KAIS T Scalable Key Management for Secure Multicast Communication in the Mobile Environment Jiannong Cao, Lin Liao, Guojun Wang Pervasive and Mobile Computing.

KAIST

Scalable Key Management for Secure Multicast Communication

in the Mobile Environment

Jiannong Cao, Lin Liao, Guojun Wang

Pervasive and Mobile Computing 2 (2006)

2007. 11. 8

Kim Pyung


Introduction

IP Multicast

Saves a great deal of bandwidth

Needs group key management in a scalable and secure manner

Scalability

Under the mobile Internet environment

Frequent moving, joining and leaving, and the large size of a group

1-affects-N phenomenon ( re-keying message, # of enc/decryption )

Security

Backward / forward confidentiality

22/15/15

System Model and Assumptions

Scalable and Hierarchical key management(SHKM)

S : multicast source

F: forwarding node, subgroup manager

CA : Centralized authority

Scalable Key Management for Secure Multicast Communication 33/15/15

SHKM : Main idea

Hierarchy by subgroup priority ordering

Fi » Fj

Initiation : RSA algorithm

Randomly chosen TEKs by SGM

The parameters for derivation of the lower group’s TEK from CA

changing residue ej, related factor гij


SHKM : Key Generation

SGM Si chooses the TEK ki CA gets (PK, SK) by RSA

PK : public key

EPK(ki)

DSK(ki)

changing residue : ei = ki2 mod n ( n is

secret )

if Sj » Si,

related factor : гji = h(Zkj ei mod P)

ki


Si CA

55/15/15

SHKM : Key Derivation

TEK : kj requests for access Si parameters : ei, гji

Ekj( ei, гji ) check Sj » Si ?

Dkj ( ei, гji )

TEK of Si : ki = h(Zkj ei mod P) гji


Sj CA

66/15/15

SHKM : Key Modification

the relationship : Sj » Sl » Si

key modification : kl kl*

el* = ( kl*)2 mod n

гjl* = h(Zkj el* mod P) kl*

гli* = h(Zkl* ei mod P) ki

Only direct successor and predecessor of Sl


SHKM : Protocol analysis

Adding a new subgroup

A new subgroup Si into an existing multicast group

the changing residue ei, related factor г (CA)

No re-keying message and No re-generation of a new TEK for whole group

Scalable

vs Key Graph ?

Backward confidentiality?

Sh » Si (new) » Sj » Sk » Sl



Deletion of a subgroup

For the higher-priority subgroups

Delete the changing residue e, related factor г (CA)

No re-key message

For the lower-priority subgroups

New TEK for lower-priority subgroups

New changing residue e, related factor г (CA)

vs Centralized protocols ? - the cost transferred to CA



Leaving of subgroup members

Multiple leaving about h, (mi, mi+1, …, mi+h-1) in Sl

New TEK kl* for Sl

new changing residue el (CA)


New related factor г (CA)

For the lower-priority subgroups

New TEK for lower-priority subgroups

New changing residue e, related factor г (CA)



Joining of a new subgroup member

New TEK kl* for Sl

new changing residue el (CA)



For the lower-priority subgroups backward confidentiality




Migration of member between subgroups

First entry delayed re-keying + periodic (FEDRP)

A TEK timer table for members residing outside the subgroup

Leaving or timer expire “Reset”

A lower re-keying rate


Attack Analysis

Continuous attack (in Lin’ scheme)

ki is exposed

Sj » Si

гji = Zkj IDi mod P ki

ki = Zkj IDi mod P гji

ki*= Zkj IDi mod P гji*

ki*=h( Zkj ei* mod P ) гji*

Sibling attack

Sj » Si and Sj » Sl

h( Zkj ei* mod P ) = гji* ki

h( Zkj el* mod P ) = гjl* kl


Evaluation

n : # of group users s : # of groups

t : # of ave successors m : # of ave dir-successors

r : related factor computation e : changing residue computation


Conclusions

No re-keying messages, but some reporting messages

Reduced enc/dec cost compared with decentralized

transferred to CA

The defense of malicious attacks


KAIS T Scalable Key Management for Secure Multicast Communication in the Mobile Environment Jiannong Cao, Lin Liao, Guojun Wang Pervasive and Mobile Computing.

Documents

s h s i new s j s

s i key modification

new subgroup s i

ji tek of s i

changing residue e i

ji check s j s i

key generation sgm s

residue e j