0 Simple Key Managemen t for PIM Authen tication Keys - - PowerPoint PPT Presentation

0 simple key managemen t for pim authen tication keys
SMART_READER_LITE
LIVE PREVIEW

0 Simple Key Managemen t for PIM Authen tication Keys - - PowerPoint PPT Presentation

Dec 27, 2023 247 likes •318 views

0 Simple Key Managemen t for PIM Authen tication Keys Thomas Hardjono Brad Cain Ba y Arc hitecture Lab oratory Nortel Net w orks 3 F ederal Steet Billerica, MA 01821 USA f thardjono,b cain g @ba ynet w orks.com 1

slide-1
SLIDE 1 Simple Key Managemen t for PIM Authen tication Keys Thomas Hardjono Brad Cain Ba y Arc hitecture Lab
  • ratory
Nortel Net w
  • rks
3 F ederal Steet Billerica, MA 01821 USA fthardjono,b caing@ba ynet w
  • rks.com
slide-2
SLIDE 2 1 Simple Key Managemen t for PIM Keys
  • Key
managemen t for a single PIM domain
  • In
tro duce k ey managemen t en tit y called Domain Key Distributor (DKD)
  • The
approac h relies
  • n
limited
  • r
\closed" usage
  • f
public k ey cryptograph y
  • Only
PIM en tities kno w certain public k eys (eg. P K dk d
  • f
DKD).
  • Notation:
slide-3
SLIDE 3 2 { (P K ; S K ) denotes Public-Key and Secret-Key pair (asymmetric) { K denotes symmetric k ey { Square brac k ets [ ] denote digital-signature / authen tication (asymmetric/symmetric) { Curly brac k ets f g denote encryption (asymmetric/symmetric) { C is ciphertext
slide-4
SLIDE 4 Assigmen t
  • f
Man ual Dissemination
  • f
Dissemination
  • f
Dissemination
  • f
Primary Keys conguration P K bsr K r p K eq DKD K eq (P K dk d ; S K dk d ) [P K bsr ] S K dk d fK r p g S K r pbsr fK eq g S K dk d P K bsr P K bsr K r p (P K r pbsr ; S K r pbsr ) BSR K eq P K dk d (as ab
  • v
e) (as ab
  • v
e) (as ab
  • v
e) (P K bsr ; S K bsr ) (P K bsr ; S K bsr ) K r p (P K r pbsr ; S K r pbsr ) CRPs K eq P K dk d (as ab
  • v
e) (as ab
  • v
e) (as ab
  • v
e) P K bsr K r p Other K eq P K dk d (as ab
  • v
e) Drop (as ab
  • v
e) PIM routers P K bsr Message(?)
slide-5
SLIDE 5 3 Rek eying K r p
  • Assume
DKD generates new k ey K r p2 (Old k ey is K r p1 )
  • DKD
encrypts: C r p = fK r p2 g S K dk d
  • DKD
further encrypts: C C r p = fC r p g K r p1
  • Unicast
C C r p to BSR and RP/CRPs
  • r
m ulticast to sp ecial group
slide-6
SLIDE 6 4 Rek eying K eq
  • Assume
DKD generates new k ey K eq 2 (Old k ey is K eq 1 )
  • DKD
encrypts: C eq = fK eq 2 g S K dk d
  • DKD
further encrypts: C C eq = fC eq g K eq 1
  • Multicast
to sp ecial group