Authentication in dynamic groups using Identity-based ... · Testing IBS in constrained groups...
Transcript of Authentication in dynamic groups using Identity-based ... · Testing IBS in constrained groups...
October 16 2018
IEEE WiMob 2018
Limassol Cyprus
Nils gentschen Felde Sophia Grundner-Culemann Tobias Guggemos
Munich Network Management-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
Authentication in dynamic groupsusing Identity-based Signatures
group communication
2Authentication in dynamic groups using Identity-based Signatures
verify message authenticity
3Authentication in dynamic groups using Identity-based Signatures
verify message authenticity
4Authentication in dynamic groups using Identity-based Signatures
Did really
send this
message
Did really
send this
message
classic authentication
5Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
Dynamic groups
6Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
Classic approach too
expensive
7Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
8Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
Identity-Based Signatures (IBS)
9Authentication in dynamic groups using Identity-based Signatures
Idea
(Shamir 1984)
Compute public key from identifying information
Black box
Sender authentication with
Identity-Based Signatures (IBS)
master public key distribution
10Authentication in dynamic groups using Identity-based Signatures
Trusted Third Party
(TTP)
Sender authentication with
IBS
private key distribution
11Authentication in dynamic groups using Identity-based Signatures
TTP
Sender authentication
with IBS
signature generation
12Authentication in dynamic groups using Identity-based Signatures
13Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
IBS
signature verification
14Authentication in dynamic groups using Identity-based Signatures
Related work
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
group communication
2Authentication in dynamic groups using Identity-based Signatures
verify message authenticity
3Authentication in dynamic groups using Identity-based Signatures
verify message authenticity
4Authentication in dynamic groups using Identity-based Signatures
Did really
send this
message
Did really
send this
message
classic authentication
5Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
Dynamic groups
6Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
Classic approach too
expensive
7Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
8Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
Identity-Based Signatures (IBS)
9Authentication in dynamic groups using Identity-based Signatures
Idea
(Shamir 1984)
Compute public key from identifying information
Black box
Sender authentication with
Identity-Based Signatures (IBS)
master public key distribution
10Authentication in dynamic groups using Identity-based Signatures
Trusted Third Party
(TTP)
Sender authentication with
IBS
private key distribution
11Authentication in dynamic groups using Identity-based Signatures
TTP
Sender authentication
with IBS
signature generation
12Authentication in dynamic groups using Identity-based Signatures
13Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
IBS
signature verification
14Authentication in dynamic groups using Identity-based Signatures
Related work
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
verify message authenticity
3Authentication in dynamic groups using Identity-based Signatures
verify message authenticity
4Authentication in dynamic groups using Identity-based Signatures
Did really
send this
message
Did really
send this
message
classic authentication
5Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
Dynamic groups
6Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
Classic approach too
expensive
7Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
8Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
Identity-Based Signatures (IBS)
9Authentication in dynamic groups using Identity-based Signatures
Idea
(Shamir 1984)
Compute public key from identifying information
Black box
Sender authentication with
Identity-Based Signatures (IBS)
master public key distribution
10Authentication in dynamic groups using Identity-based Signatures
Trusted Third Party
(TTP)
Sender authentication with
IBS
private key distribution
11Authentication in dynamic groups using Identity-based Signatures
TTP
Sender authentication
with IBS
signature generation
12Authentication in dynamic groups using Identity-based Signatures
13Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
IBS
signature verification
14Authentication in dynamic groups using Identity-based Signatures
Related work
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
verify message authenticity
4Authentication in dynamic groups using Identity-based Signatures
Did really
send this
message
Did really
send this
message
classic authentication
5Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
Dynamic groups
6Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
Classic approach too
expensive
7Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
8Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
Identity-Based Signatures (IBS)
9Authentication in dynamic groups using Identity-based Signatures
Idea
(Shamir 1984)
Compute public key from identifying information
Black box
Sender authentication with
Identity-Based Signatures (IBS)
master public key distribution
10Authentication in dynamic groups using Identity-based Signatures
Trusted Third Party
(TTP)
Sender authentication with
IBS
private key distribution
11Authentication in dynamic groups using Identity-based Signatures
TTP
Sender authentication
with IBS
signature generation
12Authentication in dynamic groups using Identity-based Signatures
13Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
IBS
signature verification
14Authentication in dynamic groups using Identity-based Signatures
Related work
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
classic authentication
5Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
Dynamic groups
6Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
Classic approach too
expensive
7Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
8Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
Identity-Based Signatures (IBS)
9Authentication in dynamic groups using Identity-based Signatures
Idea
(Shamir 1984)
Compute public key from identifying information
Black box
Sender authentication with
Identity-Based Signatures (IBS)
master public key distribution
10Authentication in dynamic groups using Identity-based Signatures
Trusted Third Party
(TTP)
Sender authentication with
IBS
private key distribution
11Authentication in dynamic groups using Identity-based Signatures
TTP
Sender authentication
with IBS
signature generation
12Authentication in dynamic groups using Identity-based Signatures
13Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
IBS
signature verification
14Authentication in dynamic groups using Identity-based Signatures
Related work
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Dynamic groups
6Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
Classic approach too
expensive
7Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
8Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
Identity-Based Signatures (IBS)
9Authentication in dynamic groups using Identity-based Signatures
Idea
(Shamir 1984)
Compute public key from identifying information
Black box
Sender authentication with
Identity-Based Signatures (IBS)
master public key distribution
10Authentication in dynamic groups using Identity-based Signatures
Trusted Third Party
(TTP)
Sender authentication with
IBS
private key distribution
11Authentication in dynamic groups using Identity-based Signatures
TTP
Sender authentication
with IBS
signature generation
12Authentication in dynamic groups using Identity-based Signatures
13Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
IBS
signature verification
14Authentication in dynamic groups using Identity-based Signatures
Related work
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Classic approach too
expensive
7Authentication in dynamic groups using Identity-based Signatures
Key Generation
Certificate Revocation
communicate
private public
build trust
set up
Certification
delete
8Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
Identity-Based Signatures (IBS)
9Authentication in dynamic groups using Identity-based Signatures
Idea
(Shamir 1984)
Compute public key from identifying information
Black box
Sender authentication with
Identity-Based Signatures (IBS)
master public key distribution
10Authentication in dynamic groups using Identity-based Signatures
Trusted Third Party
(TTP)
Sender authentication with
IBS
private key distribution
11Authentication in dynamic groups using Identity-based Signatures
TTP
Sender authentication
with IBS
signature generation
12Authentication in dynamic groups using Identity-based Signatures
13Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
IBS
signature verification
14Authentication in dynamic groups using Identity-based Signatures
Related work
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
8Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
Identity-Based Signatures (IBS)
9Authentication in dynamic groups using Identity-based Signatures
Idea
(Shamir 1984)
Compute public key from identifying information
Black box
Sender authentication with
Identity-Based Signatures (IBS)
master public key distribution
10Authentication in dynamic groups using Identity-based Signatures
Trusted Third Party
(TTP)
Sender authentication with
IBS
private key distribution
11Authentication in dynamic groups using Identity-based Signatures
TTP
Sender authentication
with IBS
signature generation
12Authentication in dynamic groups using Identity-based Signatures
13Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
IBS
signature verification
14Authentication in dynamic groups using Identity-based Signatures
Related work
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Sender authentication with
Identity-Based Signatures (IBS)
9Authentication in dynamic groups using Identity-based Signatures
Idea
(Shamir 1984)
Compute public key from identifying information
Black box
Sender authentication with
Identity-Based Signatures (IBS)
master public key distribution
10Authentication in dynamic groups using Identity-based Signatures
Trusted Third Party
(TTP)
Sender authentication with
IBS
private key distribution
11Authentication in dynamic groups using Identity-based Signatures
TTP
Sender authentication
with IBS
signature generation
12Authentication in dynamic groups using Identity-based Signatures
13Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
IBS
signature verification
14Authentication in dynamic groups using Identity-based Signatures
Related work
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Sender authentication with
Identity-Based Signatures (IBS)
master public key distribution
10Authentication in dynamic groups using Identity-based Signatures
Trusted Third Party
(TTP)
Sender authentication with
IBS
private key distribution
11Authentication in dynamic groups using Identity-based Signatures
TTP
Sender authentication
with IBS
signature generation
12Authentication in dynamic groups using Identity-based Signatures
13Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
IBS
signature verification
14Authentication in dynamic groups using Identity-based Signatures
Related work
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Sender authentication with
IBS
private key distribution
11Authentication in dynamic groups using Identity-based Signatures
TTP
Sender authentication
with IBS
signature generation
12Authentication in dynamic groups using Identity-based Signatures
13Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
IBS
signature verification
14Authentication in dynamic groups using Identity-based Signatures
Related work
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Sender authentication
with IBS
signature generation
12Authentication in dynamic groups using Identity-based Signatures
13Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
IBS
signature verification
14Authentication in dynamic groups using Identity-based Signatures
Related work
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
13Authentication in dynamic groups using Identity-based Signatures
Sender authentication with
IBS
signature verification
14Authentication in dynamic groups using Identity-based Signatures
Related work
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
14Authentication in dynamic groups using Identity-based Signatures
Related work
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Key revocation in IBS
generation of new key material
15Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Key revocation
formation of new group
16Authentication in dynamic groups using Identity-based Signatures
TTP
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Key revocation
verification fails
for excluded devices
17Authentication in dynamic groups using Identity-based Signatures
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
18Authentication in dynamic groups using Identity-based Signatures
Are Identity-Based Signatures
viable in constrained networks
bull Parameter sizes
bull Power consumption
bull Key management
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Taxonomy for IBScomparing sizes in bits
19Authentication in dynamic groups using Identity-based Signatures
master
public key
Public
Parameters
signature
devicelsquos
private key
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Testing IBS
in constrained groups
20Authentication in dynamic groups using Identity-based Signatures
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Testing IBS
in constrained groups
21Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Testing IBS
in constrained groups
22Authentication in dynamic groups using Identity-based Signatures
Tested for 2 IBS-schemes
bull ldquoVBNNrdquo (Cao et al 2008 based on Elliptic Curve Cryptography (ECC))
bull ldquoBLMQrdquo (Barreto et al 2006 based on ECC with pairings)
Implementation
bull Operating System RIOT (httpsriot-osorg)
bull Cryptographic library Relic (httpsgithubcomrelic-toolkitrelic)
Tested in IoT-Lab (iot-labinfo)
bull 3x M3 Nodes (= group members)
(72 Mhz ARM Cortex M3 64KB RAM)
in a multicast domain
bull 1x A8 Node (= TTP)
(600 Mhz ARM Cortex A8 256MB RAM)
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Testing IBS
in constrained groups
23Authentication in dynamic groups using Identity-based Signatures
Time consumption for signing one message
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Testing IBS
in constrained groups
24Authentication in dynamic groups using Identity-based Signatures
Time consumption for verifying one message
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Key management challenges
25Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
IBS in existing key
management architectures
26Authentication in dynamic groups using Identity-based Signatures
Key management for the group
bull Identification
bull Authorization
bull Key distribution
Use group key infrastructure as in RFC 4046
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
IBS in existing key management
architectures
Group IKEv2
27Authentication in dynamic groups using Identity-based Signatures
Source gentschen Felde N Guggemos T Heider T Kranzlmuumlller D Secure Group Key Distribution in
Constrained Environments with IKEv2 Proceedings of 2017th IEEE Conference on Dependable and Secure
Computing IEEE Taipei Taiwan August 2017
M0 Pro Due M0 Pro Due M0 Pro Due M0 Pro Due
PrepareIKE_SA_INIT
ProcessIKE_SA_INIT
PrepareGSA_AUTH
ProcessGSA_AUTH
avg [ms] 262 162 42194 18792 1741 1029 1053 632
std dev [ms] 000 000 013 011 000 000 000 040
min [ms] 262 162 42171 18772 1741 1029 1052 615
max [ms] 262 162 42218 18811 1741 1029 1053 726
0 ms
50 ms
100 ms
150 ms
200 ms
250 ms
300 ms
350 ms
400 ms
450 ms
ella
pse
d t
ime [
ms]
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Future work
28Authentication in dynamic groups using Identity-based Signatures
bull extended evaluation with additional devices
bull experimental comparison to certificate-based
approaches
bull evaluate Hierarchical IBS
bull more efficient re-keying in IBS
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices
Summary
29Authentication in dynamic groups using Identity-based Signatures
Curious Sophia Grundner-Culemann
MNM-Team
Ludwig-Maximilians-Universitaumlt Muumlnchen
httpwwwmnm-teamorgprojectsembedded
bull discussion of IBS in groups
bull mathematically sound key revocation
bull integration in key management architectures
bull taxonomy for scheme comparison
bull testing and measurements of using IBS on
constrained devices