Group Key Group Key Management Management

ProtocolProtocol(GKMP)(GKMP)

Presented By Aafreen ShaikhPresented By Aafreen ShaikhCourse CMSC 621Course CMSC 621

Summary of Presentation Summary of Presentation 11

Need for Multicast SecurityNeed for Multicast Security- Dynamic entry and exit of membersDynamic entry and exit of members- Authentication of the group membersAuthentication of the group members- Integrity during transmissionIntegrity during transmission- Confidentiality services for a multicast sessionConfidentiality services for a multicast session

Introduction to GKMPIntroduction to GKMP- Experimental protocol for internet communityExperimental protocol for internet community- No central key distribution site neededNo central key distribution site needed- Create grouped symmetric keysCreate grouped symmetric keys

Features of GKMPFeatures of GKMP- Multicast and SecurityMulticast and Security- Latency Latency - Reliability and ExtendibilityReliability and Extendibility- Operating expense and communication resourcesOperating expense and communication resources

Current Key Management Current Key Management ArchitectureArchitecture

Key Distribution Center (KDC):Key Distribution Center (KDC):- It is used for setting up symmetric keysIt is used for setting up symmetric keys- Military systems such as BLACKER, EKMS and commercial systems such as Military systems such as BLACKER, EKMS and commercial systems such as

Kerberos all operate using dedicated KDCs.Kerberos all operate using dedicated KDCs.- A group key request is sent to the KDCA group key request is sent to the KDC- The KDC acts as an The KDC acts as an access controlleraccess controller and decides whether the request is and decides whether the request is

authenticate by verifying whether all the members of a group are cleared to authenticate by verifying whether all the members of a group are cleared to receive all the data on a groupreceive all the data on a group

- The KDC would then call up each member and The KDC would then call up each member and downloaddownload the symmetric key the symmetric key- When each member had the key the KDC would notify the requestor and the When each member had the key the KDC would notify the requestor and the

secure communication could beginsecure communication could begin- Key Generation Protocols like FireFly, Diffe-Hellman, RSA can be used Key Generation Protocols like FireFly, Diffe-Hellman, RSA can be used

which rely on cooperative key generation algorithms to create a which rely on cooperative key generation algorithms to create a cryptographic keycryptographic key

- These pairwise key management protocols can be integrated into These pairwise key management protocols can be integrated into communication protocol or application communication protocol or application

- DrawbacksDrawbacks- the third party whose primary interest isn’t communication, needs - the third party whose primary interest isn’t communication, needs

to get involvedto get involved

GKMP ARCHITECTUREGKMP ARCHITECTURE Basic operations of GKMPBasic operations of GKMP

- access control- access control- key generation- key generation- key distribution- key distribution

Hierarchy in GKMPHierarchy in GKMP- security manager- security manager- group manager- group manager- group controller- group controller- group members- group members

Sender Initiated Sender Initiated OperationOperation

Identification of Group Key Controller:Identification of Group Key Controller:- The originator of the multicast group creates or obtains a group The originator of the multicast group creates or obtains a group

management certificate from its certification hierarchy management certificate from its certification hierarchy - The certificate identifies the holder as responsible for generation The certificate identifies the holder as responsible for generation

and distribution of the group key and distribution of the group key - The originator relays the membership list to the Group Key The originator relays the membership list to the Group Key

Management (GKM) application Management (GKM) application

Group Key Creation :Group Key Creation :- The GKM application, operating on behalf of the originator, The GKM application, operating on behalf of the originator,

selects one member of the group, contacts it, and creates a Group selects one member of the group, contacts it, and creates a Group Key Packet (GKP) Key Packet (GKP)

- A GKP contains the current group traffic encrypting key (GTEK) A GKP contains the current group traffic encrypting key (GTEK) and future group key encrypting key (GKEK) and future group key encrypting key (GKEK)

- Group Key Packet (GKP) = [GTEKn,GKEKn+1] Group Key Packet (GKP) = [GTEKn,GKEKn+1]

Sender Initiated Sender Initiated OperationOperation

Group Key Distribution:Group Key Distribution:- the group controller contacts each member of the group, creates the group controller contacts each member of the group, creates

a Session Key Package (SKP), validates their permissions (check a Session Key Package (SKP), validates their permissions (check member's certificate against group parameters), and create a member's certificate against group parameters), and create a Group Re-key Package (GRP) for that member Group Re-key Package (GRP) for that member

- A SKP contains a session TEK and a session KEK for a particular A SKP contains a session TEK and a session KEK for a particular member member

Session Key Package (SKP) = [STEK, SKEK] Session Key Package (SKP) = [STEK, SKEK] - A GRP contains the GKP encrypted in a KEK and signed using the A GRP contains the GKP encrypted in a KEK and signed using the

originator's certificate originator's certificate

Group Re-key Package (GRP) = {[GKP]KEK} Signature Controller Group Re-key Package (GRP) = {[GKP]KEK} Signature Controller

Receiver Initiated Receiver Initiated OperationOperation

Selection of Group Key Controller:Selection of Group Key Controller:- Selection of controller may be made through a voting system, by a Selection of controller may be made through a voting system, by a

simple default or configuration simple default or configuration - There is no need for the selected controller to be the controller for all There is no need for the selected controller to be the controller for all

time, but at any one time only one controller may be active for each time, but at any one time only one controller may be active for each groupgroup

- The current controller's identity must be made available to all The current controller's identity must be made available to all members, and potential members, for initial group key load and error members, and potential members, for initial group key load and error recovery recovery

Group Key Creation :Group Key Creation :- The GKP is created and distributed as in sender initiated operationsThe GKP is created and distributed as in sender initiated operations

Group Key Distribution :Group Key Distribution :- After creation of the GKP, as other members contact the controller, a After creation of the GKP, as other members contact the controller, a

SKP is created, member permissions are validated and a GRP is loaded SKP is created, member permissions are validated and a GRP is loaded to the member to the member

- Some number of regional GKM applications are enabled with the Some number of regional GKM applications are enabled with the ability to validate the permissions of new members and upon validation ability to validate the permissions of new members and upon validation send to them the current GKP send to them the current GKP

GKMP ROLESGKMP ROLES Group Controller (GC):Group Controller (GC):- Why need a controller?- Why need a controller?

- the group must operate on the same symmetric key and - the group must operate on the same symmetric key and hence we need the controller . All group members have the hence we need the controller . All group members have the capability to be a GC and could assume this duty upon capability to be a GC and could assume this duty upon assignment.assignment.

- Functions of Group Controller:Functions of Group Controller:- Create keys- Create keys- Distribute keys- Distribute keys- Create group re-key messages- Create group re-key messages- Report on the progress- Report on the progress- Collects acknowledgement of key receipt messages from - Collects acknowledgement of key receipt messages from

the receiver the receiver

GKMP ROLES Contd..GKMP ROLES Contd.. Group Member:Group Member:- Wait for distribution messageWait for distribution message- assist the controller in creating the key assist the controller in creating the key - Decrypt the messages received from the GCDecrypt the messages received from the GC- Validate the controller authorization to perform actions Validate the controller authorization to perform actions - accept key from the controlleraccept key from the controller- request key from the controllerrequest key from the controller- maintain local Compromise Recovery List (CRL) listsmaintain local Compromise Recovery List (CRL) lists- manage local keymanage local key- perform peer review of key management actionsperform peer review of key management actions- acknowledge receipt of new keyacknowledge receipt of new key

Supporting FunctionsSupporting Functions Security Management:Security Management:- GKMP relies on security management to operateGKMP relies on security management to operate- Why is it necessary to have a security manager? Why is it necessary to have a security manager?

- permission management- permission management- initialization of software- initialization of software- compromise recovery- compromise recovery

- The security manager creates credentials that uniquely identify the The security manager creates credentials that uniquely identify the host and its permissions and this credential is signed by the security host and its permissions and this credential is signed by the security management by its private key and can be verified by all net management by its private key and can be verified by all net members with the public keymembers with the public key

- Permission certificates signed by the security management is given Permission certificates signed by the security management is given to each host which uniquely identify the host and its access to each host which uniquely identify the host and its access permissionspermissions

- Compromise recovery management: if a group member is found Compromise recovery management: if a group member is found compromised then the protocol must facilitate the exclusion of the compromised then the protocol must facilitate the exclusion of the membermember

Supporting FunctionsSupporting Functions Group Management:Group Management:- interacts with other management functions in the network to interacts with other management functions in the network to

provide the GKMP with the group membership lists and group provide the GKMP with the group membership lists and group relevant commands relevant commands

- group manager receives group progress reports from the GC group manager receives group progress reports from the GC - assignment of a group addressassignment of a group address- update of router databasesupdate of router databases- distribution of group address to group membersdistribution of group address to group members- GC would also be a recipient of this messageGC would also be a recipient of this message- incase of group creation failure this failure should also be incase of group creation failure this failure should also be

reported to the group requestor reported to the group requestor

Data Item Primitives in Data Item Primitives in GKMPGKMP

GC gets the list of members and initiates contactGC gets the list of members and initiates contact Authority which commands the group creates a group tokenAuthority which commands the group creates a group token Token consists of information regarding the GC and the Token consists of information regarding the GC and the

permissions that are required for the grouppermissions that are required for the group Group ID- unique identification so that several groups can coexist Group ID- unique identification so that several groups can coexist

in a network in a network GTEK idGTEK id GKEK idGKEK id GTEK creation fieldGTEK creation field GKEK creation fieldGKEK creation field Distributor signature – GC private keyDistributor signature – GC private key Distributor public – GC public keyDistributor public – GC public key Member signature – member private keyMember signature – member private key Member public – member public keyMember public – member public key Controller permissions – assigned by the security managerController permissions – assigned by the security manager SKEK idSKEK id SKEK creation fieldSKEK creation field

Data Item Primitives in Data Item Primitives in GKMPGKMP

Member permissions – provided by the security managerMember permissions – provided by the security manager Encrypted group keysEncrypted group keys Confirmation of decryptionConfirmation of decryption RequestRequest Member delete listMember delete list

Example Example

University of Essex. Department of Electronic Systems Engineering. MSc C.I.N Secure Multicast Group Key Distribution Protocol. Project Supervisor Dr. Martin Fleury MSc Student ChristosVidakisUniversity of Essex. Department of Electronic Systems Engineering. MSc C.I.N Secure Multicast Group Key Distribution Protocol.

Project Supervisor Dr. Martin Fleury MSc Student Christos Vidakis

Group Key Controller

NetWorkAHostAESENET 14

10.3.2.1

Router CRouter A

NetWorkAHostBESENET410.1.2.1

NetworkBHostAESENET 15

10.2.2.1

Router B

Network AC10.13.0.0 /16

512 Kb/s

Network A10.1.2.0/24100 MB/s

Demo Network Diagram

NetWorkAHostBESENET 14

10.3.2.1

PrivilegedMember

NetworkAHostAESENET410.1.2.1

Hub 10 MB/s

Network AB10.12.0.0 /16

1MB/s

Network CB10.23.0.0 /16

1MB/s

Network C10.3.2.0/24

10 MB/s

Network B10.3.2.0/24100 MB/s

S0/110.23.0.3

S0/010.23.0.2

S0/010.13.0.3

S0/110.13.0.1

S0/010.12.0.1

S0/110.12.0.2

f0/010.3.2.22

f0/010.1.2.22

f0/010.2.2.22

CertificateAuthority

NetworkBHostBESENET 15

10.2.2.1

SMGKDDBMS

Figure taken from Secure Multicast Group Key distributionFigure taken from Secure Multicast Group Key distribution

States in GKMPStates in GKMP State 1:State 1:- The source address is checked to ensure it is not on the CRL. The source address is checked to ensure it is not on the CRL. - The token field is validated with the public key of the source. The token field is validated with the public key of the source. - The token version number is checked to ensure this token is The token version number is checked to ensure this token is

current. current. - The group ID is checked to see if this group exists. The controller The group ID is checked to see if this group exists. The controller

ID field is then read. If the receiver is listed as the GC, the ID field is then read. If the receiver is listed as the GC, the receiver assumes the role of controller. If not, the role assumed is receiver assumes the role of controller. If not, the role assumed is that of receiver. that of receiver.

- The GC reads the group permission field in the group token. It The GC reads the group permission field in the group token. It then verifies that its' personnel permissions exceed or equal then verifies that its' personnel permissions exceed or equal those of the group. those of the group.

- The GC will creates its' portion of the key creation message. The GC will creates its' portion of the key creation message. - The Create Grp Keys_1 message is completed and transmitted. The Create Grp Keys_1 message is completed and transmitted.

States in GKMPStates in GKMP State 2:State 2:- The source signature field is validated using the public key of the The source signature field is validated using the public key of the

source. source. - The source ID field is compared against the local CRL. If the The source ID field is compared against the local CRL. If the

source is on the CRL the association is terminated. source is on the CRL the association is terminated. - The request field is read. The local contributions to the group The request field is read. The local contributions to the group

keys are created. keys are created. - The Group keys are created and stored pending negotiation. The Group keys are created and stored pending negotiation. - The key table is updated to show the group key pending The key table is updated to show the group key pending

negotiation. negotiation.

States in GKMPStates in GKMP State 3:State 3:- The permission certificate is retrieved and validated using the The permission certificate is retrieved and validated using the

security managers public key. The permissions of the message security managers public key. The permissions of the message source are checked to verify they meet or exceed those of the group. source are checked to verify they meet or exceed those of the group.

- The group token is retrieved and validated using the appropriate The group token is retrieved and validated using the appropriate public key.public key.

- The token version number is checked to ensure the token is current. The token version number is checked to ensure the token is current. - The group ID specified in the token is compared with the actual The group ID specified in the token is compared with the actual

group ID. If they are different the exchange is terminated. group ID. If they are different the exchange is terminated. - The controller ID specified in the token is compared with the GC ID. The controller ID specified in the token is compared with the GC ID.

If they do not match the exchange is terminated. If they do not match the exchange is terminated. - The local permissions are compared to the permissions specified for The local permissions are compared to the permissions specified for

the group. If they do not meet or exceed the group permissions the the group. If they do not meet or exceed the group permissions the exchange is terminated and a report is generated. exchange is terminated and a report is generated.

- The re-key interval specified in the token is stored locally. The re-key interval specified in the token is stored locally. - The key table is updated to reflect the key permissions, re-key The key table is updated to reflect the key permissions, re-key

interval, group ID and current time. interval, group ID and current time.

States in GKMPStates in GKMP State 4State 4::- The permission certificate is retrieved and validated using the The permission certificate is retrieved and validated using the

security members public key. The permissions of the message security members public key. The permissions of the message source are checked to verify they meet or exceed those of the source are checked to verify they meet or exceed those of the group. group.

- The key table is updated to reflect the key permissions, re-key The key table is updated to reflect the key permissions, re-key interval, group ID and current time. interval, group ID and current time.

State 5:State 5:- The source signature field is validated using the public key of the The source signature field is validated using the public key of the

source. source. - The source ID field is compared against the local CRL. If the The source ID field is compared against the local CRL. If the

source is on the CRL, the association is terminated. source is on the CRL, the association is terminated. - The request field is read. The local contribution to the SKEK are The request field is read. The local contribution to the SKEK are

created. The SKEK is created and stored pending negotiation.created. The SKEK is created and stored pending negotiation.- The key table is updated to show the SKEK pending negotiation. The key table is updated to show the SKEK pending negotiation.

States in GKMPStates in GKMP State 6:State 6:- The permission certificate is retrieved and validated The permission certificate is retrieved and validated - The group token is retrieved and validatedThe group token is retrieved and validated- The token version number is checked The token version number is checked - The group ID specified in the token is stored. The group ID specified in the token is stored. - The controller ID specified in the token is compared with the GC The controller ID specified in the token is compared with the GC

ID. If they do not match the exchange is terminated. ID. If they do not match the exchange is terminated. - The local permissions are compared to the permissions specified The local permissions are compared to the permissions specified

for the group. If they do not meet or exceed the group for the group. If they do not meet or exceed the group permissions the exchange is terminated and a report is permissions the exchange is terminated and a report is generated. generated.

- The re-key interval specified in the token is stored locally. The re-key interval specified in the token is stored locally. - The key table is updated to reflect the key permissions, re-key The key table is updated to reflect the key permissions, re-key

interval, group ID and current time. interval, group ID and current time.

States in GKMPStates in GKMP State 7:State 7:- The permission certificate is retrieved and validated using the The permission certificate is retrieved and validated using the

security managers public key. The permissions of the message security managers public key. The permissions of the message source are checked to verify they meet or exceed those of the source are checked to verify they meet or exceed those of the group. group.

- The key table is updated. The key table is updated.

State 8:State 8:- The group ID is checked. The group ID is checked. - The group keys are decrypted using the SKEK. Data integrity The group keys are decrypted using the SKEK. Data integrity

checks are validated to ensure proper decryption. checks are validated to ensure proper decryption. - The key table is updated to reflect the new group keys, key The key table is updated to reflect the new group keys, key

permissions, re-key interval, group ID and current time. permissions, re-key interval, group ID and current time.

State 9:State 9:- Update group management logUpdate group management log

States in GKMPStates in GKMP State 10State 10::- The permission certificate is retrieved and validated using the The permission certificate is retrieved and validated using the

security managers public key. The permissions of the message security managers public key. The permissions of the message source are checked to verify they meet or exceed those of the source are checked to verify they meet or exceed those of the group. group.

- The group token is retrieved and validated using the appropriate The group token is retrieved and validated using the appropriate public key. public key.

- The token version number is checked to ensure the token is current. The token version number is checked to ensure the token is current. - The group ID specified in the token is checked.The group ID specified in the token is checked.- The controller ID specified in the token is compared with the GC The controller ID specified in the token is compared with the GC

ID. If they do not match, the exchange is terminated. ID. If they do not match, the exchange is terminated. - The local permissions are compared to the permissions specified for The local permissions are compared to the permissions specified for

the group. If they do not meet or exceed the group permissions the the group. If they do not meet or exceed the group permissions the exchange is terminated and a report is generated. exchange is terminated and a report is generated.

- The re-key interval specified in the token is stored locally. The re-key interval specified in the token is stored locally. - The new group keys are decrypted with the current GKEK. The data The new group keys are decrypted with the current GKEK. The data

integrity field is checked to ensure proper decryption. integrity field is checked to ensure proper decryption. - The key table is updated to reflect the key permissions, re-key The key table is updated to reflect the key permissions, re-key

interval, group ID and current time. interval, group ID and current time.

States in GKMPStates in GKMP State 11State 11::- Validate signature using sources public key. Validate signature using sources public key. - Check to see if member initiated group join is available. If not, Check to see if member initiated group join is available. If not,

ignore. If so begin distribution of group keys. ignore. If so begin distribution of group keys.

State 12State 12::- Validate signature using GCs public. Validate signature using GCs public. - Retrieve delete list. Check to see if on delete list, if so continue.Retrieve delete list. Check to see if on delete list, if so continue.- Create Grp_Keys_Deleted_Ack Create Grp_Keys_Deleted_Ack - Delete group keys Delete group keys

State 13State 13::- Validate signature using GCs public. Validate signature using GCs public. - Retrieve delete list. If list is global delete, verify alternative key. Retrieve delete list. If list is global delete, verify alternative key. - Switch group operations to alternative key. Switch group operations to alternative key. - Create Grp_Keys_Deleted_Ack.. Delete group keys. Create Grp_Keys_Deleted_Ack.. Delete group keys.

Table of Some Data Table of Some Data Primitives UsedPrimitives Used

Message Message DefinitionDefinition

Grp Grp IDID

GC GC IDID

GTEGTEK IDK ID

GKEK GKEK IDID

GTEGTEK K CreaCreationtion

GKEGKEK K CreaCreationtion

SKEK SKEK IDID

MemMember ber IDID

Command Command _Create _Create GroupGroup

Create_grouCreate_group Keys 1p Keys 1

Create_grouCreate_group Keys 2p Keys 2

Negotiate_gNegotiate_grp Keys1rp Keys1

Negotiate_gNegotiate_grp Keys2rp Keys2

Negotiate Negotiate Session Key Session Key 11

Negotiate Negotiate Session Key Session Key 22

Table of Some Data Table of Some Data Primitives UsedPrimitives Used

Message Message DefinitionDefinition

Grp Grp IDID

GC GC IDID

GTEGTEK IDK ID

GKEK GKEK IDID

GTEGTEK K CreaCreationtion

GKEGKEK K CreaCreationtion

SKEK SKEK IDID

MemMember ber IDID

Download Download Grp KeysGrp Keys

Key Key Download Download AckAck

Re-key Re-key MulticastMulticast

Request Request Grp JoinGrp Join

Delete Grp Delete Grp KeysKeys

Grp Keys Grp Keys Deleted AckDeleted Ack

Message DefinitionsMessage Definitions Command_Create Group:Command_Create Group:Group members, Grp ID, Grp controller ID, Grp action, Grp Group members, Grp ID, Grp controller ID, Grp action, Grp

permissions, Rekey interval, Token version, Token signature, Token permissions, Rekey interval, Token version, Token signature, Token public keypublic key

Create Grp Keys_1: Create Grp Keys_1: Grp ID, Request, GTEK ID, GKEK ID, GTEK creation field, GKEK Grp ID, Request, GTEK ID, GKEK ID, GTEK creation field, GKEK

creation field, Grp token, Controller signature, Controller publiccreation field, Grp token, Controller signature, Controller public Create Grp Keys_2: Create Grp Keys_2: Grp ID, GTEK ID, GKEK ID, GTEK creation field, GKEK creation field, Grp ID, GTEK ID, GKEK ID, GTEK creation field, GKEK creation field,

member signature, member public member signature, member public Negotiate Grp Keys_1:Negotiate Grp Keys_1: Grp ID, TEK ID, KEK ID, Group token, Controller permissions Grp ID, TEK ID, KEK ID, Group token, Controller permissions Negotiate Grp Keys_2: Negotiate Grp Keys_2: Grp ID, GTEK ID, GKEK ID, Member permissions Grp ID, GTEK ID, GKEK ID, Member permissions Create Session KEK_1:Create Session KEK_1: KEK for one time use between the GC and selected net member KEK for one time use between the GC and selected net member Create Session KEK_2:Create Session KEK_2: KEK for one time use between the selected net member and GC KEK for one time use between the selected net member and GC

Message DefinitionsMessage Definitions Negotiate Session Keys_1 :Negotiate Session Keys_1 :group ID, SKEK ID, CRL version number, Group token and GCs group ID, SKEK ID, CRL version number, Group token and GCs

permissions permissions Negotiate Session Keys_2:Negotiate Session Keys_2:identifies the group, SKEK, CRL version number and the member identifies the group, SKEK, CRL version number and the member

permissions permissions Download Grp Keys:Download Grp Keys:GRP ID and Encrypted Grp Keys GRP ID and Encrypted Grp Keys Key download ack:Key download ack:GRP ID and Confirmation_decryption data items GRP ID and Confirmation_decryption data items Rekey _Multicast: Rekey _Multicast: Grp ID, GTEK ID, GKEK ID, Group token, Controller permissions Grp ID, GTEK ID, GKEK ID, Group token, Controller permissions Request_Group_Join:Request_Group_Join:Request, Grp ID, Member Signature, Member Public Request, Grp ID, Member Signature, Member Public Delete_Group_Keys:Delete_Group_Keys:grp ID, Request, Member delete list, Controller signature, Controllers grp ID, Request, Member delete list, Controller signature, Controllers

public public Grp_Keys_Deleted_Ack:Grp_Keys_Deleted_Ack:grp ID, member ID, member signature, member public grp ID, member ID, member signature, member public

Message DefinitionsMessage Definitions Grp_Keys_Deleted_Ack:Grp_Keys_Deleted_Ack:

grp ID, request, member delete list, controller signature, controller grp ID, request, member delete list, controller signature, controller public public

Grp_Keys_Deleted_Ack :Grp_Keys_Deleted_Ack :

grp ID, member ID, member signature, member public grp ID, member ID, member signature, member public

Group Key CreationGroup Key CreationGroup initiator Group

Controller (GC)

Group Member (GM)

Command Create group to GC from InitiatorState1(GC) – State2(GM): create group keys 1State2(GM) – State2(GC): create group keys 2State2(GC) – State3(GM): Negotiate group keys 1State3(GM) – State4(GC):Negotiate group keys 2

Group Re-KeyGroup Re-KeyGroup

Controller (GC)

Group Member (GM)

Create Session KEK_1(GC) – State 5 (GM) State 5(GM) – State 5(GC): Create Session KEK_2State 5(GC) – State 6(GM): Negotiate Sess keys 1 State 6(GM) – State 7(GC): Negotiate Sess keys 2 State 7(GC) – State 8(GM): Download Grp Keys State 8 (GM) – State 9(GC): Key download ack

Member Initiated JoinMember Initiated JoinGroup

Controller (GC)

Group Member (GM)

Request_Group Join GM - GC State 11(GC) – State 5(GM): Create Session KEK_1State 5(GM) – State 5(GC): Create Session KEK_2 State 5(GC) – State 6(GM): Negotiate Sess keys 1 State 6(GM) – State 7(GC): Negotiate Sess keys 2 State 7(GC) – State 8(GM): Download Grp Keys State 8(GM) – State 9(GC): Key Download Ack

Types of Member Types of Member DeletionDeletion

Cooperative Deletion:Cooperative Deletion:- Occurs between a trusted member and the GC. Occurs between a trusted member and the GC. - It results in a reliable deletion of the group key encryption and It results in a reliable deletion of the group key encryption and

GTEKs at the deleted member GTEKs at the deleted member

Hostile Deletion:Hostile Deletion:- Occurs when the group losses trust in a memberOccurs when the group losses trust in a member- Essentially create another group, minus the untrusted member, Essentially create another group, minus the untrusted member,

and transfer group operations to that new group and transfer group operations to that new group - When the group losses trust in the controller, another controller When the group losses trust in the controller, another controller

must be appointed and then the hostile deletion process can must be appointed and then the hostile deletion process can proceed proceed

- There are some security and operational management issues There are some security and operational management issues surrounding compromise recovery. The essence of the issues surrounding compromise recovery. The essence of the issues involve a tradeoff between operational continuity and security involve a tradeoff between operational continuity and security vulnerability vulnerability

Member DeletionMember DeletionGroup

Controller (GC)

Group Member (GM)

GC – State 12 (GM): Delete_Group_Keys State 12 (GM) – State 9(GC): Group_Keys_Deleted_Ack

Restrict Access of Restrict Access of Compromised MembersCompromised Members

Mechanisms to restrict access:Mechanisms to restrict access:- Method 1:Method 1:

- GKMP implements a Certificate Revocation List (CRL) which is - GKMP implements a Certificate Revocation List (CRL) which is checked during the group creation processchecked during the group creation process- it will not allow a compromised member to be included in a new - it will not allow a compromised member to be included in a new group group

- Method 2:Method 2:- GKMP facilitates the creation of another group (minus the - GKMP facilitates the creation of another group (minus the compromised member(s)) compromised member(s)) - it does not dictate whether or not the group may continue to - it does not dictate whether or not the group may continue to operate with a compromised member operate with a compromised member

The mechanism the GKMP uses to remove a compromised The mechanism the GKMP uses to remove a compromised member is to key that member out member is to key that member out

This entails creating a new group, without the compromised This entails creating a new group, without the compromised member, and switching group operations member, and switching group operations

The old group is canceled by several multicasts of a group delete The old group is canceled by several multicasts of a group delete message message

Issues in GKMPIssues in GKMP Error conditionsError conditions Multi-level secure (MLS) environmentMulti-level secure (MLS) environment Access controlAccess control Commercial vs. MilitaryCommercial vs. Military Algorithm TypeAlgorithm Type Management PhilosophyManagement Philosophy Receiver initiated operationReceiver initiated operation Security conditionsSecurity conditions

Property Property ApproachesApproaches

Static, Static, GKMPGKMP

ISAKMPISAKMP

CentralizedCentralizedIolusIolus

DistributeDistributedd

CliquesCliques

VersaVersaKeyKey

SMGKSMGKDD

Group –wide Group –wide KeyKey

YesYes Iolus noIolus noOther yesOther yes

yesyes YesYes YesYes

Dynamic join Dynamic join leaveleave

NoNo YesYes YesYes yesyes YesYes

ScalabilityScalability NoNo Iolus yesIolus yesOther noOther no

yesyes YesYes YesYes

Perfect ForwardPerfect Forward NoNo NoNo NoNo YesYes YesYes

Centralized Centralized entityentity

YesYes YesYes VariableVariable VariablVariablee

VariablVariablee

Trust in third Trust in third partiesparties

SMKD yesSMKD yesOther noOther no

Iolus yesIolus yesOther noOther no

NoNo NoNo YesYes

Trust in Trust in participantsparticipants

nono NoNo yesyes NoNo YesYes

Memory for Memory for each entityeach entity

smallsmall Pre-distribution Pre-distribution HugeHuge

Others: smallOthers: small

smallsmall smallsmall MinimuMinimumm

High Delay in High Delay in key distributionkey distribution

NoNo nono Initial yesInitial yes nono NoNo

Efficient Efficient InitializationInitialization

NoNo NoNo YesYes NoNo YESYES

High Level of High Level of RobustnessRobustness

NoNo NoNo NoNo NoNo YESYES

Re-keying Re-keying SynchronizationSynchronization

YesYes YesYes YesYes YesYes NoNo

ReferencesReferences RFC 2093 Group Key Management Protocol (GKMP) Specification RFC 2093 Group Key Management Protocol (GKMP) Specification

– – H. Harney, C. Muckenhirn. SPARTA, Inc. July 1997H. Harney, C. Muckenhirn. SPARTA, Inc. July 1997 RFC 2094 Group Key Management Protocol (GKMP) Architecture RFC 2094 Group Key Management Protocol (GKMP) Architecture

– – H. Harney, C. Muckenhirn. SPARTA, Inc. July 1997H. Harney, C. Muckenhirn. SPARTA, Inc. July 1997 Unicast vs. MulticastUnicast vs. Multicast over Wireless: A Cross Disciplinary over Wireless: A Cross Disciplinary

Mindshare for Educational Application Researchers – Mindshare for Educational Application Researchers – Patrick Patrick BristowBristow

Techniques and IssuesTechniques and Issues in Multicast Security – in Multicast Security – Peter S. Kruus, Peter S. Kruus, Joseph P. Macker. Naval Research LaboratoryJoseph P. Macker. Naval Research Laboratory

Thank YouThank You