KMS.ppt

Download Report

Transcript KMS.ppt 

Key Management Protocols
STR Protocol (Distributed
GKMP)
 It is totally decentralized and based on equal contributions from all the
members.
 It provides basic requirements like forward secrecy, backward secrecy
and key independence.
 It also requires smaller number of unicasts and multicasts to compute a
new group key after a member leave or join.
7/17/2016
2
STR Protocol
 Unbalanced tree of height n-1 where n
is current group size.
 Final group key :
Kn  g
g r 2. r 1
rn. g rn1...
 Important Recurrence
ki  (bki 1 ) ri mod p  (bri ) ki 1 mod p
All bri’s and bki’s are known to
 all members.
bri  g ri mod p
bki  g ki mod p
7/17/2016
3
STR Protocol (Cont.)
Initialization :
 M1 computes
k2  (br2 ) r1 mod p  g r1r 2 mod p, bk2  g k 2 mod p
k3  (br3 ) k 2 mod p, bk3  g k 3 mod p
k n  (brn ) k n1 mod p
 M1 broadcasts all bki’s to members
 Each member then computes the
group key from bki’s.
 For ex:
k3  (bk 2 ) r 3
M3 computes
7/17/2016
bri  g ri mod p
bki  g ki mod p
ki  (bki 1 ) ri mod p  (bri ) ki 1 mod4 p
STR Protocol (Cont.)
Join :
 M5 broadcasts br5 to all members.
 Each member then computes
new key.
 M4 sends all previous bri’s and bki’s
to M5 who then computes
new key k5.
bri  g ri mod p
bki  g ki mod p
7/17/2016
ki  (bki 1 ) ri mod p  (bri ) ki 1 mod5 p
STR Protocol (Cont.)
Leave :
 If Mn leaves then Mn-1 takes
responsibility to create new key.
 Everybody renumbers the node.
 Mn-1 selects new random key
r’n-1. Computes all bki’s and
broadcasts it to all members.
bri  g ri mod p
bki  g ki mod p
7/17/2016
ki  (bki 1 ) ri mod p  (bri ) ki 1 mod6 p
TGDH protocol
 The TGDH protocol uses binary trees; every node is
either a leaf or a parent of two nodes.
 The nodes are denoted as < l, v >, where 0 < v < 2l − 1 since
each level l hosts at most 2l nodes.
 Each node < l, v > is associated with the key K < l, v >and the
public blinded key (bkey) BK < l, v >= f(K < l, v >)
 where the function f ( ) is modular exponentiation in prime
order groups, i.e. f(K) = gkmodp.
 Computing a key at < l, v > requires the knowledge of the key
of one of the two child nodes and the bkey of the other child
node.
7/17/2016
7
TGDH
7/17/2016
8
 The final group key K < 0, 0 > is : K < 0, 0 >=
7/17/2016
9