Download presentation

Presentation is loading. Please wait.

Published byKaden Burchill Modified over 2 years ago

1
Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies

2
Outline u Efficient cross realm authentication in Kerberos u Review original Kerberos u Propose a new extension for distributed operations in Kerberos u Multi-center multicast encryption schemes u Review single center schemes u Extend common schemes to distributed setting u Integrating Kerberos with multicast encryption schemes

3
Motivation u Increasing interest in group communication applications u Audio and video conferencing, data casting, collaborative applications u Problem: security u Goal: provide a practical solution

4
System Model Internet slow Intranet fast Intranet

5
Kerberos u Based on Needham and Schroeder protocol u Doesnt use asymmetric key crypto (fast) u Relies on a trusted third party (KDC) u Authentication is based on special data structures - tickets u Notation u KDC – Key Distribution Center u TGS – Ticket Granting Service u Alice, Bob – Kerberos principals u K A,B – Key shared by Alice and Bob u K A – Key derived from Alices password u TGT – Ticket granting ticket u T - nonce (timestamp) used to protect again replay attacks

6
Kerberos: Login Phase Hi, Im Alice Alice TGT = {Alice, TGS, K A,TGS }K TGS {K A,TGS, T}K A KDC

7
Kerberos: Service Ticket Request Alice, Bob, TGT TKT = {Alice, Bob, K A,B }K B {K A,B, T}K A,TGS AliceBob TGS

8
Kerberos: Application Request Alice, TKT, {Request}K A,B AliceBob KDC

9
Distributed Operations in Kerberos u Multiple Kerberos realms u Each realm administers local principals u No replication of data u Off-line phase u Shared keys established between participating KDCs u Ex: Wonderland and Oz u K W,Oz – shared key between KDCs u Alice@Wonderland, Bob@Oz

10
Cross Realm Kerberos: Local Request Alice@Wonderland, Bob@Oz, TGT RTGT = {Alice@Wonderland, TGS@Oz, K A,TGS@Oz }K W,Oz {K A,TGS@Oz, T}K A,TGS@W TGS@Wonderland Alice@WonderlandBob@Oz

11
Cross Realm Kerberos: Remote Req Alice@Wonderland, Bob@Oz, RTGT TKT = {Alice@Wonderland, Bob@Oz, K A,B }K B {K A,B, T}K A,TGS@Oz TGS@Oz Alice@WonderlandBob@Oz

12
Cross Realm Kerberos Alice@Wonderland, TKT, {Request}K A,B Alice@WonderlandBob@Oz

13
Efficient Cross Realm Protocol u Can we improve: u Network delays u KDC workload u Client workload u Compatible with non-distributed version of Kerberos

14
Fake Ticket Protocol: Step 1 Alice@Wonderland, Bob@Oz, TGT FTKT = {Alice@Wonderland, Bob@Oz, K A,B }K W,Oz {K A,B, T}K A,TGS@W TGS@Wonderland Alice@WonderlandBob@Oz

15
Protocol: Step 2 Alice@Wonderland, FTKT, {Request}K A,B Alice@WonderlandBob@Oz

16
Protocol: Step 3 TGS@Oz Alice@WonderlandBob@Oz TGT, FTKT TKT = {Alice@Wonderland, Bob@Oz, K A,B }K B {K A,B, T}K B,TGS@Oz

17
Evaluation u Minimizes the number of Internet (slow) messages u Reduced the workload on the client (Alice) u Alices software doesnt need to be modified u Extends easily to sending a message to a group

18
Outline u Efficient cross realm authentication in Kerberos u Multi-center multicast encryption schemes u Integrating Kerberos with multicast encryption schemes

19
Multicast Encryption u Methods for performing secure communication among a group of users u Key management problem: u Join/leave operations u Non-collaborative schemes: u Single center responsible for managing keys u Schemes evaluated based on: u Communication complexity u Storage complexity (both center and user)

20
Minimal Storage Scheme u Users store two keys: u K G - group key u K I,C - individual key shared with the center u Center stores two keys: u K G - group key u K M – secret key used to generate individual users key u Key update operation has linear communication cost

21
Tree-based Schemes u Build a logical tree u Each node represents a key: u Root – group key u Leaves – individual user keys u User stores all keys on the path from the leave to the root u User storage complexity is logarithmic u Center stores all keys in the tree u Center storage complexity is linear

22
Tree-based Schemes (cont.) u Key update operation requires logarithmic number of messages: u Change all keys on the path from the removed leave u Use siblings keys to distributes new keys

23
Multi-center Multicast: First Look u Multiple centers managing separate sets of clients u Build a single binary tree u Replicate tree at each center u Key updates require only local communication u Inefficient center and user storage: u Total center storage is O(n 2 ) u Each center stores keys for clients it doesnt manage

24
Extended Tree-based Multi-center u Each center manages M users u Each center builds a logical tree (size M) u Each user stores O(log M) keys u All centers share a key, K C u Key update operation requires (log M + N/M) message u Center storage among all centers is linear

25
Huffman Tree-based Multi-center u Each center has different number of users u Binary tree schemes doesnt provide an optimal tree u Each center builds a local tree u Associate a codeword with each center u Run Huffman algorithm to obtain minimal tree u Tree structure is kept by all centers

26
Outline u Efficient cross realm authentication in Kerberos u Multi-center multicast encryption schemes u Integrating Kerberos with multicast encryption schemes

27
Integration of Kerberos with Multicast Schemes u Need to extend Kerberos to sending a message to a group u N clients u Each KDC manages M clients u Notation u K G – group key u K C – key shared among all KDCs

28
Kerberized Multicast Alice, Group, TGT RTGT 1,.., RTGT N/M Alice

29
Integration Illustrated Alice RTGTs

30
Integration Illustrated (cont) Alice TKT I1,.., TKT Ik TKT J TKT K1,.., TKT Km

31
Integration Illustrated (cont) Alice Alice, TKT 1,.. TKT N

32
Kerberized Multicast with Fake Tickets Alice, Group, TGT FTKT G = {Alice@Wonderland, Group, K G }K C Alice

33
Integration Illustrated Alice Alice, FTKT G

34
Integration Illustrated (cont) Alice TGT I, FTKT G TGT J, FTKT G TGT K, FTKT G

35
Integration Illustrated (cont) Alice TKT I TKT J TKT K

36
Conclusion u Presented an extension to Kerberos for cross realm authentication u Eliminates Internet (slow) communications u Presented an extension to multicast encryption schemes that optimizes for multiple centers u Explored integrating cross realm authentication with multicast encryption schemes

Similar presentations

© 2017 SlidePlayer.com Inc.

All rights reserved.

Ads by Google