A Key Management Scheme for Hierarchical Access Control in Group Communication
description
Transcript of A Key Management Scheme for Hierarchical Access Control in Group Communication
A Key Management Scheme for Hierarchical Access Con-
trol in Group Communica-tion
Qiong Zhang, Yuke WangJason P, Jue
2008International Journal of Network Security
Vol72013. 05. 13
Tae Hoon Kim
Referenced ppt by Seung-Tae HongA-Ra Jo
Contents 1. Introduction 2. Background and Related Work
2.1 Formalization of Partially ordered Relations 2.2 Related work
3. The HAC Scheme 4. Rekey Algorithm 5. Performance Analysis
5.1 Storage Overhead 5.2 Rekey Overhead
6. Performance Comparison 7. Conclusion
3 /25
Introduction Emerging Internet application
Teleconferencing, e-newspaper, IPTV Based on group communication
In order to widely commercialize(Internet Application), the is-sue of access control must be addressed.
Access control : User having different access rights to multiple data streams
Hierarchical access control Include e-newspaper subscription and video multicast
services
• Commercialize :상업화
4 /25
Introduction
For Example, consider two types of service E-newspaper subscription service Video multicast service
Access Rela-tion Sports Finan-
cial Stock Top News
Weather
Gold O O O O OSilver Sport O O O
Silver Fi-nance O O O O
Basic O OAccess Rela-tion EL2 EL1 BL
Best Video Quality O O O
Moderate Video Quality O
Basic O O
• BL : Best Layer• EL : Enhancement Layer
5 /25
Introduction What is need to implement access control for
group communication? Data encryption keys
Often used to encrypt data streams User Access
If the user possesses the data encryption keys
Must be update data encryption keys When a user dynamically joins or leaves a group
Use backward secrecy and forward secrecy[12]
6 /25
Introduction Key management schemes aim
update the data encryption keys in order to ensure backward secrecy and forward secrecy
Two categories of key management scheme Centralized
A centralized key server controls the entire group Generates keys and distribute keys to legitimate users via
rekey messages
Distributed No centralized group controller and generate group keys
based on the contribution of users in the group
7 /25
Introduction In this paper, focus on a centralized key man-
agement scheme It is critical to minimize rekey overhead in order to reduce
the cost for communication and computation and computa-tion at the key server and users
8 /25
Formalization of partially or-dered relation
Notation U : A set of users {u1, u2, …} R : A set of data streams {r1, r2, …} A : An access relation, where A U R Ui : Membership group i consisting of a subset of users Ri : Resource group i consisting of a subset of data streams
Partial order of users(In an access relation A) If the data streams that user ui can access is a subset of data
streams that user uj can access, then ui is smaller than uj
If users ui and uj can access exactly the same subset of data streams, both users are equivalent
9 /25
Formalization of partially or-dered relation
Partial order of users (cont.) If the set of users that can access data stream rj is a subset of
users that can access data stream ri, then ri is smaller than rj
If the set of users that can access data stream ri is exactly same as the set of users that can access data stream rj , the two data streams are equivalent
R:set of data streams
U : set of Users
Sports Financial Stock Top News Weather
Gold O O O O OSilver Sport O O O
Silver Finance O O O OBasic O O
R1
R2
R3U1
U2
U3
U4
10/25
Formalization of partially or-dered relation
DAG(Directed Acyclic graph)[3] The partially ordered relations of membership groups and
resource groups can each be represented by a DAG
11/25
Formalization of partially or-dered relation
Satisfy the following condi-tions
1)it must maintain the partial or-ders of the membership group DAG and the resource group DAG
2)a user u U has access to a re-source r R iff vertex representing U is the same as the vertex repre-senting R or is reachable to the vertex representing R in the uni-fied DAG
3)the unified DAG is the smallest partial order satisfying the above conditions
12/25
Related work
Logical key graph[22] Important data structure to improve the efficiency of key
management Consisting of k-nodes, U-nodes
K-nodes : Represents a key U-nodes : Represents a user
13/25
Related work
Keyset(U1) = { k1,k7,k9, k11} Userset(k9) = {u1,u2,u3,u4}
One or more outgoing edges but no incoming edges
K-node that has no outgoing edges data encryption keys
key
Data encryption key: used to data streams encryp-tion keys
Key encryption key: used to data encryption keys Keyset(U1)
Userset(k9)
14/25
Related work Logical key graph be used to
Maintained at key server in order to efficiently distribute keys to dynamically joining or leaving users
Many key management schemes[2,7,8,10,16,22,23]
Proposed to construct a logical key graph and to update keys in the logical graph efficiently
Problem : only provide key management for equivalent users and equivalent data stream
15/25
Related work Constructing a single logical key graph for hier-
archical access control[17,19,24] [19] : User have different level and higher-level users can ac-
cess more data streams than lower-level users Problem : higher-level user are able to access all data
streams
[24] : Chinese Reminder Theorem based hierarchical access control scheme
Problem : only suitable for users having a tree-based par-tially ordered hierarchy
[17] : Users form a partially ordered relation while the data streams are not partially ordered(MG Scheme)
16/25
Related work MG Vs. HAC scheme
MG HAC Data stream2 : Financial Data stream3 : Stock
HAC(Hierarchical Access control)
17/25
The HAC Scheme Four steps to construct the logical key graph
Next slide
In the key graph Users in Ui form a balanced binary tree mki is root represents the memebership-group Key Ri is Resource group
Encrypted by a resource-group key, dki The membership-group-keys are connected with resource-
group keys by the relation subgraph Use greedy algorithm
To explore the unified DAG For constructing the sub graph
R1 R2 R3
dk3
dk1 dk2
k25Relationsubgraph
Balanced logical key tree(membership-group subtree)
Unified DAG
① For each resource group, encrypt all data streams in the resource group with a singledata encryption key, called the resource-group key
② For each membership group, con-structa balanced logical key tree called the membership-group subtree, where each user is represented by a u-node and the root ofthe subtree is associated with a key, calledthe membership-group key
③ Construct a relation subgraph to con-nectthe resources-group keys based on a unified DAG
rk1rk2
rk3
rk4
④ Connect the roots of membership-group subtrees to the corresponding re-source-group keys
19/25
Greedy algorithm of the HAC Scheme
Notation• M = set of membership group in Vi
• K = set of k-nodes; cover disjoint set of membership group
• C = set of membership group in M; that has been covered by k-nodes in K
• U = set of uncovered membership groups in M
• RK = set of representative k-nodes; has been generated
• Userset = set of membership groups covered by a representative k-node rkj
20/25
Rekey Algorithm Update the keys in the key graph
User join, leave, or switch membership groups dynamically The service provider changes access relations dynamically
Case1)User u8 switches from U2 to U1
k8k26 k17mk1
dk1
dk2 dk3
k20
mk2
k8
k26
Send {mk’2}k19 to u5, u6{mk’2}k7 to u7
Send {k26}k8 to u8{k26}k1 to u1
u8
21/25
Rekey Algorithm Case2)Update the access relations(new data
stream, new membership group)
R4
dk4rk5
dk3’rk4’
22/25
Performance Comparison Experiment environment
Compare the performance of the HAC scheme with the MG scheme
Measured storage overhead and rekey overhead Develop a simulation model to construct logical key graphs
with d =2 based on access relation and to simulate user ac-tions in the system
Consider three cases where equivalent data streams to group, and the number of data streams per resource group is shown in Table3
23/25
Performance Comparison
Why HAC experiment is only one? All data streams in a resource group are encrypted by the
same resource-group key
11
11
11
33
HAC Scheme
Note that, Case III is much higher than the differerce between theHAC scheme and Case II
24/25
Performance Comparison
We can see that HAC scheme results in less rekey overhead than the MG
Scheme
11
11
11
33
HAC Scheme
25/25
Conclusion In the HAC scheme
Proposed a hierarchical access control key management scheme for group communication
Employed an algorithm to construct a key graph based on a unified relation of membership groups and resource group
Can handle complex access relations In the key graph
Equivalent data streams are grouped in a resource group and are encrypted by a single data encryption key
Future work To employ the batch rekeying[23] scheme in order to further
improve the key management efficiency