Browse Prior Art Database

Group Key Management Protocol (GKMP) Architecture (RFC2094)

IP.com Disclosure Number: IPCOM000002646D
Original Publication Date: 1997-Jul-01
Included in the Prior Art Database: 2000-Sep-13
Document File: 18 page(s) / 50K

Publishing Venue

Internet Society Requests For Comment (RFCs)

Related People

H. Harney: AUTHOR [+2]

Abstract

This specification proposes a protocol to create grouped symmetric keys and distribute them amongst communicating peers. This protocol has the following advantages: 1) virtually invisible to operator, 2) no central key distribution site is needed, 3) only group members have the key, 4) sender or receiver oriented operation, 5) can make use of multicast communications protocols.

This text was extracted from a ASCII Text document.
This is the abbreviated version, containing approximately 6% of the total text.

Network Working Group H. Harney

Request for Comments: 2094 C. Muckenhirn

Category: Experimental SPARTA, Inc.

July 1997

Group Key Management Protocol (GKMP) Architecture

Status of this Memo

This memo defines an Experimental Protocol for the Internet

community. This memo does not specify an Internet standard of any

kind. Discussion and suggestions for improvement are requested.

Distribution of this memo is unlimited.

Table of Contents

1. Introduction................................................. 1

2. Multicast Key Management Architectures....................... 3

3. GKMP Protocol Overview....................................... 9

4. Issues....................................................... 19

5. Security Considerations...................................... 22

6. Authors' Address............................................. 22

Abstract

This specification proposes a protocol to create grouped symmetric

keys and distribute them amongst communicating peers. This protocol

has the following advantages: 1) virtually invisible to operator, 2)

no central key distribution site is needed, 3) only group members

have the key, 4) sender or receiver oriented operation, 5) can make

use of multicast communications protocols.

1 Introduction

This document describes an architecture for the management of

cryptographic keys for multicast communications. We identify the

roles and responsibilities of communications system elements in

accomplishing multicast key management, define security and

functional requirements of each, and provide a detailed introduction

to the Group Key Management Protocol (GKMP) which provides the

ability to create and distribute keys within arbitrary-sized groups

without the intervention of a global/centralized key manager. The

GKMP combines techniques developed for creation of pairwise keys with

techniques used to distribute keys from a KDC (i.e., symmetric

encryption of keys) to distribute symmetric key to a group of hosts.

1.1 Multicast Communications Environments

The work leading to this report was primarily concerned with military

command and control and weapons control systems, these systems tend

to have top--down, commander--commanded, communications flows. The

choice of what parties will be members of a particular communication

(a multicast group for example) is at the discretion of the "higher"

level party(ies). This "sender-initiated" (assuming the higher-level

party is sending) model maps well to broadcast (as in

electromagnetic, free-space, transmission) and circuit switched

communications media (e.g., video teleconferencing, ATM multicast).

In looking to apply this technology to the Internet, a somewhat

different model appears to be at work (at least for some portion of

...