1 / 19

CSC 774 Advanced Network Security

CSC 774 Advanced Network Security. Topic 5.3 Group Key Distribution. Acknowledgment : Slides on LKH were originally provided by Dr. Wensheng Zhang at Iowa State. Outline. Overview of group key distribution A naïve solution Iolus: A Framework for Scalable Secure Multicasting

red
Download Presentation

CSC 774 Advanced Network Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on LKH were originally provided by Dr. Wensheng Zhang at Iowa State. CSC 774 Adv. Net. Security

  2. Outline • Overview of group key distribution • A naïve solution • Iolus: A Framework for Scalable Secure Multicasting • Logical key hierarchy (LKH) CSC 774 Adv. Net. Security

  3. Group Key Distribution • Group session keys are determined by the group manager • Usually used for large groups. Group key manager Group members CSC 774 Adv. Net. Security

  4. A Naïve Solution • Use a separate secure unicast connection from the group manager to EACH group member. • Requirement • Each client shares a unique key with the controller. • Poor scalability: • n secure unicast connections • n secret keys CSC 774 Adv. Net. Security

  5. Problems Specific to Group Communication • “1 affects n” problem • The actions of one member affects the entire group Group key manager Old members New member joins CSC 774 Adv. Net. Security

  6. Problems Specific to Group Communication (Cont’d) • “1 does not equal n” problem • Cannot deal with the group as a whole • Must consider the conflicting demands of members on an individual basis Group members Group key manager Example: Cannot use the old group key to distribute the new group key. Member leaves CSC 774 Adv. Net. Security

  7. Iolus • Divide a large group into smaller groups • Introduce entities that manage and connect the subgroups • Group security controllers (GSC) • Control the entire group • Group security intermediaries (GSI) • Control the subgroups on behalf of GSC • GSC and GSI are both referred to as group security agent (GSA) • With GSC as the root, GSAs form a hierarchy of subgroups • A lower-level GSA is a member of the group headed by the higher-level GSA CSC 774 Adv. Net. Security

  8. Iolus (Cont’d) CSC 774 Adv. Net. Security

  9. Iolus (Cont’d) • Joins • GSA generates KGSA-MBR • Store this key along with other information • Send KGSA-MBR to the new member in a secure channel • Generate a new group key K’G • Send {K’G}KG to the group • Send K’G to the new member in a secure channel CSC 774 Adv. Net. Security

  10. Iolus (Cont’d) • Leaves • Generate a new group key K’G • Send K’G to each member MBR individually in the secure channel encrypted with KGSA-MBR CSC 774 Adv. Net. Security

  11. Iolus (Cont’d) • Data transmission • Data retransmitted within each subgroup CSC 774 Adv. Net. Security

  12. Iolus (Cont’d) • Iolus for group key management • Replace the data with the group key in data transmission CSC 774 Adv. Net. Security

  13. Group key Group Controller Logical entities N: number of members D: tree degree ln ( N ) depth + 1 ln ( d ) members Key Tree Approaches • Two types of keys • SEKs (Session Encryption Key) • KEKs (Key Encryption Key) • A Group Controller constructs a tree based hierarchy of KEKs CSC 774 Adv. Net. Security

  14. Logical Key Hierarchy (LKH) • Keys are organized in a (logical) hierarchical tree • Group key is located at the root • Key encryption keys are the non-root, non-leave nodes • Each member corresponds to one leave node • Updates the group key and the key encryption key by means of the encryption of key-nodes • Rekey with only O(logN) messages CSC 774 Adv. Net. Security

  15. K0 GKCs N secure channels K11 K12 K21 K22 K23 K24 K31 K32 K33 K34 K35 K36 K37 K38 M1 M2 M3 M4 M5 M6 M7 M8 LKH (Cont’d) • Initialization CSC 774 Adv. Net. Security

  16. K0 K’0 K34 { K0’} K34 { K11’} K34 { K22’} K21 { K0’} K21 { K11’} GKCs K12 { K0’} K11 K’11 K12 K21 K22 K’22 K23 K24 K31 K32 K34 K35 K36 K37 K38 M1 M2 M3 M4 M5 M6 M7 M8 LKH (Cont’d) • Member leave Rekeying Messages ln ( N ) ln ( d ) CSC 774 Adv. Net. Security

  17. Rekeying messages ln ( N ) ln ( d ) K0 K’0 K31 { K21’} K31 { K11’} K31 { K0’} K21 { K21’} K11 { K11’} K0{ K0’} GKCs K11 K’11 K12 K21 K’21 K22 K23 K24 K31 K32 K33 K34 K35 K36 K37 K38 M1 M2 M3 M4 M5 M6 M7 M8 LKH (Cont’d) • Member join CSC 774 Adv. Net. Security

  18. User, Key, or Group Oriented Rekeying • User-oriented re-keying • Grouping re-keying messages by users • Less but bigger messages • Key-oriented re-keying • Grouping re-keying messages by keys • More but smaller messages • Group-oriented re-keying • Putting all re-keying messages together to generate a big, fat message • Only one gigantic message CSC 774 Adv. Net. Security

  19. Example • User oriented • Key oriented • Group oriented CSC 774 Adv. Net. Security

More Related