Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on LKH were originally provided by Dr. Wensheng Zhang at Iowa State.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security2 Outline Overview of group key distribution A naïve solution Iolus: A Framework for Scalable Secure Multicasting Logical key hierarchy (LKH)
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security3 Group Key Distribution Group session keys are determined by the group manager –Usually used for large groups. Group key manager Group members
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security4 A Naïve Solution Use a separate secure unicast connection from the group manager to EACH group member. Requirement –Each client shares a unique key with the controller. Poor scalability: –n secure unicast connections –n secret keys
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security5 Problems Specific to Group Communication “1 affects n” problem –The actions of one member affects the entire group Group key manager Old members New member joins
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security6 Problems Specific to Group Communication (Cont’d) “1 does not equal n” problem –Cannot deal with the group as a whole –Must consider the conflicting demands of members on an individual basis Group key manager Group members Member leaves Example: Cannot use the old group key to distribute the new group key.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security7 Iolus Divide a large group into smaller groups Introduce entities that manage and connect the subgroups –Group security controllers (GSC) Control the entire group –Group security intermediaries (GSI) Control the subgroups on behalf of GSC –GSC and GSI are both referred to as group security agent (GSA) –With GSC as the root, GSAs form a hierarchy of subgroups A lower-level GSA is a member of the group headed by the higher- level GSA
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security8 Iolus (Cont’d)
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security9 Iolus (Cont’d) Joins –GSA generates K GSA-MBR –Store this key along with other information –Send K GSA-MBR to the new member in a secure channel –Generate a new group key K’ G –Send {K’ G }K G to the group –Send K’ G to the new member in a secure channel
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security10 Iolus (Cont’d) Leaves –Generate a new group key K’ G –Send K’ G to each member MBR individually in the secure channel encrypted with K GSA-MBR
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security11 Iolus (Cont’d) Data transmission –Data retransmitted within each subgroup
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security12 Iolus (Cont’d) Iolus for group key management –Replace the data with the group key in data transmission
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security13 Logical entities Group key members Group Controller N: number of members D: tree degree depth 1 ()lnN () d Key Tree Approaches Two types of keys –SEKs (Session Encryption Key) –KEKs (Key Encryption Key) A Group Controller constructs a tree based hierarchy of KEKs
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security14 Logical Key Hierarchy (LKH) Keys are organized in a (logical) hierarchical tree –Group key is located at the root –Key encryption keys are the non-root, non-leave nodes –Each member corresponds to one leave node Updates the group key and the key encryption key by means of the encryption of key-nodes Rekey with only O(logN) messages
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security15 K 32 K 31 K 33 K 34 K 35 K 36 K 37 K 38 K 22 K 21 K 23 K 24 K 11 K 12 K0K0K0K0GKCs M1M1M1M1 M2M2M2M2 M4M4M4M4 M6M6M6M6 M5M5M5M5 M3M3M3M3 M7M7M7M7 M8M8M8M8 N secure channels LKH (Cont’d) Initialization
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security16 GKCs K 32 K 31 K 34 K 35 K 36 K 37 K 38 K 22 K 21 K 23 K 24 K 11 K 12 K0K0K0K0 M1M1M1M1 M2M2M2M2 M4M4M4M4 M6M6M6M6 M5M5M5M5 M3M3M3M3 M7M7M7M7 M8M8M8M8 ()lnN () d Rekeying Messages K’ 11 K’ 22 K’ 0 K 34 { K 11 ’} K 34 { K 0 ’} K 34 { K 22 ’} K 21 { K 11 ’} K 21 { K 0 ’} K 12 { K 0 ’} LKH (Cont’d) Member leave
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security17 GKCs K 32 K 31 K 33 K 34 K 35 K 36 K 37 K 38 K 22 K 21 K 23 K 24 K 11 K 12 K0K0K0K0 M1M1M1M1 M2M2M2M2 M4M4M4M4 M6M6M6M6 M5M5M5M5 M3M3M3M3 M7M7M7M7 M8M8M8M8 ()lnN () d Rekeying messages K’ 21 K’ 11 K’ 0 K 21 { K 21 ’} K 11 { K 11 ’} K 0 { K 0 ’} K 31 { K 21 ’} K 31 { K 11 ’} K 31 { K 0 ’} LKH (Cont’d) Member join
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security18 User, Key, or Group Oriented Rekeying User-oriented re-keying –Grouping re-keying messages by users –Less but bigger messages Key-oriented re-keying –Grouping re-keying messages by keys –More but smaller messages Group-oriented re-keying –Putting all re-keying messages together to generate a big, fat message –Only one gigantic message
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security19 Example User oriented Key oriented Group oriented