1
Efficient User Authentication and Key Management for Peer-to-Peer Live Streaming Systems
Authors: X. Liu, Y. Hao, C. Lin, and C. DuSource: Tsinghua Science and Technology, vol. 14, no. 2, pp. 234-241, 2009Speaker: Shu-Fen Chiou (邱淑芬 )
2
Introduction
A
a.wmvFrame 1Frame 2Frame 3 … Frame N
B
Fra
me 1
Fra
me 2
P2P Live streaming
Live to watch a.wmv
3
Challenges in streaming systems
High bit rates End-to-end delay Packet losses Network congestion Service guarantees Security
4
Motivation
For P2P live media streaming, authors proposed a secure scheme using user authentication and key managements.
5
Requirements
Confidentiality Data integrity Scalability Efficient
6
User authenticationNotation AS Authorization serverPriKAS, PubKAS Private and corresponding public keys
from the ASn Total number of usersUi, Uj i-th and j-th usersPriKi , PubKi Private and corresponding public keys of Ui
CTi Certificate of Ui
Hm(x) Hm(x)=H(Hm-1(x)), m>1, H() is a one-way hash
Ts, Te certificate lifetimeRSi Private number for Ui only known by AS
7
User authentication
Certificate generationNew user Ui AS
Generate PriKi , PubKi
Generate random value Ri, and calculate Hm(Ri) Login request
Verify Ui
Generate CTi
CTi={IDi|Ts|Te|T|IPi|PubKi| Hm(Ri)|Hm(RSi)|SigNi}
CTi
8
User authentication
Certificate updateuser Ui AS
Between frames<Te+(t-1)T, Te+t T>,0<t<m
{IDi|t|Hm-t(Ri)}Check whetherH(Hm-t(Ri))=Hm-(t-1)(Ri)
{IDi|Hm-t(RSi)}
9
User authentication Certificate verification (Uk verify Ui)
user Ui user Uk
CTiVerify CTi
CTi={IDi|Ts|Te|T|IPi|PubKi| Hm(Ri)|Hm(RSi)|SigNi}
{Mi|E(Mi)}Select random value Mi
Encrypt Mi by PriKi
Decrypt E(Mi )by PubKi
Get Mi’Check whether Mi’=Mi
Select random value Mk as symmetric secret key Encrypt Mk by PubKi
{E(Mk}Decrypt E(Mk )by PriKi
to get Mk
Key management
Every user has a logic key tree
10
Key of secure channel
Logic key tree of j before i joins
11
Key management User i joins to j
Logic key tree of j after i joins
1. j sends {Pubki(K8), K8(K’78), K’78(K’58), K’58(KEK’)} to i2. j sends other key materials to its old neighbors. e.g. j sends {K7(K’78), K’78(K’58), K’58(KEK’)} to U7
12
Key management
User i leaves j
Logic key tree of j before i leaves Logic key tree of j after i leaves
When i leaves, j changes some of the key values and send to its neighbors
e.g. j sends {K4(K’34), K’34(K’14), K’14(KEK’)} to U4
13
此篇 paper之優缺點 優點 :
延伸 authentication 及 key management應用在 P2P live streaming protocol
缺點 : Certificate verification無相互驗證
14
可能研究方向 Certificate verification相互驗證 加入付費機制