1 / 31

Key Management For Secure Communication

Key Management For Secure Communication. Presentation By: Garrett Lund Paper By: Sandro Rafaeli and David Hutchison. Overview. Background Information IP Multicast Assumptions Requirements Rekeying Methods Centralized Group Key Management Protocols Decentralized Architectures

dessa
Download Presentation

Key Management For Secure Communication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Key Management For Secure Communication Presentation By: Garrett Lund Paper By: SandroRafaeli and David Hutchison

  2. Overview • Background Information • IP Multicast • Assumptions • Requirements • Rekeying Methods • Centralized Group Key Management Protocols • Decentralized Architectures • Distributed • Ethics • Sources

  3. IP Multicast • Between Unicast and Broadcast • Network Switches and Routers are responsible for replication and distribution

  4. IP Multicast Applications

  5. IP Multicast Applications

  6. Encryption Review • Obviously some of these applications require limited access. • No public key, but a “group key”

  7. Assumptions • When a user joins, we have a way to get them their first key • When a user leaves there is a possibility of them continuing to acquire messages • Every user eventually gets the intended messages

  8. Membership Changes • Groups need to be dynamic, allowing (authorized) members to join the group and allowing administrators to expel members from the group • Backwards Secrecy • Forward Secrecy

  9. Rekeying • We need a way to get new keys to the users • Since multicast is being used for group transmission, it is assumed that multicast should be used for rekeying the group • Three Approaches • Centralized • Decentralized • Distributed

  10. Rekeying Requirements • Storage Requirements • Size of Rekey Messages • Backwards Secrecy • Forwards Secrecy • Collusion

  11. Overview • Background Information • IP Multicast • Assumptions • Requirements • Rekeying Methods • Centralized Group Key Management Protocols • Decentralized Architectures • Distributed • Ethics • Sources

  12. Centralized Approaches • We have a Key Distribution Center (KDC) • KDC is in charge of managing all of the group’s keys

  13. Simple • Assign a secret key to each member • Use a group key to send group messages • Each member can recover the group key from the appropriate segment of the rekey message using its secret key

  14. Simple Example Secret Key Rekey Message DSFDBSAF SDFREGEF DSFAGFAS FD@#DSG FDGFDPG GFDSFDH JHFTY546 GFD5FGS& GF5REYHH . . . User F Group Key GFDSFDH

  15. Simple Example Secret Key User F DFDS#@FDSA Group Key Secret Message

  16. Simple Problems • 1. The KDC has to encrypt the new key n times • 2. The message could potentially be huge • If n = 1 million and K is 56 bits • The message would be 10 MB long • 3. You have to develop a protocol so that each user knows which part of the message is appropriate for them to decrypt with their secret key

  17. Group Key Management Protocol (GKMP) • Have 2 group keys and no secret key • One Group Transmission Encryption Key (GTEK) • One Group Key Encryption Key (GKEK) • GKEK used to encrypt the GTEK when it changes • Since GKEK will never change, the system lacks forward secrecy, you cannot kick a member out since they will always know the GKEK

  18. Logical Key Hierarchy (LKH) • Use a balanced Binary Tree to store keys hierarchically

  19. LKH Example Corresponds to: k K14 K58 K12 K34 K56 K78 Rekey Message DSFDBSAF … SDFREGEF … DSFAGFAS … FD@#DSG … FDGFDPG … GFDSFDH … JHFTY546 k3 k34 k14 k We Want k34 Use k3 on 5th line We get k34 We Want k14 Use k34 on 2nd line We get k14 We Want k Use k14 on first line We get k User u3

  20. Logical Key Hierarchy (LKH)

  21. Other Centralized Approaches • One-Way Function Trees (OFT) • One-Way Function Chain Trees (OFCT) • Clustering • Centralized Flat Table (FT) • Efficient Large-Group Key (ELK)

  22. Centralized Approach Summary

  23. Decentralized Approaches • Split the group into subgroups

  24. Decentralized Approaches

  25. Distributed Models • Two methods • Every member contributes • Pick a member at random

  26. Distributed Example LKH

  27. Distributed Summary

  28. Ethics

  29. Sources • "IP Multicast Technical Overview." Cisco Systems, Inc. Web.<http://www.cisco.com/en/US/prod/collateral/iosswrel/ps6537/ps6552/prod_white_paper0900aecd804d5fe6.pdf>. • Rafaeli, Sandro, and David Hutchison. "A Survey of Key Management for Secure Group Communication." ACM Digital Library. Lancaster University, Sept. 2003. Web. <http://portal.acm.org/citation.cfm?id=937506>. • Wikipedia

More Related