250 likes | 362 Views
A secure re-keying scheme. Introduction Background Re-keying scheme User revocation User join Conclusion. Introduction. Multicast is the preferred mode for group communication services A group key is known to all users in the group, but is unknown to non-group users
E N D
A secure re-keying scheme • Introduction • Background • Re-keying scheme • User revocation • User join • Conclusion
Introduction • Multicast is the preferred mode for group communication services • A group key is known to all users in the group, but is unknown to non-group users • Ensure this while the group membership changes • A re-keying scheme is an algorithm to securely and efficiently update the group key
Background Approaches to form authorized subgroups: • Broadcast Enable a single source to securely broadcast to an arbitrary and dynamically changing subset of users • Secure sharing Requires a user to store only one key • Logical key hierarchy Use tree structure to update a group key in order to revoke or join users
Re-keying scheme • Based on the logical key hierarchy approach • Uses a one-way hash chain to generate all the keys of a user from a seed value • hv(x), where h() is a one-way hash function, is a one-way hash chain when h is applied v times to x. hv(x) = h(h(…(h(x)…)).
Model • U: set of users • GC:group controller • A users hold a unique set of keys, K is the set of keys in the system • of users sharing a session key
Group operation Re-keying consists of two group operations: • User revocation A subset of users Ri is revoked from Mi resulting a new session consisting of Mi+1 = Mi \ Ri sharing a new session key Ks+1 • User join A subset of users Ji is join Mi resulting a new session consisting of Mi+1 = Mi U Ji sharing a new session key Ks+1
System operation • During the initial session, GC generates the keys K and sends a subset of keys to user via a secure unicast channel • In all subsequence session, GC sending a re-keying message over an insecure multicast channel. A user user his set of keys and the re-keying message to calculate the new session key ki+1
A LKH re-keying scheme • A logical key hierarchy(LKH) is a tree where each node logically corresponds to a key and each leaf logically corresponds to a user. • A user knows the keys of nodes along the path from the user’s leaf to the root.
A LKH re-keying scheme • Each node is given a label Iw(l) and a key Kw(l) . Node label is public and node keys are private. • The user holds the set of node keys along the path. • All user have a common root key Kw(0) .
Re-keying algorithm for GC • GC choose a random number where b is the security parameter. • For level l = s, …,0 and node , updates Kw(l) to K’w(l) = hs-l (r) • Generate the re-keying message: E() denotes the encryption algorithm.
Re-keying algorithm for users • A user U find the nodes that are both in N(U) and Mrkey • User decrypts using his node key. • User needs to update keys of node Iw(y) and all it’s ancestors, i.e., Iw(y-1) ,… Iw(0) • For level l= y-1, … 0 and every node User updates the node key
System Initialization • Let • GC construct a tree structure with n0 leaves, given a unique label to each node, attaches a randomly generated key to each node and corresponds each leaf to a user. • GC publishes the tree structure in a public bulletin board and keeps all node keys secret. • GC sends to user U, a set of node keys along the path from U’s leaf to the root over a secure unicast channel.
User revocation • Group controller • Updates the tree structure • Updating the session key Ksi to Ksi+1 (updating root key) All internal keys belong to the users in Ri require to be updated • User • Each affected user remove the redundant nodes and keys and rearranged the levels of the affected nodes and keys. • Each user receives the re-keying message and perform the re-keying scheme, obtaining the new session key.
User revocation • Suppose • Node have been pruned. Nodes in dashed line have been arranged to new levels • Keys require to be updated • Re-keying: • Re-keying message:
User revocation • U1, U2: have , calculate • U4: have, and calculate • U7 ,U8: have • The session key is
User join • Group controller • Updates the tree structure • Produce a randomly chosen key for each new leaf, and associates each new user to a new leaf • Updating the session key • User • Each new user performs the re-keying operation to obtain the updated keys and the new session key. • Each affected user adds the new nodes and rearranges the levels of the affected nodes and keys. • The rest of the users perform the re-keying operation to update the keys and obtain the new session key.
User join • Suppose • Node have been added. Nodes in dashed line have been arranged to new levels • Keys require to be updated • Re-keying: • Re-keying message:
User join • U6, U9: have,calculate • U7,U8,U10: have, and calculate • U1 …. U5: have • The session key is
Conclusion • A re-keying scheme for multiple user revocation and multiple user join. • Employs logical key hierarchy with one way hash chain to achieve higher efficiency. • The scheme satisfies forward secrecy, backward secrecy and forward-backward secrecy.
Reference • H. Kurnio, R. Safavi-Naini, Huaxiong Wang, A Secure Re-keying Scheme with Key Recovery Property , 7th Australasian Conference on Information Security and Privacy, ACISP 2002, Vol. 2384, pages 40--55. • Adrian Perrig, Dawn Song, J.D. Tygar ELK, a New Protocol for Efficient Large-Group Key Distribution. IEEE symposium on security and privacy 2001. Page 247-262 • Kurnio H and Safavi-Naini R, Huaxiong Wang, A group key distribution scheme with decentralised user join. Third Conference on Security in Communication Networks '02 September 12-13, 2002 • Dalit Naor, Moni Naor, Jeff Lotspiech,Revocation and Tracing Schemes for Stateless Receivers. Advances in Cryptology – CRYPTO 2001,Lecture Notes in Computer Science 2139, pages 41-62