View
217
Download
1
Category
Tags:
Preview:
Citation preview
Efficient Kerberized Multicast
Olga KornievskaiaUniversity of MichiganGiovanni Di CrescenzoTelcordia Technologies
Outline
Efficient cross realm authentication in Kerberos Review original Kerberos Propose a new extension for distributed operations in
Kerberos Multi-center multicast encryption schemes
Review single center schemes Extend common schemes to distributed setting
Integrating Kerberos with multicast encryption schemes
Motivation
Increasing interest in group communication applications Audio and video conferencing, data casting,
collaborative applications Problem: security Goal: provide a practical solution
System Model
Internet
slow
Intranetfast
Intranet
Intranet
Kerberos Based on Needham and Schroeder protocol Doesn’t use asymmetric key crypto (fast) Relies on a trusted third party (KDC) Authentication is based on special data structures -
tickets Notation
KDC – Key Distribution Center TGS – Ticket Granting Service Alice, Bob – Kerberos principals KA,B – Key shared by Alice and Bob KA – Key derived from Alice’s password TGT – Ticket granting ticket T - nonce (timestamp) used to protect again replay attacks
Kerberos: Login Phase
“Hi, I’m Alice”
Alice
TGT = {Alice, TGS, KA,TGS}KTGS
{KA,TGS, T}KA
KDC
Kerberos: Service Ticket Request
Alice, Bob,TGT
TKT = {Alice, Bob, KA,B}KB
{KA,B, T}KA,TGS
Alice Bob
TGS
Kerberos: Application Request
Alice, TKT, {Request}KA,B
Alice Bob
KDC
Distributed Operations in Kerberos
Multiple Kerberos realms Each realm administers local principals No replication of data
Off-line phase Shared keys established between participating
KDCs Ex: Wonderland and Oz
KW,Oz – shared key between KDCs Alice@Wonderland, Bob@Oz
Cross Realm Kerberos: Local Request
Alice@Wonderland,Bob@Oz,TGT
RTGT = {Alice@Wonderland, TGS@Oz, KA,TGS@Oz}KW,Oz
{KA,TGS@Oz, T}KA,TGS@W
TGS@Wonderland
Alice@Wonderland Bob@Oz
Cross Realm Kerberos: Remote Req
Alice@Wonderland,Bob@Oz,RTGT
TKT = {Alice@Wonderland, Bob@Oz, KA,B}KB
{KA,B, T}KA,TGS@Oz
TGS@Oz
Alice@Wonderland Bob@Oz
Cross Realm Kerberos
Alice@Wonderland, TKT, {Request}KA,B
Alice@Wonderland Bob@Oz
Efficient Cross Realm Protocol
Can we improve: Network delays KDC workload Client workload Compatible with non-distributed version of
Kerberos
Fake Ticket Protocol: Step 1
Alice@Wonderland,Bob@Oz,TGT
FTKT = {Alice@Wonderland, Bob@Oz, KA,B}KW,Oz
{KA,B, T}KA,TGS@W
TGS@Wonderland
Alice@Wonderland Bob@Oz
Protocol: Step 2
Alice@Wonderland, FTKT, {Request}KA,B
Alice@Wonderland Bob@Oz
Protocol: Step 3
TGS@Oz
Alice@Wonderland Bob@Oz
TGT, FTKTTKT = {Alice@Wonderland, Bob@Oz, KA,B}KB
{KA,B, T}KB,TGS@Oz
Evaluation
Minimizes the number of Internet (slow) messages
Reduced the workload on the client (Alice) Alice’s software doesn’t need to be
modified Extends easily to sending a message to a
group
Outline
Efficient cross realm authentication in Kerberos
Multi-center multicast encryption schemes Integrating Kerberos with multicast
encryption schemes
Multicast Encryption
Methods for performing secure communication among a group of users
Key management problem: Join/leave operations
Non-collaborative schemes: Single center responsible for managing keys
Schemes evaluated based on: Communication complexity Storage complexity (both center and user)
Minimal Storage Scheme
Users store two keys: KG - group key KI,C - individual key shared with the center
Center stores two keys: KG - group key KM – secret key used to generate individual
user’s key Key update operation has linear
communication cost
Tree-based Schemes
Build a logical tree Each node represents a key:
Root – group key Leaves – individual user keys
User stores all keys on the path from the leave to the root User storage complexity is logarithmic
Center stores all keys in the tree Center storage complexity is linear
Tree-based Schemes (cont.)
Key update operation requires logarithmic number of messages: Change all keys on the path from the removed
leave Use siblings’ keys to distributes new keys
Multi-center Multicast: First Look
Multiple centers managing separate sets of clients
Build a single binary tree Replicate tree at each center Key updates require only local
communication Inefficient center and user storage:
Total center storage is O(n2) Each center stores keys for clients it doesn’t
manage
Extended Tree-based Multi-center
Each center manages M users Each center builds a logical tree (size M) Each user stores O(log M) keys All centers share a key, KC
Key update operation requires (log M + N/M) message
Center storage among all centers is linear
Huffman Tree-based Multi-center
Each center has different number of users Binary tree schemes doesn’t provide an
optimal tree Each center builds a local tree Associate a codeword with each center Run Huffman algorithm to obtain minimal
tree Tree structure is kept by all centers
Outline
Efficient cross realm authentication in Kerberos
Multi-center multicast encryption schemes Integrating Kerberos with multicast
encryption schemes
Integration of Kerberos with Multicast Schemes
Need to extend Kerberos to sending a message to a group
N clients Each KDC manages M clients Notation
KG – group key KC – key shared among all KDCs
Kerberized Multicast
Alice, Group,TGT
RTGT1,.., RTGTN/M
Alice
Integration Illustrated
Alice
RTGTs
Integration Illustrated (cont)
Alice
TKTI1,.., TKTIk
TKTJ
TKTK1,.., TKTKm
Integration Illustrated (cont)
Alice
Alice, TKT1,.. TKTN
Kerberized Multicast with Fake Tickets
Alice, Group,TGT
FTKTG = {Alice@Wonderland, Group, KG}KC
Alice
Integration Illustrated
Alice
Alice, FTKTG
Integration Illustrated (cont)
Alice
TGTI,FTKTG
TGTJ,FTKTG
TGTK,FTKTG
Integration Illustrated (cont)
Alice
TKTI TKTJ TKTK
Conclusion
Presented an extension to Kerberos for cross realm authentication Eliminates Internet (slow) communications
Presented an extension to multicast encryption schemes that optimizes for multiple centers
Explored integrating cross realm authentication with multicast encryption schemes
Recommended