Lecture 4 GKM
Lecture 4 GKM
Multicast Communications
Outline
◼ Multicast Communications
◼ Security Issues
◼ Requirements of Group Key
Management
◼ Group Key Management Protocols
2
Multicast Communications
◼ To transmit a single message to a select group
of recipients. A simple example of multicasting
is sending an e-mail message to a mailing-list.
◼ It provides efficiency and scalability comparing
to the unicast because it reduces the usage of
network resources sent to the receivers.
◼ Applications: Pay-per-view video, distant
education.
4
Group Key Management
◼ To provide secure generation, distributions and
refreshing of cryptographic keys
◼ Group Key
Only known to the current group members
Used to encrypt message
6
Requirements (continue)
◼ Scalability (1-affects-n)
A membership change should affect only
a small subset of members
◼ Reliability
Providing a recovery mechanism for
missing rekeying messages
◼ Low bandwidth overhead
Rekeying process should not induce a
high number of rekeying messages
7
Group Key Management
◼ Centralized Group Control
A single entity is the group controller who is …
Responsible for key generation, key
distribution and key refreshment
Ex: Naïve Solution, Key tree-based Approach
◼ Member control
No group controller
10
Key Tree-Based Approach
Central Group Controller GC
◼ Key Tree
◼ Root: group key
Group key K1-8
encrypt/decrypt multicast
data packets
◼ Leaf: member’s individual
K1-4 K5-8 key
Intermediate
keys ◼ Nodes between leaves
and root: intermediate
K1-2 K3-4 K5-6 K7-8 keys, that are used to
encrypt other keys
instead of actual data
Individual ◼ Each member stores the
keys k1 k2 k3 k4 k5 k6 k7 k8 keys along the path from
leaf to the root
◼ m1: {k1, k1-2, k1-4, k1-8}
Member m1 m2 m3 m4 m5 m6 m7 m8
◼ m6: {k6, k5-6, k5-8, k1-8}
11
Key Tree-Based Approach: Join
Central Group
Controller GC K1-8 →K1-9
{K1-9}K1-8
Group key K1-8
K1-9
{K1-9}K9
Intermediate K7-8 →K7-9
keys K1-3 K3-6 K7-8
K7-9 {K7-9}K7-8
{K7-9}K9
Individual
keys k1 k2 k3 k4 k5 K6 k7 k8 k9
Member m1 m2 m3 m4 m5 m6 m7 m8 m9
◼ Keys along the path need to be changed ◼ m9 joins the group:
◼ Every changed key is encrypted with old K7-8 → K7-9, K1-8 → K1-9
keys, multicast to the group except newly
◼ GC → {m7, m8}: {K7-9}K7-8
join member
◼ GC → {m1, …, m8}: {K1-9}K1-8
◼ New member gets keys through unicast
◼ GC → {m9}: {K7-9, K1-9}K9 12
Key Tree-Based Approach: Leave
Central Group
GC K1-9 →K1-8
Controller
{K1-8}K1-3
Group key K1-9
K1-8 {K1-8}K3-6
{K1-8}K7-8
Intermediate
keys
K1-3 K3-6 K7-9
K7-8 K7-9 →K7-8
{K7-8}K7
Individual
keys k1 k2 k3 k4 k5 K6 k7 k8 k9{K7-8}K8
Member m1 m2 m3 m4 m5 m6 m7 m8 m9
m9 leaves the group: K7-8 → K7-9,
◼ Keys along the path need to be ◼ GC → {m7}: {K7-8}K7
K1-8 → K1-9
changed
◼ GC → {m8}: {K7-8}K8
◼ Every changed key is encrypted with
◼ GC → {m1, m2, m3}: {K1-8}K1-3
each of its children’s keys
◼ GC → {m4, m5, m6}: {K1-8}K3-6
14
Member Control
◼ No group controller
◼ Every member contributes a share towards
the group key
◼ Requires knowledge of group membership
◼ Example protocol: Contributory key
agreement supported by the Diffie-Hellman
algorithm: Cliques
15
Diffie-Hellman (DH)
Alice Bob
16
Member Control: Cliques
s1 s2 s3 s4 secret
number
m1 m2 m3 m4 ◼ Extends two parties DH
partial to n parties
gs1 gs2 gs3 gs4 key
◼ Arranges the group
gs1 gs2 gs3 gs1s3 member in a logical liner
gs1 gs2 gs2s3 structure and passes key
gs1s2 information sequentially
gs1s2 gs1 gs1s2s3
gs1s2 ◼ Group members are
gs1s3
indexed
gs2s3 ◼ The last member (having
gs1s2s4
the highest index) is
gs1s2s3 gs1s3s4 Multicast responsible for key
to all
gs2s3s4 members generation and distribution
Group Key m1 m2 m3 m4
17
gs1s2s3s4 =g(s2s3s4)s1 =g(s1s3s4)s2 =g(s1s2s4)s3 =g(s1s2s3)s4
Cliques: Join
s1 s2 s3 s4 S4’ s5
m1 m2 m3 m4 m5
ggs2s3s4’s5
s2s3s4 ggs1s3s4’s5
s1s3s4 gs1s2s4’s5
gs1s2s4 gs1s2s3s5 gs1s2s3s4’s5 New Group key
gs1s3s4’
s1s3s4 New key
ggs2s3s4
s3s4’ gs1s3s4 ggs1s2s4
s1s4’
Group key
gs1s2s3s4
Old group key: gs1s2s3s4
New Group Key m1 m3 m4 m2
gs1s3s4’ = g(s3s4’)s1 = g(s1s4’)s3 = g(s1s3)s4’ ? 19
Member Control: Cliques
◼ Advantages
No single point of failure (no central controller)
Member gets group key through computation
rather than decryption
Suitable for a multicast system having a small size
and a less powerful server or no centralized
server, such as video conferencing
◼ Disadvantages
Heavy workload on last member who does key
distribution
Requires knowledge of group membership 20
Conclusion
Key Management for Secure Multicast
Communications
◼ Centralized Control
Easy to implement; tree-based structure can
reduce rekeying overhead; single point of
failure
◼ Member Control
No group controller; higher workload on the
member who does key distribution
21