Efficient Kerberized Multicast - Center for Information Technology

Download Report

Transcript Efficient Kerberized Multicast - Center for Information Technology

Efficient Kerberized Multicast
Olga Kornievskaia
University of Michigan
Giovanni Di Crescenzo
Telcordia Technologies
Outline

Efficient cross realm authentication in Kerberos



Multi-center multicast encryption schemes



Review original Kerberos
Propose a new extension for distributed operations in
Kerberos
Review single center schemes
Extend common schemes to distributed setting
Integrating Kerberos with multicast encryption
schemes
Motivation

Increasing interest in group communication
applications



Audio and video conferencing, data casting,
collaborative applications
Problem: security
Goal: provide a practical solution
System Model
Intranet
slow
Internet
Intranet
fast
Intranet
Kerberos





Based on Needham and Schroeder protocol
Doesn’t use asymmetric key crypto (fast)
Relies on a trusted third party (KDC)
Authentication is based on special data structures tickets
Notation







KDC – Key Distribution Center
TGS – Ticket Granting Service
Alice, Bob – Kerberos principals
KA,B – Key shared by Alice and Bob
KA – Key derived from Alice’s password
TGT – Ticket granting ticket
T - nonce (timestamp) used to protect again replay attacks
Kerberos: Login Phase
KDC
“Hi, I’m Alice”
TGT = {Alice, TGS, KA,TGS}KTGS
{KA,TGS, T}KA
Alice
Kerberos: Service Ticket Request
TGS
Alice, Bob,
TGT
TKT = {Alice, Bob, KA,B}KB
{KA,B, T}KA,TGS
Alice
Bob
Kerberos: Application Request
KDC
Alice, TKT, {Request}KA,B
Alice
Bob
Distributed Operations in Kerberos

Multiple Kerberos realms



Each realm administers local principals
No replication of data
Off-line phase


Shared keys established between participating
KDCs
Ex: Wonderland and Oz


KW,Oz – shared key between KDCs
Alice@Wonderland, Bob@Oz
Cross Realm Kerberos: Local Request
TGS@Wonderland
Alice@Wonderland,
Bob@Oz,
TGT
RTGT = {Alice@Wonderland,
TGS@Oz, KA,TGS@Oz}KW,Oz
{KA,TGS@Oz, T}KA,TGS@W
Alice@Wonderland
Bob@Oz
Cross Realm Kerberos: Remote Req
TGS@Oz
Alice@Wonderland,
Bob@Oz,
RTGT
TKT = {Alice@Wonderland,
Bob@Oz, KA,B}KB
{KA,B, T}KA,TGS@Oz
Alice@Wonderland
Bob@Oz
Cross Realm Kerberos
Alice@Wonderland, TKT,
{Request}KA,B
Alice@Wonderland
Bob@Oz
Efficient Cross Realm Protocol

Can we improve:




Network delays
KDC workload
Client workload
Compatible with non-distributed version of
Kerberos
Fake Ticket Protocol: Step 1
TGS@Wonderland
Alice@Wonderland,
Bob@Oz,
TGT
FTKT = {Alice@Wonderland,
Bob@Oz, KA,B}KW,Oz
{KA,B, T}KA,TGS@W
Alice@Wonderland
Bob@Oz
Protocol: Step 2
Alice@Wonderland,
FTKT, {Request}KA,B
Alice@Wonderland
Bob@Oz
Protocol: Step 3
TGS@Oz
TGT, FTKT
TKT = {Alice@Wonderland,
Bob@Oz, KA,B}KB
{KA,B, T}KB,TGS@Oz
Alice@Wonderland
Bob@Oz
Evaluation




Minimizes the number of Internet (slow)
messages
Reduced the workload on the client (Alice)
Alice’s software doesn’t need to be modified
Extends easily to sending a message to a
group
Outline



Efficient cross realm authentication in
Kerberos
Multi-center multicast encryption schemes
Integrating Kerberos with multicast
encryption schemes
Multicast Encryption


Methods for performing secure
communication among a group of users
Key management problem:


Non-collaborative schemes:


Join/leave operations
Single center responsible for managing keys
Schemes evaluated based on:


Communication complexity
Storage complexity (both center and user)
Minimal Storage Scheme

Users store two keys:



Center stores two keys:



KG - group key
KI,C - individual key shared with the center
KG - group key
KM – secret key used to generate individual user’s
key
Key update operation has linear
communication cost
Tree-based Schemes


Build a logical tree
Each node represents a key:



User stores all keys on the path from the
leave to the root


Root – group key
Leaves – individual user keys
User storage complexity is logarithmic
Center stores all keys in the tree

Center storage complexity is linear
Tree-based Schemes (cont.)

Key update operation requires logarithmic
number of messages:


Change all keys on the path from the removed
leave
Use siblings’ keys to distributes new keys
Multi-center Multicast: First Look





Multiple centers managing separate sets of
clients
Build a single binary tree
Replicate tree at each center
Key updates require only local communication
Inefficient center and user storage:


Total center storage is O(n2)
Each center stores keys for clients it doesn’t
manage
Extended Tree-based Multi-center






Each center manages M users
Each center builds a logical tree (size M)
Each user stores O(log M) keys
All centers share a key, KC
Key update operation requires (log M + N/M)
message
Center storage among all centers is linear
Huffman Tree-based Multi-center






Each center has different number of users
Binary tree schemes doesn’t provide an
optimal tree
Each center builds a local tree
Associate a codeword with each center
Run Huffman algorithm to obtain minimal tree
Tree structure is kept by all centers
Outline



Efficient cross realm authentication in
Kerberos
Multi-center multicast encryption schemes
Integrating Kerberos with multicast
encryption schemes
Integration of Kerberos with
Multicast Schemes




Need to extend Kerberos to sending a
message to a group
N clients
Each KDC manages M clients
Notation


KG – group key
KC – key shared among all KDCs
Kerberized Multicast
Alice,
Group,
TGT
RTGT1,.., RTGTN/M
Alice
Integration Illustrated
RTGTs
Alice
Integration Illustrated (cont)
TKTI1,.., TKTIk
Alice
TKTJ
TKTK1,.., TKTKm
Integration Illustrated (cont)
Alice, TKT1,.. TKTN
Alice
Kerberized Multicast with Fake
Tickets
Alice,
Group,
TGT
FTKTG = {Alice@Wonderland,
Group, KG}KC
Alice
Integration Illustrated
Alice, FTKTG
Alice
Integration Illustrated (cont)
TGTI,
FTKTG
Alice
TGTJ,
FTKTG
TGTK,
FTKTG
Integration Illustrated (cont)
TKTI
Alice
TKTJ
TKTK
Conclusion

Presented an extension to Kerberos for cross
realm authentication



Eliminates Internet (slow) communications
Presented an extension to multicast
encryption schemes that optimizes for
multiple centers
Explored integrating cross realm
authentication with multicast encryption
schemes