Efficient mechanism for key management in multi-session environments

The Internet 2 deployment introduces new communications capabilities, like multiparty collaboration, high scale multimedia assembly and multicast communication. Considering such capabilities, the research concering security is facing new challenges. One of such challenge, is to create secure multi-s...

Descripción completa

Detalles Bibliográficos
Autor: JOSE ROBERTO PEREZ CRUZ
Tipo de recurso: tesis de maestría
Estado:Versión aceptada para publicación
Fecha de publicación:2009
País:México
Institución:Instituto Nacional de Astrofísica, Óptica y Electrónica
Repositorio:Repositorio Institucional del INAOE
Idioma:inglés
OAI Identifier:oai:inaoe.repositorioinstitucional.mx:1009/430
Acceso en línea:http://inaoe.repositorioinstitucional.mx/jspui/handle/1009/430
Access Level:acceso abierto
Palabra clave:info:eu-repo/classification/Seguridad/Security
info:eu-repo/classification/Red de computadoras/Computer networks
info:eu-repo/classification/Multi-group/Multi-group
info:eu-repo/classification/cti/1
info:eu-repo/classification/cti/12
info:eu-repo/classification/cti/1203
Descripción
Sumario:The Internet 2 deployment introduces new communications capabilities, like multiparty collaboration, high scale multimedia assembly and multicast communication. Considering such capabilities, the research concering security is facing new challenges. One of such challenge, is to create secure multi-session frameworks to ensure the confidentiality of exchanged information. In a multi-session environment, there are several users joined at two or more work sessions simultaneously. The confidentiality in these environments can be achieved using cryptographic methods. Unfortunately, the key management, which is necessary for such environments, creates two problems: a high complexity in key distribution and a high storage cost. This thesis proposes as its main contribution, an efficient decentralized multi-session key management mechanism for dynamic multimedia group communication, characterized by the use of an independent key per ciphered packet. Our solution proposes a functional architecture that exploits the overlapping of the user sessions to reduce the redundancy in key distribution. The proposed architecture makes use of two key generation strategies: a key derivation technique to reduce the rekey overhead and a pseudorandom number generator that allows the users to generate an independent key per ciphered packet. The pseudorandom number generator allows the users to generate independent keys for each transmitted packet. This characteristic enables the system to support the delay, the loss and transposition of packets.