1 / 21

CSC 774 Advanced Network Security

CSC 774 Advanced Network Security. Secure Group Communications Using Key Graphs Presented by: Siddharth Bhai 9 th Nov 2005. Imagine…. A 24 x 7 x 365 business Internet: the content distribution medium Convenient for everyone Everyone.. Including the eavesdroppers!

bly
Download Presentation

CSC 774 Advanced Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSC 774 Advanced Network Security Secure Group Communications Using Key Graphs Presented by: Siddharth Bhai 9th Nov 2005

  2. Imagine… • A 24 x 7 x 365 business • Internet: the content distribution medium • Convenient for everyone • Everyone.. Including the eavesdroppers! • Pay-per-view revenue model • Dynamic content • Several users • Teleconference • Collaborative work

  3. Roadmap • The problem • Existing techniques • Key graphs • Rekeying strategies • Iolus v/s the key-graph approach • Conclusions and future work

  4. The Problem • Securing group communications • Authenticity • Confidentiality • Integrity • Scalability • Joins/leaves

  5. Existing Techniques • Group Key Agreement • Diffie Hellman • Group-based Diffie-Hellman • Tree-based GDH • Group Key Distribution • Naïve solution: • 1 group key • 1 unicast key per user • Iolus

  6. “Secure group” • (U, K, R) • U is a finite and non-empty set of users • K is a finite and non-empty set of keys • R is a binary relation between U and K • User ‘u’ has key ‘k’ if and only if (u,k) is in R • Group server • Knows U & K • Maintains user-key relation R • Generates and securely distributes keys in K to users in the group

  7. Key Graphs • A Directed Acyclic graph • U-nodes • 1 or more outgoing edges • 1 incoming edge • K-nodes • 1 or more incoming edges • Root k1234 k234 k12 k4 k2 k3 k1 u1 u2 u4 u3

  8. Key Graphs (contd..) • A key graph specifies a secure group • Group key is the root k-node • Join/ Leave • Special classes: • Star • Naïve solution • Tree • Logical Key hierarchy • Complete • Every non-empty subset of users share a unique key!

  9. Rekeying Strategies • Depends on class of key graph • Strategies for join and leave • Key star: naïve solution • Key tree • User-oriented rekeying • Key-oriented rekeying • Group-oriented rekeying

  10. Key Tree U6 leaves k12345 k123456 U6 joins k123 k123 k45 k456 k4 k4 k5 k2 k5 k2 k3 k1 k3 k1 k6 u1 u1 u2 u4 u2 u3 u4 u3 u5 u5 u6

  11. Join: user-oriented rekeying • Concept: • For each user, the server constructs a rekey message that contains precisely the new keys needed by the user • How? • For each key node (x) whose key has been changed (k to k’), server constructs a rekey message by encrypting the new keys of k-node x and all its ancestors by the old key k. • For the new user, one rekey message

  12. Join: user-oriented rekeying (contd..) • What will be the rekey messages? k12345 k123456 U6 joins k123 k123 k45 k456 k4 k4 k5 k2 k5 k2 k3 k1 k3 k1 k6 u1 u1 u2 u4 u2 u3 u4 u3 u5 u5 u6

  13. Join: user-oriented rekeying (contd..) • What will be the rekey messages? • S {u1,u2,u3}: {k123456}k12345 • S {u4, u5}: {k123456, k456}k45 • S {u6}: {k123456, k456}k6 • No. of rekey messages = height of the tree • Encryption cost for server = [h(h+1)/2] - 1

  14. Join: key-oriented rekeying • Concept: • Each new key is encrypted individually (except keys for joining user) • How? • For each key node (x) whose key has been changed (k to k’), server constructs 2 rekey messages • 1st: Encrypt new key k’ with old key k, send this to all users who hold k • 2nd: Encrypt k’ with individual key of joining user

  15. Join: key-oriented rekeying (contd..) • What will be the rekey messages? k12345 k123456 U6 joins k123 k123 k45 k456 k4 k4 k5 k2 k5 k2 k3 k1 k3 k1 k6 u1 u1 u2 u4 u2 u3 u4 u3 u5 u5 u6

  16. Join: key-oriented rekeying (contd..) • What will be the rekey messages? • S {u1,u2,u3, u4, u5}: {k123456}k12345 • S {u6}: {k123456}k6 • S {u4,u5}: {k456}k45 • S {u6}: {k456}k6 • No. of rekey messages = height of the tree • Encryption cost for server = 2 (h-1)

  17. Join: group-oriented rekeying • Concept: • A single rekey message containing all the keys, multicasted to the entire group • 1 message for the joining user • Why? • No need for subgroup multicast • Fewer rekey messages server’s per-rekey message overheads are reduced

  18. Join: group-oriented rekeying (contd..) • What will be the rekey messages? k12345 k123456 U6 joins k123 k123 k45 k456 k4 k4 k5 k2 k5 k2 k3 k1 k3 k1 k6 u1 u1 u2 u4 u2 u3 u4 u3 u5 u5 u6

  19. Join: group-oriented rekeying (contd..) • What will be the rekey messages? • S {u1,u2,u3, u4, u5}: {k123456}k12345,, {k456}k45 • S {u6}: {k123456, k456}k6 • No. of rekey messages = 2 • Encryption cost for server = 2 (h-1)

  20. Key-Graph Hierarchy of multiple keys Each user – multiple keys More work is done when a join/leave takes place Single trusted entity: the key server Iolus Hierarchy of multiple GSAs Each user – one key (for it’s subgroup) More work is done when a message is to be sent to the entire group Multiple trusted entities: GSC, several GSAs.. IOLUS v/s key-graph

  21. Conclusion and Possible Future Work • Performance on the server-side: • Best: Group-oriented rekeying • Worst: User-oriented rekeying • Performance on the client-side: • Best: user-oriented rekeying • Worst: group-oriented rekeying • Why do we need key graphs at all? • Isn’t a key-tree good enough? • Future work

More Related