Reliable Multicast Protocol (RMP) for Core-based Multicast ...
A Framework for Group Key Management for Multicast Security
description
Transcript of A Framework for Group Key Management for Multicast Security
A Framework for Group Key A Framework for Group Key Management for Multicast Management for Multicast
SecuritySecurity
by T. Hardjono, B. Cain, N. by T. Hardjono, B. Cain, N. DoraswamyDoraswamy
Two planesTwo planes
Network infrastructure planeNetwork infrastructure planeFunctions and entities that define the Functions and entities that define the
network (e.g. protocols, routers)network (e.g. protocols, routers) Key management planeKey management plane
Functions and entities that define and Functions and entities that define and establish security in the network (e.g. GKM establish security in the network (e.g. GKM protocols, IPsec, cryptosystems)protocols, IPsec, cryptosystems)
Two hierarchies within key Two hierarchies within key management planemanagement plane
Trunk region: Trunk region: – Contains only Group Key Manager(s) Contains only Group Key Manager(s)
(GKM), but no member hosts (senders, (GKM), but no member hosts (senders, receivers)receivers)
Leaf region: Leaf region: – Contains member hostsContains member hosts– Every member host is associated with at Every member host is associated with at
least one GKM of its own regionleast one GKM of its own region
Further OutlineFurther Outline
Issues of Group Key ManagementIssues of Group Key Management Basic Model of the frameworkBasic Model of the framework Two ExamplesTwo Examples
Issues of Group Key Issues of Group Key ManagementManagement
– Multicast application typesMulticast application types– Size and distribution of membersSize and distribution of members– Scalability of protocols and membership Scalability of protocols and membership
managementmanagement– Independence of GKM protocolIndependence of GKM protocol– Trust-relationshipsTrust-relationships– Group authentication and sender Group authentication and sender
authenticationauthentication– Identities and anonymityIdentities and anonymity
Issues of Group Key Issues of Group Key Management (cont’d)Management (cont’d)
– Access control and membership Access control and membership verificationverification
– Failure of systemsFailure of systems– Denial of service attacksDenial of service attacks– Authenticity of multicast routing exchangesAuthenticity of multicast routing exchanges– Tamper-proof storage on network entitiesTamper-proof storage on network entities– Security and practicality of protocolsSecurity and practicality of protocols– ......
Two general multicast Two general multicast application typesapplication types
One-to-many multicastOne-to-many multicast– One source of data, many receiversOne source of data, many receivers– Two cases exist with respect to the data:Two cases exist with respect to the data:
The authenticity of the data is of concern (e.g. The authenticity of the data is of concern (e.g. stock market data)stock market data)
Their confidentiality is of concern (e.g. pay TV)Their confidentiality is of concern (e.g. pay TV)Receivers must subscribe to the group, hence Receivers must subscribe to the group, hence only the sender controls the key manageronly the sender controls the key manager
Two general multicast Two general multicast application types (cont’d)application types (cont’d)
Many-to-many multicastMany-to-many multicast– Relationship between members is equalRelationship between members is equal– Every member is both a sender and a Every member is both a sender and a
receiverreceiver– Authenticity and confidentiality is of Authenticity and confidentiality is of
concern (Why always both?)concern (Why always both?)
Size and distribution of Size and distribution of membersmembers
IP multicast model is attractiveIP multicast model is attractive– Members can be throughout the InternetMembers can be throughout the Internet– Source need not know the membersSource need not know the members
In GKMs which employ secure unicast In GKMs which employ secure unicast (e.g. to distribute keys to members) size (e.g. to distribute keys to members) size of the group and distribution of of the group and distribution of members have an impact on scalabilitymembers have an impact on scalability
Scalability of protocols and Scalability of protocols and membership managementmembership management
Frequency of changes to the Frequency of changes to the membership, which may lead to re-membership, which may lead to re-keyingkeying
Security managing entity (e.g. key Security managing entity (e.g. key server) might be the bottleneck and a server) might be the bottleneck and a attractive point for intrudersattractive point for intruders
Workload of re-keyingWorkload of re-keying
Independence of GKM Independence of GKM protocolprotocol
GKM protocol must be independent of GKM protocol must be independent of the underlying multicast routing protocolthe underlying multicast routing protocol
Trust-relationshipsTrust-relationships
On what basis can a security-related On what basis can a security-related entity be trusted (e.g. a member may entity be trusted (e.g. a member may only trust entities physically within its only trust entities physically within its country)country)
““This problem ... is a difficult one”This problem ... is a difficult one”
Group authentication and Group authentication and sender authenticationsender authentication
Group authentication Group authentication can be implicitly achieved with confidentiality can be implicitly achieved with confidentiality
due to the possession of a common keydue to the possession of a common key Sender authentication Sender authentication
can be achieved by e.g. public key can be achieved by e.g. public key cryptography schemes -> may require a cryptography schemes -> may require a public key infrastructurepublic key infrastructure
Identities and anonymityIdentities and anonymity
IP multicast IP multicast Identity of a receiver is reported to a router, but Identity of a receiver is reported to a router, but
not to the sourcenot to the source Secure multicastSecure multicast
Sender has to know the identity of the receiver to Sender has to know the identity of the receiver to allow him to join or notallow him to join or not
Anonymity Anonymity Can only be achieved on application layer, not on Can only be achieved on application layer, not on
network layer due to IPsecnetwork layer due to IPsec
Access control and Access control and membership verificationmembership verification
Issue of the application, not the Issue of the application, not the frameworkframework
Should be decoupled from the Should be decoupled from the group key management protocolgroup key management protocol
Failure of systemsFailure of systems
A failing entity must not allow to A failing entity must not allow to compromise security informationcompromise security information
It must exhibit a ‘fail-closed’ It must exhibit a ‘fail-closed’ behavoirbehavoir
The other issues are not discussed!The other issues are not discussed!
Basic Model of the Basic Model of the FrameworkFramework
Network infrastructure planeNetwork infrastructure plane– Physical/Topological viewPhysical/Topological view– Collection of autonomous systems Collection of autonomous systems
(AS)(AS)– Transit ASs and sub ASsTransit ASs and sub ASs– Identifies the entities and functions Identifies the entities and functions
that define the networkthat define the network
Basic Model of the Basic Model of the Framework (cont’d)Framework (cont’d)
Key management planeKey management plane– Functions and entities of the network Functions and entities of the network
which implement securitywhich implement security– E.g. GKM protocols, IPsec, key E.g. GKM protocols, IPsec, key
generators, key managers, ...generators, key managers, ...– divided into two regions:divided into two regions:
trunk region and leaf regiontrunk region and leaf region
The big pictureThe big picture
KM: KM: Key Key ManagerManager
BKM: Border Key BKM: Border Key ManagerManager
R: R: RouterRouter
KT: KT: Key Key TranslatorTranslator
m: m: membermember
TrunkKM
KM
R
R
Leaf
Leaf
RKT
m m m
KT
R
m
m
m
BKM
BKM
Key ManagerKey Manager
Tow types of KMsTow types of KMs– KMs within a regionKMs within a region
do not participate in inter-region key do not participate in inter-region key managementmanagement
– Border KMsBorder KMs bound the trunk regionsbound the trunk regions Every leaf region is associated with (at least) Every leaf region is associated with (at least)
one BKMone BKM
No clear definition of the tasks of a KM!No clear definition of the tasks of a KM!
Key TranslatorKey Translator
Translates payload Translates payload – from being encrypted under one key from being encrypted under one key
to anotherto another– must be done atomically and tamper-must be done atomically and tamper-
freefree– may be applied to multicast data or may be applied to multicast data or
for key management purposesfor key management purposes
Trunk keys and leaf keysTrunk keys and leaf keys
Each region has a different keyEach region has a different key The trunk key The trunk key
– is only known to BKMsis only known to BKMs– generated by a inter-region GKM protocolgenerated by a inter-region GKM protocol
The leaf keyThe leaf key– is known to the leaf and to the BKM of this is known to the leaf and to the BKM of this
leafleaf– is generated by a local GKM protocol (next is generated by a local GKM protocol (next
paper)paper)
Communication between Communication between the entitiesthe entities
is carried out using secure is carried out using secure channelschannels– mutual authenticationmutual authentication– data confidentialitydata confidentiality– date integritydate integrity
is implemented using IPsecis implemented using IPsec
How does it work?How does it work?
This is partly my interpretationThis is partly my interpretation– The sender encrypts the data using the leaf The sender encrypts the data using the leaf
keykey– It sends the data to the trunkIt sends the data to the trunk– There, the data are decrypted (leaf key) There, the data are decrypted (leaf key)
and again encrypted (trunk key). This is and again encrypted (trunk key). This is done by the KTs.done by the KTs.
– Before the trunk sends the data to the Before the trunk sends the data to the destination leaf, the KT decrypts (trunk destination leaf, the KT decrypts (trunk key) and encrypts (leaf key) again.key) and encrypts (leaf key) again.
How does it work? (cont’d)How does it work? (cont’d)
QuestionQuestion– Why are the KTs in the leaves and not Why are the KTs in the leaves and not
in the trunk?in the trunk?
Advantages of the Advantages of the frameworkframework
ScalabilityScalability– New leaf regions can be added, independent New leaf regions can be added, independent
of existing leaf regionsof existing leaf regions– Adding/dropping a member requires (at Adding/dropping a member requires (at
most) re-keying within one regionmost) re-keying within one region Reduced complexityReduced complexity
– Each leaf region can use its own GKM Each leaf region can use its own GKM protocolprotocol
– Key management in trunk region is Key management in trunk region is independent from key management in leafsindependent from key management in leafs
Advantages of the Advantages of the framework (cont’d)framework (cont’d)
Long life of trunk keysLong life of trunk keys Independent re-key periodsIndependent re-key periods
Two ExamplesTwo Examples
One-to-many multicastOne-to-many multicast Many-to-many multicastMany-to-many multicast The given examples do not very The given examples do not very
well demonstrate the use of the well demonstrate the use of the frameworkframework
One-to-many exampleOne-to-many example
Assumptions:Assumptions:– data have direct value for non-data have direct value for non-
membersmembers– attacker wants to redistribute to the attacker wants to redistribute to the
widest possible audience (e.g. pay widest possible audience (e.g. pay TV)TV)
– it is of the interest of the it is of the interest of the initiator/sender to ensure that only initiator/sender to ensure that only members (subscribers) get the data members (subscribers) get the data
One-to-many example One-to-many example (cont’d)(cont’d)
The sender must therefore defineThe sender must therefore define– the scope/size of each leaf regionthe scope/size of each leaf region– the physical locationthe physical location– the trust relationshipthe trust relationship
One-to-many example One-to-many example (cont’d)(cont’d)
The sender may choose The sender may choose – direct control, i.e. all key managers direct control, i.e. all key managers
are within its leaf and associated with are within its leaf and associated with remote leaves. (Hm... no trunk?)remote leaves. (Hm... no trunk?)
– indirect control, i.e. the sender relies indirect control, i.e. the sender relies on trusted entities of other on trusted entities of other organizationsorganizations
Many-to-many exampleMany-to-many example
AssumptionAssumption– attacker wants to provide data to a attacker wants to provide data to a
limited audiencelimited audience– it is of interest of all members to it is of interest of all members to
ensure that only members get the ensure that only members get the data (e.g. conference)data (e.g. conference)
Many-to-many example Many-to-many example (cont’d)(cont’d)
A leaf region A leaf region – might be physically limited to one might be physically limited to one
member’s organizationmember’s organization– The leaf region’s BKM should be The leaf region’s BKM should be
administrated by the member itselfadministrated by the member itself
ConclusionConclusion
This is my conclusion. There isn’t This is my conclusion. There isn’t one in the paperone in the paper– The framework provides a scalable The framework provides a scalable
scheme for group key managementscheme for group key management– In general, the paper is not very In general, the paper is not very
concreteconcrete– I think, more work is needed to have a I think, more work is needed to have a
good basis for protocol design and good basis for protocol design and implementationimplementation