By
• Abedelaziz Mohaisen

2
Reference

• Perfectly-Secure Key Distribution for Dynamic
  Conferences,
• C. Blundo, A. De Santis, A. Herzberg, Sh. Kutten,
  U. Vaccaro, M Yung.
• Crypto92, LNCS 740, PP. 471-486 -1993

Good News !
Our Paper for EWSN2006 was accepted by 3/3
reviewers voices (10/12), Conference Chances
21/133 -gt15 acceptance ratio. Interesting use
of hierarchical grid and detailed mathematical
reasoning
3
Contents

• Part I - Background
• Interactive Vs Non-Interactive Key Distribution
• Conference Key Distribution
• Protocols for Key Distribution
• P1 non-interactive k-secure t-conferences KDS
• P2 onetime interactive k-secure t-conferences
  KDS
• P3 non-interactive k-secure KDS for a
  communication structure C
• Applications
• Part II Slight modification
• Motivation
• Requirements
• Comparable features.
• Communication
• Memory
• Security

4
Types of KDS

• Interactive KDS
• Definition
• Prosperities
• Cost (C-S-C-M Cost)
• Non-Interactive KDS
• Definition
• Prosperities
• Cost (C-S-C-M Cost)

5
Protocols for KDS (1)
6
Protocols for KDS (2)
7
Protocols for KDS (3)
8
Applications

• Client/Server applications
• Multi-level Hierarchical Polynomial
• Uses for Internetworking
• Additional Control Variables
• Time Stamps
• Group Membership
• Access Control Permissions

9
Part 2

• Motivation
• Requirements
• Comparable features.
• Communication
• Memory
• Security

10
Motivation

• Conceptually, the applied protocols for the KDS
  can be used for the BE.
• Recall Protocol 1 of the non-interactive KDS,
  what is its problem ?
• Dont propose a solution for new parties joining
  the session greater than n..
• Uses an ID without pointing the cost of the ID
  storage for the huge network
• However, Perfectly secure and efficient till some
  secure threshold value. Which value ?
• modifications
• Consider
• For a system of n parties, that is dynamically
  change and has limited leaving parties. (what
  limit ?)
• Cheap Memory Chips are available. (we dont need
  to worry about the extra storage)
• Communication reduction is much important than
  anything else. Why ?

11
We shall provide ..

• For a comm. system of size n, each party in the
  system is provided by
• 2n-multivariable polynomial. (Symmetric)
• Structural ID that can be used to generate
  others IDs
• IDs of the Parties that are already out of the
  communication session.
• The current size of the communication set.
• ..

12
Where is BE ?

• The Central Server has monitoring information
  about the system. Possible?
• Central Server Encrypt a message of size M by
  some key K. Which Key?
• Broadcast the Encrypted Message (only the
  message) to all of the system parties.
• Each party use its own key to encrypt the
  message, Which key?
• Key Generation
• By the ID structure information, the size of the
  communication set, and the parties whore not
  online now, each party constructs the different
  IDs,
• Each party evaluate the different IDs in the
  2n-multivariable polynomial, what about other
  available variables ?
• Substitute the not-used variables using
  considerable constant, say 1.
• This job is to performed on the parties and the
  server sides.

13
Comparable features

• It will well-explain dynamic mechanisms for
• Joining.
• Leaving.
• Free Variables Evaluation.
• What about the ID?
• Cost of
• Communication
• Memory
• IDs Polynomial Leaving Parties
• Cant be reduced ?
• Security.
• Kt1 for the original one, what about our
  modification ?

14
Conclusion

• Introduced KDS and Protocols Types
• Introduced the KDS Protocols
• Introduced a possibility to modify the KDS
  protocol and to use in BE.
• Roughly we described the main points of our
  scheme.
• Next Job Is
• Any Question ?
• Comments ?
• Thanks for listening.