Professional Documents
Culture Documents
Cryptographic Protocols
InKwan Yu
Multicast
What is it?
Applications
Features
Source Authentication
Multicast Fingerprint
Methods
All receive
data
data
Open
Open group
Membership
Membership
Outside
Outside member
member
sends
sends data
data
Open
Open access
access to
to
distributed
distributed
content
content
No
No
individualization
individualization
of
of received
received data
data
Open
Open access
access to
to
send
send data
data to
to
group
group
Denial
Denial of
of service
service
Eavesdropping
Eavesdropping
No
No theft
theft
deterrence
deterrence
Denial
Denial of
of service
service
Masquerading
Masquerading
Multicast
Multicast
receiver
receiver access
access
control
control
Group
Group key
key
management
management
Multicast
Multicast
fingerprinting
fingerprinting
Multicast
Multicast source
source
access
access control
control
Multicast
Multicast source
source
authentication
authentication
Properties
Security issues
Security
vulnerabilities
Security
solutions
Multicast Security
Architecture
Reference
RFC 3740
Whats in it
Multicast Security
Architecture
SA (Security Association)
Multicast Security
Architecture
GSA (Cont)
Def. of GSA
Aggregate of Sas
REG SA
Superset of SAs
Includes Attributes of SA
Multicast Security
Architecture
GSA (Cont)
GCKS
REG REKEY REG
REG
Sender
REKEY
REKEY
DATA
DATA
REG
Receiver
Multicast Security
Architecture
Policy
Sever
Group Controller/
Key Server
Receiver
Multicast
Data
Handling
Sender
Multicast Security
Architecture
Multicast
Security
Policies
Group
Key
Management
Policy
Sever
Policy
Sever
Group Controller/
Key Server
Group Controller/
Key Server
Receiver
Multicast
Data
Handling
Sender
Receiver
Multicast Security
Architecture
Hierarchically-organized
Decentralized Key Distribution
GCKS
Member
Sub GCKS
Sub GCKS
Member
Member
....
Member
....
Member
Sub GCKS
....
Member
Reference
Features
M
E
M
B
E
R
C
O
N
T
R
O
L
L
E
R
M
E
M
B
E
R
Rekey
Create Group Keys 1
C
O
N
T
R
O
L
L
E
R
M
E
M
B
E
R
Join
M
E
M
B
E
R
Reference
RFC 2627
Features
Initialization
Member Deletion
intermediate
keys
Key M
Key N
Key I
Key A
Key J
Key B
Key K
Key C
Key D
Key E
9
users
10
Key L
Key F
11
12
Key G
13
14
Key H
15
16
Architecture
KEK 0.0
KEK 0.1
KEK 1.0
KEK 1.1
KEK 2.0
KEK 2.1
KEK 3.0
KEK 3.1
Bit value 0
Bit value 1
Join
Leave
{KEK 3.0new }TEK new | KEK 3.0 old {TEK new }KEK 3.1
Reference
RFC 1949
RFC 2201
IP layer protocol
CBT protocol creates a hard state routing tree
among a multicast group. The multicast data follow
the fixed multicast tree structure
Tree branch is formed when there is at least one
member join from a subtree
In SMKD, the primary core of CBT establishes the
security parameters used in the multicast
Scalability
router
router
router
router
router
router
router
router
Core
B
router
router
A
Host h
Example Protocol
groupacces spackage {token _ sender ,{ ACL}Core ,
{{groupkey , KEK , SAParam}Core }host ,
{groupkey , KEK , SAParam}Core }next hop }sender
groupkey is used for data encryption
h A : {tokenh }h , where tokenh {timestamph , randomnumerh , A}h
A B : {token A ,{tokenh }h , JOIN_REQUEST} A
B C : {tokenB , {tokenh }h , JOIN_REQUEST}B
C B : {{tokenh }h , groupacces spackage, JOIN_ACK}C ,
B A : {{tokenh }h , groupaccesspackage, JOIN_ACK}B
A h : {{tokenh }h , groupkey , KEK , SAParam}h ,
Architecture
Top level
sender
S
Key group 1
p1
g2
h5
gi
h6
participant
g1
h1
h2
h3
p2
h4
h7
h5
pi
member
h6
h7
hi
host
Join
h SGMs : CCh
g h : Group Id(g)
h s : CCh , g
s h : {{ ACh }s ,{KEK }s }}h
h g : { ACh }s
g h : {{LS '}g }h
g Group Members : {{LS '}g }LS
Leave
Version 1
{ ( N k |k[1, j ]) | j[1,i ]}
Mi
M i 1
M ni
M ni 1
Diffie-Hellman
Version 1 Example
When
n 5 , M4
{ N1 , N1 N 2 , N1 N 2 N 3 , N1 N 2 N 3 N 4 }
{ N 5 , N1 N 5 , N1 N 2 N 5 , N1 N 2 N 3 N 5 }
and
and
M5
N1 N 2 N 3 N 4 N 5
and forwards
{ N1 , N1 N 2 , N1 N 2 N 3 }
returns
to
M4
is a group key
the
set
Version 2
{ ( N k |k[1,i ]k j ) | j[1,i ]}, N1Ni
Mi
M i 1
M i
Stage 2 (Broadcast)
Mn
Diffie-Hellman
Version 2 Example
M4
receives
the
set
and
{ N1 N 2 N 3 , N1 N 2 , N1 N 3 , N 3 N 2 }
{ N1 N 2 N 3 N 4 , N1 N 2 N 3 , N1 N 2 N 4 , N1 N 3 N 4 , N 3 N 2 N 4 }
to
M3
. Then
M5
passes
generate a
Version 3M
( N k |k[1,i ])}
M i 1
M i
M n 1
Stage 2 (Broadcast)
Mi
( N k |k[1,n 1]) k i )
Mn
Stage 3 (Respond)
{ ( N k |k[1,n ]) k i ) |i[1, n 1]}
M i
Stage 4 (Broadcast)
Mn
Mn
generates
3. M
n 1
new
exponent
M n 1
.
M n 1
K n 1 = N1 N n1 N n N n1
4.
Nn
except
of deleted member
N 1 N p 1 N p 1 N n
Nn
, and broadcasts
where
is an index
Reference
Reference
Reference