Protocol Discussion Sample Clauses
Protocol Discussion. We compared the performance of the protocols described by Algorithms 1 and 2 in a n = 100 client network using a random master key distribution with R = 100 and β = 0.
Protocol Discussion. In order to study the dynamics of the proposed extension of our protocol, we simulated a network with 50 clients distributed randomly in a square. The t closest clients to a randomly chosen source define the destination set that establish a given group key. This proximity multicast model is representative of military use cases. Figure 7 illustrates how the cumulative number of trans- missions required for master key exchange and group key agreement evolves over time in a 50-client network under the proximity multicast model. The multicast group size is fixed to t = 5 and the number of random keys is set to ⌈log2 n/β⌉. Each time a group key is generated, the total number of transmissions required for pairwise and random key agreement is tabulated in addition to those required for group key agreement via Algorithm 1. Initially, there is a sharp increase in the cumulative number of transmissions as pairwise keys are established and random keys propagate via an epidemic model. Over time, the cost of master key exchange is amortized and the slopes of the curves in Figure 7 converge to roughly 2 transmissions per generated group key. Observe in Figure 7 that increasing the infection probability from β = 0.06 to 0.2 decreases the number of transmissions required to establish group keys at steady state but increases the overhead associated with the random key exchange step. Setting β = 0.1 appears to offer a good trade between the steady-state and transient behavior. For comparison, Figure 7 also illustrates the cumulative number of transmissions when the BD protocol is used for group key agreement. Since t = 5, this is simply a line with slope 2t = 10. Observe that after approximately 120 group keys have been generated, the proposed protocol with β = 0.1 becomes more energy-efficient than the BD protocol. That is to say, over time the energy savings afforded by each group Input: Occupancy sets O = {Oj}j∈KG , group G = {g1, . . . , gt}, hop distance h(gi, gj) between all pairs of clients, and a common PRF φ(). Output: Group key sj0 ,u for session with unique identifier u. j0 ← index of largest occupancy set in O; C ← Oj0 , l ← 1; if gi ∈ Oj0 then compute the group key sj0 ,u ← φ (kj0 , u); end while C ƒ= G do (il, jl) ← index of an occupancy set Ojl ∈ O satisfying Ojl ∩ C ƒ= ∅ and a transmitter il ∈ Ojl ∩ C that maximizes the number of new clients that will obtain sj0 ,u per hop: key agreement in our protocol outstrip the overhead incurred for dynamic master key e...
Protocol Discussion. The common PRF that is employed in Algorithm 1 ensures that the public transmissions are computationally indistin- guishable from random packets, thereby establishing our first key result.
Result 1. Algorithm 1 specifies a group key agreement pro- tocol for any set of clients in a network that has been loaded with master keys according to a distribution that satisfies Proposition 1.
Protocol Discussion. 1) Energy Efficiency: Figure 3 compares the number of
2. Generating a common secret packet among 5 nodes.
B. Protocol Specification pairwise cryp-
Protocol Discussion. The common PRF that is employed in Algorithm 1 ensures that the public transmissions are computationally indistin- guishable from random packets, thereby establishing our first key result.
Result 1. Algorithm 1 specifies a group key agreement pro- tocol for any set of clients in a network that has been loaded with master keys according to a distribution that satisfies Proposition 1.
Result 2. The number of transmissions required by Algorithm 1 is at most 1 + H(t − 1) times that of an optimal group key agreement protocol, where H(t) denotes the tth harmonic number. This O(log t) approximation ratio is the best possi- ble for a polynomial time computable algorithm unless NP Result 1 implies that the group key established by our protocol is secure against out-of-network eavesdroppers in the information-theoretic sense [18]. This is a stronger security guarantee than that provided by protocols based on ▇▇▇▇▇▇- ▇▇▇▇▇▇▇ key exchange. Of course, undetected compromised clients can potentially recover the group key by eavesdropping on the transmissions used for key agreement. This is the price that we pay for group key agreement among t clients with far fewer than t transmissions. As discussed above, however, this security vulnerability can be mitigated by the use of a protocol for detecting compromised clients. We use session keys derived from master keys in our protocol to provide forward and backward security [33]. That is to say, an adversary not possessing any of the master keys but possessing a subset of the group keys cannot discover another group key in our protocol. In practice, an HMAC could be used as the PRF with the session identifier as an input variable and the master key as the seed parameter. This approach is consistent with recommendations by the National Institute of Standards [34] for ensuring that the compromise of a session or group key does not degrade the cryptographic strength of the corresponding master key.