210 likes | 349 Views
CSC 774 Advanced Network Security. Secure Group Communications Using Key Graphs Presented by: Siddharth Bhai 9 th Nov 2005. Imagine…. A 24 x 7 x 365 business Internet: the content distribution medium Convenient for everyone Everyone.. Including the eavesdroppers!
E N D
CSC 774 Advanced Network Security Secure Group Communications Using Key Graphs Presented by: Siddharth Bhai 9th Nov 2005
Imagine… • A 24 x 7 x 365 business • Internet: the content distribution medium • Convenient for everyone • Everyone.. Including the eavesdroppers! • Pay-per-view revenue model • Dynamic content • Several users • Teleconference • Collaborative work
Roadmap • The problem • Existing techniques • Key graphs • Rekeying strategies • Iolus v/s the key-graph approach • Conclusions and future work
The Problem • Securing group communications • Authenticity • Confidentiality • Integrity • Scalability • Joins/leaves
Existing Techniques • Group Key Agreement • Diffie Hellman • Group-based Diffie-Hellman • Tree-based GDH • Group Key Distribution • Naïve solution: • 1 group key • 1 unicast key per user • Iolus
“Secure group” • (U, K, R) • U is a finite and non-empty set of users • K is a finite and non-empty set of keys • R is a binary relation between U and K • User ‘u’ has key ‘k’ if and only if (u,k) is in R • Group server • Knows U & K • Maintains user-key relation R • Generates and securely distributes keys in K to users in the group
Key Graphs • A Directed Acyclic graph • U-nodes • 1 or more outgoing edges • 1 incoming edge • K-nodes • 1 or more incoming edges • Root k1234 k234 k12 k4 k2 k3 k1 u1 u2 u4 u3
Key Graphs (contd..) • A key graph specifies a secure group • Group key is the root k-node • Join/ Leave • Special classes: • Star • Naïve solution • Tree • Logical Key hierarchy • Complete • Every non-empty subset of users share a unique key!
Rekeying Strategies • Depends on class of key graph • Strategies for join and leave • Key star: naïve solution • Key tree • User-oriented rekeying • Key-oriented rekeying • Group-oriented rekeying
Key Tree U6 leaves k12345 k123456 U6 joins k123 k123 k45 k456 k4 k4 k5 k2 k5 k2 k3 k1 k3 k1 k6 u1 u1 u2 u4 u2 u3 u4 u3 u5 u5 u6
Join: user-oriented rekeying • Concept: • For each user, the server constructs a rekey message that contains precisely the new keys needed by the user • How? • For each key node (x) whose key has been changed (k to k’), server constructs a rekey message by encrypting the new keys of k-node x and all its ancestors by the old key k. • For the new user, one rekey message
Join: user-oriented rekeying (contd..) • What will be the rekey messages? k12345 k123456 U6 joins k123 k123 k45 k456 k4 k4 k5 k2 k5 k2 k3 k1 k3 k1 k6 u1 u1 u2 u4 u2 u3 u4 u3 u5 u5 u6
Join: user-oriented rekeying (contd..) • What will be the rekey messages? • S {u1,u2,u3}: {k123456}k12345 • S {u4, u5}: {k123456, k456}k45 • S {u6}: {k123456, k456}k6 • No. of rekey messages = height of the tree • Encryption cost for server = [h(h+1)/2] - 1
Join: key-oriented rekeying • Concept: • Each new key is encrypted individually (except keys for joining user) • How? • For each key node (x) whose key has been changed (k to k’), server constructs 2 rekey messages • 1st: Encrypt new key k’ with old key k, send this to all users who hold k • 2nd: Encrypt k’ with individual key of joining user
Join: key-oriented rekeying (contd..) • What will be the rekey messages? k12345 k123456 U6 joins k123 k123 k45 k456 k4 k4 k5 k2 k5 k2 k3 k1 k3 k1 k6 u1 u1 u2 u4 u2 u3 u4 u3 u5 u5 u6
Join: key-oriented rekeying (contd..) • What will be the rekey messages? • S {u1,u2,u3, u4, u5}: {k123456}k12345 • S {u6}: {k123456}k6 • S {u4,u5}: {k456}k45 • S {u6}: {k456}k6 • No. of rekey messages = height of the tree • Encryption cost for server = 2 (h-1)
Join: group-oriented rekeying • Concept: • A single rekey message containing all the keys, multicasted to the entire group • 1 message for the joining user • Why? • No need for subgroup multicast • Fewer rekey messages server’s per-rekey message overheads are reduced
Join: group-oriented rekeying (contd..) • What will be the rekey messages? k12345 k123456 U6 joins k123 k123 k45 k456 k4 k4 k5 k2 k5 k2 k3 k1 k3 k1 k6 u1 u1 u2 u4 u2 u3 u4 u3 u5 u5 u6
Join: group-oriented rekeying (contd..) • What will be the rekey messages? • S {u1,u2,u3, u4, u5}: {k123456}k12345,, {k456}k45 • S {u6}: {k123456, k456}k6 • No. of rekey messages = 2 • Encryption cost for server = 2 (h-1)
Key-Graph Hierarchy of multiple keys Each user – multiple keys More work is done when a join/leave takes place Single trusted entity: the key server Iolus Hierarchy of multiple GSAs Each user – one key (for it’s subgroup) More work is done when a message is to be sent to the entire group Multiple trusted entities: GSC, several GSAs.. IOLUS v/s key-graph
Conclusion and Possible Future Work • Performance on the server-side: • Best: Group-oriented rekeying • Worst: User-oriented rekeying • Performance on the client-side: • Best: user-oriented rekeying • Worst: group-oriented rekeying • Why do we need key graphs at all? • Isn’t a key-tree good enough? • Future work