0 Simple Key Managemen t for PIM Authen tication Keys Thomas Hardjono Brad Cain Ba y Arc hitecture Lab oratory Nortel Net w orks 3 F ederal Steet Billerica, MA 01821 USA f thardjono,b cain g @ba ynet w orks.com
1 Simple Key Managemen t for PIM Keys � Key managemen t for a single PIM domain � In tro duce k ey managemen t en tit y called Domain Key (DKD) Distributor � The approac h relies on limited or \closed" usage of public k ey cryptograph y � Only PIM en tities kno w certain public k eys (eg. P K dk d of DKD). � Notation:
2 ( P ) denotes Public-Key and Secret-Key pair K ; S K { (asymmetric) denotes symmetric k ey K { Square brac k ets [ ] denote digital-signature / { authen tication (asymmetric/symmetric) Curly brac k ets f g denote encryption { (asymmetric/symmetric) is ciphertext C {
Assigmen t of Man ual Dissemination of Dissemination of Dissemination of Primary Keys con�guration P K K K bsr r p eq DKD ( P ) [ P ] f K g f K g K K ; S K K eq dk d dk d bsr r p eq S K S K S K dk d r pbsr dk d P K P K bsr bsr ( P ) K K ; S K r p r pbsr r pbsr BSR K P K (as ab o v e) (as ab o v e) (as ab o v e) eq dk d ( P ) ( P ) K ; S K K ; S K bsr bsr bsr bsr K ( P K ; S K ) r p r pbsr r pbsr CRPs K P K (as ab o v e) (as ab o v e) (as ab o v e) eq dk d P K bsr K r p Other (as ab o v e) Drop (as ab o v e) K P K eq dk d PIM routers P K Message(?) bsr
3 Rek eying K r p � Assume DKD generates new k ey (Old k ey is ) K K r p 2 r p 1 � DKD encrypts: = f K g C r p r p 2 S K dk d � DKD further encrypts: = f C g C C r p r p K r p 1 � Unicast C C to BSR and RP/CRPs or m ulticast to r p sp ecial group
4 Rek eying K eq � Assume DKD generates new k ey (Old k ey is ) K K eq eq 2 1 � DKD encrypts: = f K g C eq eq 2 S K dk d � DKD further encrypts: = f C g C C eq eq K eq 1 � Multicast to sp ecial group
Recommend
More recommend
