Browse Prior Art Database

Group Key Management Protocol (GKMP) Specification (RFC2093)

IP.com Disclosure Number: IPCOM000002645D
Original Publication Date: 1997-Jul-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 19 page(s) / 45K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

H. Harney: AUTHOR [+2]

Abstract

This specification proposes a protocol to create grouped symmetric keys and distribute them amongst communicating peers. This protocol has the following advantages: 1) virtually invisible to operator, 2) no central key distribution site is needed, 3) only group members have the key, 4) sender or receiver oriented operation, 5) can make use of multicast communications protocols.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 7% of the total text.

Network Working Group H. Harney

Request for Comments: 2093 C. Muckenhirn

Category: Experimental SPARTA, Inc.

July 1997

Group Key Management Protocol (GKMP) Specification

Status of this Memo

This memo defines an Experimental Protocol for the Internet

community. This memo does not specify an Internet standard of any

kind. Discussion and suggestions for improvement are requested.

Distribution of this memo is unlimited.

Table of Contents

1. Background..................................................... 1

2. Overview: GKMP Roles.......................................... 3

3. Data Item primitives........................................... 4

4. Message definitions............................................ 6

5. State definitions.............................................. 9

6. Functional Definitions--Group Key Management Protocol.......... 13

7. Security Considerations........................................ 23

8. Author's Address............................................... 23

Abstract

This specification proposes a protocol to create grouped symmetric

keys and distribute them amongst communicating peers. This protocol

has the following advantages: 1) virtually invisible to operator, 2)

no central key distribution site is needed, 3) only group members

have the key, 4) sender or receiver oriented operation, 5) can make

use of multicast communications protocols.

1 Background

Traditional key management distribution has mimicked the military

paper based key accounting system. Key was distributed, ordered, and

accounted physically leading to large lead times and expensive

operations.

Cooperative key management algorithms exist that allow pairwise keys

to be generated between two equipment's. This gives the a quicker

more reliable key management structure capable of supporting large

numbers of secure communications. Unfortunately, only pairwise keys

are supported using these methods today.

This document describes a protocol for establishing and rekeying

groups of cryptographic keys (more than two) on the internet. We

refer to the approach as the Group Key Management Protocol (GKMP).

1.1 Protocol Overview

The GKMP creates key for cryptographic groups, distributes key to the

group members, ensures (via peer to peer reviews) rule based access

control of keys, denies access to known compromised hosts, and allow

hierarchical control of group actions.

The key generation concept used by the GKMP is cooperative generation

between two protocol entities. There are several key generation

algorithms viable for use in the GKMP (i.e., RSA, Diffe-Hellman,

elliptic curves). All these algorithms use asymmetric key technology

to pass information between two entities to create a single

cryptographic key.

The GK...