Home Lehre Vorlesungen Praktika Seminare Oberseminare Studentische Arbeiten Bachelorarbeiten Masterarbeiten Regeln für Ausarbeitungen Regeln für Vorträge Mündliche Prüfungen Downloads MNM Team Projekte Publikationen en
 

Funktionen

Print[PRINT]
Lehre MNM Team Projekte Publikationen en
.  Home  .  Lehre  .  Studentische Arbeiten  .  Bachelorarbeiten  .  Ausschreibung

Bachelor-Arbeit

Efficient group rekeying with G-IKEv2 and LKH

In several areas of technology the need for secure communication within groups of devices emerged over the last years, for example the Internet of Things (IoT) with groups of sensors/actors communicating with each other or car-to-car-communication. Groups are typically managed by the means of a group key management protocol, one of which is G-IKEv2. G-IKEv2 is a proposed standard based on the established IKEv2.

Also the groups may be very dynamic, which means that participants enter a group or leave the group very frequently. The security of dynamic groups depends on efficient algorithms to provide new cryptographic keys to the group members (GMs) when GMs get excluded from or leave the group or new GMs join the group. This is to ensure security features such as forward and backward secrecy. One algorithm which supports efficient rekeying is LKH (Logical Key Hierarchy). It is based on a tree structure where each node represents a cryptographic key and each leaf node is the individual key of a specific GM.

This work implements secure rekeying of GMs by using the LKH algorithm in the G-IKEv2 protocol. The group controller side is integrated into the Strongswan project, a multi-platform IKE Daemon. The GM side is implemented for RIOT OS. An evaluation will assess the resource requirements of the implementation especially in regard to computational and memory demand, which is particularly important for constrained devices typically found in IoT scenarios.

As a start, the following literature is of interest:

  • Key Management for Multicast: Issues and Architectures, RFC2627
  • Group IKEv2 (G-IKEv2), draft-yeung-g-ikev2-10
  • Internet Key Exchange Protocol Version 2 (IKEv2), RFC7296
  • Security Architecture for the Internet Protocol (IPsec), RFC4301
  • Multicast Extensions to the Security Architecture for the Internet Protocol (MSEC), RFC5374

Overview of the tasks:

  1. Extending the existing implementatations of G-IKEv2 for RIOT and Strongswan in C
  2. Evaluation of correctness and efficiency

Voraussetzungen

  • Fähigkeit und Wille, sich sehr tiefgehend mit der Implementierung eines Protokolls auseinanderzusetzen.
  • Fähigkeit und Wille, sich sehr tiefgehend mit der Implementierung für ein Sensorbetriebssystems auseinanderzusetzen.
  • Gutes Verständnis der Transportschicht
  • Gutes Verständnis von Verschlüsselungstechniken (insb. AES) und Sicherheitsprotokolle (insb. IPsec / IKEv2)
  • Programmierkenntnisse in der Sprache C und/oder C++

Aufgabensteller:
Prof. Dr. D. Kranzlmüller

Dauer der Bachelor-Arbeit: 3 Monate

Anzahl Bearbeiter: 1

Betreuer:

Last Change: Mon, 11 Dec 2023 07:33:30 +0100 - Viewed on: Sat, 20 Apr 2024 10:38:26 +0200
Copyright © MNM-Team http://www.mnm-team.org - Impressum / Legal Info  - Datenschutz / Privacy