160 likes | 310 Views
Hierarchical Group Access Control for Secure Multicast Communications. Yan (Lindsay) Sun and K. J. Ray Liu IEEE/ACM Transactions on Networking, Dec. 2007. Presented by Seo Bon Keun , 2008. Contents. Group key management Multi -group key management Formalization Security requirements
E N D
Hierarchical Group Access Control for Secure Multicast Communications Yan (Lindsay) Sun and K. J. Ray Liu IEEE/ACM Transactions on Networking, Dec. 2007. Presented by Seo Bon Keun, 2008.
Contents • Group key management • Multi-group key management • Formalization • Security requirements • Hierarchical multi-group key management • Key tree • Integrated key graph generation • Evaluation • Conclusion
Group key management • Group access control User Resource Documents Audio clips Movie clips
Multi-group key management(1) User Resource Drama Movie Animation capability SG : Service Group DG : Data Group
Multi-group key management (2) • Security requirements • If a user leaves a group and joins other group, • Forward secrecy • cannot access the future content of the resources they leave • Backward secrecy • cannot access the previous content of the resources they join User Resource Forward secrecy Backward secrecy
Hierarchical multi-group key management • Key tree KDC knows : every keys User 1 knows : u1, K00, K0, Ke, KS Key Update Message KS’ KS u6(K10’) K10’(K1’), K11(K1’) K1’(Ke’), K0(Ke’) Ke’(KS’) Ke Ke’ Ke’ K0 K0 K1’ K1 K1’ K00 K01 K10 K10’ K10’ K11 K11 u1 u2 u3 u4 u5 u6 u6 u7 u8
Hierarchical multi-group key management • Integrated key graph SG1 SG2 SK1 SK3 SK2 u1 u1 u2 u5 u6 u3 u4 u7 u8 KD3 KD3 KS1 KS1 KS2 DG1 DG3 DG2 K0 K0 K1 K2 K3 u1 u1 u2 u3 u4 u5 u6 u7 u8
Hierarchical multi-group key management • Integrated key graph generation • Generate subtree for each SG • Generate subtree for each DG • Merge two subtrees SG1 SG2 u1 u2 u5 u6 u3 u4 u7 u8 KS1 KS2 DG1 DG3 DG2 K0 K1 K2 K3 u1 u2 u3 u4 u5 u6 u7 u8
Hierarchical multi-group key management • Integrated key graph generation • Generate subtree for each SG • Generate subtree for each DG • Merge two subtrees SG1 SG2 u1 u2 u5 u6 u3 u4 u7 u8 SK1 SK2 SK3 DG1 DG3 DG2 KD1 KD2 KD3 KS1 KS2 KS1 KS2
Hierarchical multi-group key management • Integrated key graph generation • Generate subtree for each SG • Generate subtree for each DG • Merge two subtrees SK1 SK3 SK2 KD1 KD3 KD2 KS1 KS2 K0 K1 K2 K3 u1 u2 u3 u4 u5 u6 u7 u8
Evaluation • Storage overhead • Rekey overhead Independent tree Multi-group tree d : tree depth / M : the number of trees / n : the number of users Independent tree Multi-group tree d : tree depth / j : the number of involved trees / n : the number of users
Evaluation : simulation • Simulation configuration • Markov chain model
Evaluation • Group size vs. Storage overhead KDC User
Evaluation • Group size vs. Rekey overhead KDC User
Evaluation • Scalability Storage overhead Rekey overhead
Conclusion • A multi-group key management scheme • that achieves hierarchical group access control • Efficient w.r.t • Storage overhead • Communicational cost • Scalability • Evaluation • Concrete by formalization • Confusing denotations