Presentation is loading. Please wait.

Presentation is loading. Please wait.

Multicast Security Cryptographic Protocols InKwan Yu.

Published byPaula Freeman Modified over 9 years ago

Similar presentations

Presentation on theme: "Multicast Security Cryptographic Protocols InKwan Yu."— Presentation transcript:

1 Multicast Security Cryptographic Protocols InKwan Yu

2 Multicast Security Issues Multicast What is it? An efficient way to communicate between 1-to-n or m- to-n hosts Applications Audio/video streaming, conferencing, multi-player gaming, stock quotes distribution, command and control communication, and much more. Features Open access to receive data Open membership Open access to send data in a multicast group

3 Multicast Security Issues Receiver Access Control Group policy specification functions Authentication & authorization /w public key cryptography Source Authentication Digital signature, MAC

4 Multicast Security Issues Multicast Security Issues (Cont) Multicast Fingerprint Watermarking is embedding copyright information in the contents Fingerprint is a watermarking for a specific user Desirable features of fingerprint non-removable, collusion resistance, asymmetric fingerprinting, protection granularity, efficiency

5 Multicast Security Issues Multicast Security Issues (Cont) Multicast Fingerprint (Cont) Methods Intermediate routers can cooperate with the sender to create a unique stream to each member Sender may multicast the most of data and unicast some of unique data to each member Two different streams can uniquely arbitrate for a different user

6 Multicast Security Issues Multicast Security Issues (Cont) Group Key Management Shared group key to encrypt the multicast data Rekey Core functionality for the multicast security Group Key Management Issues Member identification and authentication between GCKS (Group Controller/Key Server) and members Access control to validate the join operation Generation, distribution and installation of key materials. Keys should be regularly changed and key generation should be independent of past and future keys

7 Multicast Security Issues Group Key Management Issues(Cont) Forward secrecy to prevent a leaving group member to access the group communication. Backward secrecy to prevent a joining group member to decipher previous messages before its join. Storage requirements. The number of keys necessary to operate the system Size of messages. The message size needed to rekey. Collusion. Members of the group can cooperate to compromise the system security Key independence, decentralized controller, local rekey, number of rounds, number of messages

8 Multicast Security Issues Issues & Solutions multicast Open group Membership Open group Membership All receive data All receive data Outside member sends data Outside member sends data Open access to distributed content Open access to distributed content No individualization of received data No individualization of received data Open access to send data to group Open access to send data to group Denial of service Eavesdropping No theft deterrence No theft deterrence Denial of service Masquerading Multicast receiver access control Multicast receiver access control Group key management Group key management Multicast fingerprinting Multicast fingerprinting Multicast source access control Multicast source access control Multicast source authentication Multicast source authentication Properties Security issues Security vulnerabilities Security solutions

9 Multicast Security Architecture Reference RFC 3740 What’s in it Overview and rationale of multicast security architecture Reference frameworks of secure multicast protocols

10 Multicast Security Architecture GSA (Group Security Association) SA (Security Association) Necessary shared information between two parties for a secure comm. Selectors (destination transport address) Properties (algorithms, modes, key lifetimes, key lengths) Keys for authentication, encryption and signing

11 Multicast Security Architecture GSA (Cont) Def. of GSA Aggregate of Sas REG SA Unicast SA that a group member uses to pull GSA information from Group Controller/Key Server (GCKS) REKEY SA SA used for rekeying DATA SA Shared by among the group members Superset of SAs Includes Attributes of SA

12 Multicast Security Architecture GSA (Cont) GCKS REG REKEY REG GCKS REG REKEY REG REG REKEY Sender DATA REG REKEY Sender DATA REG REKEY Receiver DATA REG REKEY Receiver DATA

13 Multicast Security Architecture Centralized Multicast Security Reference Framework Policy Sever Policy Sever Group Controller/ Key Server Group Controller/ Key Server Sender Receiver Multicast Security Policies Group Key Management Multicast Data Handling

14 Multicast Security Architecture Distributed Multicast Security Reference Framework Policy Sever Policy Sever Group Controller/ Key Server Group Controller/ Key Server Sender Receiver Policy Sever Policy Sever Group Controller/ Key Server Group Controller/ Key Server Receiver Multicast Security Policies Group Key Management Multicast Data Handling

15 Multicast Security Architecture Hierarchically-organized Decentralized Key Distribution GCKS Member Sub GCKS Member.. Sub GCKS..

16 Group Key Management Protocol Reference RFC 2093 and RFC 2094 Features Public key algorithm for authentication certificates Pairwise key exchange Member compromise can be solved only by creating a new group GTEK(Group Traffic Encryption Key) for data GKEK(Group Key Encryption Key) for the group key

17 Group Key Management Protocol Group Key Generation CONTROLLERCONTROLLER CONTROLLERCONTROLLER MEMBERMEMBER MEMBERMEMBER Create Group Keys 1 (rand #) Create Group Keys 2 (# for GTEK, GKEK) Negotiate Group Keys 1 (GTEK, GKEK, permission,group id, group member, rekey interval,CRL (compromise recovery list) Negotiate Group Keys 2

18 Group Key Management Protocol Group Key Distribution CONTROLLERCONTROLLER CONTROLLERCONTROLLER MEMBERMEMBER MEMBERMEMBER Create Session Keys 1 (rand #) Create Session Keys 2 (# for SKEK) Negotiate Session Keys 1 (SKEK, permission, group id, members) Negotiate Session Keys 2 Download Group Keys(GTEK, GKEK, group id, group permission, rekey interval) Key Download Acknowledge

19 Group Key Management Protocol Rekey CONTROLLERCONTROLLER CONTROLLERCONTROLLER MEMBERMEMBER MEMBERMEMBER Create Group Keys 1 Create Group Keys 2 Negotiate Session Keys 1 Negotiate Session Keys 2 Rekey_Multicast

20 Group Key Management Protocol Join CONTROLLERCONTROLLER CONTROLLERCONTROLLER MEMBERMEMBER MEMBERMEMBER Create Session Keys 1 Create Session Keys 2 Negotiate Session Keys 1 Negotiate Session Keys 2 Download Group Keys Key Download Acknowledge Request Group Join

21 Tree Based Multicast Group Key Management Reference RFC 2627 Features The secure removal of a compromised user from the multicast group Transmission efficiency Storage efficiency Net key is a root key used as DEK

22 Tree Based Multicast Group Key Management Initialization Pair wise KEKs with each user by the public key exchange protocol Key for each node is generated From the parents of leaf nodes up to the root, the server transmits the key for each node encrypted with the keys of each of the node’s children Each leaf has all keys on the path to the root

23 Tree Based Multicast Group Key Management Member Deletion Ex) When the user 11 is deleted New key for F is encrypted with the user 12’s KEK and sent New key for K is encrypted with the new key for F and sent. New key for K is encrypted with the new key for E and sent for the users 9 and 10 New key for N is encrypted with keys of K and L, etc. until a new root key(DEK) is distributed.

24 Tree Based Multicast Group Key Management Logical Key Distribution Architecture Key O Key A Key J 1 1 2 2 3 3 4 4 5 5 6 6 7 7 8 8 9 9 10 11 12 13 14 15 16 Key B Key C Key D Key E Key F Key G Key H Key I Key K Key L Key M Key N intermediate keys net key users

25 Centralized Flat Key Distribution Architecture Each member has a fixed length id Each bit of id is assigned to a different KEK. Each member is assigned a set of unique KEKs according to the id bit values

26 Centralized Flat Key Distribution Flat ID Assignment (e.g 0110) TEK KEK 0.0KEK 0.1 KEK 1.0KEK 1.1 KEK 2.0KEK 2.1 KEK 3.0KEK 3.1 Bit 0 Bit 1 Bit 2 Bit 3 Bit value 0Bit value 1

27 Centralized Flat Key Distribution Join Assign KEKs from the KEK space Leave KEKs related to the deleted member’s id bits are assigned new KEKs. And new TEK is generated New KEKs are encrypted with the new TEK and the old KEK of that bit. KEKs related to bits not used by the deleted member is used to encrypt the new TEK

28 Centralized Flat Key Distribution KEK for Member 0110 Deletion

29 Scalable Multicast Key Distribution Reference RFC 1949 CBT (Core Based Tree Multicast Routing) RFC 2201 IP layer protocol CBT protocol creates a hard state routing tree among a multicast group. The multicast data follow the fixed multicast tree structure Tree branch is formed when there is at least one member join from a subtree In SMKD, the primary core of CBT establishes the security parameters used in the multicast

30 Scalable Multicast Key Distribution Scalability With enough information including keys and ACL (group access control list), each router can distribute the group key (DEK) and KEK This operation is dependent on the structure of CBT tree

31 Scalable Multicast Key Distribution Multicast Key Distribution using CBT Core router B B A A Host h A, B, router are non-core routers

32 Scalable Multicast Key Distribution Example Protocol

33 Dual Encryption Protocol Architecture Top level nodes may have different KEKs Using several KEKs may extend the key lifetime Each subgroup has a subgroup key Participating group manager will not be given a KEK. Only members have KEK. CC (Capability Certificates) are issued by a higher authority AC (Access Capability) is used to prevent multiple join DEK is encrypted with the KEK and the subgroup key

34 Dual Encryption Protocol Key Distribution Tree S S p1 g1 h1 p2 g2 h2 h3 h4 h6 h5 h7 h6 h5 h7 pigihi participant member host sender Top level Key group 1

35 Dual Encryption Protocol Join

36 Dual Encryption Protocol Leave The group manager multicast a message containing a new subgroup key encrypted with the rest of group member’s public keys To decrypt the DEK, KEK and subgroup key are necessary. Since the leaving member just has KEK and the old subgroup key, it cannot access the multicast data afterwards ensuring the forward secrecy.

37 Diffie-Hellman Group Key Distribution 3 Protocols are proposed No group controller. All members should cooperate to generate a group key

38 Diffie-Hellman Group Key Distribution Version 1

39 Diffie-Hellman Version 1 Example

40 Diffie-Hellman Group Key Distribution Version 2

41 Diffie-Hellman Version 2 Example

42 Diffie-Hellman Group Key Distribution Version 3

43 Diffie-Hellman Group Key Distribution Join for version 2

44 Diffie-Hellman Group Key Distribution Delete for version 2

45 Reference [1] Paul Judge and Mostafa Ammar, Security Issues and Solutions in Multicast Content Distribution: A Survey, IEEE Network, Jan/Feb 2003. [2] T. Hardjono and B Weis, RFC 3740, IETF, 2004 [3] SanFord Rafaeli and David Hutchison, A Survey of Key Management for Secure Group Communication, ACM Computing Survey, Vol 35, No. 3, Sept., 2003. [4] Lakshminath R. Dondeti, Sarit Mukherjee and Ashok Samal, Survey and Comparison of Secure Group Communication Protocols, Technical Report, University of Nebraska-Lincoln, June 1999. [5] Thoams Hardjono and Gene Tsudik, IP Multicast Security: Issues and Directions, Annales de Telecom, 2000.

46 Reference [6] R. Canetti, J. Garay, G. Itkis, D. Micciancio, M. Naor, and B. Pinkas, Multicast Security: A Taxonomy and Efficient Constructions. IEEE Infocom, NY, USA, March 1999. [7] A. Eskicioglu, Multimedia security in group communications: recent progress in key management, authentication, and watermarking. ACM Multimedia Systems Journal, Special Issue on Multimedia Security, September 2003. [8] H. Harney, C. Muckenhirn, Group Key Management Protocol (GKMP) Specification, RFC 2093, 1997. [9] H. Harney, C. Muckenhirn, Group Key Management Protocol (GKMP) Architecture, 2094, 1997. [10] A. Ballardie, Scalable Multicast Key Distribution, RFC 1949, 1996

47 Reference [11] D. Wallner, E. Harder and R. Agee, Key Management for Multicast: Isssues and Architectures, RFC 2627, 1999. [12] Lakshminath R. Dondeti and Sarit Mukherjee, A Dual Encryption Protocol for Scalable Secure Multicasting, IEEE ISCC, 1999 [13] Michael Steiner, Gene Tsudik and Michael Waidner, Diffie- Hellman Key Distribution Extended to Group Communication, ACM CCS, 1996. [14]Marcel Waldvogel, GErmano Caronni, Dan Sun, Nathalie Weiler and Berhard Plattner, The VersaKey FrameWork: Versatile Group Key Management, IEEE Journal on Selected Areas in Communications, 1999.

Download ppt "Multicast Security Cryptographic Protocols InKwan Yu."

Similar presentations

The Diffie-Hellman Algorithm

The Diffie-Hellman Algorithm
Internet Protocol Security (IP Sec)

Internet Protocol Security (IP Sec)
A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.

Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.

Group Protocols for Secure Wireless Ad hoc Networks Srikanth Nannapaneni Sreechandu Kamisetty Swethana pagadala Aparna kasturi.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
Presentation By: Garrett Lund Paper By: Sandro Rafaeli and David Hutchison.

Presentation By: Garrett Lund Paper By: Sandro Rafaeli and David Hutchison.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.

Information System Security AABFS-Jordan Summer 2006 IP Security Supervisor :Dr. Lo'ai Ali Tawalbeh Done by: Wa’el Musa Hadi.
Chapter 5 Network Security Protocols in Practice Part I

Chapter 5 Network Security Protocols in Practice Part I
Henric Johnson1 Ola Flygt Växjö University, Sweden +46 470 70 86 49 IP Security.

Henric Johnson1 Ola Flygt Växjö University, Sweden IP Security.
IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.

IP Security IPSec 2 * Essential Network Security Book Slides. IT352 | Network Security |Najwa AlGhamdi 1.
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.

CSCE 715: Network Systems Security Chin-Tser Huang University of South Carolina.
Optimal Communication Complexity of Generic Multicast Key Distribution Saurabh Panjwani UC San Diego (Joint Work with Daniele Micciancio)

Optimal Communication Complexity of Generic Multicast Key Distribution Saurabh Panjwani UC San Diego (Joint Work with Daniele Micciancio)
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:

Dr Alejandra Flores-Mosri Message Authentication Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to:
Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Cryptography1 CPSC 3730 Cryptography Chapter 10 Key Management.

Similar presentations

Ads by Google