KAI ST Scalable Key Management for Secure Multicast Communication in the Mobile Environment Jiannong Cao, Lin Liao, Guojun Wang Pervasive and Mobile Computing 2 (2006) 2007. 11. 8 Kim Pyung
Dec 18, 2015
KAIST
Scalable Key Management for Secure Multicast Communication
in the Mobile Environment
Jiannong Cao, Lin Liao, Guojun Wang
Pervasive and Mobile Computing 2 (2006)
2007. 11. 8
Kim Pyung
Scalable Key Management for Secure Multicast Communication
Introduction
IP Multicast
Saves a great deal of bandwidth
Needs group key management in a scalable and secure manner
Scalability
Under the mobile Internet environment
Frequent moving, joining and leaving, and the large size of a group
1-affects-N phenomenon ( re-keying message, # of enc/decryption )
Security
Backward / forward confidentiality
22/15/15
System Model and Assumptions
Scalable and Hierarchical key management(SHKM)
S : multicast source
F: forwarding node, subgroup manager
CA : Centralized authority
Scalable Key Management for Secure Multicast Communication 33/15/15
SHKM : Main idea
Hierarchy by subgroup priority ordering
Fi » Fj
Initiation : RSA algorithm
Randomly chosen TEKs by SGM
The parameters for derivation of the lower group’s TEK from CA
changing residue ej, related factor гij
Scalable Key Management for Secure Multicast Communication 44/15/15
SHKM : Key Generation
SGM Si chooses the TEK ki CA gets (PK, SK) by RSA
PK : public key
EPK(ki)
DSK(ki)
changing residue : ei = ki2 mod n ( n is
secret )
if Sj » Si,
related factor : гji = h(Zkj ei mod P)
ki
Scalable Key Management for Secure Multicast Communication
Si CA
55/15/15
SHKM : Key Derivation
TEK : kj requests for access Si parameters : ei, гji
Ekj( ei, гji ) check Sj » Si ?
Dkj ( ei, гji )
TEK of Si : ki = h(Zkj ei mod P) гji
Scalable Key Management for Secure Multicast Communication
Sj CA
66/15/15
SHKM : Key Modification
the relationship : Sj » Sl » Si
key modification : kl kl*
el* = ( kl*)2 mod n
гjl* = h(Zkj el* mod P) kl*
гli* = h(Zkl* ei mod P) ki
Only direct successor and predecessor of Sl
Scalable Key Management for Secure Multicast Communication 77/15/15
SHKM : Protocol analysis
Adding a new subgroup
A new subgroup Si into an existing multicast group
the changing residue ei, related factor г (CA)
No re-keying message and No re-generation of a new TEK for whole group
Scalable
vs Key Graph ?
Backward confidentiality?
Sh » Si (new) » Sj » Sk » Sl
Scalable Key Management for Secure Multicast Communication 88/15/15
SHKM : Protocol analysis
Deletion of a subgroup
For the higher-priority subgroups
Delete the changing residue e, related factor г (CA)
No re-key message
For the lower-priority subgroups
New TEK for lower-priority subgroups
New changing residue e, related factor г (CA)
vs Centralized protocols ? - the cost transferred to CA
Scalable Key Management for Secure Multicast Communication 99/15/15
SHKM : Protocol analysis
Leaving of subgroup members
Multiple leaving about h, (mi, mi+1, …, mi+h-1) in Sl
New TEK kl* for Sl
new changing residue el (CA)
For the higher-priority subgroups
New related factor г (CA)
For the lower-priority subgroups
New TEK for lower-priority subgroups
New changing residue e, related factor г (CA)
Scalable Key Management for Secure Multicast Communication 1010/15/15
SHKM : Protocol analysis
Joining of a new subgroup member
New TEK kl* for Sl
new changing residue el (CA)
For the higher-priority subgroups
New related factor г (CA)
For the lower-priority subgroups backward confidentiality
New related factor г (CA)
Scalable Key Management for Secure Multicast Communication 1111/15/15
SHKM : Protocol analysis
Migration of member between subgroups
First entry delayed re-keying + periodic (FEDRP)
A TEK timer table for members residing outside the subgroup
Leaving or timer expire “Reset”
A lower re-keying rate
Scalable Key Management for Secure Multicast Communication 1212/15/15
Attack Analysis
Continuous attack (in Lin’ scheme)
ki is exposed
Sj » Si
гji = Zkj IDi mod P ki
ki = Zkj IDi mod P гji
ki*= Zkj IDi mod P гji*
ki*=h( Zkj ei* mod P ) гji*
Sibling attack
Sj » Si and Sj » Sl
h( Zkj ei* mod P ) = гji* ki
h( Zkj el* mod P ) = гjl* kl
Scalable Key Management for Secure Multicast Communication 1313/15/15
Evaluation
n : # of group users s : # of groups
t : # of ave successors m : # of ave dir-successors
r : related factor computation e : changing residue computation
Scalable Key Management for Secure Multicast Communication 1414/15/15
Conclusions
No re-keying messages, but some reporting messages
Reduced enc/dec cost compared with decentralized
transferred to CA
The defense of malicious attacks
Scalable Key Management for Secure Multicast Communication 1515/15/15