efficient kerberized multicast
DESCRIPTION
Efficient Kerberized Multicast. Olga Kornievskaia University of Michigan Giovanni Di Crescenzo Telcordia Technologies. Outline. Efficient cross realm authentication in Kerberos Review original Kerberos Propose a new extension for distributed operations in Kerberos - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/1.jpg)
Efficient Kerberized Multicast
Olga KornievskaiaUniversity of MichiganGiovanni Di CrescenzoTelcordia Technologies
![Page 2: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/2.jpg)
Outline Efficient cross realm authentication in Kerberos
Review original Kerberos Propose a new extension for distributed operations in
Kerberos Multi-center multicast encryption schemes
Review single center schemes Extend common schemes to distributed setting
Integrating Kerberos with multicast encryption schemes
![Page 3: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/3.jpg)
Motivation Increasing interest in group
communication applications Audio and video conferencing, data casting,
collaborative applications Problem: security Goal: provide a practical solution
![Page 4: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/4.jpg)
System Model
Internetslow
Intranetfast
Intranet
Intranet
![Page 5: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/5.jpg)
Kerberos Based on Needham and Schroeder protocol Doesn’t use asymmetric key crypto (fast) Relies on a trusted third party (KDC) Authentication is based on special data structures - tickets Notation
KDC – Key Distribution Center TGS – Ticket Granting Service Alice, Bob – Kerberos principals KA,B – Key shared by Alice and Bob KA – Key derived from Alice’s password TGT – Ticket granting ticket T - nonce (timestamp) used to protect again replay attacks
![Page 6: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/6.jpg)
Kerberos: Login Phase
“Hi, I’m Alice”
Alice
TGT = {Alice, TGS, KA,TGS}KTGS
{KA,TGS, T}KA
KDC
![Page 7: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/7.jpg)
Kerberos: Service Ticket Request
Alice, Bob,TGT
TKT = {Alice, Bob, KA,B}KB
{KA,B, T}KA,TGS
Alice Bob
TGS
![Page 8: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/8.jpg)
Kerberos: Application Request
Alice, TKT, {Request}KA,B
Alice Bob
KDC
![Page 9: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/9.jpg)
Distributed Operations in Kerberos Multiple Kerberos realms
Each realm administers local principals No replication of data
Off-line phase Shared keys established between participating
KDCs Ex: Wonderland and Oz
KW,Oz – shared key between KDCs Alice@Wonderland, Bob@Oz
![Page 10: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/10.jpg)
Cross Realm Kerberos: Local Request
Alice@Wonderland,Bob@Oz,TGT
RTGT = {Alice@Wonderland, TGS@Oz, KA,TGS@Oz}KW,Oz
{KA,TGS@Oz, T}KA,TGS@W
TGS@Wonderland
Alice@Wonderland Bob@Oz
![Page 11: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/11.jpg)
Cross Realm Kerberos: Remote Req
Alice@Wonderland,Bob@Oz,RTGT
TKT = {Alice@Wonderland, Bob@Oz, KA,B}KB
{KA,B, T}KA,TGS@Oz
TGS@Oz
Alice@Wonderland Bob@Oz
![Page 12: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/12.jpg)
Cross Realm Kerberos
Alice@Wonderland, TKT, {Request}KA,B
Alice@Wonderland Bob@Oz
![Page 13: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/13.jpg)
Efficient Cross Realm Protocol Can we improve:
Network delays KDC workload Client workload Compatible with non-distributed version of
Kerberos
![Page 14: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/14.jpg)
Fake Ticket Protocol: Step 1
Alice@Wonderland,Bob@Oz,TGT
FTKT = {Alice@Wonderland, Bob@Oz, KA,B}KW,Oz
{KA,B, T}KA,TGS@W
TGS@Wonderland
Alice@Wonderland Bob@Oz
![Page 15: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/15.jpg)
Protocol: Step 2
Alice@Wonderland, FTKT, {Request}KA,B
Alice@Wonderland Bob@Oz
![Page 16: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/16.jpg)
Protocol: Step 3TGS@Oz
Alice@Wonderland Bob@Oz
TGT, FTKTTKT = {Alice@Wonderland, Bob@Oz, KA,B}KB
{KA,B, T}KB,TGS@Oz
![Page 17: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/17.jpg)
Evaluation Minimizes the number of Internet (slow)
messages Reduced the workload on the client (Alice) Alice’s software doesn’t need to be
modified Extends easily to sending a message to a
group
![Page 18: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/18.jpg)
Outline Efficient cross realm authentication in
Kerberos Multi-center multicast encryption schemes Integrating Kerberos with multicast
encryption schemes
![Page 19: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/19.jpg)
Multicast Encryption Methods for performing secure
communication among a group of users Key management problem:
Join/leave operations Non-collaborative schemes:
Single center responsible for managing keys Schemes evaluated based on:
Communication complexity Storage complexity (both center and user)
![Page 20: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/20.jpg)
Minimal Storage Scheme Users store two keys:
KG - group key KI,C - individual key shared with the center
Center stores two keys: KG - group key KM – secret key used to generate individual user’s
key Key update operation has linear
communication cost
![Page 21: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/21.jpg)
Tree-based Schemes Build a logical tree Each node represents a key:
Root – group key Leaves – individual user keys
User stores all keys on the path from the leave to the root User storage complexity is logarithmic
Center stores all keys in the tree Center storage complexity is linear
![Page 22: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/22.jpg)
Tree-based Schemes (cont.) Key update operation requires logarithmic
number of messages: Change all keys on the path from the removed
leave Use siblings’ keys to distributes new keys
![Page 23: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/23.jpg)
Multi-center Multicast: First Look Multiple centers managing separate sets of
clients Build a single binary tree Replicate tree at each center Key updates require only local
communication Inefficient center and user storage:
Total center storage is O(n2) Each center stores keys for clients it doesn’t
manage
![Page 24: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/24.jpg)
Extended Tree-based Multi-center Each center manages M users Each center builds a logical tree (size M) Each user stores O(log M) keys All centers share a key, KC Key update operation requires (log M +
N/M) message Center storage among all centers is linear
![Page 25: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/25.jpg)
Huffman Tree-based Multi-center Each center has different number of users Binary tree schemes doesn’t provide an
optimal tree Each center builds a local tree Associate a codeword with each center Run Huffman algorithm to obtain minimal
tree Tree structure is kept by all centers
![Page 26: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/26.jpg)
Outline Efficient cross realm authentication in
Kerberos Multi-center multicast encryption schemes Integrating Kerberos with multicast
encryption schemes
![Page 27: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/27.jpg)
Integration of Kerberos with Multicast Schemes Need to extend Kerberos to sending a
message to a group N clients Each KDC manages M clients Notation
KG – group key KC – key shared among all KDCs
![Page 28: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/28.jpg)
Kerberized Multicast
Alice, Group,TGT
RTGT1,.., RTGTN/M
Alice
![Page 29: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/29.jpg)
Integration Illustrated
Alice
RTGTs
![Page 30: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/30.jpg)
Integration Illustrated (cont)
Alice
TKTI1,.., TKTIk
TKTJ
TKTK1,.., TKTKm
![Page 31: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/31.jpg)
Integration Illustrated (cont)
Alice
Alice, TKT1,.. TKTN
![Page 32: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/32.jpg)
Kerberized Multicast with Fake Tickets
Alice, Group,TGT
FTKTG = {Alice@Wonderland, Group, KG}KC
Alice
![Page 33: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/33.jpg)
Integration Illustrated
Alice
Alice, FTKTG
![Page 34: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/34.jpg)
Integration Illustrated (cont)
Alice
TGTI,FTKTG
TGTJ,FTKTG
TGTK,FTKTG
![Page 35: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/35.jpg)
Integration Illustrated (cont)
Alice
TKTI TKTJ TKTK
![Page 36: Efficient Kerberized Multicast](https://reader035.vdocuments.net/reader035/viewer/2022062814/56816785550346895ddc9b5d/html5/thumbnails/36.jpg)
Conclusion Presented an extension to Kerberos for
cross realm authentication Eliminates Internet (slow) communications
Presented an extension to multicast encryption schemes that optimizes for multiple centers
Explored integrating cross realm authentication with multicast encryption schemes