Key Management For Secure Communication. Presentation By: Garrett Lund Paper By: Sandro Rafaeli and David Hutchison. Overview. Background Information IP Multicast Assumptions Requirements Rekeying Methods Centralized Group Key Management Protocols Decentralized Architectures - PowerPoint PPT Presentation
Key Management For Secure Communication
Key Management For Secure CommunicationPresentation By: Garrett
Lund
Paper By: Sandro Rafaeli and David HutchisonOverviewBackground
InformationIP MulticastAssumptionsRequirementsRekeying
MethodsCentralized Group Key Management ProtocolsDecentralized
ArchitecturesDistributedEthicsSources
IP MulticastBetween Unicast and BroadcastNetwork Switches and
Routers are responsible for replication and distribution
IP Multicast Applications
IP Multicast Applications
Encryption ReviewObviously some of these applications require
limited access.No public key, but a group key
AssumptionsWhen a user joins, we have a way to get them their
first keyWhen a user leaves there is a possibility of them
continuing to acquire messagesEvery user eventually gets the
intended messagesMembership ChangesGroups need to be dynamic,
allowing (authorized) members to join the group and allowing
administrators to expel members from the groupBackwards
SecrecyForward Secrecy
RekeyingWe need a way to get new keys to the usersSince
multicast is being used for group transmission, it is assumed that
multicast should be used for rekeying the groupThree
ApproachesCentralizedDecentralizedDistributedRekeying
RequirementsStorage RequirementsSize of Rekey MessagesBackwards
SecrecyForwards SecrecyCollusionBackground InformationIP
MulticastAssumptionsRequirementsRekeying MethodsCentralized Group
Key Management ProtocolsDecentralized
ArchitecturesDistributedEthicsSources
OverviewCentralized ApproachesWe have a Key Distribution Center
(KDC)KDC is in charge of managing all of the groups keysSimple
Assign a secret key to each memberUse a group key to send group
messagesEach member can recover the group key from the appropriate
segment of the rekey message using its secret key
Simple ExampleRekey
MessageDSFDBSAFSDFREGEFDSFAGFASFD@#DSGFDGFDPGGFDSFDHJHFTY546GFD5FGS&GF5REYHH.
. .User FGFDSFDH
Secret KeyGroup Key
Simple ExampleUser F
Secret KeyGroup Key
DFDS#@FDSA
Secret MessageSimple Problems1. The KDC has to encrypt the new
key n times2. The message could potentially be hugeIf n = 1 million
and K is 56 bitsThe message would be 10 MB long3. You have to
develop a protocol so that each user knows which part of the
message is appropriate for them to decrypt with their secret
key
Group Key Management Protocol (GKMP)Have 2 group keys and no
secret keyOne Group Transmission Encryption Key (GTEK)One Group Key
Encryption Key (GKEK)GKEK used to encrypt the GTEK when it
changesSince GKEK will never change, the system lacks forward
secrecy, you cannot kick a member out since they will always know
the GKEK
Logical Key Hierarchy (LKH)Use a balanced Binary Tree to store
keys hierarchically
LKH ExampleRekey
MessageDSFDBSAFSDFREGEFDSFAGFASFD@#DSGFDGFDPGGFDSFDHJHFTY546
User u3
k3We Want k34Use k3 on 5th lineWe get k34Corresponds to: k
K14
K58
K12
K34
K56
K78
k34We Want k14Use k34 on 2nd lineWe get k14
k14We Want kUse k14 on first lineWe get k
kLogical Key Hierarchy (LKH)
Other Centralized ApproachesOne-Way Function Trees (OFT)One-Way
Function Chain Trees (OFCT)ClusteringCentralized Flat Table
(FT)Efficient Large-Group Key (ELK)Centralized Approach Summary
Decentralized ApproachesSplit the group into subgroups
Decentralized Approaches
Distributed ModelsTwo methodsEvery member contributesPick a
member at randomDistributed Example LKH
Distributed Summary
Ethics
Sources"IP Multicast Technical Overview." Cisco Systems, Inc.
Web.. Rafaeli, Sandro, and David Hutchison. "A Survey of Key
Management for Secure Group Communication." ACM Digital Library.
Lancaster University, Sept. 2003. Web. . Wikipedia
