next up previous contents
Next: Core Based Trees Up: Key Distribution Previous: Problems of Scalability

SKIP and Photuris

At the time of writing, the default key management protocol for the IP security architecture hasn't been chosen. The choice appears to be between Photuris, a connection oriented session protocol, and SKIP, a stateless connectionless key management scheme. SKIP appears to be the better choice for multicast, so this will be described.

SKIP is based on the Diffie-Hellman transformation, where to construct a key for communication, each of the participants combines their private part with the other's public part to create a shared secret key. This is then used to send a session specific key to the other which is used from then. This is completed in message exchange and so requires very little overhead. The construction of the shared secret key can include a time component so that the shared key doesn't remain constant over time, and since it is only used to pass the session key, there is very little text to attempt to break the secret key of the users.

The public part of the key is assumed to come from a directory of some sort, such as from the X.509 certification hierarchy or secure DNS. To this end, the name space identifying who's public key should be used is flexible and so can use IPv4 or IPv6 address space, domain names or X.500 distinguished names. Keys can also be manually configured for machines, so that the public keys for each of the machines in a trusted network can be stored in a file on each machine.

For multicast, the above approach is generalised by assuming that there is a group owner identified with the group. To get the session specific keys, the group members contact the group owner using the normal SKIP protocol, and thus the SKIP protocol introduces membership control based on the authentication involved in SKIP.


next up previous contents
Next: Core Based Trees Up: Key Distribution Previous: Problems of Scalability
Jon CROWCROFT
1998-12-03