1

Computer Science

CSC 774 Advanced Network Security

Secure Group Communications Using Key Graphs

Presented by: Siddharth Bhai

9th Nov 2005

2Computer Science

Imagine…

• A 24 x 7 x 365 business– Internet: the content distribution medium

• Convenient for everyone

• Everyone.. Including the eavesdroppers!

– Pay-per-view revenue model– Dynamic content– Several users

• Teleconference

• Collaborative work

3Computer Science

Roadmap

• The problem

• Existing techniques

• Key graphs

• Rekeying strategies

• Iolus v/s the key-graph approach

• Conclusions and future work

4Computer Science

The Problem

• Securing group communications

Authenticity Confidentiality Integrity

• Scalability

• Joins/leaves

5Computer Science

Existing Techniques

• Group Key Agreement– Diffie Hellman– Group-based Diffie-Hellman– Tree-based GDH

• Group Key Distribution– Naïve solution:

• 1 group key

• 1 unicast key per user

– Iolus

6Computer Science

“Secure group”

• (U, K, R)– U is a finite and non-empty set of users– K is a finite and non-empty set of keys– R is a binary relation between U and K

• User ‘u’ has key ‘k’ if and only if (u,k) is in R

• Group server– Knows U & K– Maintains user-key relation R– Generates and securely distributes keys in K to

users in the group

7Computer Science

Key Graphs

• A Directed Acyclic graph

• U-nodes • 1 or more outgoing

edges

• 1 incoming edge

• K-nodes • 1 or more incoming

edges

– Rootu1 u4u3u2

k1234

k234k12

k4k3k2k1

8Computer Science

Key Graphs (contd..)

• A key graph specifies a secure group• Group key is the root k-node

• Join/ Leave• Special classes:

– Star• Naïve solution

– Tree• Logical Key hierarchy

– Complete• Every non-empty subset of users share a unique key!

9Computer Science

Rekeying Strategies

• Depends on class of key graph

• Strategies for join and leave

• Key star: naïve solution

• Key tree– User-oriented rekeying– Key-oriented rekeying– Group-oriented rekeying

10Computer Science

Key Tree

u1 u4u3u2

k45k123

k4k3k2k1 k5

k12345

u5 u1 u4u3u2

k456k123

k4k3k2k1 k5

k123456

u5

k6

u6

U6 leaves

U6 joins

11Computer Science

Join: user-oriented rekeying

• Concept:– For each user, the server constructs a rekey

message that contains precisely the new keys needed by the user

• How?– For each key node (x) whose key has been changed

(k to k’), server constructs a rekey message by encrypting the new keys of k-node x and all its ancestors by the old key k.

– For the new user, one rekey message

12Computer Science

Join: user-oriented rekeying (contd..)

• What will be the rekey messages?

u1 u4u3u2

k45k123

k4k3k2k1 k5

k12345

u5 u1 u4u3u2

k456k123

k4k3k2k1 k5

k123456

u5

k6

u6

U6 joins

13Computer Science

Join: user-oriented rekeying (contd..)

• What will be the rekey messages?

S {u1,u2,u3}: {k123456}k12345

S {u4, u5}: {k123456, k456}k45

S {u6}: {k123456, k456}k6

• No. of rekey messages = height of the tree

• Encryption cost for server = [h(h+1)/2] - 1

14Computer Science

Join: key-oriented rekeying

• Concept:– Each new key is encrypted individually (except

keys for joining user)

• How?– For each key node (x) whose key has been changed

(k to k’), server constructs 2 rekey messages– 1st: Encrypt new key k’ with old key k, send this to

all users who hold k– 2nd: Encrypt k’ with individual key of joining user

15Computer Science

Join: key-oriented rekeying (contd..)

• What will be the rekey messages?

u1 u4u3u2

k45k123

k4k3k2k1 k5

k12345

u5 u1 u4u3u2

k456k123

k4k3k2k1 k5

k123456

u5

k6

u6

U6 joins

16Computer Science

Join: key-oriented rekeying (contd..)

• What will be the rekey messages?

S {u1,u2,u3, u4, u5}: {k123456}k12345

S {u6}: {k123456}k6

S {u4,u5}: {k456}k45

S {u6}: {k456}k6

• No. of rekey messages = height of the tree

• Encryption cost for server = 2 (h-1)

17Computer Science

Join: group-oriented rekeying

• Concept:– A single rekey message containing all the keys,

multicasted to the entire group– 1 message for the joining user

• Why?– No need for subgroup multicast– Fewer rekey messages server’s per-rekey

message overheads are reduced

18Computer Science

Join: group-oriented rekeying (contd..)

• What will be the rekey messages?

u1 u4u3u2

k45k123

k4k3k2k1 k5

k12345

u5 u1 u4u3u2

k456k123

k4k3k2k1 k5

k123456

u5

k6

u6

U6 joins

19Computer Science

Join: group-oriented rekeying (contd..)

• What will be the rekey messages?

S {u1,u2,u3, u4, u5}: {k123456}k12345,, {k456}k45

S {u6}: {k123456, k456}k6

• No. of rekey messages = 2

• Encryption cost for server = 2 (h-1)

20Computer Science

IOLUS v/s key-graph

Key-Graph• Hierarchy of multiple

keys• Each user – multiple

keys• More work is done

when a join/leave takes place

• Single trusted entity: the key server

Iolus• Hierarchy of multiple

GSAs• Each user – one key (for

it’s subgroup)• More work is done

when a message is to be sent to the entire group

• Multiple trusted entities: GSC, several GSAs..

21Computer Science

Conclusion and Possible Future Work

• Performance on the server-side:– Best: Group-oriented rekeying– Worst: User-oriented rekeying

• Performance on the client-side:– Best: user-oriented rekeying– Worst: group-oriented rekeying

• Why do we need key graphs at all?– Isn’t a key-tree good enough?

• Future work