Top Banner
Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies
36

Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Mar 31, 2015

Download

Documents

Kaden Burchill
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Efficient Kerberized Multicast

Olga KornievskaiaUniversity of MichiganGiovanni Di CrescenzoTelcordia Technologies

Page 2: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Outline

Efficient cross realm authentication in Kerberos Review original Kerberos Propose a new extension for distributed operations in

Kerberos Multi-center multicast encryption schemes

Review single center schemes Extend common schemes to distributed setting

Integrating Kerberos with multicast encryption schemes

Page 3: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Motivation

Increasing interest in group communication applications Audio and video conferencing, data casting,

collaborative applications Problem: security Goal: provide a practical solution

Page 4: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

System Model

Internet

slow

Intranetfast

Intranet

Intranet

Page 5: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Kerberos Based on Needham and Schroeder protocol Doesn’t use asymmetric key crypto (fast) Relies on a trusted third party (KDC) Authentication is based on special data structures -

tickets Notation

KDC – Key Distribution Center TGS – Ticket Granting Service Alice, Bob – Kerberos principals KA,B – Key shared by Alice and Bob KA – Key derived from Alice’s password TGT – Ticket granting ticket T - nonce (timestamp) used to protect again replay attacks

Page 6: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Kerberos: Login Phase

“Hi, I’m Alice”

Alice

TGT = {Alice, TGS, KA,TGS}KTGS

{KA,TGS, T}KA

KDC

Page 7: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Kerberos: Service Ticket Request

Alice, Bob,TGT

TKT = {Alice, Bob, KA,B}KB

{KA,B, T}KA,TGS

Alice Bob

TGS

Page 8: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Kerberos: Application Request

Alice, TKT, {Request}KA,B

Alice Bob

KDC

Page 9: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Distributed Operations in Kerberos

Multiple Kerberos realms Each realm administers local principals No replication of data

Off-line phase Shared keys established between participating

KDCs Ex: Wonderland and Oz

KW,Oz – shared key between KDCs Alice@Wonderland, Bob@Oz

Page 10: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Cross Realm Kerberos: Local Request

Alice@Wonderland,Bob@Oz,TGT

RTGT = {Alice@Wonderland, TGS@Oz, KA,TGS@Oz}KW,Oz

{KA,TGS@Oz, T}KA,TGS@W

TGS@Wonderland

Alice@Wonderland Bob@Oz

Page 11: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Cross Realm Kerberos: Remote Req

Alice@Wonderland,Bob@Oz,RTGT

TKT = {Alice@Wonderland, Bob@Oz, KA,B}KB

{KA,B, T}KA,TGS@Oz

TGS@Oz

Alice@Wonderland Bob@Oz

Page 12: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Cross Realm Kerberos

Alice@Wonderland, TKT, {Request}KA,B

Alice@Wonderland Bob@Oz

Page 13: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Efficient Cross Realm Protocol

Can we improve: Network delays KDC workload Client workload Compatible with non-distributed version of

Kerberos

Page 14: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Fake Ticket Protocol: Step 1

Alice@Wonderland,Bob@Oz,TGT

FTKT = {Alice@Wonderland, Bob@Oz, KA,B}KW,Oz

{KA,B, T}KA,TGS@W

TGS@Wonderland

Alice@Wonderland Bob@Oz

Page 15: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Protocol: Step 2

Alice@Wonderland, FTKT, {Request}KA,B

Alice@Wonderland Bob@Oz

Page 16: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Protocol: Step 3

TGS@Oz

Alice@Wonderland Bob@Oz

TGT, FTKTTKT = {Alice@Wonderland, Bob@Oz, KA,B}KB

{KA,B, T}KB,TGS@Oz

Page 17: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Evaluation

Minimizes the number of Internet (slow) messages

Reduced the workload on the client (Alice) Alice’s software doesn’t need to be

modified Extends easily to sending a message to a

group

Page 18: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Outline

Efficient cross realm authentication in Kerberos

Multi-center multicast encryption schemes Integrating Kerberos with multicast

encryption schemes

Page 19: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Multicast Encryption

Methods for performing secure communication among a group of users

Key management problem: Join/leave operations

Non-collaborative schemes: Single center responsible for managing keys

Schemes evaluated based on: Communication complexity Storage complexity (both center and user)

Page 20: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Minimal Storage Scheme

Users store two keys: KG - group key KI,C - individual key shared with the center

Center stores two keys: KG - group key KM – secret key used to generate individual

user’s key Key update operation has linear

communication cost

Page 21: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Tree-based Schemes

Build a logical tree Each node represents a key:

Root – group key Leaves – individual user keys

User stores all keys on the path from the leave to the root User storage complexity is logarithmic

Center stores all keys in the tree Center storage complexity is linear

Page 22: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Tree-based Schemes (cont.)

Key update operation requires logarithmic number of messages: Change all keys on the path from the removed

leave Use siblings’ keys to distributes new keys

Page 23: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Multi-center Multicast: First Look

Multiple centers managing separate sets of clients

Build a single binary tree Replicate tree at each center Key updates require only local

communication Inefficient center and user storage:

Total center storage is O(n2) Each center stores keys for clients it doesn’t

manage

Page 24: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Extended Tree-based Multi-center

Each center manages M users Each center builds a logical tree (size M) Each user stores O(log M) keys All centers share a key, KC

Key update operation requires (log M + N/M) message

Center storage among all centers is linear

Page 25: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Huffman Tree-based Multi-center

Each center has different number of users Binary tree schemes doesn’t provide an

optimal tree Each center builds a local tree Associate a codeword with each center Run Huffman algorithm to obtain minimal

tree Tree structure is kept by all centers

Page 26: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Outline

Efficient cross realm authentication in Kerberos

Multi-center multicast encryption schemes Integrating Kerberos with multicast

encryption schemes

Page 27: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Integration of Kerberos with Multicast Schemes

Need to extend Kerberos to sending a message to a group

N clients Each KDC manages M clients Notation

KG – group key KC – key shared among all KDCs

Page 28: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Kerberized Multicast

Alice, Group,TGT

RTGT1,.., RTGTN/M

Alice

Page 29: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Integration Illustrated

Alice

RTGTs

Page 30: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Integration Illustrated (cont)

Alice

TKTI1,.., TKTIk

TKTJ

TKTK1,.., TKTKm

Page 31: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Integration Illustrated (cont)

Alice

Alice, TKT1,.. TKTN

Page 32: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Kerberized Multicast with Fake Tickets

Alice, Group,TGT

FTKTG = {Alice@Wonderland, Group, KG}KC

Alice

Page 33: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Integration Illustrated

Alice

Alice, FTKTG

Page 34: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Integration Illustrated (cont)

Alice

TGTI,FTKTG

TGTJ,FTKTG

TGTK,FTKTG

Page 35: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Integration Illustrated (cont)

Alice

TKTI TKTJ TKTK

Page 36: Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies.

Conclusion

Presented an extension to Kerberos for cross realm authentication Eliminates Internet (slow) communications

Presented an extension to multicast encryption schemes that optimizes for multiple centers

Explored integrating cross realm authentication with multicast encryption schemes