yan (lindsay) sun and k. j. ray liu ieee/acm transactions on networking, dec. 2007. presented by seo...
TRANSCRIPT
Yan (Lindsay) Sun and K. J. Ray Liu
IEEE/ACM Transactions on Networking, Dec. 2007.
Presented by Seo Bon Keun, 2008.
Hierarchical Group Access Control for Secure Multicast Communica-
tions
Group key managementMulti-group key management
FormalizationSecurity requirements
Hierarchical multi-group key managementKey treeIntegrated key graph generation
EvaluationConclusion
Contents
Multi-group key management (1)
User Resource
Drama
Movie
Animation
DG : Data GroupSG : Service Group
capability
Security requirementsIf a user leaves a group and joins other group,
Forward secrecycannot access the future content of the resources
they leaveBackward secrecy
cannot access the previous content of the re-sources they join
Multi-group key management (2)
User Re-sourceForward secrecy
Backward secrecy
K0
Ke
Key tree
Hierarchical multi-group key management
u1
K00
u2 u3
K01
u4
K0
Ke’
KS
u5
K10
u6 u7
K11
u8
K1
KDC knows : every keysUser 1 knows : u1, K00, K0, Ke, KS
K10’
u6
K11
K1’
K10’
K1’
Ke’
KS’
u6(K10’)K10’(K1’), K11(K1’)K1’(Ke’), K0(Ke’)
Ke’(KS’)
Key Update Mes-sage
Integrated key graph
Hierarchical multi-group key management
KS1
KD3
u1
K0
u2 u3
K1
u4 u5
K2
u6 u7
K3
u8
KS2
SK1 SK2
u1 u2
u3 u4
u5 u6
u7 u8
DG1 DG3 DG2
KS1
u1
K0
u1
SG1 SG2
KD3
SK3
Integrated key graph generationGenerate subtree for each SGGenerate subtree for each DGMerge two subtrees
Hierarchical multi-group key management
KS1
u1
K0
u2 u3
K1
u4 u5
K2
u6 u7
K3
u8
KS2
u1 u2
u3 u4
u5 u6
u7 u8
SG1 SG2
DG1 DG3 DG2
Integrated key graph generationGenerate subtree for each SGGenerate subtree for each DGMerge two subtrees
Hierarchical multi-group key management
u1 u2
u3 u4
u5 u6
u7 u8
SG1 SG2
KD3
SK3
KS1 KS2
KD2
SK2
KS2
DG1 DG3 DG2
KD1
SK1
KS1
Integrated key graph generationGenerate subtree for each SGGenerate subtree for each DGMerge two subtrees
Hierarchical multi-group key management
KS1
KD3
u1
K0
u2 u3
K1
u4 u5
K2
u6 u7
K3
u8
KS2
SK1 SK2SK3
KD1 KD2
Storage overhead
Rekey overhead
Evaluation
Independent tree Multi-group tree
Independent tree Multi-group tree
d : tree depth / M : the number of trees / n : the number of users
d : tree depth / j : the number of involved trees / n : the number of users