J. A. M. Naranjo

A suite of algorithms for key distribution and authentication in centralized secure multicast environments

The Extended Euclidean algorithm provides a fast solution to the problem of finding the greatest common divisor of two numbers. In this paper, we present three applications of the algorithm to the security and privacy field. The first one allows one to privately distribute a secret to a set of recipients with only one multicast communication. It can be used for rekeying purposes in a Secure Multicast scenario. The second one is an authentication mechanism to be used in environments in which a public-key infrastructure is not available. Finally, the third application of the Extended Euclidean algorithm is a zero-knowledge proof that reduces the number of messages between the two parts involved, with the aid of a central server.

Lightweight user access control in energy-constrained wireless network services

This work introduces a novel access control solution for infrastructures composed of highly constrained devices which provide users with services. Low energy consumption is a key point in this kind of scenarios given that devices usually run on batteries and are unattended for long periods of time. Our proposal achieves privacy, authentication, semantic security, low energy and computational demand and device compromise impact limitation on a simple manner. The access control provided is based on user identity and time intervals. We discuss these properties and compare our proposal to previous related work.

Asynchronous privacy-preserving iterative computation on peer-to-peer networks

Privacy preserving algorithms allow several participants to compute a global function collaboratively without revealing local information to each other. Examples of applications include trust management, collaborative filtering, and ranking algorithms such as PageRank. Most solutions that can be proven to be privacy preserving theoretically are not appropriate for highly unreliable, large scale, distributed environments such as peer-to-peer (P2P) networks because they either require centralized components, or a high degree of synchronism among the participants. At the same time, in P2P networks privacy preservation is becoming a key requirement. Here, we propose an asynchronous privacy preserving communication layer for an important class of iterative computations in P2P networks, where each peer periodically computes a linear combination of data stored at its neighbors. Our algorithm tolerates realistic rates of message drop and delay, and node churn, and has a low communication overhead. We perform simulation experiments to compare our algorithm to related work. The problem we use as an example is power iteration (a method used to calculate the dominant eigenvector of a matrix), since eigenvector computation is at the core of several practical applications. We demonstrate that our novel algorithm also converges in the presence of realistic node churn, message drop rates and message delay, even when previous synchronized solutions are able to make almost no progress.

A Key Distribution Scheme for Live Streaming Multi-tree Overlays

Multicast peer-to-peer overlays are being progressively adopted in commercial platforms in spite of some childhood problems. One of the major issues that need further development is key distribution and conditional access. This is a crucial matter for this kind of networks in order to gain wide commercial acceptance, especially among content producers. This paper presents a secure, fault-tolerant, efficient key distribution scheme for multi-tree overlays that allows for quality-of-service gradation and introduces very little bandwidth overhead. It uses secret sharing techniques and a novel multicast mechanism which is described. No major changes are needed in the content distribution network, since the scheme fits it gracefully.

Key Management Schemes for Peer-to-Peer Multimedia Streaming Overlay Networks

Key distribution for multimedia live streaming peer-to-peer overlay networks is a field still in its childhood stage. A scheme designed for networks of this kind must seek security and efficiency while keeping in mind the following restrictions: limited bandwidth, continuous playing, great audience size and clients churn. This paper introduces two novel schemes that allow a trade-off between security and efficiency by allowing to dynamically vary the number of levels used in the key hierarchy. These changes are motivated by great variations in audience size, and initiated by decision of the Key Server. Additionally, a comparative study of both is presented, focusing on security and audience size. Results show that larger key hierarchies can supply bigger audiences, but offer less security against statistical attacks. The opposite happens for shorter key hierarchies.

Group Oriented Renewal of Secrets and Its Application to Secure Multicast

This paper introduces a multicast method for renewing secrets which are shared by a set of hosts. The method is centralized, secure, efficient, scalable to a reasonable size and compatible with any multicast topology configuration underneath. It can be used to achieve privacy in a centralized multicast overlay. Additionally, the method can be used to renew an asymmetric key pair when a cryptosystem based on discrete logarithm is used. Knowledge of the public key is then restricted to the group it is communicated to. Security and scalability are discussed, and a comparison with other well-known alternatives is shown.

An updated view on centralized secure group communications

The secure multicast field has been extensively studied for more than a decade now and there exist numerous proposals throughout academic literature. However, new scenarios such as ad hoc networks and new consuming models, such as hierarchical access, have arisen since its beginnings. That circumstance has led to the publication of many new proposals in the last years in an effort to suit the emergent environments. This article presents a selection of those most important and popular to the date, focusing on centralized schemes due to their high popularity and the recent appearance of alternatives that do not appear in previous revisions. Comparisons are provided and special attention is paid to communications and storage overhead as well as security.

Extending a User Access Control Proposal for Wireless Network Services with Hierarchical User Credentials

We extend a previous access control solution for wireless network services with group-based authorization and encryption capabilities. Both the basic solution and this novel extension focus on minimizing computation, energy, storage and communications required at sensors so they can be run in very constrained hardware, since the computations involved rely on symmetric cryptography and key derivation functions. Furthermore, no additional messages between users and sensors are needed. Access control is based on user identity, group membership and time intervals.

Fully distributed authentication with locality exploitation for the CoDiP2P peer-to-peer computing platform

CodiP2P is a distributed platform for computation based on the peer-to-peer paradigm. This article presents a novel distributed authentication method that suits the platform and adapts to its characteristics. The developed method is based on the Web of Trust paradigm, i.e., not depending on a traditional PKI infrastructure, and focuses on efficiency both in the number of messages transmitted and digital signatures processed by exploiting the inherent locality found in the platform. As part of the method, a reliable and efficient distributed public key repository is developed taking CoDiP2P’s de Bruijn topology as a cornerstone.

Keeping group communications private: An up-to-date review on centralized secure multicast

The secure multicast field has been extensively studied for more than a decade now and there exist numerous proposals throughout academic literature. This paper presents a selection of those most important and popular to the date, focusing on centralized schemes due to their high popularity and the recent publication of alternatives that do not appear in previous revisions. Comparisons are provided and special attention is paid to communications and storage overhead.