Video Converter
Audio Converter
Image Converter
PDF Converter
File Compressor
multicast security group key management architecture

Multicast Security Group Key Management Architecture - PowerPoint PPT Presentation

Jan 01, 2024 •596 likes •897 views

Multicast Security Group Key Management Architecture draft-ietf-msec-gkmarch-07.txt Internet Security Tobias Engelbrecht Agenda Introduction Requirements of a GKMP Design of the GKMA Rekey Protocol Group Security Association

  1. Multicast Security Group Key Management Architecture draft-ietf-msec-gkmarch-07.txt Internet Security Tobias Engelbrecht

  2. Agenda � Introduction � Requirements of a GKMP � Design of the GKMA � Rekey Protocol � Group Security Association � Security Considerations MSEC Group Key Management Architecture

  3. Introduction � Defines a common architecture and design for group key-management protocols (GKMP) � Examples: � video broadcast � multicast file transfers MSEC Group Key Management Architecture

  4. Requirements of a Group Key Management Protocol (GKMP) MSEC Group Key Management Architecture

  5. Requirements of a GKMP � A group key management protocol (GKMP) � supports protected communication between members of a secure group � helps to ensure that only members of a secure group gain access to group data (by gaining access to group keys) and can authenticate group data. MSEC Group Key Management Architecture

  6. Requirements of a GKMP � Members receive security associations (SA) � The group owner may define and enforce group membership, key management, data security and other policies � Keys have a predetermined lifetime � Key material should be delivered securely to the members of the group MSEC Group Key Management Architecture

  7. Requirements of a GKMP � The key-management protocol should be secure against replay and DoS attacks � The protocol should facilitate addition and removal of group members � The key management protocol should provide a mechanism to securely recover from a compromise of the key material � … MSEC Group Key Management Architecture

  8. Design of the Group Key Management Architecture (GKMA) MSEC Group Key Management Architecture

  9. Design of the Group Key Management Architecture (GKMA) � The goal of a GKMP is to securely provide the group members with an up-to-date data security association (Data SA) � GKMA Protocols � De- / Registration Protocol � Rekey Protocol MSEC Group Key Management Architecture

  10. Design of the Group Key Management Architecture (GKMA) Policy Authorization Infrastructure Infrastructure GCKS REGISTRATION or REGISTRATION or REKEY DE-REGISTRATION DE-REGISTRATION PROTOCOL PROTOCOL PROTOCOL (OPTIONAL) Sender(s ) Receiver(s ) DATA SECURITY PROTOCOL MSEC Group Key Management Architecture

  11. Design of the Group Key Management Architecture (GKMA) A new member joins the group: a joining member GCKS R R R R S S/R R GROUP MSEC Group Key Management Architecture

  12. Design of the Group Key Management Architecture (GKMA) Registration Protocol (RP) � unicast protocol � the GCKS and the member authenticates each other � supplies the member with information to initialize a Data SA and a Rekey SA � RP must ensure that the transfer is done over a Registration SA MSEC Group Key Management Architecture

  13. Design of the Group Key Management Architecture (GKMA) A new member leaves the group: a leaving member GCKS R R R R S S/R R GROUP MSEC Group Key Management Architecture

  14. Design of the Group Key Management Architecture (GKMA) Rekey Protocol � multicast / unicast protocol from GCKS to members � Rekey Messages are protected by the Rekey SA � Rekey Messages update or change the Data SA and / or the Rekey SA MSEC Group Key Management Architecture

  15. Design of the Group Key Management Architecture (GKMA) Rekey Protocol � Rekey messages are authenticated by � Source Authentication � Group Based Authentication � ensures that all members receive the Rekey information in a timely manner MSEC Group Key Management Architecture

  16. Design of the Group Key Management Architecture (GKMA) � Group keys � key encryption keys (KEKs) � traffic encryption keys (TEKs) � Traffic Protection Keys (TPKs) denote the combination of a TEK and a traffic integrity key � Registration and / or Rekey Protocol establish the keys MSEC Group Key Management Architecture

  17. Design of the Group Key Management Architecture (GKMA) GCKS (Group Controller / Key Server) � creates KEKs and TPKs � performs authentication and authorization according to the group policy � MAY present a credential to the group members signed by the group owner � runs the Rekey protocol to push Rekey messages MSEC Group Key Management Architecture

  18. Rekey Protocol MSEC Group Key Management Architecture

  19. Rekey Protocol Properties � to ensure that all members receive the rekey information in a timely manner � mechanism to re-sync keys � avoid implosion problems MSEC Group Key Management Architecture

  20. Rekey Protocol Transport & Protection � encrypted with the Group KEK � authentication with MAC or digital signature � sequence number protect against replay attacks � reliable transport MSEC Group Key Management Architecture

  21. Rekey Protocol Implosion � Reasons � all members contact the GCKS at the same time � packet loss (feedback implosion) � Solutions � a member waits before sending an out-of sync or feedback message � a member contacts an other server MSEC Group Key Management Architecture

  22. Group Security Association (GSA) MSEC Group Key Management Architecture

  23. Group Security Association (GSA) � consists of the Registration SA, Rekey SA (optional) and Data SA � WITHOUT Rekey SA � Registration Protocol initializes and updates one or more DATA SA � WITH Rekey SA � Registration Protocol initializes the Rekey SA � Data SA is initialized by the Rekey Protocol MSEC Group Key Management Architecture

  24. Group Security Association (GSA) Contents of the Rekey SA � Policy � Group Identity � Key encryption keys � Authentication Key � Replay Protection � Security Parameter Index (SPI) MSEC Group Key Management Architecture

  25. Group Security Association (GSA) Contents of the Data SA � Group Identity � Source Identity � Traffic Protection Keys � Sequence Numbers � Security Parameter Index (SPI) � Data SA Policy MSEC Group Key Management Architecture

  26. Security Considerations MSEC Group Key Management Architecture

  27. Security Considerations � authenticated key exchange techniques limit the effects of man-in-the-middle and connection-hijacking attacks � sequence numbers and low-computation message authentication techniques can be effective against replay and reflection attacks � cookies can reduce the effects of denial of service attacks MSEC Group Key Management Architecture

  28. Security Considerations � sharing of secrets among a group of members can cause problems � the Registration protocol should be so good as the base protocol on which it is developed � the Rekey protocol is new and has unkown risks associated with MSEC Group Key Management Architecture

  29. Thanks for your attention Questions? MSEC Group Key Management Architecture

Recommend

Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance

Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance

Outline 11: IP Multicast Multicast routing IP Multicast Design choices Distance Vector Multicast Routing Protocol (DVMRP) Last Modified: Core Based Trees (CBT) Protocol Independent Multicast (PIM) 4/9/2003 1:15:00 PM

627 views • 12 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.121 / Fall-04 / RKa, NB Multicast2-1 Multicast in local area networks

623 views • 24 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.121 / S-03 / RKa, NB Multicast2-1 Multicast in local area networks

533 views • 26 slides
Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol

Multicast Protocols IGMP IP Group Membership Protocol DVMRP DV Multicast Routing Protocol MOSPF Multicast OSPF PIM Protocol Independent Multicast S-38.2121 / Fall-2007 / RKa, NB Multicast2-1 Multicast in local area networks

493 views • 25 slides
Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode

Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode

Multicast Research Multicast Routing ns-2 for Multicast Research Dense Mode, Sparse Mode Source Tree, Shared Tree Reliable Multicast Polly Huang Whiteboard, File Transfer AT&T Labs Research huang@catarina.usc.edu

510 views • 6 slides
IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to

IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to

IP Multicast T om Bird tom@portfast.co.uk @portfast Multicats? What is multicast? One to many propagation of data Uses of multicast Financial data IPTV Gaming T ypes of multicast Any-source multicast (ASM)

299 views • 17 slides
Multicast Control Multicast Control Protocol (MCOP) Protocol (MCOP)

Multicast Control Multicast Control Protocol (MCOP) Protocol (MCOP)

Multicast Control Multicast Control Protocol (MCOP) Protocol (MCOP) draft-lehtonen-magma-mcop-01.txt draft-lehtonen-magma-mcop-01.txt Multicast & Anycast Group Multicast & Anycast Group Membership WG Membership WG 55th IETF

472 views • 7 slides
Application Layer Multicast Instructor: Hamid R. Rabiee Spring 2012 Outline Introduction

Application Layer Multicast Instructor: Hamid R. Rabiee Spring 2012 Outline Introduction

Application Layer Multicast Instructor: Hamid R. Rabiee Spring 2012 Outline Introduction IP Multicast vs. Application-Layer Multicast Limitations of IP Multicast Deployment level in ALM Multicast Tree Formation Tree-first

521 views • 39 slides
Multicast Protocols IGMP - IP Group Membership Protocol DVMRP - DV Multicast Routing Protocol

Multicast Protocols IGMP - IP Group Membership Protocol DVMRP - DV Multicast Routing Protocol

Multicast Protocols IGMP - IP Group Membership Protocol DVMRP - DV Multicast Routing Protocol MOSPF - Multicast OSPF (see notes pages for some slides!) S38.122/RKantola/s00 9 - 1 IGMPv2 - Internet Group Management Protocol implements Group

475 views • 14 slides
Attacking Multicast Group Key Management Protocols Graham Steel and Alan Bundy I V N E U R

Attacking Multicast Group Key Management Protocols Graham Steel and Alan Bundy I V N E U R

Attacking Multicast Group Key Management Protocols Graham Steel and Alan Bundy I V N E U R S E I H T Y T O H F G R E U D B I N 1 Multicast Key Management Protocols Aim: To maintain a secure key for multicast within a

166 views • 15 slides
What Is Multicast? Key: Unicast transfer Broadcast transfer Unicast Multicast transfer

What Is Multicast? Key: Unicast transfer Broadcast transfer Unicast Multicast transfer

What Is Multicast? Key: Unicast transfer Broadcast transfer Unicast Multicast transfer One-to-one Destination unique Application-Level Multicast receiver host address Broadcast Routing One-to-all Destination

729 views • 6 slides
ZC Multicast Address Allocation Steve Hanna MALLOC WG co-chair Sun Microsystems, Inc. Outline

ZC Multicast Address Allocation Steve Hanna MALLOC WG co-chair Sun Microsystems, Inc. Outline

ZC Multicast Address Allocation Steve Hanna MALLOC WG co-chair Sun Microsystems, Inc. Outline Multicast Address Allocation Overview ZC Multicast Address Allocation Issues Dynamically Assigned IP Multicast Addresses Global Scope

153 views • 12 slides
Distillation Codes and DOS Resistant Multicast Prepared for CS 624 Fabian Monrose Johns

Distillation Codes and DOS Resistant Multicast Prepared for CS 624 Fabian Monrose Johns

Distillation Codes and DOS Resistant Multicast Prepared for CS 624 Fabian Monrose Johns Hopkins University Ryan Gardner Multicast Overview Server Router Client Client Client Multicast Overview Multicast enabled routers

969 views • 86 slides
Multicast Mobility Rajeev Koodli Problem Space Multicast data reception and transmission is

Multicast Mobility Rajeev Koodli Problem Space Multicast data reception and transmission is

Multicast Mobility Rajeev Koodli Problem Space Multicast data reception and transmission is not guaranteed without explicit signaling synchronized with mobility What specific actions are needed to ensure: Continued multicast data

235 views • 5 slides
Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department

Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department

Eliminating Bottlenecks in Overlay Multicast Min Sik Kim Yi Li Simon S. Lam Department of Computer Sciences The University of Texas at Austin Overlay Multicast IP multicast overlay multicast N unicast Bottleneck How to

521 views • 18 slides
IP Multicast September 20, 2001 Multicast 2 Overview applications models host APIs

IP Multicast September 20, 2001 Multicast 2 Overview applications models host APIs

Multicast 1 IP Multicast September 20, 2001 Multicast 2 Overview applications models host APIs LAN (IGMP, LAN switches) intra-domain routing inter-domain routing address allocation Additional references (some are

736 views • 52 slides
Network Partitioning E ff ects on Ripple Transactions Yoan Martin 1 Todays menu What

Network Partitioning E ff ects on Ripple Transactions Yoan Martin 1 Todays menu What

Network Partitioning E ff ects on Ripple Transactions Yoan Martin 1 Todays menu What is Ripple? Why is it interesting? Attacks Analysis 2 What is Ripple? Global Payments Network RippleNet vs XRP Gateway

925 views • 34 slides
November 12, 2013 1. Staff seeks Council feedback on the draft capital- oriented strategies and

November 12, 2013 1. Staff seeks Council feedback on the draft capital- oriented strategies and

City Council Meeting November 12, 2013 1. Staff seeks Council feedback on the draft capital- oriented strategies and measures of effectiveness. 2. Council input informs the Transportation Commissions identification of speed & reliability,

514 views • 32 slides
1 Transit Oriented/ Mixed Use Development in the Regional Centers of Portland Challenges,

1 Transit Oriented/ Mixed Use Development in the Regional Centers of Portland Challenges,

1 Transit Oriented/ Mixed Use Development in the Regional Centers of Portland Challenges, Solutions, Outcomes A Case Study 2 Tokola Properties Development Background During the majority of Tokola Properties development history we

403 views • 27 slides
Payments in the Web 2.0 Paradigm Chicago Fed Payments Conference 14 May 2009 Chicago, IL

Payments in the Web 2.0 Paradigm Chicago Fed Payments Conference 14 May 2009 Chicago, IL

Payments in the Web 2.0 Paradigm Chicago Fed Payments Conference 14 May 2009 Chicago, IL Steve MottPrincipal, BetterBuyDesign 1 Key Messages 1. Changing consumer demographics weighs heavily toward social networks as ultimate venue for

435 views • 18 slides
50 Milliards de failles connectes en 2020 Benot Rousseaux Bruxelles 12 juin 2018 Pure

50 Milliards de failles connectes en 2020 Benot Rousseaux Bruxelles 12 juin 2018 Pure

50 Milliards de failles connectes en 2020 Benot Rousseaux Bruxelles 12 juin 2018 Pure Player in Cyber Security Services 200+ Experts in France. Subsidiaries in Belgium and Luxembourg 2 domains of expertise : Information Systems and

717 views • 25 slides
CULLEN COMMISSION OF INQUIRY INTO MONEY LAUNDERING IN BRITISH COLUMBIA Opening Statement of Society

CULLEN COMMISSION OF INQUIRY INTO MONEY LAUNDERING IN BRITISH COLUMBIA Opening Statement of Society

CULLEN COMMISSION OF INQUIRY INTO MONEY LAUNDERING IN BRITISH COLUMBIA Opening Statement of Society of Notaries Public of British Columbia February 24, 2020 Presenters: Ron Usher General Legal Counsel & Commissioned Notary Public and John Mayr

504 views • 11 slides
WHAT YOU ARE UP AGAINST COMBATING FRAUD Garry W.G. Clement, CFE,CAMS, AMLP President and CEO

WHAT YOU ARE UP AGAINST COMBATING FRAUD Garry W.G. Clement, CFE,CAMS, AMLP President and CEO

WHAT YOU ARE UP AGAINST COMBATING FRAUD Garry W.G. Clement, CFE,CAMS, AMLP President and CEO Clement Advisory Group 905-355-1066, fax:905-355-3210 cell:905-375-5076 gclement@clementadvisorygroup.ca www.clementadvisorygroup.ca We are what we

861 views • 49 slides
SUMMARY OF THE PRESENTATION TO THE GUERNSEY ASSOCIATION OF COMPLIANCE OFFICERS FINANCIAL CRIMES

SUMMARY OF THE PRESENTATION TO THE GUERNSEY ASSOCIATION OF COMPLIANCE OFFICERS FINANCIAL CRIMES

SUMMARY OF THE PRESENTATION TO THE GUERNSEY ASSOCIATION OF COMPLIANCE OFFICERS FINANCIAL CRIMES SYMPOSIUM SAMANTHA SHEEN HEAD OF THE FINANCIAL CRIME & AUTHORISATIONS DIVISION 29 JANUARY 2014 Introduction The study of financial services

769 views • 7 slides

More recommend

Explore More Topics

Stay informed with curated content and fresh updates.

animals pets art culture automotive transportation business finance computer internet construction architecture education-career electronics communication

Logo Sambuz

Unleash a World of Digital Possibilities—Browse, Share, and Explore Content Without Boundaries

Useful Links

About Us Privacy Services FAQ's Contact

Newsletter

Stay Informed & Inspired—Subscribe for the Latest Updates, Tips, and Exclusive Content Directly to Your Inbox.

Mail Us

mail@sambuz.com

2026 SAMBUZ, All right reserved.