Network Working Group M. Park Internet-Draft Soongsil University Intended status: Informational November 20, 2018 Expires: May 24, 2019 Multiple group membership draft-park-mls-multiple-groups-requirement-00 Abstract This document proposes a functional requirement of Message Level Security (MLS) which provide an efficient management for multiple groups. Although MLS defines an architecture and an abstract protocol for a secure group communication, it overlooks the need of multiple groups. This document describes a usecase of the multiple groups, and the need for an efficient multiple group membership management. Status of This Memo This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79. Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." This Internet-Draft will expire on May 24, 2019. Copyright Notice Copyright (c) 2018 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of Park Expires May 24, 2019 [Page 1] Internet-Draft Multiple group membership November 2018 the Trust Legal Provisions and are provided without warranty as described in the Simplified BSD License. Table of Contents 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . 2 2. Terminology . . . . . . . . . . . . . . . . . . . . . . . . . 2 3. Re-keying for membership change . . . . . . . . . . . . . . . 2 4. Multiple groups scenario . . . . . . . . . . . . . . . . . . 3 5. Multiple group membership . . . . . . . . . . . . . . . . . . 4 6. Informative References . . . . . . . . . . . . . . . . . . . 4 Appendix A. Acknowledgements . . . . . . . . . . . . . . . . . . 5 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . 5 1. Introduction With the emergence of diverse group-based applications, e.g. a channel-based charged TV or telematics services, multiple group applications are likely to coexist, and users may have multiple memberships. Of course, although the functional requirements defined in the mls architecture draft can satisfy the multiple membership management, we need to consider the efficient management of multiple membership. This document mentions the inefficiency which may occur in the multiple membership management and the motivation of the functional requirement, multiple group membership. 2. Terminology The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119]. 3. Re-keying for membership change Let us consider a situation where a member is about to leave a group. Before this member leaves, all the members have shared a group key to encrypt/decrypt messages among themselves. After the member leaves, the old group key must be revoked and updated with a new group key. This rekeying process may cause a lot of key management overhead. Since the existing members do not have any shared secret keys except for the old group key, a new group key should be distributed to these members in a secure manner. As a result, it is obvious that the more the number of users in a group service, the larger the rekeying overhead would be. Park Expires May 24, 2019 [Page 2] Internet-Draft Multiple group membership November 2018 4. Multiple groups scenario There can be various group messaging services. Generally, the group messaging services can be considered as the commercial services such as a charged TV streaming service, a telematics service, and an information service (Sports or stock). Let us assume these three services are Delivery Services (DS) as shown in Figure 1. In this case, there will be at least three groups for the three services, each of which should be managed according to the membership records of the DSs. Moreover, if the subscription to a DS is charged for either each channel (Ch1, Ch2, and Ch3) or content (sports and stock), the service provider should manage the additional user groups (e.g., channel-based or content-based groups) for accurate accounting like Figure 2. As a result, the management overhead stemming from membership management including rekeying can significantly increase due to the number of such groups. ---------------- -------------- ----------------- | A Charged TV | | Telematics | | Information | | | | Service | | Service | | | | | | | ---------------- -------------- ----------------- \ / \________________ / | \ / _____\_________/ | \ / / \ | ------- ------ ------- ------- | User0 | | User1 | | User2 | | User3 | ------- ------ ------- ------- Figure 1: Multiple groups scenario Ch1 group Ch2 group Ch3 group **************** **************** **************** * ------- * * ------- * * ------- * *| User0 | ...* *| User1 | ... * *| User2 | ... * * ------- * * ------- * * ------- * **************** **************** **************** Telematics group Sports group Stock group **************** **************** **************** * ------- * * ------- * * ------- * *| User2 | ...* *| User1 | ... * *| User3 | ... * * ------- * * ------- * * ------- * **************** **************** **************** Figure 2: Six delivery service groups Park Expires May 24, 2019 [Page 3] Internet-Draft Multiple group membership November 2018 5. Multiple group membership The multiple group scenario in the previous section can be implemented with multiple independent groups, where each service group has an independent AS. However, a single service provider may manage multiple groups, e.g., multiple channel groups in a channel- based charged service. In this case, the service provider should have multiple independent groups corresponding to each channel, which may increase the management cost such as many Ass as the number of groups and re-keying. Therefore, the protocol should be able to allow a single Authentication Service to manage multiple group memberships in order to support more than two Delivery Services as shown in Figure 3. ---------------- -------------- -------------- | Authentication | | Delivery | | Delivery | | Service (AS) | | Service(DS1) | | Service(DS2) | ---------------- -------------- -------------- Multiple memberships / \ / | ********************************************************* * / ________\___/ | * * / / \ | * * ---------- ---------- ---------- * * | Client 0 | | Client 1 | | Client N | * * ---------- ---------- ---------- * * ............................ ........... * * Member 0 Member 1 * * * ********************************************************* Figure 3: Multiple membership 6. Informative References [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", RFC 2119, March 1997. Park Expires May 24, 2019 [Page 4] Internet-Draft Multiple group membership November 2018 Appendix A. Acknowledgements This work was supported by Institute for Information & communications Technology Promotion(IITP) grant funded by the Korea government(MSIT) (No.2018-0-00254, SDN security technology development). Author's Address Minho Park School of Electronic Engineering Soongsil University 369, Sangdo-ro, Dongjak-gu Seoul, Seoul 06978 Republic of Korea Phone: +82 2 828 7176 EMail: mhp@ssu.ac.kr Park Expires May 24, 2019 [Page 5]