140 likes | 276 Vues
A Toolkit for Secure Internet Multicast. Debanjan Saha Isabel Chang Robert Engel Dimitris Pendarakis Pankaj Rohatgi Ran Canetti IBM T.J. Watson Research Center debanjan@watson.ibm.com. Overall Architecture. Group owner. Controller & reflector. Controller & reflector. Controller
E N D
A Toolkit for Secure Internet Multicast Debanjan Saha Isabel Chang Robert Engel Dimitris Pendarakis Pankaj Rohatgi Ran Canetti IBM T.J. Watson Research Center debanjan@watson.ibm.com
Overall Architecture Group owner Controller & reflector Controller & reflector Controller & reflector Members Members Members
Domain Architecture Senders Senders Data Plane Control Plane To & from other domains To & from other domains Reflector Controller Receivers Receivers
Control Messages Controller Initiated Client Initiated Registration Join a session Leave from a session Expelled from a session Backward secrecy Forward secrecy Key Update
Message Types • Member initiated • Registration • Registration request • Registration response • Join a session • Join request • Join response • Leave a session • Leave request • Leave confirm • Controller initiated • Update session key • Expel a member
Control Messages Sender Domain controller Receiver Sender Join Request Receiver Join Request Sender Join Confirm Receiver Join Confirm Key Update Key Update Key Update Key Update Sender Leave Request Sender Leave Confirm Receiver Expel Confirm Receiver ID
Joining a Group: Message Flow Controller Member Member Hello Controller Hello Certificate 3.7ms (512-bit key) 12.3ms (1024-bit key) Key Exchange [Master Secret] Controller public key 10.13ms (512-bit key) 47.9ms (1024-bit key) Member Join Confirm Client ID & Password Member Join Confirm Keys
Light Weight Protocol: Message Flow Controller Member Member Join Request Member ID 1.3ms (512-bit key) 5.2ms (1024-bit key) Member Join Confirm [Session keys] Member public key 10.13ms (512-bit key) 47.9ms (1024-bit key)
Wallner Scheme SK K4567 K0123 K01 K45 K23 K67 K0 K1 K2 K4 K5 K3 K6 K7 M0 M2 M1 M6 M7 M3 M4 M5
Update Session Key: Message Format • Key encrypting keys (K0,K1) and K2 • Consider an one way hash function g( ) Message Type Message Len Session ID Sequence # Payload Len Number of KEK KeyID(K0) KeyID(K1) [ SK ] g(K0,K1) Payload Len Number of KEK KeyID(K2) [ SK ] g(K2) Controller Signature
Data Plane • Encryption/authentication is transparent to the application • Socket like send/receive API • Encryption/authentication can be turned on/off using a flag • Facilitates partial encryption/authentication based on application semantics
Software Architecture:Controller Registration Manager Cipher Manager GUI Session Manager Crypto Engine Secure Multicast Protocol Suite Standard Multicast Reliable Multicast SSL SSL Socket API
Software Architecture:Client Secure Multicast Socket API Registration Key Ring Agent Crypto Engine Secure Multicast Protocol Suite Standard Multicast Reliable Multicast SSL Socket API
Status • Version 0.5 of the toolkit available • Planned demo at Chicago IETF & RSA conference • Applications • Stock distribution • Authentic and/or confidential • Real-time, low data rate, reliable • Audio/video distribution • 20 Kbps to 1 Mbps • Authentic and/or confidential • Real-time, unreliable multicast