Date post: | 11-Jan-2016 |
Category: |
Documents |
Upload: | blanche-walton |
View: | 214 times |
Download: | 1 times |
Group Key Group Key Management Management
ProtocolProtocol(GKMP)(GKMP)
Presented By Aafreen ShaikhPresented By Aafreen ShaikhCourse CMSC 621Course CMSC 621
Summary of Presentation Summary of Presentation 11
Need for Multicast SecurityNeed for Multicast Security- Dynamic entry and exit of membersDynamic entry and exit of members- Authentication of the group membersAuthentication of the group members- Integrity during transmissionIntegrity during transmission- Confidentiality services for a multicast sessionConfidentiality services for a multicast session
Introduction to GKMPIntroduction to GKMP- Experimental protocol for internet communityExperimental protocol for internet community- No central key distribution site neededNo central key distribution site needed- Create grouped symmetric keysCreate grouped symmetric keys
Features of GKMPFeatures of GKMP- Multicast and SecurityMulticast and Security- Latency Latency - Reliability and ExtendibilityReliability and Extendibility- Operating expense and communication resourcesOperating expense and communication resources
Current Key Management Current Key Management ArchitectureArchitecture
Key Distribution Center (KDC):Key Distribution Center (KDC):- It is used for setting up symmetric keysIt is used for setting up symmetric keys- Military systems such as BLACKER, EKMS and commercial systems such as Military systems such as BLACKER, EKMS and commercial systems such as
Kerberos all operate using dedicated KDCs.Kerberos all operate using dedicated KDCs.- A group key request is sent to the KDCA group key request is sent to the KDC- The KDC acts as an The KDC acts as an access controlleraccess controller and decides whether the request is and decides whether the request is
authenticate by verifying whether all the members of a group are cleared to authenticate by verifying whether all the members of a group are cleared to receive all the data on a groupreceive all the data on a group
- The KDC would then call up each member and The KDC would then call up each member and downloaddownload the symmetric key the symmetric key- When each member had the key the KDC would notify the requestor and the When each member had the key the KDC would notify the requestor and the
secure communication could beginsecure communication could begin- Key Generation Protocols like FireFly, Diffe-Hellman, RSA can be used Key Generation Protocols like FireFly, Diffe-Hellman, RSA can be used
which rely on cooperative key generation algorithms to create a which rely on cooperative key generation algorithms to create a cryptographic keycryptographic key
- These pairwise key management protocols can be integrated into These pairwise key management protocols can be integrated into communication protocol or application communication protocol or application
- DrawbacksDrawbacks- the third party whose primary interest isn’t communication, needs - the third party whose primary interest isn’t communication, needs
to get involvedto get involved
GKMP ARCHITECTUREGKMP ARCHITECTURE Basic operations of GKMPBasic operations of GKMP
- access control- access control- key generation- key generation- key distribution- key distribution
Hierarchy in GKMPHierarchy in GKMP- security manager- security manager- group manager- group manager- group controller- group controller- group members- group members
Sender Initiated Sender Initiated OperationOperation
Identification of Group Key Controller:Identification of Group Key Controller:- The originator of the multicast group creates or obtains a group The originator of the multicast group creates or obtains a group
management certificate from its certification hierarchy management certificate from its certification hierarchy - The certificate identifies the holder as responsible for generation The certificate identifies the holder as responsible for generation
and distribution of the group key and distribution of the group key - The originator relays the membership list to the Group Key The originator relays the membership list to the Group Key
Management (GKM) application Management (GKM) application
Group Key Creation :Group Key Creation :- The GKM application, operating on behalf of the originator, The GKM application, operating on behalf of the originator,
selects one member of the group, contacts it, and creates a Group selects one member of the group, contacts it, and creates a Group Key Packet (GKP) Key Packet (GKP)
- A GKP contains the current group traffic encrypting key (GTEK) A GKP contains the current group traffic encrypting key (GTEK) and future group key encrypting key (GKEK) and future group key encrypting key (GKEK)
- Group Key Packet (GKP) = [GTEKn,GKEKn+1] Group Key Packet (GKP) = [GTEKn,GKEKn+1]
Sender Initiated Sender Initiated OperationOperation
Group Key Distribution:Group Key Distribution:- the group controller contacts each member of the group, creates the group controller contacts each member of the group, creates
a Session Key Package (SKP), validates their permissions (check a Session Key Package (SKP), validates their permissions (check member's certificate against group parameters), and create a member's certificate against group parameters), and create a Group Re-key Package (GRP) for that member Group Re-key Package (GRP) for that member
- A SKP contains a session TEK and a session KEK for a particular A SKP contains a session TEK and a session KEK for a particular member member
Session Key Package (SKP) = [STEK, SKEK] Session Key Package (SKP) = [STEK, SKEK] - A GRP contains the GKP encrypted in a KEK and signed using the A GRP contains the GKP encrypted in a KEK and signed using the
originator's certificate originator's certificate
Group Re-key Package (GRP) = {[GKP]KEK} Signature Controller Group Re-key Package (GRP) = {[GKP]KEK} Signature Controller
Receiver Initiated Receiver Initiated OperationOperation
Selection of Group Key Controller:Selection of Group Key Controller:- Selection of controller may be made through a voting system, by a Selection of controller may be made through a voting system, by a
simple default or configuration simple default or configuration - There is no need for the selected controller to be the controller for all There is no need for the selected controller to be the controller for all
time, but at any one time only one controller may be active for each time, but at any one time only one controller may be active for each groupgroup
- The current controller's identity must be made available to all The current controller's identity must be made available to all members, and potential members, for initial group key load and error members, and potential members, for initial group key load and error recovery recovery
Group Key Creation :Group Key Creation :- The GKP is created and distributed as in sender initiated operationsThe GKP is created and distributed as in sender initiated operations
Group Key Distribution :Group Key Distribution :- After creation of the GKP, as other members contact the controller, a After creation of the GKP, as other members contact the controller, a
SKP is created, member permissions are validated and a GRP is loaded SKP is created, member permissions are validated and a GRP is loaded to the member to the member
- Some number of regional GKM applications are enabled with the Some number of regional GKM applications are enabled with the ability to validate the permissions of new members and upon validation ability to validate the permissions of new members and upon validation send to them the current GKP send to them the current GKP
GKMP ROLESGKMP ROLES Group Controller (GC):Group Controller (GC):- Why need a controller?- Why need a controller?
- the group must operate on the same symmetric key and - the group must operate on the same symmetric key and hence we need the controller . All group members have the hence we need the controller . All group members have the capability to be a GC and could assume this duty upon capability to be a GC and could assume this duty upon assignment.assignment.
- Functions of Group Controller:Functions of Group Controller:- Create keys- Create keys- Distribute keys- Distribute keys- Create group re-key messages- Create group re-key messages- Report on the progress- Report on the progress- Collects acknowledgement of key receipt messages from - Collects acknowledgement of key receipt messages from
the receiver the receiver
GKMP ROLES Contd..GKMP ROLES Contd.. Group Member:Group Member:- Wait for distribution messageWait for distribution message- assist the controller in creating the key assist the controller in creating the key - Decrypt the messages received from the GCDecrypt the messages received from the GC- Validate the controller authorization to perform actions Validate the controller authorization to perform actions - accept key from the controlleraccept key from the controller- request key from the controllerrequest key from the controller- maintain local Compromise Recovery List (CRL) listsmaintain local Compromise Recovery List (CRL) lists- manage local keymanage local key- perform peer review of key management actionsperform peer review of key management actions- acknowledge receipt of new keyacknowledge receipt of new key
Supporting FunctionsSupporting Functions Security Management:Security Management:- GKMP relies on security management to operateGKMP relies on security management to operate- Why is it necessary to have a security manager? Why is it necessary to have a security manager?
- permission management- permission management- initialization of software- initialization of software- compromise recovery- compromise recovery
- The security manager creates credentials that uniquely identify the The security manager creates credentials that uniquely identify the host and its permissions and this credential is signed by the security host and its permissions and this credential is signed by the security management by its private key and can be verified by all net management by its private key and can be verified by all net members with the public keymembers with the public key
- Permission certificates signed by the security management is given Permission certificates signed by the security management is given to each host which uniquely identify the host and its access to each host which uniquely identify the host and its access permissionspermissions
- Compromise recovery management: if a group member is found Compromise recovery management: if a group member is found compromised then the protocol must facilitate the exclusion of the compromised then the protocol must facilitate the exclusion of the membermember
Supporting FunctionsSupporting Functions Group Management:Group Management:- interacts with other management functions in the network to interacts with other management functions in the network to
provide the GKMP with the group membership lists and group provide the GKMP with the group membership lists and group relevant commands relevant commands
- group manager receives group progress reports from the GC group manager receives group progress reports from the GC - assignment of a group addressassignment of a group address- update of router databasesupdate of router databases- distribution of group address to group membersdistribution of group address to group members- GC would also be a recipient of this messageGC would also be a recipient of this message- incase of group creation failure this failure should also be incase of group creation failure this failure should also be
reported to the group requestor reported to the group requestor
Data Item Primitives in Data Item Primitives in GKMPGKMP
GC gets the list of members and initiates contactGC gets the list of members and initiates contact Authority which commands the group creates a group tokenAuthority which commands the group creates a group token Token consists of information regarding the GC and the Token consists of information regarding the GC and the
permissions that are required for the grouppermissions that are required for the group Group ID- unique identification so that several groups can coexist Group ID- unique identification so that several groups can coexist
in a network in a network GTEK idGTEK id GKEK idGKEK id GTEK creation fieldGTEK creation field GKEK creation fieldGKEK creation field Distributor signature – GC private keyDistributor signature – GC private key Distributor public – GC public keyDistributor public – GC public key Member signature – member private keyMember signature – member private key Member public – member public keyMember public – member public key Controller permissions – assigned by the security managerController permissions – assigned by the security manager SKEK idSKEK id SKEK creation fieldSKEK creation field
Data Item Primitives in Data Item Primitives in GKMPGKMP
Member permissions – provided by the security managerMember permissions – provided by the security manager Encrypted group keysEncrypted group keys Confirmation of decryptionConfirmation of decryption RequestRequest Member delete listMember delete list
Example Example
University of Essex. Department of Electronic Systems Engineering. MSc C.I.N Secure Multicast Group Key Distribution Protocol. Project Supervisor Dr. Martin Fleury MSc Student ChristosVidakisUniversity of Essex. Department of Electronic Systems Engineering. MSc C.I.N Secure Multicast Group Key Distribution Protocol.
Project Supervisor Dr. Martin Fleury MSc Student Christos Vidakis
Group Key Controller
NetWorkAHostAESENET 14
10.3.2.1
Router CRouter A
NetWorkAHostBESENET410.1.2.1
NetworkBHostAESENET 15
10.2.2.1
Router B
Network AC10.13.0.0 /16
512 Kb/s
Network A10.1.2.0/24100 MB/s
Demo Network Diagram
NetWorkAHostBESENET 14
10.3.2.1
PrivilegedMember
NetworkAHostAESENET410.1.2.1
Hub 10 MB/s
Network AB10.12.0.0 /16
1MB/s
Network CB10.23.0.0 /16
1MB/s
Network C10.3.2.0/24
10 MB/s
Network B10.3.2.0/24100 MB/s
S0/110.23.0.3
S0/010.23.0.2
S0/010.13.0.3
S0/110.13.0.1
S0/010.12.0.1
S0/110.12.0.2
f0/010.3.2.22
f0/010.1.2.22
f0/010.2.2.22
CertificateAuthority
NetworkBHostBESENET 15
10.2.2.1
SMGKDDBMS
Figure taken from Secure Multicast Group Key distributionFigure taken from Secure Multicast Group Key distribution
States in GKMPStates in GKMP State 1:State 1:- The source address is checked to ensure it is not on the CRL. The source address is checked to ensure it is not on the CRL. - The token field is validated with the public key of the source. The token field is validated with the public key of the source. - The token version number is checked to ensure this token is The token version number is checked to ensure this token is
current. current. - The group ID is checked to see if this group exists. The controller The group ID is checked to see if this group exists. The controller
ID field is then read. If the receiver is listed as the GC, the ID field is then read. If the receiver is listed as the GC, the receiver assumes the role of controller. If not, the role assumed is receiver assumes the role of controller. If not, the role assumed is that of receiver. that of receiver.
- The GC reads the group permission field in the group token. It The GC reads the group permission field in the group token. It then verifies that its' personnel permissions exceed or equal then verifies that its' personnel permissions exceed or equal those of the group. those of the group.
- The GC will creates its' portion of the key creation message. The GC will creates its' portion of the key creation message. - The Create Grp Keys_1 message is completed and transmitted. The Create Grp Keys_1 message is completed and transmitted.
States in GKMPStates in GKMP State 2:State 2:- The source signature field is validated using the public key of the The source signature field is validated using the public key of the
source. source. - The source ID field is compared against the local CRL. If the The source ID field is compared against the local CRL. If the
source is on the CRL the association is terminated. source is on the CRL the association is terminated. - The request field is read. The local contributions to the group The request field is read. The local contributions to the group
keys are created. keys are created. - The Group keys are created and stored pending negotiation. The Group keys are created and stored pending negotiation. - The key table is updated to show the group key pending The key table is updated to show the group key pending
negotiation. negotiation.
States in GKMPStates in GKMP State 3:State 3:- The permission certificate is retrieved and validated using the The permission certificate is retrieved and validated using the
security managers public key. The permissions of the message security managers public key. The permissions of the message source are checked to verify they meet or exceed those of the group. source are checked to verify they meet or exceed those of the group.
- The group token is retrieved and validated using the appropriate The group token is retrieved and validated using the appropriate public key.public key.
- The token version number is checked to ensure the token is current. The token version number is checked to ensure the token is current. - The group ID specified in the token is compared with the actual The group ID specified in the token is compared with the actual
group ID. If they are different the exchange is terminated. group ID. If they are different the exchange is terminated. - The controller ID specified in the token is compared with the GC ID. The controller ID specified in the token is compared with the GC ID.
If they do not match the exchange is terminated. If they do not match the exchange is terminated. - The local permissions are compared to the permissions specified for The local permissions are compared to the permissions specified for
the group. If they do not meet or exceed the group permissions the the group. If they do not meet or exceed the group permissions the exchange is terminated and a report is generated. exchange is terminated and a report is generated.
- The re-key interval specified in the token is stored locally. The re-key interval specified in the token is stored locally. - The key table is updated to reflect the key permissions, re-key The key table is updated to reflect the key permissions, re-key
interval, group ID and current time. interval, group ID and current time.
States in GKMPStates in GKMP State 4State 4::- The permission certificate is retrieved and validated using the The permission certificate is retrieved and validated using the
security members public key. The permissions of the message security members public key. The permissions of the message source are checked to verify they meet or exceed those of the source are checked to verify they meet or exceed those of the group. group.
- The key table is updated to reflect the key permissions, re-key The key table is updated to reflect the key permissions, re-key interval, group ID and current time. interval, group ID and current time.
State 5:State 5:- The source signature field is validated using the public key of the The source signature field is validated using the public key of the
source. source. - The source ID field is compared against the local CRL. If the The source ID field is compared against the local CRL. If the
source is on the CRL, the association is terminated. source is on the CRL, the association is terminated. - The request field is read. The local contribution to the SKEK are The request field is read. The local contribution to the SKEK are
created. The SKEK is created and stored pending negotiation.created. The SKEK is created and stored pending negotiation.- The key table is updated to show the SKEK pending negotiation. The key table is updated to show the SKEK pending negotiation.
States in GKMPStates in GKMP State 6:State 6:- The permission certificate is retrieved and validated The permission certificate is retrieved and validated - The group token is retrieved and validatedThe group token is retrieved and validated- The token version number is checked The token version number is checked - The group ID specified in the token is stored. The group ID specified in the token is stored. - The controller ID specified in the token is compared with the GC The controller ID specified in the token is compared with the GC
ID. If they do not match the exchange is terminated. ID. If they do not match the exchange is terminated. - The local permissions are compared to the permissions specified The local permissions are compared to the permissions specified
for the group. If they do not meet or exceed the group for the group. If they do not meet or exceed the group permissions the exchange is terminated and a report is permissions the exchange is terminated and a report is generated. generated.
- The re-key interval specified in the token is stored locally. The re-key interval specified in the token is stored locally. - The key table is updated to reflect the key permissions, re-key The key table is updated to reflect the key permissions, re-key
interval, group ID and current time. interval, group ID and current time.
States in GKMPStates in GKMP State 7:State 7:- The permission certificate is retrieved and validated using the The permission certificate is retrieved and validated using the
security managers public key. The permissions of the message security managers public key. The permissions of the message source are checked to verify they meet or exceed those of the source are checked to verify they meet or exceed those of the group. group.
- The key table is updated. The key table is updated.
State 8:State 8:- The group ID is checked. The group ID is checked. - The group keys are decrypted using the SKEK. Data integrity The group keys are decrypted using the SKEK. Data integrity
checks are validated to ensure proper decryption. checks are validated to ensure proper decryption. - The key table is updated to reflect the new group keys, key The key table is updated to reflect the new group keys, key
permissions, re-key interval, group ID and current time. permissions, re-key interval, group ID and current time.
State 9:State 9:- Update group management logUpdate group management log
States in GKMPStates in GKMP State 10State 10::- The permission certificate is retrieved and validated using the The permission certificate is retrieved and validated using the
security managers public key. The permissions of the message security managers public key. The permissions of the message source are checked to verify they meet or exceed those of the source are checked to verify they meet or exceed those of the group. group.
- The group token is retrieved and validated using the appropriate The group token is retrieved and validated using the appropriate public key. public key.
- The token version number is checked to ensure the token is current. The token version number is checked to ensure the token is current. - The group ID specified in the token is checked.The group ID specified in the token is checked.- The controller ID specified in the token is compared with the GC The controller ID specified in the token is compared with the GC
ID. If they do not match, the exchange is terminated. ID. If they do not match, the exchange is terminated. - The local permissions are compared to the permissions specified for The local permissions are compared to the permissions specified for
the group. If they do not meet or exceed the group permissions the the group. If they do not meet or exceed the group permissions the exchange is terminated and a report is generated. exchange is terminated and a report is generated.
- The re-key interval specified in the token is stored locally. The re-key interval specified in the token is stored locally. - The new group keys are decrypted with the current GKEK. The data The new group keys are decrypted with the current GKEK. The data
integrity field is checked to ensure proper decryption. integrity field is checked to ensure proper decryption. - The key table is updated to reflect the key permissions, re-key The key table is updated to reflect the key permissions, re-key
interval, group ID and current time. interval, group ID and current time.
States in GKMPStates in GKMP State 11State 11::- Validate signature using sources public key. Validate signature using sources public key. - Check to see if member initiated group join is available. If not, Check to see if member initiated group join is available. If not,
ignore. If so begin distribution of group keys. ignore. If so begin distribution of group keys.
State 12State 12::- Validate signature using GCs public. Validate signature using GCs public. - Retrieve delete list. Check to see if on delete list, if so continue.Retrieve delete list. Check to see if on delete list, if so continue.- Create Grp_Keys_Deleted_Ack Create Grp_Keys_Deleted_Ack - Delete group keys Delete group keys
State 13State 13::- Validate signature using GCs public. Validate signature using GCs public. - Retrieve delete list. If list is global delete, verify alternative key. Retrieve delete list. If list is global delete, verify alternative key. - Switch group operations to alternative key. Switch group operations to alternative key. - Create Grp_Keys_Deleted_Ack.. Delete group keys. Create Grp_Keys_Deleted_Ack.. Delete group keys.
Table of Some Data Table of Some Data Primitives UsedPrimitives Used
Message Message DefinitionDefinition
Grp Grp IDID
GC GC IDID
GTEGTEK IDK ID
GKEK GKEK IDID
GTEGTEK K CreaCreationtion
GKEGKEK K CreaCreationtion
SKEK SKEK IDID
MemMember ber IDID
Command Command _Create _Create GroupGroup
Create_grouCreate_group Keys 1p Keys 1
Create_grouCreate_group Keys 2p Keys 2
Negotiate_gNegotiate_grp Keys1rp Keys1
Negotiate_gNegotiate_grp Keys2rp Keys2
Negotiate Negotiate Session Key Session Key 11
Negotiate Negotiate Session Key Session Key 22
Table of Some Data Table of Some Data Primitives UsedPrimitives Used
Message Message DefinitionDefinition
Grp Grp IDID
GC GC IDID
GTEGTEK IDK ID
GKEK GKEK IDID
GTEGTEK K CreaCreationtion
GKEGKEK K CreaCreationtion
SKEK SKEK IDID
MemMember ber IDID
Download Download Grp KeysGrp Keys
Key Key Download Download AckAck
Re-key Re-key MulticastMulticast
Request Request Grp JoinGrp Join
Delete Grp Delete Grp KeysKeys
Grp Keys Grp Keys Deleted AckDeleted Ack
Message DefinitionsMessage Definitions Command_Create Group:Command_Create Group:Group members, Grp ID, Grp controller ID, Grp action, Grp Group members, Grp ID, Grp controller ID, Grp action, Grp
permissions, Rekey interval, Token version, Token signature, Token permissions, Rekey interval, Token version, Token signature, Token public keypublic key
Create Grp Keys_1: Create Grp Keys_1: Grp ID, Request, GTEK ID, GKEK ID, GTEK creation field, GKEK Grp ID, Request, GTEK ID, GKEK ID, GTEK creation field, GKEK
creation field, Grp token, Controller signature, Controller publiccreation field, Grp token, Controller signature, Controller public Create Grp Keys_2: Create Grp Keys_2: Grp ID, GTEK ID, GKEK ID, GTEK creation field, GKEK creation field, Grp ID, GTEK ID, GKEK ID, GTEK creation field, GKEK creation field,
member signature, member public member signature, member public Negotiate Grp Keys_1:Negotiate Grp Keys_1: Grp ID, TEK ID, KEK ID, Group token, Controller permissions Grp ID, TEK ID, KEK ID, Group token, Controller permissions Negotiate Grp Keys_2: Negotiate Grp Keys_2: Grp ID, GTEK ID, GKEK ID, Member permissions Grp ID, GTEK ID, GKEK ID, Member permissions Create Session KEK_1:Create Session KEK_1: KEK for one time use between the GC and selected net member KEK for one time use between the GC and selected net member Create Session KEK_2:Create Session KEK_2: KEK for one time use between the selected net member and GC KEK for one time use between the selected net member and GC
Message DefinitionsMessage Definitions Negotiate Session Keys_1 :Negotiate Session Keys_1 :group ID, SKEK ID, CRL version number, Group token and GCs group ID, SKEK ID, CRL version number, Group token and GCs
permissions permissions Negotiate Session Keys_2:Negotiate Session Keys_2:identifies the group, SKEK, CRL version number and the member identifies the group, SKEK, CRL version number and the member
permissions permissions Download Grp Keys:Download Grp Keys:GRP ID and Encrypted Grp Keys GRP ID and Encrypted Grp Keys Key download ack:Key download ack:GRP ID and Confirmation_decryption data items GRP ID and Confirmation_decryption data items Rekey _Multicast: Rekey _Multicast: Grp ID, GTEK ID, GKEK ID, Group token, Controller permissions Grp ID, GTEK ID, GKEK ID, Group token, Controller permissions Request_Group_Join:Request_Group_Join:Request, Grp ID, Member Signature, Member Public Request, Grp ID, Member Signature, Member Public Delete_Group_Keys:Delete_Group_Keys:grp ID, Request, Member delete list, Controller signature, Controllers grp ID, Request, Member delete list, Controller signature, Controllers
public public Grp_Keys_Deleted_Ack:Grp_Keys_Deleted_Ack:grp ID, member ID, member signature, member public grp ID, member ID, member signature, member public
Message DefinitionsMessage Definitions Grp_Keys_Deleted_Ack:Grp_Keys_Deleted_Ack:
grp ID, request, member delete list, controller signature, controller grp ID, request, member delete list, controller signature, controller public public
Grp_Keys_Deleted_Ack :Grp_Keys_Deleted_Ack :
grp ID, member ID, member signature, member public grp ID, member ID, member signature, member public
Group Key CreationGroup Key CreationGroup initiator Group
Controller (GC)
Group Member (GM)
Command Create group to GC from InitiatorState1(GC) – State2(GM): create group keys 1State2(GM) – State2(GC): create group keys 2State2(GC) – State3(GM): Negotiate group keys 1State3(GM) – State4(GC):Negotiate group keys 2
Group Re-KeyGroup Re-KeyGroup
Controller (GC)
Group Member (GM)
Create Session KEK_1(GC) – State 5 (GM) State 5(GM) – State 5(GC): Create Session KEK_2State 5(GC) – State 6(GM): Negotiate Sess keys 1 State 6(GM) – State 7(GC): Negotiate Sess keys 2 State 7(GC) – State 8(GM): Download Grp Keys State 8 (GM) – State 9(GC): Key download ack
Member Initiated JoinMember Initiated JoinGroup
Controller (GC)
Group Member (GM)
Request_Group Join GM - GC State 11(GC) – State 5(GM): Create Session KEK_1State 5(GM) – State 5(GC): Create Session KEK_2 State 5(GC) – State 6(GM): Negotiate Sess keys 1 State 6(GM) – State 7(GC): Negotiate Sess keys 2 State 7(GC) – State 8(GM): Download Grp Keys State 8(GM) – State 9(GC): Key Download Ack
Types of Member Types of Member DeletionDeletion
Cooperative Deletion:Cooperative Deletion:- Occurs between a trusted member and the GC. Occurs between a trusted member and the GC. - It results in a reliable deletion of the group key encryption and It results in a reliable deletion of the group key encryption and
GTEKs at the deleted member GTEKs at the deleted member
Hostile Deletion:Hostile Deletion:- Occurs when the group losses trust in a memberOccurs when the group losses trust in a member- Essentially create another group, minus the untrusted member, Essentially create another group, minus the untrusted member,
and transfer group operations to that new group and transfer group operations to that new group - When the group losses trust in the controller, another controller When the group losses trust in the controller, another controller
must be appointed and then the hostile deletion process can must be appointed and then the hostile deletion process can proceed proceed
- There are some security and operational management issues There are some security and operational management issues surrounding compromise recovery. The essence of the issues surrounding compromise recovery. The essence of the issues involve a tradeoff between operational continuity and security involve a tradeoff between operational continuity and security vulnerability vulnerability
Member DeletionMember DeletionGroup
Controller (GC)
Group Member (GM)
GC – State 12 (GM): Delete_Group_Keys State 12 (GM) – State 9(GC): Group_Keys_Deleted_Ack
Restrict Access of Restrict Access of Compromised MembersCompromised Members
Mechanisms to restrict access:Mechanisms to restrict access:- Method 1:Method 1:
- GKMP implements a Certificate Revocation List (CRL) which is - GKMP implements a Certificate Revocation List (CRL) which is checked during the group creation processchecked during the group creation process- it will not allow a compromised member to be included in a new - it will not allow a compromised member to be included in a new group group
- Method 2:Method 2:- GKMP facilitates the creation of another group (minus the - GKMP facilitates the creation of another group (minus the compromised member(s)) compromised member(s)) - it does not dictate whether or not the group may continue to - it does not dictate whether or not the group may continue to operate with a compromised member operate with a compromised member
The mechanism the GKMP uses to remove a compromised The mechanism the GKMP uses to remove a compromised member is to key that member out member is to key that member out
This entails creating a new group, without the compromised This entails creating a new group, without the compromised member, and switching group operations member, and switching group operations
The old group is canceled by several multicasts of a group delete The old group is canceled by several multicasts of a group delete message message
Issues in GKMPIssues in GKMP Error conditionsError conditions Multi-level secure (MLS) environmentMulti-level secure (MLS) environment Access controlAccess control Commercial vs. MilitaryCommercial vs. Military Algorithm TypeAlgorithm Type Management PhilosophyManagement Philosophy Receiver initiated operationReceiver initiated operation Security conditionsSecurity conditions
Property Property ApproachesApproaches
Static, Static, GKMPGKMP
ISAKMPISAKMP
CentralizedCentralizedIolusIolus
DistributeDistributedd
CliquesCliques
VersaVersaKeyKey
SMGKSMGKDD
Group –wide Group –wide KeyKey
YesYes Iolus noIolus noOther yesOther yes
yesyes YesYes YesYes
Dynamic join Dynamic join leaveleave
NoNo YesYes YesYes yesyes YesYes
ScalabilityScalability NoNo Iolus yesIolus yesOther noOther no
yesyes YesYes YesYes
Perfect ForwardPerfect Forward NoNo NoNo NoNo YesYes YesYes
Centralized Centralized entityentity
YesYes YesYes VariableVariable VariablVariablee
VariablVariablee
Trust in third Trust in third partiesparties
SMKD yesSMKD yesOther noOther no
Iolus yesIolus yesOther noOther no
NoNo NoNo YesYes
Trust in Trust in participantsparticipants
nono NoNo yesyes NoNo YesYes
Memory for Memory for each entityeach entity
smallsmall Pre-distribution Pre-distribution HugeHuge
Others: smallOthers: small
smallsmall smallsmall MinimuMinimumm
High Delay in High Delay in key distributionkey distribution
NoNo nono Initial yesInitial yes nono NoNo
Efficient Efficient InitializationInitialization
NoNo NoNo YesYes NoNo YESYES
High Level of High Level of RobustnessRobustness
NoNo NoNo NoNo NoNo YESYES
Re-keying Re-keying SynchronizationSynchronization
YesYes YesYes YesYes YesYes NoNo
ReferencesReferences RFC 2093 Group Key Management Protocol (GKMP) Specification RFC 2093 Group Key Management Protocol (GKMP) Specification
– – H. Harney, C. Muckenhirn. SPARTA, Inc. July 1997H. Harney, C. Muckenhirn. SPARTA, Inc. July 1997 RFC 2094 Group Key Management Protocol (GKMP) Architecture RFC 2094 Group Key Management Protocol (GKMP) Architecture
– – H. Harney, C. Muckenhirn. SPARTA, Inc. July 1997H. Harney, C. Muckenhirn. SPARTA, Inc. July 1997 Unicast vs. MulticastUnicast vs. Multicast over Wireless: A Cross Disciplinary over Wireless: A Cross Disciplinary
Mindshare for Educational Application Researchers – Mindshare for Educational Application Researchers – Patrick Patrick BristowBristow
Techniques and IssuesTechniques and Issues in Multicast Security – in Multicast Security – Peter S. Kruus, Peter S. Kruus, Joseph P. Macker. Naval Research LaboratoryJoseph P. Macker. Naval Research Laboratory
Thank YouThank You