Multicast Security (MSEC) Group Key Management Architecture
RFC 4046
Document | Type | RFC - Informational (May 2005; No errata) | |
---|---|---|---|
Authors | Ran Canetti , Lakshminath Dondeti , Fredrik Lindholm , Mark Baugher | ||
Last updated | 2013-03-02 | ||
Stream | Internent Engineering Task Force (IETF) | ||
Formats | plain text html pdf htmlized (tools) htmlized bibtex | ||
Stream | WG state | (None) | |
Document shepherd | No shepherd assigned | ||
IESG | IESG state | RFC 4046 (Informational) | |
Action Holders |
(None)
|
||
Consensus Boilerplate | Unknown | ||
Telechat date | |||
Responsible AD | Russ Housley | ||
Send notices to | <canetti@watson.ibm.com>, <thardjono@verisign.com> |
Network Working Group M. Baugher Request for Comments: 4046 Cisco Category: Informational R. Canetti IBM L. Dondeti Qualcomm F. Lindholm Ericsson April 2005 Multicast Security (MSEC) Group Key Management Architecture Status of This Memo This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited. Copyright Notice Copyright (C) The Internet Society (2005). Abstract This document defines the common architecture for Multicast Security (MSEC) key management protocols to support a variety of application, transport, and network layer security protocols. It also defines the group security association (GSA), and describes the key management protocols that help establish a GSA. The framework and guidelines described in this document permit a modular and flexible design of group key management protocols for a variety of different settings that are specialized to applications needs. MSEC key management protocols may be used to facilitate secure one-to-many, many-to-many, or one-to-one communication. Table of Contents 1. Introduction: Purpose of this Document ..........................2 2. Requirements of a Group Key Management Protocol .................4 3. Overall Design of Group Key Management Architecture .............6 3.1. Overview ...................................................6 3.2. Detailed Description of the GKM Architecture ...............8 3.3. Properties of the Design ..................................11 3.4. Group Key Management Block Diagram ........................11 4. Registration Protocol ..........................................13 4.1. Registration Protocol via Piggybacking or Protocol Reuse ..13 4.2. Properties of Alternative Registration Exchange Types .....14 Baugher, et al. Informational [Page 1] RFC 4046 MSEC Group Key Management Architecture April 2005 4.3. Infrastructure for Alternative Registration Exchange Types ............................................15 4.4. De-registration Exchange ..................................16 5. Rekey Protocol .................................................16 5.1. Goals of the Rekey Protocol ...............................17 5.2. Rekey Message Transport and Protection ....................17 5.3. Reliable Transport of Rekey Messages ......................18 5.4. State-of-the-art on Reliable Multicast Infrastructure .....20 5.5. Implosion .................................................21 5.6. Incorporating Group Key Management Algorithms .............22 5.7. Stateless, Stateful, and Self-healing Rekeying Algorithms ................................................22 5.8. Interoperability of a GKMA ................................23 6. Group Security Association .....................................24 6.1. Group Policy ..............................................24 6.2. Contents of the Rekey SA ..................................25 6.2.1. Rekey SA Policy ....................................26 6.2.2. Group Identity .....................................27 6.2.3. KEKs ...............................................27 6.2.4. Authentication Key .................................27 6.2.5. Replay Protection ..................................27 6.2.6. Security Parameter Index (SPI) .....................27 6.3. Contents of the Data SA ...................................27 6.3.1. Group Identity .....................................28 6.3.2. Source Identity ....................................28 6.3.3. Traffic Protection Keys ............................28 6.3.4. Data Authentication Keys ...........................28 6.3.5. Sequence Numbers ...................................28 6.3.6. Security Parameter Index (SPI) .....................28 6.3.7. Data SA Policy .....................................28 7. Scalability Considerations .....................................29 8. Security Considerations ........................................31 9. Acknowledgments ................................................32 10. Informative References ........................................33Show full document text