On the optimization of key revocation schemes for network telemetry data distribution

Abstract

Consider a cloud deployment where the organizational network pertaining to a tenant having routers, switches sharing network telemetry data on regular basis. Among different ways of managing networks flow-based network monitoring is most sought after approach because of accuracy and economies of scale. In the event of host compromise the device credentials are revoked thereby disabling its ability to read future communications. Broadcast Encryption techniques having strong key revocation mechanism can be used in this context. Waters et. al [?] is one the broadcast encryption schemes which facilitate efficient sharing using small size keys and the related Attribute-Based Encryption scheme uses dual encryption technique and is capable of handling non-monotonous access structure again with small keys. In this paper we experiment with broadcast encryption and attribute based encryotion schemes with real-time network telemetry data and provide detailed analysis of performace. Though the original scheme provides smaller keys, few changes to the algorithm improves the performance and efficiency and makes it acceptable for large scale usage. We found the optimized scheme is 20% more performant than inital scheme.