Computer Science 1 CSC 774 Advanced Network Security Secure Group Communications Using Key Graphs...
-
Upload
bertina-holmes -
Category
Documents
-
view
213 -
download
0
Transcript of Computer Science 1 CSC 774 Advanced Network Security Secure Group Communications Using Key Graphs...
1
Computer Science
CSC 774 Advanced Network Security
Secure Group Communications Using Key Graphs
Presented by: Siddharth Bhai
9th Nov 2005
2Computer Science
Imagine…
• A 24 x 7 x 365 business– Internet: the content distribution medium
• Convenient for everyone
• Everyone.. Including the eavesdroppers!
– Pay-per-view revenue model– Dynamic content– Several users
• Teleconference
• Collaborative work
3Computer Science
Roadmap
• The problem
• Existing techniques
• Key graphs
• Rekeying strategies
• Iolus v/s the key-graph approach
• Conclusions and future work
4Computer Science
The Problem
• Securing group communications
Authenticity Confidentiality Integrity
• Scalability
• Joins/leaves
5Computer Science
Existing Techniques
• Group Key Agreement– Diffie Hellman– Group-based Diffie-Hellman– Tree-based GDH
• Group Key Distribution– Naïve solution:
• 1 group key
• 1 unicast key per user
– Iolus
6Computer Science
“Secure group”
• (U, K, R)– U is a finite and non-empty set of users– K is a finite and non-empty set of keys– R is a binary relation between U and K
• User ‘u’ has key ‘k’ if and only if (u,k) is in R
• Group server– Knows U & K– Maintains user-key relation R– Generates and securely distributes keys in K to
users in the group
7Computer Science
Key Graphs
• A Directed Acyclic graph
• U-nodes • 1 or more outgoing
edges
• 1 incoming edge
• K-nodes • 1 or more incoming
edges
– Rootu1 u4u3u2
k1234
k234k12
k4k3k2k1
8Computer Science
Key Graphs (contd..)
• A key graph specifies a secure group• Group key is the root k-node
• Join/ Leave• Special classes:
– Star• Naïve solution
– Tree• Logical Key hierarchy
– Complete• Every non-empty subset of users share a unique key!
9Computer Science
Rekeying Strategies
• Depends on class of key graph
• Strategies for join and leave
• Key star: naïve solution
• Key tree– User-oriented rekeying– Key-oriented rekeying– Group-oriented rekeying
10Computer Science
Key Tree
u1 u4u3u2
k45k123
k4k3k2k1 k5
k12345
u5 u1 u4u3u2
k456k123
k4k3k2k1 k5
k123456
u5
k6
u6
U6 leaves
U6 joins
11Computer Science
Join: user-oriented rekeying
• Concept:– For each user, the server constructs a rekey
message that contains precisely the new keys needed by the user
• How?– For each key node (x) whose key has been changed
(k to k’), server constructs a rekey message by encrypting the new keys of k-node x and all its ancestors by the old key k.
– For the new user, one rekey message
12Computer Science
Join: user-oriented rekeying (contd..)
• What will be the rekey messages?
u1 u4u3u2
k45k123
k4k3k2k1 k5
k12345
u5 u1 u4u3u2
k456k123
k4k3k2k1 k5
k123456
u5
k6
u6
U6 joins
13Computer Science
Join: user-oriented rekeying (contd..)
• What will be the rekey messages?
S {u1,u2,u3}: {k123456}k12345
S {u4, u5}: {k123456, k456}k45
S {u6}: {k123456, k456}k6
• No. of rekey messages = height of the tree
• Encryption cost for server = [h(h+1)/2] - 1
14Computer Science
Join: key-oriented rekeying
• Concept:– Each new key is encrypted individually (except
keys for joining user)
• How?– For each key node (x) whose key has been changed
(k to k’), server constructs 2 rekey messages– 1st: Encrypt new key k’ with old key k, send this to
all users who hold k– 2nd: Encrypt k’ with individual key of joining user
15Computer Science
Join: key-oriented rekeying (contd..)
• What will be the rekey messages?
u1 u4u3u2
k45k123
k4k3k2k1 k5
k12345
u5 u1 u4u3u2
k456k123
k4k3k2k1 k5
k123456
u5
k6
u6
U6 joins
16Computer Science
Join: key-oriented rekeying (contd..)
• What will be the rekey messages?
S {u1,u2,u3, u4, u5}: {k123456}k12345
S {u6}: {k123456}k6
S {u4,u5}: {k456}k45
S {u6}: {k456}k6
• No. of rekey messages = height of the tree
• Encryption cost for server = 2 (h-1)
17Computer Science
Join: group-oriented rekeying
• Concept:– A single rekey message containing all the keys,
multicasted to the entire group– 1 message for the joining user
• Why?– No need for subgroup multicast– Fewer rekey messages server’s per-rekey
message overheads are reduced
18Computer Science
Join: group-oriented rekeying (contd..)
• What will be the rekey messages?
u1 u4u3u2
k45k123
k4k3k2k1 k5
k12345
u5 u1 u4u3u2
k456k123
k4k3k2k1 k5
k123456
u5
k6
u6
U6 joins
19Computer Science
Join: group-oriented rekeying (contd..)
• What will be the rekey messages?
S {u1,u2,u3, u4, u5}: {k123456}k12345,, {k456}k45
S {u6}: {k123456, k456}k6
• No. of rekey messages = 2
• Encryption cost for server = 2 (h-1)
20Computer Science
IOLUS v/s key-graph
Key-Graph• Hierarchy of multiple
keys• Each user – multiple
keys• More work is done
when a join/leave takes place
• Single trusted entity: the key server
Iolus• Hierarchy of multiple
GSAs• Each user – one key (for
it’s subgroup)• More work is done
when a message is to be sent to the entire group
• Multiple trusted entities: GSC, several GSAs..
21Computer Science
Conclusion and Possible Future Work
• Performance on the server-side:– Best: Group-oriented rekeying– Worst: User-oriented rekeying
• Performance on the client-side:– Best: user-oriented rekeying– Worst: group-oriented rekeying
• Why do we need key graphs at all?– Isn’t a key-tree good enough?
• Future work