group key management architecture
play

Group key management architecture - PowerPoint PPT Presentation

Feb 16, 2023 •374 likes •550 views

Group key management architecture <draft-ietf-msec-gkmarch-01.txt> Mark Baugher, Cisco Ran Canetti, IBM Lakshminath Dondeti, Nortel Fredrik Lindholm, Ericsson GKM Architecture, IETF-52, December 14, 2001 1 Salt Lake City Overview of

  1. Group key management architecture <draft-ietf-msec-gkmarch-01.txt> Mark Baugher, Cisco Ran Canetti, IBM Lakshminath Dondeti, Nortel Fredrik Lindholm, Ericsson GKM Architecture, IETF-52, December 14, 2001 1 Salt Lake City

  2. Overview of this talk • Introduction to GKMArch – Relative positioning in MSEC Ids – GKM protocols and SAs • Current revisions (00 � 01) • Outstanding issues – MIKEY – Rekey protocol • Conclusion GKM Architecture, IETF-52, December 14, 2001 2 Salt Lake City

  3. GKM in MSEC architecture Centralized Designs Distributed Designs Policy Policy GKM GKM Receiver 1-to-M M-to-M Sender 1-to-M Receiver M-to-M GKM Architecture, IETF-52, December 14, 2001 3 Salt Lake City

  4. GKMArch as part of MSEC IDs MSEC Requirements MSEC Architecture Group policy GKM Data security (GSPT) Architecture architecture Rekey protocol GDOI GSAKMP Light GKM Architecture, IETF-52, December 14, 2001 4 Salt Lake City

  5. Purpose of GKMArch • Download SAs to members, securely – Data security SA, mainly – Rekey SA, to facilitate efficient updates to SAs • Update SAs via unicast or multicast • Manage membership – Joins and leaves – Support optional PFC and/or PBC in doing so • Download and/or update KM/SA policy to members GKM Architecture, IETF-52, December 14, 2001 5 Salt Lake City

  6. GKMArch requirements • Allow reuse of existing protocols for data transmission – e.g. IPsec AH or ESP, AMESP, SRTP • Support diverse authentication, authorization and trust mechanisms • Support large single sender groups • Support small multi-sender groups GKM Architecture, IETF-52, December 14, 2001 6 Salt Lake City

  7. SAs in GKMArch • GSA comprised of three SAs – Registration SA • Established via one-one bidirectional secure channels – e.g. IKE phase1, TLS, IPsec – Rekey SA (optional) • Initialized during registration • Initialized/updated during rekey (uni-directional) – Data security SA • Initialized during registration • Initialized/updated during rekey (uni-directional) GKM Architecture, IETF-52, December 14, 2001 7 Salt Lake City

  8. Protocols in GKMArch • Registration protocol – Protected by registration SA • Rekey protocol ( optional ) – Protected by rekey SA • Data security protocol ( external to GKM ) – Protected by data security SA GKM Architecture, IETF-52, December 14, 2001 8 Salt Lake City

  9. GKM entities and protocols Policy Trust infrastructure infrastructure KDC Registration Registration protocol Rekey protocol GKM plane protocol Sender Receiver(s) Data security protocol GKM Architecture, IETF-52, December 14, 2001 9 Salt Lake City

  10. GKM entities and protocols Policy Trust infrastructure infrastructure KDC Registration Registration protocol protocol GKM plane Sender Receiver(s) Data security protocol GKM Architecture, IETF-52, December 14, 2001 10 Salt Lake City

  11. Scalability of GKMArch • Registration could be done off-line • Delegation of registration “service” • Loose coupling of registration and rekey protocols • Rekey protocol with key revocation algms – LKH, OFT, OFC, SDR (subset diff), STR – Multicast of rekey messages • Delegation of rekey service GKM Architecture, IETF-52, December 14, 2001 11 Salt Lake City

  12. Overview of this talk • Introduction to GKMArch – Relative positioning in MSEC Ids – GKM protocols and SAs • Current revisions (00 � 01) • Outstanding issues – MIKEY – Rekey protocol • Conclusion GKM Architecture, IETF-52, December 14, 2001 12 Salt Lake City

  13. Revisions (00 � 01) • Addressed issues raised in mailing list – Have not heard any complaints! • Did we do such a good job of that? ☺ • Notes about de-registration protocol – De-registration is not supported! • KDC � GCKS – (what were we thinking?) • SHOULD, MUST etc in IETF sense GKM Architecture, IETF-52, December 14, 2001 13 Salt Lake City

  14. Overview of this talk • Introduction to GKMArch – Relative positioning in MSEC Ids – GKM protocols and SAs • Current revisions (00 � 01) • Outstanding issues – MIKEY – Rekey protocol • Conclusion GKM Architecture, IETF-52, December 14, 2001 14 Salt Lake City

  15. Outstanding issues • Fold MIKEY requirements into GKMArch I-D – Small interactive group security reqs. • Rekey protocol description back in GKMArch – Yet to be resolved! – Looking for WG consensus – Details in another presentation GKM Architecture, IETF-52, December 14, 2001 15 Salt Lake City

  16. Conclusion • A scalable architecture for GKM – Supports large single sender groups and – Small interactive multi-sender groups • Scalability by – Delegation – Multicast of GSA updates • Incorporate MIKEY reqs in –02- • Discussion on rekey protocol to follow GKM Architecture, IETF-52, December 14, 2001 16 Salt Lake City

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Multicast Security Group Key Management Architecture draft-ietf-msec-gkmarch-07.txt Internet

Multicast Security Group Key Management Architecture draft-ietf-msec-gkmarch-07.txt Internet

Multicast Security Group Key Management Architecture draft-ietf-msec-gkmarch-07.txt Internet Security Tobias Engelbrecht Agenda Introduction Requirements of a GKMP Design of the GKMA Rekey Protocol Group Security Association

892 views • 29 slides
Group key management algorithms (GKMA) Lakshminath R. Dondeti Brian Weis IE TF-56 MSEC WG

Group key management algorithms (GKMA) Lakshminath R. Dondeti Brian Weis IE TF-56 MSEC WG

Group key management algorithms (GKMA) Lakshminath R. Dondeti Brian Weis IE TF-56 MSEC WG meeting San Francisco, Mar 17 2003 Introduction Group key management architecture Group key management protocols GDOI, GSAKMP, MIKEY

363 views • 14 slides
The Facilities Management Group TFMG / TFMG Architecture, PC in conjunction with EMTEC

The Facilities Management Group TFMG / TFMG Architecture, PC in conjunction with EMTEC

Presented by The Facilities Management Group TFMG / TFMG Architecture, PC in conjunction with EMTEC Engineers, LLC Why are we here toda day? To solicit public comments to help us create the Comprehensive Plan JSCB Phase 2 Comprehensive

545 views • 28 slides
MobiDIS A Pervasive A Pervasive MobiDIS Architecture for Emergency Architecture for

MobiDIS A Pervasive A Pervasive MobiDIS Architecture for Emergency Architecture for

MobiDIS A Pervasive A Pervasive MobiDIS Architecture for Emergency Architecture for Emergency Management Management Massimiliano de Leoni Fabio De Rosa Massimo Mecella Univ. Roma LA SAPIENZA, Italy Dipartimento di Informatica e

1.18k views • 33 slides
Yankee Building Assessment TURNER GROUP The H.L. Turner Group Inc. Project management,

Yankee Building Assessment TURNER GROUP The H.L. Turner Group Inc. Project management,

TURNER GROUP Mount Washington Yankee Building Assessment TURNER GROUP The H.L. Turner Group Inc. Project management, architecture, structural engineering. Turner Building Science &amp; Design, LLC Mechanical and plumbing engineering.

627 views • 62 slides
61A Lecture 33 Announcements Database Management Systems Database Management System Architecture

61A Lecture 33 Announcements Database Management Systems Database Management System Architecture

61A Lecture 33 Announcements Database Management Systems Database Management System Architecture 4 Architecture of a Database System by Hellerstein, Stonebreaker, and Hamilton Query Planning The manner in which tables are filtered, sorted,

208 views • 20 slides
Announcements 61A Lecture 34 Database Management System Architecture Database Management Systems

Announcements 61A Lecture 34 Database Management System Architecture Database Management Systems

Announcements 61A Lecture 34 Database Management System Architecture Database Management Systems 4 Architecture of a Database System by Hellerstein, Stonebreaker, and Hamilton Query Planning The manner in which tables are filtered, sorted,

185 views • 3 slides
Architecture for CASM Coordinated Address Space Management

Architecture for CASM Coordinated Address Space Management

IETF 98 th Architecture for CASM Coordinated Address Space Management draft-li-casm-address-pool-management-architecture-00 draft-kumar-casm-requirements-and-framework-00 Chen Li, Chongfeng Xie(China Telecom), Jun Bi(Tsinghua University)

392 views • 14 slides
Architecture for CASM Coordinated Address Space Management

Architecture for CASM Coordinated Address Space Management

IETF 98 th Architecture for CASM Coordinated Address Space Management draft-li-casm-address-pool-management-architecture-00 draft-kumar-casm-requirements-and-framework-00 Chen Li, Chongfeng Xie(China Telecom), Jun Bi(Tsinghua University)

401 views • 19 slides
Using Premia and Nsp on a Parallel Architecture for Risk Management Benchmark Jean-Philippe

Using Premia and Nsp on a Parallel Architecture for Risk Management Benchmark Jean-Philippe

Introduction Premia: a library for numerical computations in finance Using Premia and Nsp on a Parallel Architecture Nsp Nsp toolboxes Practical experiments Conclusion Using Premia and Nsp on a Parallel Architecture for Risk Management

247 views • 21 slides
LBNF Spectrometer: Architecture &amp; DutyFactor Paul Lebrun (for the LBNF Spectrometer group.)

LBNF Spectrometer: Architecture &amp; DutyFactor Paul Lebrun (for the LBNF Spectrometer group.)

LBNF Spectrometer: Architecture &amp; DutyFactor Paul Lebrun (for the LBNF Spectrometer group.) ND/Fermilab July 6 2017 Spectrometer Architecture &amp; Duty Factor 1 Outline My list of task, very broad overview Architecture

505 views • 35 slides
Whoops! Where did my architecture go? Approaches to architecture management for Java and Spring

Whoops! Where did my architecture go? Approaches to architecture management for Java and Spring

Whoops! Where did my architecture go? Approaches to architecture management for Java and Spring applications Oliver Gierke Oliver Gierke SpringSource Engineer Spring Data ogierke@vmware.com olivergierke www.olivergierke.de Background 5

1.05k views • 67 slides
IMS based NGN IMS based NGN Architecture Architecture and its application and its application

IMS based NGN IMS based NGN Architecture Architecture and its application and its application

I nternational Telecom m unication Union ITU-T IMS based NGN IMS based NGN Architecture Architecture and its application and its application Dick Knight BT Group plc I TU-T W orkshop NGN and its Transport Netw orks Kobe, 2 0 -2 1

218 views • 17 slides
Medical Organization Needs SOA Patients Service Oriented Architecture Finance Doctors Data

Medical Organization Needs SOA Patients Service Oriented Architecture Finance Doctors Data

Management of Patient Records Management of Medical Records Management of Services Price management Relations with Insurance Company Financial Management and Accounting Medical Supplies Management Auxiliary

952 views • 9 slides
Zoo Architecture - Animal / Visitor / Management Friendly Designs, Presentation at the SAZARC

Zoo Architecture - Animal / Visitor / Management Friendly Designs, Presentation at the SAZARC

Zoo Architecture - Animal / Visitor / Management Friendly Designs, Presentation at the SAZARC Fourth Annual Meeting, Colombo, December 1-7, 2003 (usually uninformed) designer clearer. It results in The Principles of Zoo Friendly Architecture

319 views • 3 slides
Mikro-SINA Bastei's stacked policies Overlay window management Demo TU Dresden,

Mikro-SINA Bastei's stacked policies Overlay window management Demo TU Dresden,

So far ... Faculty of Computer Science Institute for System Architecture, Operating Systems Group Basics Device Drivers Real time Naming Secure Systems Resource Management Stefan Kalkowski Virtualization / Legacy

347 views • 7 slides
Matthew Series Lesson #025 March 2, 2014 Dean Bible Ministries www.deanbible.org Dr. Robert L.

Matthew Series Lesson #025 March 2, 2014 Dean Bible Ministries www.deanbible.org Dr. Robert L.

Matthew Series Lesson #025 March 2, 2014 Dean Bible Ministries www.deanbible.org Dr. Robert L. Dean, Jr. Salt and Light Matthew 5:13 Matt. 5:10, Blessed are those who are persecuted for righteousness sake, For theirs is the kingdom of

862 views • 17 slides
Continuous Improvement Toolkit Traffic Light Assessment www. citoolkit .com The Continuous

Continuous Improvement Toolkit Traffic Light Assessment www. citoolkit .com The Continuous

Continuous Improvement Toolkit Traffic Light Assessment www. citoolkit .com The Continuous Improvement Map Managing Selecting &amp; Decision Making Planning &amp; Project Management* Risk PDPC Daily Planning PERT/CPM Break-even Analysis

491 views • 24 slides
POLITICS POLITICS POLITICS POLITICS How much should I be involved? How much should I be

POLITICS POLITICS POLITICS POLITICS How much should I be involved? How much should I be

POLITICS POLITICS POLITICS POLITICS How much should I be involved? How much should I be involved? How much should I be involved? How much should I be involved? Matthew 5 The problem with political jokes is that they often get elected.

875 views • 35 slides
A Sign of Royalty LESSON 8 Your Response to the Lesson What was most interesting in the Bible

A Sign of Royalty LESSON 8 Your Response to the Lesson What was most interesting in the Bible

A Sign of Royalty LESSON 8 Your Response to the Lesson What was most interesting in the Bible story? What activity was most enjoyable? What new things did you learn? Activity A Feeling Hurt What are times you felt hurt? How did you

670 views • 22 slides
You are the light of the world. A city that is set on a hill cannot be hidden. Matthew 5:14

You are the light of the world. A city that is set on a hill cannot be hidden. Matthew 5:14

You are the light of the world. A city that is set on a hill cannot be hidden. Matthew 5:14 The You Are Passages The You Are Passages These are not you do passages, but you are The You Are Passages These are not

1.44k views • 126 slides
Password hashing CS 161: Computer Security Prof. Raluca Ada Popa Feb 19, 2018 Announcement

Password hashing CS 161: Computer Security Prof. Raluca Ada Popa Feb 19, 2018 Announcement

Password hashing CS 161: Computer Security Prof. Raluca Ada Popa Feb 19, 2018 Announcement Project 2 to be released Thursday Midterm grades announced at end of week Passwords Tension between usability and security choose random and choose

528 views • 20 slides
Salting things up in the Devops World Things just got real whoami Juan Manuel Santos

Salting things up in the Devops World Things just got real whoami Juan Manuel Santos

Salting things up in the Devops World Things just got real whoami Juan Manuel Santos Team Leader / Principal Technical Support Engineer @ Red Hat Organizer of sysarmy / nerdear.la Using Salt for a couple of years now,

518 views • 47 slides
Salting things up in the sysadmin's world Juan Manuel Santos Who? (boring part) Juan Manuel

Salting things up in the sysadmin's world Juan Manuel Santos Who? (boring part) Juan Manuel

Salting things up in the sysadmin's world Juan Manuel Santos Who? (boring part) Juan Manuel Santos godlike64 on github / gmail / twitter godlike on freenode Information Systems Engineer / RHCA TL - STSE @ Red Hat Need beer

964 views • 58 slides

More recommend