military multicast key management-2
TRANSCRIPT
-
8/3/2019 Military Multicast Key Management-2
1/19
MILITARY MULTICAST KEY
MANAGEMENTReporters:
Al Ann Ibanez
Jeonghwa Yoo
Roh
Nazcar Pine
-
8/3/2019 Military Multicast Key Management-2
2/19
ABSTRACT
Todays world is what we call the: Network Centric
World this is very important in military operations
Same group members use the same key, but thekey must be dynamic
KAA like the key exchange algorithm inIPSEC(Oakley). But Oakley is the protocol for P2P.KAA are used for group.
-
8/3/2019 Military Multicast Key Management-2
3/19
Provide security services
Different from commercial use
Frequent use of group communication
The current circuit has difficulty with providinggroup communications
VoIP Networks has very useful services formulticasting
Multicast = Communication in group communicationin Military Network is converted
Problem with VoIP updating the group membersdynamically.
-
8/3/2019 Military Multicast Key Management-2
4/19
INTRODUCTION
Multicast is a very efficient and scalable techniquefor group communication
IPSec Architecture
Multicast Group Mapping
Source Authentication
Group Access
Confidentiality
Group Key
Administration(MIKE)
Single Membership changes when a user wants toleave the group
Operation is called when user is forced to leave
A symmetriccryptographicalgorithm
-
8/3/2019 Military Multicast Key Management-2
5/19
Additive subgroup operation Group merge
Subtractive subgroup operation Group Partition
Group communication security
Key Updating/Rekeying Mode key agreement/Key distribution
Two modes in Military are needed
-
8/3/2019 Military Multicast Key Management-2
6/19
PROPOSED SCHEME
-
8/3/2019 Military Multicast Key Management-2
7/19
PROPOSED SCHEME
The key agreement part forces every member tocalculate the tree by
means of an iterative Diffie Hellman group keyexchange.
The key distribution mode a group controllerconstructs the key tree and spreads the group keyin a secure way.
-
8/3/2019 Military Multicast Key Management-2
8/19
KEY TREE
Reduces the expense of group key update
A Key tree is a tree with
USER LEAVES
KEY NODES
NULL NODES
USER LEAF
-
8/3/2019 Military Multicast Key Management-2
9/19
KEY TREE
1U
2U
3U
4U
5U
6U
7U
8U N
k1 k2 k3 k4 k5 k6 k7 k8 N
k123 k456 k78
K1-8
KEY_NODES
USER_LEAVES
KEY_LEAF NO USER
NULL_NODE
Rootnode
-
8/3/2019 Military Multicast Key Management-2
10/19
KEY TREE
-
8/3/2019 Military Multicast Key Management-2
11/19
From the software design point of view both modescan base on the c++ class KeyTree{}
The derivate classes AgreeKeyTree{} andDistKeyTree{} implement the special modefunctionality needed for key update.
In order to provide an easy accessible interface tothe cryptographic library the classes are derived asecond time.
-
8/3/2019 Military Multicast Key Management-2
12/19
KEY DISTRIBUTION (1)
GC (Group Controller)
- Administration of the key tree
- management of users
- spreading of the group key
- know the structure of the key tree and all keys.
User
- No knowledge about the key tree
- know the keys of the path to the root node
Auxiliary key
- A key encypting the exchanged data
- only known by the subset of the group
-
8/3/2019 Military Multicast Key Management-2
13/19
KEY DISTRIBUTION (2)
For example
- transmit K1-8 from the GC to the user u1-u3
- the content of the bracket is encrypted with thekj
31}{ 81
kk
jk{}
-
8/3/2019 Military Multicast Key Management-2
14/19
TREE BASED KEY DISTRIBUTION
-
8/3/2019 Military Multicast Key Management-2
15/19
TREE BASED KEY AGREEMENT
Within groups working with the key agreement algorithma transaction manager (TM) exists for the observation ofthe next key operation.
Every user can hold the TM status
Only the TM can refresh the key tree and change thegroup key
The key tree can be calculated by each user by aniterative Diffie Hellman key agreement:
Where kji = kij is the agreed Diffie Hellman value and pa prime number
-
8/3/2019 Military Multicast Key Management-2
16/19
TREE BASED KEY AGREEMENT
In order to explainthe algorithm, the
join procedure ofuser u8 is explained.
-
8/3/2019 Military Multicast Key Management-2
17/19
TREE BASED KEY AGREEMENT
A three way handshake is used to transmit the newuser individual blind key BK(u8) to the current TMand authenticate the user.
A new node is added to the key tree storing theusers individual blind key.
The tree path from the user to the root becomeinvalid.
By a p3TMDistribute message the group users
and the new user are informed about the TM statusof the new user u8.
-
8/3/2019 Military Multicast Key Management-2
18/19
TREE BASED KEY AGREEMENT
The p3TMDistribute message contains all blindkeys of the tree without the invalid key path.
u8 confirms the reception of the new roll andcalculates the tree path by using a Diffie Hellman
algorithm several times. Afterwards u8 distributes the blind key BK(k78),
BK(k5-8) of the key path by ap3UpdateDistribute message.
Every user can now calculate the group key
- u1 calculates kG = k14 oBK(k58 ),
- u5 calculates k5-8 = k56o BK(k78 ) ,
kG= k58 o BK(k14 )
-
8/3/2019 Military Multicast Key Management-2
19/19
CONCLUSION
The usage of key trees simplifies theimplementation of both modes.
Utilizing information of military groupsincreases the efficiency of the key updateprocedure.
The increased efficiency is obtained by meansof batched rekeying and probabilistic key treeconstruction.
The usage of key trees produces anoptimization for both modes of operation