1 / 36

Efficient Kerberized Multicast

Efficient Kerberized Multicast. Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies. Outline. Efficient cross realm authentication in Kerberos Review original Kerberos Propose a new extension for distributed operations in Kerberos

misae
Download Presentation

Efficient Kerberized Multicast

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Efficient Kerberized Multicast Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies

  2. Outline • Efficient cross realm authentication in Kerberos • Review original Kerberos • Propose a new extension for distributed operations in Kerberos • Multi-center multicast encryption schemes • Review single center schemes • Extend common schemes to distributed setting • Integrating Kerberos with multicast encryption schemes

  3. Motivation • Increasing interest in group communication applications • Audio and video conferencing, data casting, collaborative applications • Problem: security • Goal: provide a practical solution

  4. System Model Intranet slow Internet Intranet Intranet fast

  5. Kerberos • Based on Needham and Schroeder protocol • Doesn’t use asymmetric key crypto (fast) • Relies on a trusted third party (KDC) • Authentication is based on special data structures - tickets • Notation • KDC – Key Distribution Center • TGS – Ticket Granting Service • Alice, Bob – Kerberos principals • KA,B – Key shared by Alice and Bob • KA – Key derived from Alice’s password • TGT – Ticket granting ticket • T - nonce (timestamp) used to protect again replay attacks

  6. “Hi, I’m Alice” TGT = {Alice, TGS, KA,TGS}KTGS {KA,TGS, T}KA Kerberos: Login Phase KDC Alice

  7. Alice, Bob, TGT TKT = {Alice, Bob, KA,B}KB {KA,B, T}KA,TGS Kerberos: Service Ticket Request TGS Alice Bob

  8. Alice, TKT, {Request}KA,B Kerberos: Application Request KDC Alice Bob

  9. Distributed Operations in Kerberos • Multiple Kerberos realms • Each realm administers local principals • No replication of data • Off-line phase • Shared keys established between participating KDCs • Ex: Wonderland and Oz • KW,Oz – shared key between KDCs • Alice@Wonderland, Bob@Oz

  10. Alice@Wonderland, Bob@Oz, TGT RTGT = {Alice@Wonderland, TGS@Oz, KA,TGS@Oz}KW,Oz {KA,TGS@Oz, T}KA,TGS@W Cross Realm Kerberos: Local Request TGS@Wonderland Alice@Wonderland Bob@Oz

  11. Alice@Wonderland, Bob@Oz, RTGT TKT = {Alice@Wonderland, Bob@Oz, KA,B}KB {KA,B, T}KA,TGS@Oz Cross Realm Kerberos: Remote Req TGS@Oz Alice@Wonderland Bob@Oz

  12. Alice@Wonderland, TKT, {Request}KA,B Cross Realm Kerberos Alice@Wonderland Bob@Oz

  13. Efficient Cross Realm Protocol • Can we improve: • Network delays • KDC workload • Client workload • Compatible with non-distributed version of Kerberos

  14. Alice@Wonderland, Bob@Oz, TGT FTKT = {Alice@Wonderland, Bob@Oz, KA,B}KW,Oz {KA,B, T}KA,TGS@W Fake Ticket Protocol: Step 1 TGS@Wonderland Alice@Wonderland Bob@Oz

  15. Alice@Wonderland, FTKT, {Request}KA,B Protocol: Step 2 Alice@Wonderland Bob@Oz

  16. TGT, FTKT TKT = {Alice@Wonderland, Bob@Oz, KA,B}KB {KA,B, T}KB,TGS@Oz Protocol: Step 3 TGS@Oz Alice@Wonderland Bob@Oz

  17. Evaluation • Minimizes the number of Internet (slow) messages • Reduced the workload on the client (Alice) • Alice’s software doesn’t need to be modified • Extends easily to sending a message to a group

  18. Outline • Efficient cross realm authentication in Kerberos • Multi-center multicast encryption schemes • Integrating Kerberos with multicast encryption schemes

  19. Multicast Encryption • Methods for performing secure communication among a group of users • Key management problem: • Join/leave operations • Non-collaborative schemes: • Single center responsible for managing keys • Schemes evaluated based on: • Communication complexity • Storage complexity (both center and user)

  20. Minimal Storage Scheme • Users store two keys: • KG - group key • KI,C - individual key shared with the center • Center stores two keys: • KG - group key • KM – secret key used to generate individual user’s key • Key update operation has linear communication cost

  21. Tree-based Schemes • Build a logical tree • Each node represents a key: • Root – group key • Leaves – individual user keys • User stores all keys on the path from the leave to the root • User storage complexity is logarithmic • Center stores all keys in the tree • Center storage complexity is linear

  22. Tree-based Schemes (cont.) • Key update operation requires logarithmic number of messages: • Change all keys on the path from the removed leave • Use siblings’ keys to distributes new keys

  23. Multi-center Multicast: First Look • Multiple centers managing separate sets of clients • Build a single binary tree • Replicate tree at each center • Key updates require only local communication • Inefficient center and user storage: • Total center storage is O(n2) • Each center stores keys for clients it doesn’t manage

  24. Extended Tree-based Multi-center • Each center manages M users • Each center builds a logical tree (size M) • Each user stores O(log M) keys • All centers share a key, KC • Key update operation requires (log M + N/M) message • Center storage among all centers is linear

  25. Huffman Tree-based Multi-center • Each center has different number of users • Binary tree schemes doesn’t provide an optimal tree • Each center builds a local tree • Associate a codeword with each center • Run Huffman algorithm to obtain minimal tree • Tree structure is kept by all centers

  26. Outline • Efficient cross realm authentication in Kerberos • Multi-center multicast encryption schemes • Integrating Kerberos with multicast encryption schemes

  27. Integration of Kerberos with Multicast Schemes • Need to extend Kerberos to sending a message to a group • N clients • Each KDC manages M clients • Notation • KG – group key • KC – key shared among all KDCs

  28. Alice, Group, TGT RTGT1,.., RTGTN/M Kerberized Multicast Alice

  29. RTGTs Integration Illustrated Alice

  30. TKTJ TKTI1,.., TKTIk TKTK1,.., TKTKm Integration Illustrated (cont) Alice

  31. Alice, TKT1,.. TKTN Integration Illustrated (cont) Alice

  32. Alice, Group, TGT FTKTG = {Alice@Wonderland, Group, KG}KC Kerberized Multicast with Fake Tickets Alice

  33. Alice, FTKTG Integration Illustrated Alice

  34. TGTI, FTKTG TGTJ, FTKTG TGTK, FTKTG Integration Illustrated (cont) Alice

  35. TKTI TKTJ TKTK Integration Illustrated (cont) Alice

  36. Conclusion • Presented an extension to Kerberos for cross realm authentication • Eliminates Internet (slow) communications • Presented an extension to multicast encryption schemes that optimizes for multiple centers • Explored integrating cross realm authentication with multicast encryption schemes

More Related