Presentation is loading. Please wait.

Presentation is loading. Please wait.

Secure Group Communication: Key Management by Robert Chirwa.

Published byAlan Brooks Modified over 9 years ago

Similar presentations

Presentation on theme: "Secure Group Communication: Key Management by Robert Chirwa."— Presentation transcript:

1 Secure Group Communication: Key Management by Robert Chirwa

2 Outline Introduction: overview of Secure Group Communication Key Management in Secure Group Communication: challenges Existing approaches to key management Motivation for reliability enhancements Reliability solutions Performance analysis of reliability

3 Introduction Some group communication applications have security requirement Example: Cable company broadcasting pay-per-view movies desires to broadcast/multicast a movie. Movie should be viewed by only paying customers not all multicast recipients Solution: Sender and paying-customers share a secret (key). Sender encrypts movie packets and paying-customers decrypt. All other receivers are unable to decrypt.

4 Three problem areas Policy: how is access to the group authorized and authenticated, how is an encryption scheme chosen Key management: When should the group key be changed and how is a new shared group key distributed. A group key manager required. Data traffic encryption: suitable encryption methods

5 Issues addressed in group key management research Layer: At which layer should group key management be implemented: Network/Transport or Application? Backward access control: should new members have access to old communication? Forward access control: should members that have left have access to new communication? Rekeying period: should the group key be changed? How often?

6 The big problem One affects many: Mittra observed that group communication security has the property of all members being affected by the leaving, revocation, or joining of one member. Scalability is critical for large groups. Note that encryption/decryption has performance overhead.

7 Existing approaches Group Key Management Protocol (GKMP) Scalable Multicast Key Distribution (SMKD) Group Secure Association Key Management Protocol (GSAKMP) Iolus Key hierarchy schemes: Key graphs, Binary key trees, Boolean key tree Set difference

8 Group Key Management Protocol (GKMP) Initially developed for military use with unicast communication Commander chooses group key manager Untrusted leaves, create new group Keys have lifetime Later modified for multicast: group key manager selected by voting Group key manager generates group key encryption packets Others generate group traffic encrypted packets

9 Scalable Multicast Key Distribution (SMKD) Network layer secure multicast key management Key management integrated in the Core Based Tree (CBT) multicast protocol Each core node acts as a domain key manager Scales but not multicast protocol independent

10 Iolus The members of a secure group subdivided into subgroups The overall group is managed by a group security controller (GSC) Subgroups are managed by group security intermediaries (GSI) or group security agents (GSA) A message traversing multiple groups will be decrypted and encrypted several times at each GSA.

11 Iolus Fig.1: The Iolus framework

12 Keygraphs Secure group members allocated to subgroups. Subgroups may be subsets of larger subgroups A key graph has group keys at internal nodes and user keys at leaves maintained by group controller Each member is allocated all keys on the path from the root to the leaf New key for a subgroup encrypted with all keys from root to the key node that has changed Need only log(n) messages to rekey a group instead of n messages

13 Fig.2: Key graph

14 Keygraph member leave example u 9 in lower tree leaves Group controller creates new group key k 1-8 Group controller creates new subgroup key k 78 and unicasts to u 7 and u 8 encrypted with individual keys

15 Keygraph member leave example (continued) Group controller encrypts k 1-8 with k 456 and multicasts for u 4, u 5 and u 6 Group controller encrypts k 1-8 with k 123 and multicasts for u 1, u 2 and u 3 Group controller encrypts k 1-8 with k 78 and multicasts for u 7 and u 8 Top tree in the figure results

16 Reliability requirements of group key management If some members receive rekey messages late, they are unable to decrypt new messages OR they encrypt messages using old keys Rekey messages workload has a sparseness property Eventual reliability and soft real- time requirements

17 Batch rekeying Collect join and leave requests for a period of time and rekey after several requests are received Can reduce out-of-synch problems Improves worst case number of rekey messages from Ldlog d N to Ldlog d (N/L) where L is number of leaving members, d is tree degree, N is number of users

18 Careful key packaging Assume keys required for a rekey cannot fit in one packet Keys can be packaged from the keygraph using breadth first assignment (BFA) or depth first assignment (DFA) BFA is fair (low variance) but distributes keys for a user into many packets (large average) DFA is not fair (high variance) but puts keys for a user in few packets (low average) A new algorithm called Recursive-BFA is both fair and has a low average

19

20 R-BFA algorithm

21 Reliable key transport Receivers send a re-synch request if they cannot recover a rekey message in time. This solves the synchronization problem. Forward error correction (FEC) with a proactive factor used to provide the soft real-time requirement.

22 Proactive FEC algorithm Using Reed Solomon code Send k original and k( – 1) FEC packets At end of a round collect a max as the largest a r At the beginning of the next round: generate a max FEC packets, multicast k is number of required packets, a r is number of packets to resend,  is proactivity factor.

23 Performance Batch rekey improves performance. R-BFA optimizes number of key packets and fairness. Metrics were developed to determine a good tradeoff between bandwidth requirements and rekey interval.

24 References Yang, Li, Zhang, and Lam, “Reliable Group Rekeying: A Performance Analysis”, SIGCOMM2001, August 2001, San Diego, CA, USA. Harney and Muckerin, “Group Key Management Protocol (GKMP) Architecture”, RFC2094, July 1997. Ballardie A, “Scalable Multicast Key Distribution”, RFC1949, May 1996. Mittra Suvo, “Iolus: A Framework for Scalable Secure Multicasting”, SIGCOMM1997, 1997. Wong, Gouda, and Lam, “Secure Group Communication using Key Graphs”, SIGCOMM1998, September 1998. Lotspiech, Naor, and Naor, “Subset-Difference based Key Management for Secure Multicast”, Internet Draft, July 2001.

Download ppt "Secure Group Communication: Key Management by Robert Chirwa."

Similar presentations

A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
Computer Networking A Top-Down Approach Chapter 4.7.

Computer Networking A Top-Down Approach Chapter 4.7.
A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.

A hierarchical key management scheme for secure group communications in mobile ad hoc networks Authors: Nen-Chung Wang and Shian-Zhang Fang Sources: The.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
Presentation By: Garrett Lund Paper By: Sandro Rafaeli and David Hutchison.

Presentation By: Garrett Lund Paper By: Sandro Rafaeli and David Hutchison.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.

Chapter 14 From Cryptography and Network Security Fourth Edition written by William Stallings, and Lecture slides by Lawrie Brown, the Australian Defence.
Optimal Communication Complexity of Generic Multicast Key Distribution Saurabh Panjwani UC San Diego (Joint Work with Daniele Micciancio)

Optimal Communication Complexity of Generic Multicast Key Distribution Saurabh Panjwani UC San Diego (Joint Work with Daniele Micciancio)
Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.

Secure Multicast (II) Xun Kang. Content Batch Update of Key Trees Reliable Group Rekeying Tree-based Group Diffie-Hellman Recent progress in Wired and.
Lecture 6. Bandwidth allocation in multirate multicast is significantly more complicated than the unicast network. There can be several bandwidth allocation.

Lecture 6. Bandwidth allocation in multirate multicast is significantly more complicated than the unicast network. There can be several bandwidth allocation.
A Comparison of Layering and Stream Replication Video Multicast Schemes Taehyun Kim and Mostafa H. Ammar.

A Comparison of Layering and Stream Replication Video Multicast Schemes Taehyun Kim and Mostafa H. Ammar.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Towards Scalable and Reliable Secure Multicast Presenter: Yang Richard Yang Network Research Lab Department of Computer Sciences The University of Texas.

Towards Scalable and Reliable Secure Multicast Presenter: Yang Richard Yang Network Research Lab Department of Computer Sciences The University of Texas.
Scalable Application Layer Multicast Suman Banerjee Bobby Bhattacharjee Christopher Kommareddy ACM SIGCOMM Computer Communication Review, Proceedings of.

Scalable Application Layer Multicast Suman Banerjee Bobby Bhattacharjee Christopher Kommareddy ACM SIGCOMM Computer Communication Review, Proceedings of.
Secure Group Communications Using Key Graphs Chung Kei Wong, Member, IEEE, Mohamed Gouda Simon S. Lam, Fellow, IEEE Evgenia Gorelik Yuksel Ucar.

Secure Group Communications Using Key Graphs Chung Kei Wong, Member, IEEE, Mohamed Gouda Simon S. Lam, Fellow, IEEE Evgenia Gorelik Yuksel Ucar.
Slide Set 15: IP Multicast. In this set What is multicasting ? Issues related to IP Multicast Section 4.4.

Slide Set 15: IP Multicast. In this set What is multicasting ? Issues related to IP Multicast Section 4.4.
1 IP Multicasting. 2 IP Multicasting: Motivation Problem: Want to deliver a packet from a source to multiple receivers Applications: –Streaming of Continuous.

1 IP Multicasting. 2 IP Multicasting: Motivation Problem: Want to deliver a packet from a source to multiple receivers Applications: –Streaming of Continuous.
Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.

Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.

Similar presentations

Ads by Google