Efficient Kerberized Multicast

1
Efficient Kerberized Multicast

• Olga Kornievskaia
• University of Michigan
• Giovanni Di Crescenzo
• Telcordia Technologies

2
Outline

• Efficient cross realm authentication in Kerberos
• Review original Kerberos
• Propose a new extension for distributed
  operations in Kerberos
• Multi-center multicast encryption schemes
• Review single center schemes
• Extend common schemes to distributed setting
• Integrating Kerberos with multicast encryption
  schemes

3
Motivation

• Increasing interest in group communication
  applications
• Audio and video conferencing, data casting,
  collaborative applications
• Problem security
• Goal provide a practical solution

4
System Model
Intranet
slow
Internet
Intranet
Intranet
fast
5
Kerberos

• Based on Needham and Schroeder protocol
• Doesnt use asymmetric key crypto (fast)
• Relies on a trusted third party (KDC)
• Authentication is based on special data
  structures - tickets
• Notation
• KDC Key Distribution Center
• TGS Ticket Granting Service
• Alice, Bob Kerberos principals
• KA,B Key shared by Alice and Bob
• KA Key derived from Alices password
• TGT Ticket granting ticket
• T - nonce (timestamp) used to protect again
  replay attacks

6
Kerberos Login Phase
KDC
Alice
7
Kerberos Service Ticket Request
TGS
Alice
Bob
8
Kerberos Application Request
KDC
Alice
Bob
9
Distributed Operations in Kerberos

• Multiple Kerberos realms
• Each realm administers local principals
• No replication of data
• Off-line phase
• Shared keys established between participating
  KDCs
• Ex Wonderland and Oz
• KW,Oz shared key between KDCs
• Alice_at_Wonderland, Bob_at_Oz

10
Cross Realm Kerberos Local Request
TGS_at_Wonderland
Alice_at_Wonderland
Bob_at_Oz
11
Cross Realm Kerberos Remote Req
TGS_at_Oz
Alice_at_Wonderland
Bob_at_Oz
12
Cross Realm Kerberos
Alice_at_Wonderland
Bob_at_Oz
13
Efficient Cross Realm Protocol

• Can we improve
• Network delays
• KDC workload
• Client workload
• Compatible with non-distributed version of
  Kerberos

14
Fake Ticket Protocol Step 1
TGS_at_Wonderland
Alice_at_Wonderland
Bob_at_Oz
15
Protocol Step 2
Alice_at_Wonderland
Bob_at_Oz
16
Protocol Step 3
TGS_at_Oz
Alice_at_Wonderland
Bob_at_Oz
17
Evaluation

• Minimizes the number of Internet (slow) messages
• Reduced the workload on the client (Alice)
• Alices software doesnt need to be modified
• Extends easily to sending a message to a group

18
Outline

• Efficient cross realm authentication in Kerberos
• Multi-center multicast encryption schemes
• Integrating Kerberos with multicast encryption
  schemes

19
Multicast Encryption

• Methods for performing secure communication among
  a group of users
• Key management problem
• Join/leave operations
• Non-collaborative schemes
• Single center responsible for managing keys
• Schemes evaluated based on
• Communication complexity
• Storage complexity (both center and user)

20
Minimal Storage Scheme

• Users store two keys
• KG - group key
• KI,C - individual key shared with the center
• Center stores two keys
• KG - group key
• KM secret key used to generate individual
  users key
• Key update operation has linear communication cost

21
Tree-based Schemes

• Build a logical tree
• Each node represents a key
• Root group key
• Leaves individual user keys
• User stores all keys on the path from the leave
  to the root
• User storage complexity is logarithmic
• Center stores all keys in the tree
• Center storage complexity is linear

22
Tree-based Schemes (cont.)

• Key update operation requires logarithmic number
  of messages
• Change all keys on the path from the removed
  leave
• Use siblings keys to distributes new keys

23
Multi-center Multicast First Look

• Multiple centers managing separate sets of
  clients
• Build a single binary tree
• Replicate tree at each center
• Key updates require only local communication
• Inefficient center and user storage
• Total center storage is O(n2)
• Each center stores keys for clients it doesnt
  manage

24
Extended Tree-based Multi-center

• Each center manages M users
• Each center builds a logical tree (size M)
• Each user stores O(log M) keys
• All centers share a key, KC
• Key update operation requires (log M N/M)
  message
• Center storage among all centers is linear

25
Huffman Tree-based Multi-center

• Each center has different number of users
• Binary tree schemes doesnt provide an optimal
  tree
• Each center builds a local tree
• Associate a codeword with each center
• Run Huffman algorithm to obtain minimal tree
• Tree structure is kept by all centers

26
Outline

• Efficient cross realm authentication in Kerberos
• Multi-center multicast encryption schemes
• Integrating Kerberos with multicast encryption
  schemes

27
Integration of Kerberos with Multicast Schemes

• Need to extend Kerberos to sending a message to a
  group
• N clients
• Each KDC manages M clients
• Notation
• KG group key
• KC key shared among all KDCs

28
Kerberized Multicast
Alice
29
Integration Illustrated
Alice
30
Integration Illustrated (cont)
Alice
31
Integration Illustrated (cont)
Alice
32
Kerberized Multicast with Fake Tickets
Alice
33
Integration Illustrated
Alice
34
Integration Illustrated (cont)
Alice
35
Integration Illustrated (cont)
Alice
36
Conclusion

• Presented an extension to Kerberos for cross
  realm authentication
• Eliminates Internet (slow) communications
• Presented an extension to multicast encryption
  schemes that optimizes for multiple centers
• Explored integrating cross realm authentication
  with multicast encryption schemes