Computer Science
CSC 774 Advanced Network Security
Secure Group Communications Using Key Graphs
Presented by: Siddharth Bhai
9th Nov 2005
1
Imagine…
• A 24 x 7 x 365 business
– Internet: the content distribution medium
• Convenient for everyone
• Everyone.. Including the eavesdroppers!
– Pay-per-view revenue model
– Dynamic content
– Several users
• Teleconference
• Collaborative work
Computer Science
2
Roadmap
•
•
•
•
•
•
The problem
Existing techniques
Key graphs
Rekeying strategies
Iolus v/s the key-graph approach
Conclusions and future work
Computer Science
3
The Problem
• Securing group
communications



Authenticity
Confidentiality
Integrity
• Scalability
• Joins/leaves
Computer Science
4
Existing Techniques
• Group Key Agreement
– Diffie Hellman
– Group-based Diffie-Hellman
– Tree-based GDH
• Group Key Distribution
– Naïve solution:
• 1 group key
• 1 unicast key per user
– Iolus
Computer Science
5
“Secure group”
• (U, K, R)
– U is a finite and non-empty set of users
– K is a finite and non-empty set of keys
– R is a binary relation between U and K
• User ‘u’ has key ‘k’ if and only if (u,k) is in R
• Group server
– Knows U & K
– Maintains user-key relation R
– Generates and securely distributes keys in K to
users in the group
Computer Science
6
Key Graphs
• A Directed Acyclic
graph
• U-nodes
• 1 or more outgoing
edges
• 1 incoming edge
• K-nodes
• 1 or more incoming
edges
– Root
Computer Science
k1234
k234
k12
k1
k2
k3
k4
u1
u2
u3
u4
7
Key Graphs (contd..)
• A key graph specifies a secure group
• Group key is the root k-node
• Join/ Leave
• Special classes:
– Star
• Naïve solution
– Tree
• Logical Key hierarchy
– Complete
• Every non-empty subset of users share a unique key!
Computer Science
8
Rekeying Strategies
•
•
•
•
Depends on class of key graph
Strategies for join and leave
Key star: naïve solution
Key tree
– User-oriented rekeying
– Key-oriented rekeying
– Group-oriented rekeying
Computer Science
9
Key Tree
U6 leaves
k12345
k123456
U6 joins
k123
k45
k123
k456
k1
k2
k3
k4
k5
k1
k2
k3
k4
k5
k6
u1
u2
u3
u4
u5
u1
u2
u3
u4
u5
u6
Computer Science
10
Join: user-oriented rekeying
• Concept:
– For each user, the server constructs a rekey
message that contains precisely the new keys
needed by the user
• How?
– For each key node (x) whose key has been changed
(k to k’), server constructs a rekey message by
encrypting the new keys of k-node x and all its
ancestors by the old key k.
– For the new user, one rekey message
Computer Science
11
Join: user-oriented rekeying (contd..)
• What will be the rekey messages?
k12345
k123456
U6 joins
k123
k45
k123
k456
k1
k2
k3
k4
k5
k1
k2
k3
k4
k5
k6
u1
u2
u3
u4
u5
u1
u2
u3
u4
u5
u6
Computer Science
12
Join: user-oriented rekeying (contd..)
• What will be the rekey messages?



S
S
S
{u1,u2,u3}:
{u4, u5}:
{u6}:
{k123456}k12345
{k123456, k456}k45
{k123456, k456}k6
• No. of rekey messages = height of the tree
• Encryption cost for server = [h(h+1)/2] - 1
Computer Science
13
Join: key-oriented rekeying
• Concept:
– Each new key is encrypted individually (except
keys for joining user)
• How?
– For each key node (x) whose key has been changed
(k to k’), server constructs 2 rekey messages
– 1st: Encrypt new key k’ with old key k, send this to
all users who hold k
– 2nd: Encrypt k’ with individual key of joining user
Computer Science
14
Join: key-oriented rekeying (contd..)
• What will be the rekey messages?
k12345
k123456
U6 joins
k123
k45
k123
k456
k1
k2
k3
k4
k5
k1
k2
k3
k4
k5
k6
u1
u2
u3
u4
u5
u1
u2
u3
u4
u5
u6
Computer Science
15
Join: key-oriented rekeying (contd..)
• What will be the rekey messages?




S
S
S
S
{u1,u2,u3, u4, u5}:
{u6}:
{u4,u5}:
{u6}:
{k123456}k12345
{k123456}k6
{k456}k45
{k456}k6
• No. of rekey messages = height of the tree
• Encryption cost for server = 2 (h-1)
Computer Science
16
Join: group-oriented rekeying
• Concept:
– A single rekey message containing all the keys,
multicasted to the entire group
– 1 message for the joining user
• Why?
– No need for subgroup multicast
– Fewer rekey messages
server’s per-rekey
message overheads are reduced
Computer Science
17
Join: group-oriented rekeying (contd..)
• What will be the rekey messages?
k12345
k123456
U6 joins
k123
k45
k123
k456
k1
k2
k3
k4
k5
k1
k2
k3
k4
k5
k6
u1
u2
u3
u4
u5
u1
u2
u3
u4
u5
u6
Computer Science
18
Join: group-oriented rekeying (contd..)
• What will be the rekey messages?


S
S
{u1,u2,u3, u4, u5}:
{u6}:
{k123456}k12345,, {k456}k45
{k123456, k456}k6
• No. of rekey messages = 2
• Encryption cost for server = 2 (h-1)
Computer Science
19
IOLUS v/s key-graph
•
•
•
•
Key-Graph
Hierarchy of multiple
keys
Each user – multiple
keys
More work is done
when a join/leave takes
place
Single trusted entity: the
key server
Computer Science
•
•
•
•
Iolus
Hierarchy of multiple
GSAs
Each user – one key (for
it’s subgroup)
More work is done
when a message is to be
sent to the entire group
Multiple trusted entities:
GSC, several GSAs..
20
Conclusion and Possible Future Work
• Performance on the server-side:
– Best: Group-oriented rekeying
– Worst: User-oriented rekeying
• Performance on the client-side:
– Best: user-oriented rekeying
– Worst: group-oriented rekeying
• Why do we need key graphs at all?
– Isn’t a key-tree good enough?
• Future work
Computer Science
21