450 likes | 594 Views
بسم الله الرحمن الرحیم. به نام آنکه هستی نام از او یافت. Key Management in Group Communication. Mohammad Dakhilalian Electrical and Computer Faculty, Isfahan University of Technology (IUT). Topics. Introduction Key Management Key Management in Group Communication Centralized
E N D
بسم الله الرحمن الرحیم به نام آنکه هستی نام از او یافت
Key Management in Group Communication Mohammad Dakhilalian Electrical and Computer Faculty, Isfahan University of Technology (IUT)
Topics • Introduction • Key Management • Key Management in Group Communication • Centralized • Distributed • Decentralized
Introduction • Group communication: a means for providing multi-point to multi-point communication, by organizing processes in groups. • Efficiency:using minimum resources and hence saving bandwidth.
Examples • Video conference • Radar Tracking • VPN • On-line Chat • On-line playing • ...
Introduction Dynamic Group Communication has an active membership section, • Join • Leave • Merge • Partition
C I A Is Security Important? • Confidentiality • Integrity • Availability Using Cryptography Algorithms as a trivial Solution.
Topics • Introduction • Key Management • Key Management in Group Communication • Centralized • Distributed • Decentralized
Key Management Architecture Secure Applications Authorization, Access control, Non-repudiation … Encryption, Authentication Key Management
Key Management • Administration and use of the services of generation, registration, certification, distribution, installation and destruction of keying material. • The objective of key management is the secure administration and use of these management services and therefore the protection of keys is extremely important.
Definitions • Key agreement • Key confirmation • Entity authentication • Key Distribution Centre (KDC) • Key Translation Centre (KTC) • Certification Authority (CA)
Key Management Techniques Mechanisms using Symmetric Algorithms • Pre-shared key • Using KDC • Using KTC Mechanisms using Asymmetric Algorithms • Certificate based (or using a TTP) • ID (Identity) based
Example (Pre-Shared key) A , NA A B B , {KB , NB , NA}KAB A , {KA , NA , NB}KAB K=g(KA ,KB)
= KA KDC = KB A B Example (KDC) Generates KAB A,B,N, {A,T}KA {B,N,KAB}KA, {A,KAB}KB {A,T}KAB, {A,KAB}KB KAB KAB
= KA KTC = KB A B Example (KTC) Translates KAB A,{KAB , B}KA {A,KAB}KB {A,KAB}KB KAB KAB
A B Example (Certificate) B , N,CertB CertA , [{N, KAB}PKB]SKA PK : Public Key SK : Secret Key
ReceivesPrivate Keyfor bob@b.com 2 Requests private key, authenticates 3 1 4 Bob decrypts withPrivate Key Alice encrypts with bob@b.com How ID Based works in practiceAlice sends a Message to Bob Key Server bob@b.com bob@b.com alice@a.com
Topics • Introduction • Key Management • Key Management in Group Communication • Centralized • Distributed • Decentralized
Key Management in SGC(Secure Group Communication) Establishment and maintenance of key (Group Key) between valid parties according to a security policy being enforced on the group.
Simple Group Rekeying • The cost of using the simple scheme in large groups is very high. k = Group key KDC … {k}k1 {k}k8 {k}k2 k1 k2 k3 k4 k5 k6 k7 k8 u1 u2 u3 u4 u5 u6 u7 u8
Group Key Management Criteria • Scalability • Robustness • Anonymity • Dynamic • Forward, Backward Secrecy • Collusion • Transmission Efficiency • Computational Efficiency
Key Management Role • Providing member identification and authentication. • Access control. • Generation, distribution and installation of key material.
Different Approaches to Group Key Management. Different Approaches to Group Key Management • Centralized • Distributed • Decentralized
Centralized group key management The efficiency of protocols can be measured by: • Storage requirements. • Size of messages. • Backwards and forward secrecy. • Collusion
KDC Broadcast {knew }kold k1 k2 k3 k4 k5 k6 k7 k8 u1 u2 u3 u4 u5 u6 u7 u8 Example The solution has no forward secrecy
Example LKH(Logical key Hierarchy) k k14 k58 k12 k34 k56 k78 k1 k2 k3 k4 k5 k6 k7 k8 u1 u2 u3 u4 u5 u6 u7 u8
LKH Join {k’}k’14 {k’}k58 k k’ {k’14}k12 {k’14}k’34 k’14 k13 k58 {k’34}k3 {k’34}k4 k12 k34 k56 k78 k’34 k4 k4 k1 k2 k5 k6 k7 k8 k3 u1 u2 u5 u6 u7 u8 u3 u4
LKH Leave {k’}k14 {k’}k’58 k’ k {k’56}k’56 {k’78}k78 k’58 k14 k58 {k’56}k6 k12 k34 k56 k’56 k78 k5 k1 k2 k3 k4 k6 k7 k8 u1 u2 u3 u4 u5 u6 u7 u8
Example OFT(One way Function Tree)Join k k’ k13 k’14 k58 k’34 k12 k34 k56 k78 k4 k1 k2 k5 k6 k7 k8 k3 u1 u2 u5 u6 u7 u8 u3 u4
OFT Leave k k’ k14 k58 k’14 k’4 k12 k34 k56 k78 k3 k3 k1 k2 k4 k5 k6 k7 k8 u3 u1 u2 u4 u5 u6 u7 u8
Topics • Introduction • Key Management • Key Management in Group Communication • Centralized • Distributed • Decentralized
Distributed group key management The efficiency of protocols can be measured by: • Number of rounds • Number of messages. • Processing during setup.
Broadcast Example (CLIQUES):(Group Diffie-Helman Key Exchange) u4 K= gk1k2k3k4 k4 gk2k3k4 , gk1k3k4 ,gk1k2k4 gk1k2 ,gk1k3 , gk2k3 ,gk1k2k3 K= gk1k2k3k4 K= gk1k2k3k4 K= gk1k2k3k4 gk1 , gk2 ,gk1k2 gk1 k1 k2 k3 u3 u1 u2
Example(STR): k k14 k5 k13 k4 u5 k12 k3 u4 k1 k2 u3 u1 u2 Blinding function
STR- Join k’ k5 k k’14 sponsor k13 k4 k’4 u5 k12 k3 u4 k1 k2 u3 u1 u2
STR -Leave k k’ k14 k’14 k5 k13 k4 u5 k’12 k12 k3 k3 u4 sponsor k1 k’2 k2 u3 u1 u2
TGDH join k k’ k58 k’58 k14 sponsor k’78 k56 k’7 k7 k12 k34 k5 k6 k1 k2 k3 k4 k8 u5 u6 u7 u8 u1 u2 u3 u4
TGDH leave k k’ k14 k58 k’58 k12 k34 k56 k78 sponsor k6 k1 k2 k3 k4 k5 k6 k7 k8 k’5 u1 u2 u3 u4 u5 u6 u7 u8
Topics • Introduction • Key Management • Key Management in Group Communication • Centralized • Distributed • Decentralized
Decentralized group key management The efficiency of protocols can be measured by: • Key independence. • Decentralized controller. • Local rekeying. • Rekeying per membership. • Type of communication. • Keys versus Data path
IOLUS hierarchy k4 k3 GSA3 GSA4 k1 k6 GSA1 GSA6 k2 k5 GSA2 GSA5
Intra-Domain Group Key Management Elements All-KD-group k DKD k AKD 1 k AKD 2 k AKD 3 m m m m m m m m m k1 k2 k3 Local area group Local area group Local area group
Summary • Definition of Group Communication (GC) and Secure GC(SGC) • Key Management with emphasis on Key Agreement • Type of Key Management Approach in Group Communication and their examples (LKH,OFT,CLIQUES,STR,TGDH,IOLUS,IGKMP)