Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo
advertisement
Efficient Kerberized Multicast
Olga Kornievskaia
University of Michigan
Giovanni Di Crescenzo
Telcordia Technologies
Outline
Efficient cross realm authentication in Kerberos
Multi-center multicast encryption schemes
Review original Kerberos
Propose a new extension for distributed operations in
Kerberos
Review single center schemes
Extend common schemes to distributed setting
Integrating Kerberos with multicast encryption
schemes
Motivation
Increasing interest in group communication
applications
Audio and video conferencing, data casting,
collaborative applications
Problem: security
Goal: provide a practical solution
System Model
Intranet
slow
Internet
Intranet
fast
Intranet
Kerberos
Based on Needham and Schroeder protocol
Doesn’t use asymmetric key crypto (fast)
Relies on a trusted third party (KDC)
Authentication is based on special data structures tickets
Notation
KDC – Key Distribution Center
TGS – Ticket Granting Service
Alice, Bob – Kerberos principals
KA,B – Key shared by Alice and Bob
KA – Key derived from Alice’s password
TGT – Ticket granting ticket
T - nonce (timestamp) used to protect again replay attacks
Kerberos: Login Phase
KDC
“Hi, I’m Alice”
TGT = {Alice, TGS, KA,TGS}KTGS
{KA,TGS, T}KA
Alice
Kerberos: Service Ticket Request
TGS
Alice, Bob,
TGT
TKT = {Alice, Bob, KA,B}KB
{KA,B, T}KA,TGS
Alice
Bob
Kerberos: Application Request
KDC
Alice, TKT, {Request}KA,B
Alice
Bob
Distributed Operations in Kerberos
Multiple Kerberos realms
Each realm administers local principals
No replication of data
Off-line phase
Shared keys established between participating
KDCs
Ex: Wonderland and Oz
KW,Oz – shared key between KDCs
Alice@Wonderland, Bob@Oz
Cross Realm Kerberos: Local Request
TGS@Wonderland
Alice@Wonderland,
Bob@Oz,
TGT
RTGT = {Alice@Wonderland,
TGS@Oz, KA,TGS@Oz}KW,Oz
{KA,TGS@Oz, T}KA,TGS@W
Alice@Wonderland
Bob@Oz
Cross Realm Kerberos: Remote Req
TGS@Oz
Alice@Wonderland,
Bob@Oz,
RTGT
TKT = {Alice@Wonderland,
Bob@Oz, KA,B}KB
{KA,B, T}KA,TGS@Oz
Alice@Wonderland
Bob@Oz
Cross Realm Kerberos
Alice@Wonderland, TKT,
{Request}KA,B
Alice@Wonderland
Bob@Oz
Efficient Cross Realm Protocol
Can we improve:
Network delays
KDC workload
Client workload
Compatible with non-distributed version of
Kerberos
Fake Ticket Protocol: Step 1
TGS@Wonderland
Alice@Wonderland,
Bob@Oz,
TGT
FTKT = {Alice@Wonderland,
Bob@Oz, KA,B}KW,Oz
{KA,B, T}KA,TGS@W
Alice@Wonderland
Bob@Oz
Protocol: Step 2
Alice@Wonderland,
FTKT, {Request}KA,B
Alice@Wonderland
Bob@Oz
Protocol: Step 3
TGS@Oz
TGT, FTKT
TKT = {Alice@Wonderland,
Bob@Oz, KA,B}KB
{KA,B, T}KB,TGS@Oz
Alice@Wonderland
Bob@Oz
Evaluation
Minimizes the number of Internet (slow)
messages
Reduced the workload on the client (Alice)
Alice’s software doesn’t need to be modified
Extends easily to sending a message to a
group
Outline
Efficient cross realm authentication in
Kerberos
Multi-center multicast encryption schemes
Integrating Kerberos with multicast
encryption schemes
Multicast Encryption
Methods for performing secure
communication among a group of users
Key management problem:
Non-collaborative schemes:
Join/leave operations
Single center responsible for managing keys
Schemes evaluated based on:
Communication complexity
Storage complexity (both center and user)
Minimal Storage Scheme
Users store two keys:
Center stores two keys:
KG - group key
KI,C - individual key shared with the center
KG - group key
KM – secret key used to generate individual user’s
key
Key update operation has linear
communication cost
Tree-based Schemes
Build a logical tree
Each node represents a key:
User stores all keys on the path from the
leave to the root
Root – group key
Leaves – individual user keys
User storage complexity is logarithmic
Center stores all keys in the tree
Center storage complexity is linear
Tree-based Schemes (cont.)
Key update operation requires logarithmic
number of messages:
Change all keys on the path from the removed
leave
Use siblings’ keys to distributes new keys
Multi-center Multicast: First Look
Multiple centers managing separate sets of
clients
Build a single binary tree
Replicate tree at each center
Key updates require only local communication
Inefficient center and user storage:
Total center storage is O(n2)
Each center stores keys for clients it doesn’t
manage
Extended Tree-based Multi-center
Each center manages M users
Each center builds a logical tree (size M)
Each user stores O(log M) keys
All centers share a key, KC
Key update operation requires (log M + N/M)
message
Center storage among all centers is linear
Huffman Tree-based Multi-center
Each center has different number of users
Binary tree schemes doesn’t provide an
optimal tree
Each center builds a local tree
Associate a codeword with each center
Run Huffman algorithm to obtain minimal tree
Tree structure is kept by all centers
Outline
Efficient cross realm authentication in
Kerberos
Multi-center multicast encryption schemes
Integrating Kerberos with multicast
encryption schemes
Integration of Kerberos with
Multicast Schemes
Need to extend Kerberos to sending a
message to a group
N clients
Each KDC manages M clients
Notation
KG – group key
KC – key shared among all KDCs
Kerberized Multicast
Alice,
Group,
TGT
RTGT1,.., RTGTN/M
Alice
Integration Illustrated
RTGTs
Alice
Integration Illustrated (cont)
TKTI1,.., TKTIk
Alice
TKTJ
TKTK1,.., TKTKm
Integration Illustrated (cont)
Alice, TKT1,.. TKTN
Alice
Kerberized Multicast with Fake
Tickets
Alice,
Group,
TGT
FTKTG = {Alice@Wonderland,
Group, KG}KC
Alice
Integration Illustrated
Alice, FTKTG
Alice
Integration Illustrated (cont)
TGTI,
FTKTG
Alice
TGTJ,
FTKTG
TGTK,
FTKTG
Integration Illustrated (cont)
TKTI
Alice
TKTJ
TKTK
Conclusion
Presented an extension to Kerberos for cross
realm authentication
Eliminates Internet (slow) communications
Presented an extension to multicast
encryption schemes that optimizes for
multiple centers
Explored integrating cross realm
authentication with multicast encryption
schemes
