Presentation By: Garrett Lund
Paper By: Sandro Rafaeli and David Hutchison
Overview
Background Information
IP Multicast
Assumptions
Requirements
Rekeying Methods
Centralized Group Key Management Protocols
Decentralized Architectures
Distributed
Ethics
Sources
IP Multicast
Between Unicast and Broadcast
Network Switches and Routers are responsible for replication and distribution
IP Multicast Applications
IP Multicast Applications
Encryption Review
Obviously some of these applications require limited access.
No public key, but a “group key”
Assumptions
When a user joins, we have a way to get them their first key
When a user leaves there is a possibility of them continuing to acquire messages
Every user eventually gets the intended messages
Membership Changes
Groups need to be dynamic, allowing (authorized) members to join the group and allowing administrators to expel members from the group
Backwards Secrecy
Forward Secrecy
Rekeying
We need a way to get new keys to the users
Since multicast is being used for group transmission, it is assumed that multicast should be used for rekeying the group
Three Approaches
Centralized
Decentralized
Distributed
Rekeying Requirements
Storage Requirements
Size of Rekey Messages
Backwards Secrecy
Forwards Secrecy
Collusion
Overview
Background Information
IP Multicast
Assumptions
Requirements
Rekeying Methods
Centralized Group Key Management Protocols
Decentralized Architectures
Distributed
Ethics
Sources
Centralized Approaches
We have a Key Distribution Center (KDC)
KDC is in charge of managing all of the group’s keys
Simple
Assign a secret key to each member
Use a group key to send group messages
Each member can recover the group key from the appropriate segment of the rekey message using its secret key
Simple Example
Rekey Message
DSFDBSAF
SDFREGEF
DSFAGFAS
FD@#DSG
FDGFDPG
GFDSFDH
JHFTY546
GFD5FGS&
GF5REYHH
. . .
User F
GFDSFDH
Secret Key
Group Key
Simple Example
DFDS#@FDSA
User F
Secret Key
Group Key
Secret Message
Simple Problems
1. The KDC has to encrypt the new key n times
2. The message could potentially be huge
If n = 1 million and K is 56 bits
The message would be 10 MB long
3. You have to develop a protocol so that each user knows which part of the message is appropriate for them to decrypt with their secret key
Group Key Management Protocol
(GKMP)
Have 2 group keys and no secret key
One Group Transmission Encryption Key (GTEK)
One Group Key Encryption Key (GKEK)
GKEK used to encrypt the GTEK when it changes
Since GKEK will never change, the system lacks forward secrecy, you cannot kick a member out since they will always know the GKEK
Logical Key Hierarchy (LKH)
Use a balanced Binary Tree to store keys hierarchically
LKH Example
Rekey Message
DSFDBSAF
…
SDFREGEF
…
DSFAGFAS
…
FD@#DSG
…
FDGFDPG
…
GFDSFDH
…
JHFTY546
Corresponds to: k
K14
K58
K12
K34
K56
K78
We Want k k3 k34 k14 k
User u3
Logical Key Hierarchy (LKH)
Other Centralized Approaches
One-Way Function Trees (OFT)
One-Way Function Chain Trees (OFCT)
Clustering
Centralized Flat Table (FT)
Efficient Large-Group Key (ELK)
Centralized Approach Summary
Decentralized Approaches
Split the group into subgroups
Decentralized Approaches
Distributed Models
Two methods
Every member contributes
Pick a member at random
Distributed Example LKH
Distributed Summary
Ethics
Sources
"IP Multicast Technical Overview." Cisco Systems, Inc.
Web.< http://www.cisco.com/en/US/prod/collateral/io sswrel/ps6537/ps6552/prod_white_paper0900aecd804 d5fe6.pdf
>.
Rafaeli, Sandro, and David Hutchison. "A Survey of
Key Management for Secure Group Communication."
ACM Digital Library. Lancaster University, Sept. 2003.
Web. < http://portal.acm.org/citation.cfm?id=937506 >.
Wikipedia