a toolkit for secure internet multicast debanjan saha isabel chang robert engel dimitris pendarakis...
TRANSCRIPT
A Toolkit for Secure Internet Multicast
Debanjan Saha
Isabel Chang Robert Engel Dimitris Pendarakis
Pankaj Rohatgi Ran Canetti
IBM T.J. Watson Research Center
Overall Architecture
Members
Members
Members
Controller& reflector
Controller& reflector
Controller& reflector
Group owner
Domain Architecture
Data Plane Control Plane
SendersSenders
Receivers Receivers
ControllerReflector
To
& f
rom
oth
er d
omai
ns
To
& f
rom
oth
er d
omai
ns
Control Messages
Join a session Leave from a session Expelled from a session
Key Update
Client Initiated Controller Initiated
Forward secrecyBackward secrecy
Registration
Message Types• Member initiated
– Registration• Registration request• Registration response
– Join a session• Join request• Join response
– Leave a session• Leave request• Leave confirm
• Controller initiated– Update session key
– Expel a member
Control MessagesDomain controllerSender Receiver
Sender Join Request
Receiver Join Request
Sender Join ConfirmReceiver Join Confirm
Key UpdateKey Update
Sender Leave Request
Sender Leave Confirm
Receiver Expel Confirm
Key UpdateKey Update
Receiver ID
Joining a Group: Message FlowControllerMember
Member Hello
Certificate
[Master Secret] Controller public key
Client ID & Password
Member Join Confirm
Key Exchange
Controller Hello
Member Join Confirm
Keys
3.7ms (512-bit key)12.3ms (1024-bit key)
10.13ms (512-bit key) 47.9ms (1024-bit key)
Light Weight Protocol: Message Flow
ControllerMemberMember Join Request
[Session keys] Member public key
Member Join Confirm
Member ID
10.13ms (512-bit key) 47.9ms (1024-bit key)
1.3ms (512-bit key) 5.2ms (1024-bit key)
Wallner Scheme
M0 M1 M2 M3 M4 M5 M6 M7
SK
K0 K1 K2 K3 K4 K5 K6 K7
K01K23
K45K67
K0123 K4567
Update Session Key: Message Format
• Key encrypting keys (K0,K1) and K2
• Consider an one way hash function g( )
Message Type Message Len
Session ID Sequence #
Payload Len Number of KEK
KeyID(K0) KeyID(K1)
[ SK ] g(K0,K1)
Payload Len Number of KEK
KeyID(K2)
[ SK ] g(K2)
Controller Signature
Data Plane
• Encryption/authentication is transparent to the application
• Socket like send/receive API• Encryption/authentication can be turned on/off using a flag• Facilitates partial encryption/authentication based on
application semantics
Software Architecture:Controller
CryptoEngine
SSL
SessionManager
GUI
Cipher Manager
RegistrationManager
Secure Multicast Protocol Suite
Socket API
Reliable Multicast
SSLStandardMulticast
Software Architecture:Client
CryptoEngine
Reliable Multicast
Secure Multicast Protocol Suite
Socket API
Key Ring RegistrationAgent
Secure Multicast Socket API
SSLStandardMulticast
Status
• Version 0.5 of the toolkit available• Planned demo at Chicago IETF & RSA conference• Applications
– Stock distribution• Authentic and/or confidential
• Real-time, low data rate, reliable
– Audio/video distribution• 20 Kbps to 1 Mbps
• Authentic and/or confidential
• Real-time, unreliable multicast