optimized group-rekey
DESCRIPTION
Optimized Group-Rekey. Ohad Rodeh, Kenneth P. Birman, Danny Dolev. Introduction. Increasingly, many applications require multicast services teleconferencing, distributed interactive simulation, collaborative work, etc. - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/1.jpg)
Optimized Group-Rekey
Ohad Rodeh, Kenneth P. Birman, Danny Dolev
![Page 2: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/2.jpg)
Introduction
• Increasingly, many applications require multicast services– teleconferencing, distributed interactive
simulation, collaborative work, etc.
• To protect multicast message content, such applications require secure multicast
![Page 3: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/3.jpg)
Multicast group protection
• A multicast group can be efficiently protected using a single symmetric encryption key
• This key is securely communicated to all group members which subsequently use it to encrypt/decrypt group messages
• The group-key is securely switched whenever the group membership changes
![Page 4: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/4.jpg)
Multicast group protection II
• Old members cannot eavesdrop on current group conversations
• The challenge, create a key-switch algorithm that is:– Efficient and fast– Can handle large groups– A high rate of membership changes
![Page 5: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/5.jpg)
Group types
• There are several types of group patterns.
• Few senders & many receivers– Up to millions of receivers (potentially)
• This is called One-Many.
• Many-Many pattern– 100 senders & receivers.
![Page 6: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/6.jpg)
Model• Processes:
– Can send/recv pt-2-pt and multicast messages– Have access to trusted authentication and
authorization services– Authentication service allows processes to open
secure channels– A secure channel allows the secure exchange of
private information
• Public key encryption is expesive, symmetric key encryption is cheep.
![Page 7: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/7.jpg)
Numbering and convention
• The GCS allows only trusted and authorized members into the group.
• Members are numbered m1.. mN
• The group leader is member m1
![Page 8: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/8.jpg)
A simple solution
S
1 5432 76 8
![Page 9: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/9.jpg)
The centralized solution• Here we describe a protocol by Wong,
Gouda and Lam
• A keygraph is defined as a directed tree where the leafs are the group members and the nodes are keys
• A member knows all the keys on the way from itself to the root
• The keys are distributed using a key-server
![Page 10: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/10.jpg)
The centralized solution
S
1 5432 76 8
K34K12 K56 K78
K14
K18
K58
![Page 11: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/11.jpg)
Building the tree• Each member mi shares a key with the
server, Ki
• It also shares keys with subgroups in the tree
• The tree is built by the key server S
• S initially has secure channels with each of the members
• S uses these channels to create the higher level keys
![Page 12: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/12.jpg)
Building the tree
• This can be done in a single multicast
• K18 is the group key
K1 K3 K4
K5 K6 K7 K8
K2 K12
K56
K34
K78
K14
K58 K18
![Page 13: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/13.jpg)
Join/Leave
• The group-key is replaced in case of join/leave
• This is performed through key-tree operations
![Page 14: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/14.jpg)
Join
1 5432 76 8
K34K12 K56 K78
K14
K18
K58
9
K19
![Page 15: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/15.jpg)
Leave I
1 5432 76 8
K34K12 K56 K78
K14
K18
K58
![Page 16: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/16.jpg)
Leave II
K28
5432 76 8
K34 K56 K78
K58K24
![Page 17: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/17.jpg)
Cost
• Each member stores log n keys
• The server keeps a total of n keys
• The server uses n secure channels to communicate with the members
• It is possible to create the full tree using a single multicast
![Page 18: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/18.jpg)
Extensions and Optimizations
• It is possible to use trees of degree larger than 2
• Tree rebalancing– Trees become imbalanced after series of
Leave/Join. – This makes tree operations less efficient
![Page 19: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/19.jpg)
Our solution
• The centralized solution is not fault-tolerant
• It relies on a centralized server which knows all the keys
• We desire a completely distributed solution
• Our protocol uses no centralized server, members play symmetric roles
• First we describe the basic protocol, then we optimize it
![Page 20: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/20.jpg)
The agree primitive
• l chooses KLR
• l r : KLR
• l G(l) : {KLR}KL
• r G(r) :{KLR}KR
l r
KLR
![Page 21: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/21.jpg)
Merging in log(n) steps
1 5432 76 8
K34K12 K56 K78
K14
K18
K58
![Page 22: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/22.jpg)
Optimized solution O
• The basic protocol can be improved to achieve latency of 2 rounds
• We state the optimized protocol O, and then provide an example run
![Page 23: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/23.jpg)
Choosing keys and pt2pt dissemination
1 5432 76 8
K34K12 K56 K78
K14
K18
K58
![Page 24: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/24.jpg)
Stage 2, chained decryption
1 5432 76 8
K12 K56 K78
K14
K18
K58
{K18}K58
{K58}K78K18
K78
K58 K18
• Each member multicasts the key it receives with the highest key it chose.
![Page 25: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/25.jpg)
Improving the algorithm
• One problem is the use of multicasts in the second stage
• They are bunched up by the leader, and sent as one message.
• Other measures are used as well.
![Page 26: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/26.jpg)
Building the Tree
#pt-2-pt #multicast #keys #rounds
regular 0 1 2(N-1) 1
distributed 1.5N-1 1 2(N-1)+N/2 3
![Page 27: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/27.jpg)
Conclusions• We have taken a non-fault-tolerant,
centralized protocol, and converted it into a protocol that is decentralized and tolerant of failures
• The new protocol has nearly the same cost as the original protocol
• The new protocol requires a GCS• We are examining the scalability of the GCS
![Page 28: Optimized Group-Rekey](https://reader035.vdocument.in/reader035/viewer/2022070411/5681475f550346895db49eda/html5/thumbnails/28.jpg)
PerformanceTitle:total.epsCreator:gnuplot 3.5 (pre 3.6) patchlevel beta 347Preview:This EPS picture was not savedwith a preview included in it.Comment:This EPS picture will print to aPostScript printer, but not toother types of printers.