Group Operation - Design of Our System - 使用者群組網路設備管理平台

Chapter 3 Design of Our System

3.4 Group Operation

Our system supports three user group operations, creating, joining, and leaving group.

We describe each operation as follows:

To create a UG, an AD sends a REGISTER message to the GMS, specifying the group name, group type (public or private), and group description. The messages exchanged are depicted in Figure 3-8.

AD GMS

Figure 3-8 Create a user group

To join a public UG, an AD sends an INVITE request to the GMS. Upon receiving the request, the GMS adds the new member to the UG and responses an OK message to the AD.

While joining a private UG, we have to consider the backward secrecy; thus, the group key must be refreshed. The details are given in Section3.5.

Similar to joining a UG, when a member leaves a public UG, the member transmits a BYE message to the GMS. Upon receiving the message, the GMS deletes the member from the UG. When leaving a private UG, the member sends a BYE request to the group owner. The group owner deletes the leaving member and the group key is refreshed to satisfy the forward secrecy. The details are described in Section 3.5 as well.

3.5 Group Key Management

We use the Diffie-Hellman key exchange algorithm to achieve a common group key and construct a tree structure to update the group key efficiently. A tree is maintained by a group owner and each of other members maintains two children node. Figure 3-9 shows an example of a key tree we used for group key agreement. Each node ui shares secret keys with its children nodes. For example, u1 shares K12 and K13 with its two children nodes, u2 and u3. The

Kij is established when a member joins a group and used when a member leaves a group for key refreshing. In addition, each node shares a common group key.

Figure 3-9 A key tree for key agreement

Figure 3-10 shows an example when a new member u6 joins the group. Gk is the original group key shared by all group members. At first, u6 sends a join request with its public key (α^K⁶) to the group owner, u1. If u1 accepts the request, u1 returns an OK message with the original public group key (α^G^k) and adds u6 to the key tree at the shallowest rightmost position.

In the example, u6 becomes the left child node of u3. U3 and u6 exchanges the public keys, and to establish the secret key K

αK α^K⁶^' 36 that equals toα^K³^'^K⁶^' modp. After that, u1

multicasts α^K⁶ to the group members except for the new member u6. Upon receiving α^K⁶, the group members from u1 to u5 can compute the new group key

by applying Diffie-Hellman key exchange alogorithm.

Likewise, u

p p

G_k^' =(α^k⁶)^G^k mod =α^k⁶^G^k mod

6 can compute the group keyG_k^' =(α^G^k)^G⁶modp=α^k⁶^G^k modp.

Figure 3-10 Rekey: join

We discuss two cases about leave. One is when a group member leaves, the leaving member notifies the group owner, which is called graceful departure. The other is ungraceful departure, which is a group member leaves without informing the group owner. We describe the two cases as follows.

Figure 3-11 shows an example, where a group member u2 leaves the group and notifies the group owner. In this case, the group owner u1 deletes u2 from the key tree. The group owner then chooses the deepest and rightmost member in the key tree to replace the leaving member. In this case, u6 is selected; the group owner u1 notifies u6 to add the children nodes of u2 and informs u3 that the child node u6 has left. U1 then establishes the secret key K16 with u6, and u6 establishes the secret key K46 and K56 with its two children u4 and u5 using Diffie-Hellman key exchange algorithm. The group owner generates a new secret key Gk’ and multicasts Gk’ encrypted with the secret key shared with the children nodes. In the example, u1 multicasts Gk’ encrypted with K16 and K13 to u6 and u3, respectively. U6 then decrypts Gk’

by K16 and multicasts Gk’ encrypted with K46 and K56 to u4 and u5, separately.

Figure 3-11 Rekey: graceful departure

To detect ungraceful departure, each group member sends “keep alive” message periodically to its children node. If a member detects its child has left, the member will notify the group owner. Then the group owner deletes the leaving node from the key tree, adjusting the key tree and refreshing the group key as the graceful leave case we have mentioned above.

In addition, we describe a case when refreshing the group key, there are members happening to leave a group. In normal case, if a member node multicasts a new key to its children, the children will response ACK message indicating the new key has been received;

thus, a parent node can detect if its child has left a group by this.

Figure 3-12 shows an example, in which a parent node detects that its child has left the group during rekey process. In the example, u2 multicasts the new group key to its children node, u4 and u5. U4, however, has left the group without informing the group owner. Therefore, u2 will not receive the ACK message from u4 and consider that u4 has left the group. U2 then reports the group owner u1 that the departure of u4. The group owner adjusts the multicast key tree, choosing u9 that is the deepest and rightmost node of the sub-tree of the leaving node to replace u4. At the same time, u1 notifies u9 the children node of u4.Afterward, u2 and u9

perform Diffie-Hellman key exchange to establish the secret key K29. Likewise, u8 and u9

establish K89. U2 retransmits Gk’ encrypted with K29 to u9, continuing the rekey process.

u2retransmits the group key G : the new group keyk'

Figure 3-12 Departure during rekey process

在文檔中使用者群組網路設備管理平台 (頁 32-37)