Presentation By: Garrett Lund
Paper By: Sandro Rafaeli and David Hutchison
Overview
 Background Information
 IP Multicast
 Assumptions
 Requirements
 Rekeying Methods
 Centralized Group Key Management Protocols
 Decentralized Architectures
 Distributed
 Ethics
 Sources
IP Multicast
 Between Unicast and Broadcast
 Network Switches and Routers are responsible for
replication and distribution
IP Multicast Applications
IP Multicast Applications
Encryption Review
 Obviously some of these applications require limited
access.
 No public key, but a “group key”
Assumptions
 When a user joins, we have a way to get them their first
key
 When a user leaves there is a possibility of them
continuing to acquire messages
 Every user eventually gets the intended messages
Membership Changes
 Groups need to be dynamic, allowing (authorized)
members to join the group and allowing
administrators to expel members from the group
 Backwards Secrecy
 Forward Secrecy
Rekeying
 We need a way to get new keys to the users
 Since multicast is being used for group transmission, it
is assumed that multicast should be used for rekeying
the group
 Three Approaches
 Centralized
 Decentralized
 Distributed
Rekeying Requirements
 Storage Requirements
 Size of Rekey Messages
 Backwards Secrecy
 Forwards Secrecy
 Collusion
Overview
 Background Information
 IP Multicast
 Assumptions
 Requirements
 Rekeying Methods
 Centralized Group Key Management Protocols
 Decentralized Architectures
 Distributed
 Ethics
 Sources
Centralized Approaches
 We have a Key Distribution Center (KDC)
 KDC is in charge of managing all of the group’s keys
Simple
 Assign a secret key to each member
 Use a group key to send group messages
 Each member can recover the group key from the
appropriate segment of the rekey message using its
secret key
Secret Key
Simple Example
Rekey Message
DSFDBSAF
SDFREGEF
DSFAGFAS
FD@#DSG
FDGFDPG
GFDSFDH
JHFTY546
GFD5FGS&
GF5REYHH
. . .
User F
Group Key
GFDSFDH
Simple Example
DFDS#@FDSA
Secret Key
User F
Group Key
Secret Message
Simple Problems
 1. The KDC has to encrypt the new key n times
 2. The message could potentially be huge
 If n = 1 million and K is 56 bits
 The message would be 10 MB long
 3. You have to develop a protocol so that each user
knows which part of the message is appropriate for
them to decrypt with their secret key
Group Key Management Protocol
(GKMP)
 Have 2 group keys and no secret key
 One Group Transmission Encryption Key (GTEK)
 One Group Key Encryption Key (GKEK)
 GKEK used to encrypt the GTEK when it changes
 Since GKEK will never change, the system lacks
forward secrecy, you cannot kick a member out since
they will always know the GKEK
Logical Key Hierarchy (LKH)
 Use a balanced Binary Tree to store keys hierarchically
LKH Example
Rekey Message
DSFDBSAF
…
SDFREGEF
…
DSFAGFAS
…
FD@#DSG
…
FDGFDPG
…
GFDSFDH
…
JHFTY546
Corresponds to:
k
K14
K58
K12
K34
K56
K78
We Want k
k34
k14
Use k14
k3 on
k34
on
on5th
2nd
first
line
line
line
We get k
k34
k14
k3
k34
User u3
k14
k
Logical Key Hierarchy (LKH)
Other Centralized Approaches
 One-Way Function Trees (OFT)
 One-Way Function Chain Trees (OFCT)
 Clustering
 Centralized Flat Table (FT)
 Efficient Large-Group Key (ELK)
Centralized Approach Summary
Decentralized Approaches
 Split the group into subgroups
Decentralized Approaches
Distributed Models
 Two methods
 Every member contributes
 Pick a member at random
Distributed Example LKH
Distributed Summary
Ethics
Sources
 "IP Multicast Technical Overview." Cisco Systems, Inc.
Web.<http://www.cisco.com/en/US/prod/collateral/io
sswrel/ps6537/ps6552/prod_white_paper0900aecd804
d5fe6.pdf>.
 Rafaeli, Sandro, and David Hutchison. "A Survey of
Key Management for Secure Group Communication."
ACM Digital Library. Lancaster University, Sept. 2003.
Web. <http://portal.acm.org/citation.cfm?id=937506>.
 Wikipedia