Efficient User Authentication and Key Management for Peer-to-Peer Live Streaming Systems

1

Efficient User Authentication and Key Management for Peer-to-Peer Live Streaming Systems

Authors: X. Liu, Y. Hao, C. Lin, and C. DuSource: Tsinghua Science and Technology, vol. 14, no. 2, pp. 234-241, 2009Speaker: Shu-Fen Chiou (邱淑芬 )

2

Introduction

A

a.wmvFrame 1Frame 2Frame 3 … Frame N

B

Fra

me 1

Fra

me 2

P2P Live streaming

Live to watch a.wmv

3

Challenges in streaming systems

High bit rates End-to-end delay Packet losses Network congestion Service guarantees Security

4

Motivation

For P2P live media streaming, authors proposed a secure scheme using user authentication and key managements.

5

Requirements

Confidentiality Data integrity Scalability Efficient

6

User authenticationNotation AS Authorization serverPriKAS, PubKAS Private and corresponding public keys

from the ASn Total number of usersUi, Uj i-th and j-th usersPriKi , PubKi Private and corresponding public keys of Ui

CTi Certificate of Ui

Hm(x) Hm(x)=H(Hm-1(x)), m>1, H() is a one-way hash

Ts, Te certificate lifetimeRSi Private number for Ui only known by AS

7

User authentication

Certificate generationNew user Ui AS

Generate PriKi , PubKi

Generate random value Ri, and calculate Hm(Ri) Login request

Verify Ui

Generate CTi

CTi={IDi|Ts|Te|T|IPi|PubKi| Hm(Ri)|Hm(RSi)|SigNi}

CTi

8

User authentication

Certificate updateuser Ui AS

Between frames<Te+(t-1)T, Te+t T>,0<t<m

{IDi|t|Hm-t(Ri)}Check whetherH(Hm-t(Ri))=Hm-(t-1)(Ri)

{IDi|Hm-t(RSi)}

9

User authentication Certificate verification (Uk verify Ui)

user Ui user Uk

CTiVerify CTi

CTi={IDi|Ts|Te|T|IPi|PubKi| Hm(Ri)|Hm(RSi)|SigNi}

{Mi|E(Mi)}Select random value Mi

Encrypt Mi by PriKi

Decrypt E(Mi )by PubKi

Get Mi’Check whether Mi’=Mi

Select random value Mk as symmetric secret key Encrypt Mk by PubKi

{E(Mk}Decrypt E(Mk )by PriKi

to get Mk

Key management

Every user has a logic key tree

10

Key of secure channel

Logic key tree of j before i joins

11

Key management User i joins to j

Logic key tree of j after i joins

1. j sends {Pubki(K8), K8(K’78), K’78(K’58), K’58(KEK’)} to i2. j sends other key materials to its old neighbors. e.g. j sends {K7(K’78), K’78(K’58), K’58(KEK’)} to U7

12

Key management

User i leaves j

Logic key tree of j before i leaves Logic key tree of j after i leaves

When i leaves, j changes some of the key values and send to its neighbors

e.g. j sends {K4(K’34), K’34(K’14), K’14(KEK’)} to U4

13

此篇 paper之優缺點 優點 :

延伸 authentication 及 key management應用在 P2P live streaming protocol

缺點 : Certificate verification無相互驗證

14

可能研究方向 Certificate verification相互驗證 加入付費機制