A survey of Key Management for Secure Group Communication Sandro - - PowerPoint PPT Presentation

CS6204, Spring 2005

A survey of Key Management for Secure Group Communication Sandro Rafaeli and David Hutchison Presented By: Anil Bazaz

CS6204, Spring 2005

Intro: Group Communication

♦ Uses IP multicast to transmit data ♦ Does not limit access to data ♦ No authentication or access control

CS6204, Spring 2005

Intro: Basic Solution

♦ Encryption

– Encryption using a group key – Selective Key Distribution

♦ Challenges

– Rekeying Group Key with membership changes – Backward Secrecy – Forward Secrecy

CS6204, Spring 2005

A simple scheme

♦

A secret key for all members

♦

Group key distributed using secret keys

♦

Problems:

– Requires extensive computation – Size of message containing group key

CS6204, Spring 2005

Categories of key management schemes

♦ Centralized key management protocols ♦ Decentralized key management protocols ♦ Distributed key management protocols

CS6204, Spring 2005

Centralized Key Management

♦ Single Entity Controls the group (KDC) ♦ Single point of failure ♦ Scalability Issues ♦ Measuring Efficiency

– Storage Requirements – Size of Messages – Backward & forward Secrecy – Collusion

CS6204, Spring 2005

Logical Key Hierarchy

CS6204, Spring 2005

Logical Key Hierarchy

Join Operation Leave Operation

CS6204, Spring 2005

Centralized Flat Table

♦ Table has one entry for TEK ♦ 2w entries for KEKs (w = No. of Bits in member

ID)

♦ ID determines KEKs held by members

CS6204, Spring 2005

Centralized flat table

♦ Rekeying:

– {TEKnew} unchanged KEKs – {KEKsnew}KEKsold, TEKnew

♦ Susceptible to collusion attacks

CS6204, Spring 2005

Decentralized Architecture

♦ Large group split into smaller groups ♦ Controllers for subgroups ♦ More fault tolerant ♦ Measuring Efficiency

– Key independence – Decentralized controller – Local Rekey – Key vs. Data – Backward & forward secrecy – Type of Communication (1 to n or n to n)

CS6204, Spring 2005

Intra-Domain Group Key Management

♦ DKD: Domain Key Distributor ♦ AKD: Area Key Distributor ♦ Single key for everybody ♦ Single point of failure

CS6204, Spring 2005

MARKS

♦ Applies to time lengths (TV transmission) ♦ Keys changed as function of time

CS6204, Spring 2005

Distributed Key Management

♦ No group controller ♦ Group key generation: contributory or

single member

♦ Evaluating efficiency

– Number of rounds – Number of messages – Processing during setup – DH key

CS6204, Spring 2005

Group Diffie-Hellman Key Exchange

♦ Group agrees on public Values q and α ♦ Upflow:

– First member calculates αx1, passes it along – Subsequent members receive set, raise it, pass it along – Example:

• Fourth member receives set: {αx1, αx1x2 ,αx1x2x3 }
• Sends set: {αx1, αx1x2 ,αx1x2x3, αx1x2x3x4}

CS6204, Spring 2005

Group Diffie-Hellman Key Exchange

♦ Member n calculates key using : αx1x2x3…Xn mod

q

♦ Downflow:

– Each member calculates Key – Each member provides intermediate values to lower index members – Example (n = 5)

• Fourth member recieves: {αx5, αx1x5 ,αx1x2x5, αx1x2x3x5}
• Fourth member sends: {αx5x4, αx1x5x4 ,αx1x2x5x4}

CS6204, Spring 2005

Distributed Logical Key Hierarchy

♦ Key Hierarchy generated among members ♦ Subtrees agree on mutual key ♦ Left subtree: leader ml, key kL ♦ Right subtree: leader mr, key kR ♦ Protocol

– ml chooses kLR, sends it to kR – ml encrypts kLR with kL sends it to subtree L – mr encrypts kLR with kr sends it to subtree R

CS6204, Spring 2005

Distributed Logical Key Hierarchy

CS6204, Spring 2005

Conclusion

♦ Lots of schemes for key management ♦ Centralized:

– Simplest and easiest – Single point of failure, scalability

♦ Decentralized:

– Relatively harder – Interfering with data paths

♦ Distributed

– Not scalable – Not fault tolerant