360 likes | 450 Views
Efficient Kerberized Multicast. Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies. Outline. Efficient cross realm authentication in Kerberos Review original Kerberos Propose a new extension for distributed operations in Kerberos
E N D
Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies
Outline • Efficient cross realm authentication in Kerberos • Review original Kerberos • Propose a new extension for distributed operations in Kerberos • Multi-center multicast encryption schemes • Review single center schemes • Extend common schemes to distributed setting • Integrating Kerberos with multicast encryption schemes
Motivation • Increasing interest in group communication applications • Audio and video conferencing, data casting, collaborative applications • Problem: security • Goal: provide a practical solution
System Model Intranet slow Internet Intranet Intranet fast
Kerberos • Based on Needham and Schroeder protocol • Doesn’t use asymmetric key crypto (fast) • Relies on a trusted third party (KDC) • Authentication is based on special data structures - tickets • Notation • KDC – Key Distribution Center • TGS – Ticket Granting Service • Alice, Bob – Kerberos principals • KA,B – Key shared by Alice and Bob • KA – Key derived from Alice’s password • TGT – Ticket granting ticket • T - nonce (timestamp) used to protect again replay attacks
“Hi, I’m Alice” TGT = {Alice, TGS, KA,TGS}KTGS {KA,TGS, T}KA Kerberos: Login Phase KDC Alice
Alice, Bob, TGT TKT = {Alice, Bob, KA,B}KB {KA,B, T}KA,TGS Kerberos: Service Ticket Request TGS Alice Bob
Alice, TKT, {Request}KA,B Kerberos: Application Request KDC Alice Bob
Distributed Operations in Kerberos • Multiple Kerberos realms • Each realm administers local principals • No replication of data • Off-line phase • Shared keys established between participating KDCs • Ex: Wonderland and Oz • KW,Oz – shared key between KDCs • Alice@Wonderland, Bob@Oz
Alice@Wonderland, Bob@Oz, TGT RTGT = {Alice@Wonderland, TGS@Oz, KA,TGS@Oz}KW,Oz {KA,TGS@Oz, T}KA,TGS@W Cross Realm Kerberos: Local Request TGS@Wonderland Alice@Wonderland Bob@Oz
Alice@Wonderland, Bob@Oz, RTGT TKT = {Alice@Wonderland, Bob@Oz, KA,B}KB {KA,B, T}KA,TGS@Oz Cross Realm Kerberos: Remote Req TGS@Oz Alice@Wonderland Bob@Oz
Alice@Wonderland, TKT, {Request}KA,B Cross Realm Kerberos Alice@Wonderland Bob@Oz
Efficient Cross Realm Protocol • Can we improve: • Network delays • KDC workload • Client workload • Compatible with non-distributed version of Kerberos
Alice@Wonderland, Bob@Oz, TGT FTKT = {Alice@Wonderland, Bob@Oz, KA,B}KW,Oz {KA,B, T}KA,TGS@W Fake Ticket Protocol: Step 1 TGS@Wonderland Alice@Wonderland Bob@Oz
Alice@Wonderland, FTKT, {Request}KA,B Protocol: Step 2 Alice@Wonderland Bob@Oz
TGT, FTKT TKT = {Alice@Wonderland, Bob@Oz, KA,B}KB {KA,B, T}KB,TGS@Oz Protocol: Step 3 TGS@Oz Alice@Wonderland Bob@Oz
Evaluation • Minimizes the number of Internet (slow) messages • Reduced the workload on the client (Alice) • Alice’s software doesn’t need to be modified • Extends easily to sending a message to a group
Outline • Efficient cross realm authentication in Kerberos • Multi-center multicast encryption schemes • Integrating Kerberos with multicast encryption schemes
Multicast Encryption • Methods for performing secure communication among a group of users • Key management problem: • Join/leave operations • Non-collaborative schemes: • Single center responsible for managing keys • Schemes evaluated based on: • Communication complexity • Storage complexity (both center and user)
Minimal Storage Scheme • Users store two keys: • KG - group key • KI,C - individual key shared with the center • Center stores two keys: • KG - group key • KM – secret key used to generate individual user’s key • Key update operation has linear communication cost
Tree-based Schemes • Build a logical tree • Each node represents a key: • Root – group key • Leaves – individual user keys • User stores all keys on the path from the leave to the root • User storage complexity is logarithmic • Center stores all keys in the tree • Center storage complexity is linear
Tree-based Schemes (cont.) • Key update operation requires logarithmic number of messages: • Change all keys on the path from the removed leave • Use siblings’ keys to distributes new keys
Multi-center Multicast: First Look • Multiple centers managing separate sets of clients • Build a single binary tree • Replicate tree at each center • Key updates require only local communication • Inefficient center and user storage: • Total center storage is O(n2) • Each center stores keys for clients it doesn’t manage
Extended Tree-based Multi-center • Each center manages M users • Each center builds a logical tree (size M) • Each user stores O(log M) keys • All centers share a key, KC • Key update operation requires (log M + N/M) message • Center storage among all centers is linear
Huffman Tree-based Multi-center • Each center has different number of users • Binary tree schemes doesn’t provide an optimal tree • Each center builds a local tree • Associate a codeword with each center • Run Huffman algorithm to obtain minimal tree • Tree structure is kept by all centers
Outline • Efficient cross realm authentication in Kerberos • Multi-center multicast encryption schemes • Integrating Kerberos with multicast encryption schemes
Integration of Kerberos with Multicast Schemes • Need to extend Kerberos to sending a message to a group • N clients • Each KDC manages M clients • Notation • KG – group key • KC – key shared among all KDCs
Alice, Group, TGT RTGT1,.., RTGTN/M Kerberized Multicast Alice
RTGTs Integration Illustrated Alice
TKTJ TKTI1,.., TKTIk TKTK1,.., TKTKm Integration Illustrated (cont) Alice
Alice, TKT1,.. TKTN Integration Illustrated (cont) Alice
Alice, Group, TGT FTKTG = {Alice@Wonderland, Group, KG}KC Kerberized Multicast with Fake Tickets Alice
Alice, FTKTG Integration Illustrated Alice
TGTI, FTKTG TGTJ, FTKTG TGTK, FTKTG Integration Illustrated (cont) Alice
TKTI TKTJ TKTK Integration Illustrated (cont) Alice
Conclusion • Presented an extension to Kerberos for cross realm authentication • Eliminates Internet (slow) communications • Presented an extension to multicast encryption schemes that optimizes for multiple centers • Explored integrating cross realm authentication with multicast encryption schemes