group key management architecture
play

Group key management architecture - PowerPoint PPT Presentation

Feb 16, 2023 •374 likes •550 views

Group key management architecture <draft-ietf-msec-gkmarch-01.txt> Mark Baugher, Cisco Ran Canetti, IBM Lakshminath Dondeti, Nortel Fredrik Lindholm, Ericsson GKM Architecture, IETF-52, December 14, 2001 1 Salt Lake City Overview of

  1. Group key management architecture <draft-ietf-msec-gkmarch-01.txt> Mark Baugher, Cisco Ran Canetti, IBM Lakshminath Dondeti, Nortel Fredrik Lindholm, Ericsson GKM Architecture, IETF-52, December 14, 2001 1 Salt Lake City

  2. Overview of this talk • Introduction to GKMArch – Relative positioning in MSEC Ids – GKM protocols and SAs • Current revisions (00 � 01) • Outstanding issues – MIKEY – Rekey protocol • Conclusion GKM Architecture, IETF-52, December 14, 2001 2 Salt Lake City

  3. GKM in MSEC architecture Centralized Designs Distributed Designs Policy Policy GKM GKM Receiver 1-to-M M-to-M Sender 1-to-M Receiver M-to-M GKM Architecture, IETF-52, December 14, 2001 3 Salt Lake City

  4. GKMArch as part of MSEC IDs MSEC Requirements MSEC Architecture Group policy GKM Data security (GSPT) Architecture architecture Rekey protocol GDOI GSAKMP Light GKM Architecture, IETF-52, December 14, 2001 4 Salt Lake City

  5. Purpose of GKMArch • Download SAs to members, securely – Data security SA, mainly – Rekey SA, to facilitate efficient updates to SAs • Update SAs via unicast or multicast • Manage membership – Joins and leaves – Support optional PFC and/or PBC in doing so • Download and/or update KM/SA policy to members GKM Architecture, IETF-52, December 14, 2001 5 Salt Lake City

  6. GKMArch requirements • Allow reuse of existing protocols for data transmission – e.g. IPsec AH or ESP, AMESP, SRTP • Support diverse authentication, authorization and trust mechanisms • Support large single sender groups • Support small multi-sender groups GKM Architecture, IETF-52, December 14, 2001 6 Salt Lake City

  7. SAs in GKMArch • GSA comprised of three SAs – Registration SA • Established via one-one bidirectional secure channels – e.g. IKE phase1, TLS, IPsec – Rekey SA (optional) • Initialized during registration • Initialized/updated during rekey (uni-directional) – Data security SA • Initialized during registration • Initialized/updated during rekey (uni-directional) GKM Architecture, IETF-52, December 14, 2001 7 Salt Lake City

  8. Protocols in GKMArch • Registration protocol – Protected by registration SA • Rekey protocol ( optional ) – Protected by rekey SA • Data security protocol ( external to GKM ) – Protected by data security SA GKM Architecture, IETF-52, December 14, 2001 8 Salt Lake City

  9. GKM entities and protocols Policy Trust infrastructure infrastructure KDC Registration Registration protocol Rekey protocol GKM plane protocol Sender Receiver(s) Data security protocol GKM Architecture, IETF-52, December 14, 2001 9 Salt Lake City

  10. GKM entities and protocols Policy Trust infrastructure infrastructure KDC Registration Registration protocol protocol GKM plane Sender Receiver(s) Data security protocol GKM Architecture, IETF-52, December 14, 2001 10 Salt Lake City

  11. Scalability of GKMArch • Registration could be done off-line • Delegation of registration “service” • Loose coupling of registration and rekey protocols • Rekey protocol with key revocation algms – LKH, OFT, OFC, SDR (subset diff), STR – Multicast of rekey messages • Delegation of rekey service GKM Architecture, IETF-52, December 14, 2001 11 Salt Lake City

  12. Overview of this talk • Introduction to GKMArch – Relative positioning in MSEC Ids – GKM protocols and SAs • Current revisions (00 � 01) • Outstanding issues – MIKEY – Rekey protocol • Conclusion GKM Architecture, IETF-52, December 14, 2001 12 Salt Lake City

  13. Revisions (00 � 01) • Addressed issues raised in mailing list – Have not heard any complaints! • Did we do such a good job of that? ☺ • Notes about de-registration protocol – De-registration is not supported! • KDC � GCKS – (what were we thinking?) • SHOULD, MUST etc in IETF sense GKM Architecture, IETF-52, December 14, 2001 13 Salt Lake City

  14. Overview of this talk • Introduction to GKMArch – Relative positioning in MSEC Ids – GKM protocols and SAs • Current revisions (00 � 01) • Outstanding issues – MIKEY – Rekey protocol • Conclusion GKM Architecture, IETF-52, December 14, 2001 14 Salt Lake City

  15. Outstanding issues • Fold MIKEY requirements into GKMArch I-D – Small interactive group security reqs. • Rekey protocol description back in GKMArch – Yet to be resolved! – Looking for WG consensus – Details in another presentation GKM Architecture, IETF-52, December 14, 2001 15 Salt Lake City

  16. Conclusion • A scalable architecture for GKM – Supports large single sender groups and – Small interactive multi-sender groups • Scalability by – Delegation – Multicast of GSA updates • Incorporate MIKEY reqs in –02- • Discussion on rekey protocol to follow GKM Architecture, IETF-52, December 14, 2001 16 Salt Lake City

Recommend

Multicast Security Group Key Management Architecture draft-ietf-msec-gkmarch-07.txt Internet

Multicast Security Group Key Management Architecture draft-ietf-msec-gkmarch-07.txt Internet

Multicast Security Group Key Management Architecture draft-ietf-msec-gkmarch-07.txt Internet Security Tobias Engelbrecht Agenda Introduction Requirements of a GKMP Design of the GKMA Rekey Protocol Group Security Association

892 views • 29 slides
Group key management algorithms (GKMA) Lakshminath R. Dondeti Brian Weis IE TF-56 MSEC WG

Group key management algorithms (GKMA) Lakshminath R. Dondeti Brian Weis IE TF-56 MSEC WG

Group key management algorithms (GKMA) Lakshminath R. Dondeti Brian Weis IE TF-56 MSEC WG meeting San Francisco, Mar 17 2003 Introduction Group key management architecture Group key management protocols GDOI, GSAKMP, MIKEY

363 views • 14 slides
The Facilities Management Group TFMG / TFMG Architecture, PC in conjunction with EMTEC

The Facilities Management Group TFMG / TFMG Architecture, PC in conjunction with EMTEC

Presented by The Facilities Management Group TFMG / TFMG Architecture, PC in conjunction with EMTEC Engineers, LLC Why are we here toda day? To solicit public comments to help us create the Comprehensive Plan JSCB Phase 2 Comprehensive

545 views • 28 slides
MobiDIS A Pervasive A Pervasive MobiDIS Architecture for Emergency Architecture for

MobiDIS A Pervasive A Pervasive MobiDIS Architecture for Emergency Architecture for

MobiDIS A Pervasive A Pervasive MobiDIS Architecture for Emergency Architecture for Emergency Management Management Massimiliano de Leoni Fabio De Rosa Massimo Mecella Univ. Roma LA SAPIENZA, Italy Dipartimento di Informatica e

1.18k views • 33 slides
Yankee Building Assessment TURNER GROUP The H.L. Turner Group Inc. Project management,

Yankee Building Assessment TURNER GROUP The H.L. Turner Group Inc. Project management,

TURNER GROUP Mount Washington Yankee Building Assessment TURNER GROUP The H.L. Turner Group Inc. Project management, architecture, structural engineering. Turner Building Science &amp; Design, LLC Mechanical and plumbing engineering.

627 views • 62 slides
61A Lecture 33 Announcements Database Management Systems Database Management System Architecture

61A Lecture 33 Announcements Database Management Systems Database Management System Architecture

61A Lecture 33 Announcements Database Management Systems Database Management System Architecture 4 Architecture of a Database System by Hellerstein, Stonebreaker, and Hamilton Query Planning The manner in which tables are filtered, sorted,

208 views • 20 slides
Announcements 61A Lecture 34 Database Management System Architecture Database Management Systems

Announcements 61A Lecture 34 Database Management System Architecture Database Management Systems

Announcements 61A Lecture 34 Database Management System Architecture Database Management Systems 4 Architecture of a Database System by Hellerstein, Stonebreaker, and Hamilton Query Planning The manner in which tables are filtered, sorted,

185 views • 3 slides
Architecture for CASM Coordinated Address Space Management

Architecture for CASM Coordinated Address Space Management

IETF 98 th Architecture for CASM Coordinated Address Space Management draft-li-casm-address-pool-management-architecture-00 draft-kumar-casm-requirements-and-framework-00 Chen Li, Chongfeng Xie(China Telecom), Jun Bi(Tsinghua University)

392 views • 14 slides
Architecture for CASM Coordinated Address Space Management

Architecture for CASM Coordinated Address Space Management

IETF 98 th Architecture for CASM Coordinated Address Space Management draft-li-casm-address-pool-management-architecture-00 draft-kumar-casm-requirements-and-framework-00 Chen Li, Chongfeng Xie(China Telecom), Jun Bi(Tsinghua University)

401 views • 19 slides
Using Premia and Nsp on a Parallel Architecture for Risk Management Benchmark Jean-Philippe

Using Premia and Nsp on a Parallel Architecture for Risk Management Benchmark Jean-Philippe

Introduction Premia: a library for numerical computations in finance Using Premia and Nsp on a Parallel Architecture Nsp Nsp toolboxes Practical experiments Conclusion Using Premia and Nsp on a Parallel Architecture for Risk Management

247 views • 21 slides
LBNF Spectrometer: Architecture &amp; DutyFactor Paul Lebrun (for the LBNF Spectrometer group.)

LBNF Spectrometer: Architecture &amp; DutyFactor Paul Lebrun (for the LBNF Spectrometer group.)

LBNF Spectrometer: Architecture &amp; DutyFactor Paul Lebrun (for the LBNF Spectrometer group.) ND/Fermilab July 6 2017 Spectrometer Architecture &amp; Duty Factor 1 Outline My list of task, very broad overview Architecture

505 views • 35 slides
Whoops! Where did my architecture go? Approaches to architecture management for Java and Spring

Whoops! Where did my architecture go? Approaches to architecture management for Java and Spring

Whoops! Where did my architecture go? Approaches to architecture management for Java and Spring applications Oliver Gierke Oliver Gierke SpringSource Engineer Spring Data ogierke@vmware.com olivergierke www.olivergierke.de Background 5

1.05k views • 67 slides
IMS based NGN IMS based NGN Architecture Architecture and its application and its application

IMS based NGN IMS based NGN Architecture Architecture and its application and its application

I nternational Telecom m unication Union ITU-T IMS based NGN IMS based NGN Architecture Architecture and its application and its application Dick Knight BT Group plc I TU-T W orkshop NGN and its Transport Netw orks Kobe, 2 0 -2 1

218 views • 17 slides
Medical Organization Needs SOA Patients Service Oriented Architecture Finance Doctors Data

Medical Organization Needs SOA Patients Service Oriented Architecture Finance Doctors Data

Management of Patient Records Management of Medical Records Management of Services Price management Relations with Insurance Company Financial Management and Accounting Medical Supplies Management Auxiliary

952 views • 9 slides
Zoo Architecture - Animal / Visitor / Management Friendly Designs, Presentation at the SAZARC

Zoo Architecture - Animal / Visitor / Management Friendly Designs, Presentation at the SAZARC

Zoo Architecture - Animal / Visitor / Management Friendly Designs, Presentation at the SAZARC Fourth Annual Meeting, Colombo, December 1-7, 2003 (usually uninformed) designer clearer. It results in The Principles of Zoo Friendly Architecture

319 views • 3 slides
Mikro-SINA Bastei's stacked policies Overlay window management Demo TU Dresden,

Mikro-SINA Bastei's stacked policies Overlay window management Demo TU Dresden,

So far ... Faculty of Computer Science Institute for System Architecture, Operating Systems Group Basics Device Drivers Real time Naming Secure Systems Resource Management Stefan Kalkowski Virtualization / Legacy

347 views • 7 slides
Algorithm-Architecture Codesign George A. Constantinides Circuits and Systems Group Imperial

Algorithm-Architecture Codesign George A. Constantinides Circuits and Systems Group Imperial

Algorithm-Architecture Codesign George A. Constantinides Circuits and Systems Group Imperial College London August 22, 2017 George A. Constantinides Algorithm-Architecture Codesign Outline The changing face of computer architecture

101 views • 9 slides
Introduction Shoprite IT Slide 2 Introduction to Shoprite Shoprite Group of Companies - the

Introduction Shoprite IT Slide 2 Introduction to Shoprite Shoprite Group of Companies - the

Jean Bus Enterprise Architect Shoprite Group of Companies http://www.shopriteholdings.co.za/ jbuys@shoprite.co.za ~ Enterprise Architecture in Shoprite ~ Crafting architecture governance into IT business processes The Open Group Johannesburg

250 views • 12 slides
2. RISK MANAGEMENT GROUP Nick Minogue Nick Minogue Group Head Group Head Macquarie

2. RISK MANAGEMENT GROUP Nick Minogue Nick Minogue Group Head Group Head Macquarie

2. RISK MANAGEMENT GROUP Nick Minogue Nick Minogue Group Head Group Head Macquarie Group Limited Operational Briefing 5 February 2009 Presentation to Investors and Analysts Risk Management culture and approach Risk management

427 views • 13 slides
A-DRM: Architecture-aware Distributed Resource Management of Virtualized

A-DRM: Architecture-aware Distributed Resource Management of Virtualized

A-DRM: Architecture-aware Distributed Resource Management of Virtualized Clusters Hui Wang * , Canturk Isci , Lavanya Subramanian * , Jongmoo Choi #* , Depei Qian , Onur Mutlu * Beihang

707 views • 57 slides
Contributions of Landscape Architecture toward Sustainable Water Management in the Island of

Contributions of Landscape Architecture toward Sustainable Water Management in the Island of

Master of Landscape Architecture Program (MLA) Contributions of Landscape Architecture toward Sustainable Water Management in the Island of Gozo, Malta Damian Perez Beverinotti Xlendi Valley Gozo, Malta Ecological Landscape Modelling and

968 views • 48 slides
INF 5890 IT and Management Enterprise Architecture Bendik

INF 5890 IT and Management Enterprise Architecture Bendik

INF 5890 IT and Management Enterprise Architecture Bendik Bygstad IFI March 2016 Learning outcomes Understand the concept and purpose of enterprise

244 views • 22 slides
Group Management and Productivity Enhancement by Shinsei Bank Group February, 2018 Akira

Group Management and Productivity Enhancement by Shinsei Bank Group February, 2018 Akira

Group Management and Productivity Enhancement by Shinsei Bank Group February, 2018 Akira Hirasawa Chief Officer of Group Organizational Strategy Group Headquarters Shinsei Bank, Limited Direction of Group Management Establish unique and

154 views • 13 slides
Operations (TSMO) Vision and Regional ITS Architecture Update ITS Architecture Workshop March

Operations (TSMO) Vision and Regional ITS Architecture Update ITS Architecture Workshop March

Regional Transportation System Management and Operations (TSMO) Vision and Regional ITS Architecture Update ITS Architecture Workshop March 19, 2019 Agenda 1. Welcome and Introductions 2. ITS Architecture Overview/ Review &amp; Update

1.15k views • 53 slides

More recommend