KTR : An Efficient Key Management Scheme
for Secure Data Access Control in Wireless
Broadcast Services
KTR : key tree reuse
Author: Qijun Gu, Member, IEEE, Peng Liu, Member, IEEE,
Wang-Chien Lee, Member, IEEE, and Chao-Hsien Chu
Source: IEEE TRANSACTIONS ON DEPENDABLE AND
SECURE COMPUTING, Vol. 6, No. 3, 2009, pp. 188-201
Presenter: Tsuei-Hung Sun
Date: 2010/7/27
Outline
•
•
•
•
•
•
•
Introduction
Motivation
Scheme
Security analysis
Performance evaluation
Advantage vs. weakness
Conclusion
2
Introduction
• The communication mechanism
– Broadcast channel : the main mechanism for data
dissemination.
– Uplink channels (optional) : reserved for occasional uses to
dynamically change subscriptions.
3
Introduction
• Broadcast service components
user’s subscription
Program 1
Program 2
Program N
Data Item
Data Item
Data Item
Data Item
Data Item
Data Item
…
Data Item
…
subscribed
…
Data Item
Data Item
…
subscribed
User
4
Introduction
• Logical Key Hierarchy (LKH)
(D. Wallner, E. Harder, and R. Agee, Key
Management for Multicast:Issues and
Architectures, IETF RFC 2627, 1999.)
Ex. rekey message
{k’4}Ku2, {k’2}k’4, {k’2}k5, {k’1}k’2, {k’1}k3
IDK
DEK : data encryption key
KDK : key distribution keys
IDK : individual key
5
Motivation
• The critical security requirements of wireless data
broadcast services
– Providers need to ensure backward and forward secrecy with
respect to membership dynamics.
• New key management schemes that can simultaneously
provide security, efficiency, and flexibility.
• Efficiently manage keys when a user joins/leaves
/changes the service without compromising security
and interrupting the operations of other users.
6
Scheme
• Shared Key Tree (SKT)
No share
(Y. Sun and K.R. Liu, “Scalable Hierarchical Access Control in
Secure Group Communications,” Proc. IEEE INFOCOM, 2004.)
Share
7
Scheme
• Key Forest
8
Scheme
• Root Graph
Need to rekey items
O(n)
Fig. two-layer structure
O(log2(n))
Fig. multilayer structure
9
Scheme
• Key Tree Reuse (KTR)
leave path : leave tree, consists of keys that the user will no longer use.
enroll path : join tree, consists of keys that the user will use in the future.
(critical key: must-be-changed keys)
10
Scheme
• Rekey Spots
– renew spot : time point t when ki’s value is changed, ki(t).
• renew message
– enroll path : {ki(t)}ki(t’)
– leave path : {ki(t)}kc(t’) (refresh message )
– refresh spot : ki is used to encrypt its parent key kj’s new
value in a refreshment δ(tj,t;ki,t’).
• Refreshmentδ(tj,t;ki,t’) is a rekey message.
• {kj(t)}ki(t’) ,where t’ ≦ t.
Fig. Spot series of key kr6
11
Examples of Spot
t1 : δ(kg1,t1;kr6,t1) , δ(kg2,t1;kr6,t1) , δ(kg3,t1;kr6,t1)
t2 : δ(kg2,t2;kr6,t1) , δ(kg3,t2;kr6,t1)
t4 : δ(kg1,t4;kr6,t1) , δ(kg2,t4;kr6,t1)
Fig. Spot series of key kr6
Time at t1
Time at t2
Time at t3
Time at t4
ku2
ku4
ku1
ku3
12
Examples of Spot
kg2
t1 : δ(kr6,t1;knj,t0) ,δ(kg2,t1;kr6,t1)
t2 : δ(kg2,t2;kr6,t1)
t3: δ(kg2,t3;kr6,t3) , δ(kr6,t3;knj,t3)
Fig. Spot series regarding program g2
t4 : δ(kg2,t4;kr6,t3)
Time at t1
Time at t2
Time at t3
Time at t4
ku1
ku2
ku4
ku3
13
Scheme
– revive spot : time point t
• DEK of this key’s associated program has changed.
• Dangerous rekey sequence of refreshments exists.
14
Critical key
• Critical key
– Age of a key
age
• DEK :
time current
latest renew spot
age
• KDK :
time current
revive spot
latest renew spot
– Age of a subscription
age
time current
latest beginning
15
Examples of Critical Key
Time at t1
Time at t2
ku1
ku2
16
Security analysis
•
•
•
•
Nongroup confidentiality
Collusion freedom
Future confidentiality (forward secrecy)
Past confidentiality (backward secrecy)
17
Performance evaluation
• Server Side
– For tree
• manage key O(e(2 n/e - 1)) = O(2n - e)
• spot series O((2n – e)d)
– For program
• manage key O((ed/m-1)m) = O(ed-m)
• spot series O(ed-m)
– total O(2n - e + ed - m)
• LKH total O((2 × ed/m × n/e - 1)m) = O(2nd - m)
m: programs n: users e: tree d: average programs in each tree
λl: leave rate λj: join rate λs: shift rate
total event rate Λ= λl + λj + λs
18
Performance evaluation
• Client Side
Fig. Average rekey message size per event.
(a) Case 1. (b) Case 2. (c) Case 3. (d) Case 4.
19
Performance evaluation
• Client Side
Fig. Average number of decryption per event per user. 20
(a) Case 1. (b) Case 2. (c) Case 3. (d) Case 4.
Advantage vs. weakness
• Advantage
– More flexible LKHbased techniques.
– KTR can save :
• about 45 percent of
communication overhead
in the broadcast channel.
• about 50 percent of
decryption cost for each
user.
• about 45 percent storage.
• Weakness
– If users subscribing to
single programs, KTR
has no advantage over
LKH.
21
Conclusion
• KTR is a scalable, efficient, and secure key
management support secure wireless broadcast
services.
• This approach is also applicable to other LKHbased approaches to reduce the rekey cost as in
KTR.
22
References
•
D. Wallner, E. Harder, and R. Agee, Key Management for Multicast: Issues and
Architectures, IETF RFC 2627, 1999, http://www.faqs.org/rfcs/rfc2627.html
(2010/7/21)
•
Y. Sun and K.R. Liu, “Scalable Hierarchical Access Control in Secure Group
Communications,” Proc. IEEE INFOCOM, 2004.
23