Multicast Security  CSCE 6581 Advanced Computer Networks Vandana Gunupudi Chen Peng Avanthi Koneru
Agenda <ul><li>Introduction </li></ul><ul><li>Applications </li></ul><ul><li>Multicast Service Model </li></ul><ul><li>Sec...
What is Multicasting? <ul><li>Unicast is conventional single point-to-point communication.  </li></ul><ul><li>Broadcast is...
Multicasting <ul><li>Figure from Internet Protocol Multicast, Cisco Systems, available at  http://www.cisco.com/univercd/c...
Multicast Applications <ul><li>Streaming video/audio </li></ul><ul><li>Live TV and Radio broadcasts to the Desktop, IPTV <...
Multicasting - Video Conference <ul><li>Ex: Network video tool, LBL video conferencing tool,  </li></ul><ul><li>Inria vide...
Multicasting - Video Broadcasting <ul><ul><li>Figure from The grounds-wide Tele-Tutoring System, University of Virginia, a...
(Figure from Cisco Systems' Internetworking Technology Handbook available at  http://www.cisco.com/univercd/cc/td/doc/cisi...
Advantages <ul><li>Enhanced Efficiency: Controls network traffic and reduces server and CPU loads </li></ul><ul><li>Optimi...
Disadvantages <ul><li>Best Effort Delivery:  </li></ul><ul><ul><li>Drops are to be expected.  </li></ul></ul><ul><ul><li>M...
Multicast addresses <ul><li>Multicasting employs a Class D address format, which ranges from 224.0.0.0 to 239.255.255.255....
Multicast Service Model <ul><li>Invented by Steve Deering  </li></ul><ul><li>RFC1112 : Host Extensions for IP Multicasting...
How does a host join a group ? <ul><li>Internet Group Management Protocol ( IGMP , RFC 3376) </li></ul><ul><ul><li>Used by...
 
 
 
Multicast Properties <ul><li>Three main properties of multicast: </li></ul><ul><ul><li>All members receive all packets sen...
Requirements <ul><li>The most basic security requirements: </li></ul><ul><ul><li>Secrecy </li></ul></ul><ul><ul><li>Authen...
Requirements <ul><li>Secrecy   usually means that only the multicast group members (and all of them) should be able to dec...
Requirements <ul><li>anonymity   is to keep the identity of group members secret from outsiders or from other group member...
Requirements <ul><li>Access control  is the ability to make sure that only registered and legitimate parties have access t...
Requirements <ul><li>Figure from   Paul Judge, Mostafa Ammar,  “Security Issues and Solutions in Multicast Content Distrib...
Performance Metrics <ul><li>In Seminar I We talk about general performance metrics from multicast application perspective....
Performance Metrics <ul><li>Performance is a major concern for multicast security applications. Major performance metrics ...
Performance Metrics <ul><li>Other performance metrics: </li></ul><ul><ul><li>Lengths of keys </li></ul></ul><ul><ul><ul><l...
Summary of metrics <ul><li>General Metrics: </li></ul><ul><ul><li>Computation overhead (depends on key lengths) </li></ul>...
Security Requirements Overview of Multicast Security Authentication Confidentiality Access Control ( Sender/Receiver ) Key...
Core Problem Areas <ul><li>Source Authentication </li></ul><ul><ul><li>TESLA  </li></ul></ul><ul><li>Group Key Management ...
Standardization  efforts <ul><li>Secure Multicast Research Group ( SmuG) </li></ul><ul><ul><li>IRTF Working Group to discu...
Properties of Secure Multicast <ul><li>Preserve authentication and secrecy for all group communication </li></ul><ul><ul><...
Source Authentication <ul><li>Motivating Scenario </li></ul><ul><ul><li>Group of subscribers get periodic stock quotes fro...
Requirements <ul><li>Authenticity </li></ul><ul><li>Integrity of received data </li></ul><ul><li>NonRepudiation </li></ul>...
Proposed Solutions <ul><li>Figure from   Paul Judge, Mostafa Ammar,  “Security Issues and Solutions in Multicast Content D...
Source Authentication Methods <ul><li>Hash-based Schemes </li></ul><ul><ul><li>Packet Chaining </li></ul></ul><ul><ul><ul>...
<ul><li>MAC-based Schemes </li></ul><ul><ul><li>Efficient MACS </li></ul></ul><ul><ul><ul><li>Sender holds a set of n MAC ...
Group Key Management (GKM) <ul><li>Why do we need GKM?  </li></ul><ul><ul><li>Data in multicast applications typically enc...
Proposed Schemes <ul><li>Source :  Paul Judge, Mostafa Ammar,  “Security Issues and Solutions in Multicast Content Distrib...
GKM Framework <ul><li>Group Key Management Framework </li></ul><ul><ul><li>Entities </li></ul></ul><ul><ul><ul><li>Group C...
IETF-proposed Standards <ul><li>Group Secure Association Key Management Protocol (GSAKMP) </li></ul><ul><ul><li>Network la...
MIKEY <ul><li>End-to-end security of the key exchange </li></ul><ul><li>End-to-end mutual authentication </li></ul><ul><ul...
Application Scenarios <ul><li>peer-to-peer, simple one-to-many, and small-size (interactive) groups </li></ul><ul><li>peer...
Receiver Access Control <ul><li>Open access to distributed content on the Internet </li></ul><ul><li>Any host can join a g...
Receiver Access Control
Requirements <ul><li>Group Policy Specification Functions </li></ul><ul><ul><li>Group Owner  specifies a  group policy </l...
Proposed Solutions <ul><li>Hardjono and Cain[10]:  </li></ul><ul><ul><li>Access tokens to members </li></ul></ul><ul><ul><...
Solutions <ul><li>GOTHIC[9] </li></ul><ul><ul><li>Comprehensive architecture for group access control </li></ul></ul><ul><...
Conclusion <ul><li>Introduced multicast  </li></ul><ul><li>Discussed Security Issues </li></ul><ul><li>Focus on core probl...
References <ul><ul><li>Paul Judge, Mostafa Ammar,  “Security Issues and Solutions in Multicast Content Distribution: A Sur...
References <ul><li>P. Judge, “Security and Protection Architectures for Large-Scale Content Distribution'', Ph.D. thesis, ...
Upcoming SlideShare
Loading in...5
×

Multicast Security CSCE 6581 Advanced Computer Networks

414

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total Views
414
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
25
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • Secure Multicast Research Group (SmuG) is an IRTF research group that looks at multicast security issues..
  • Multicast Security CSCE 6581 Advanced Computer Networks

    1. 1. Multicast Security CSCE 6581 Advanced Computer Networks Vandana Gunupudi Chen Peng Avanthi Koneru
    2. 2. Agenda <ul><li>Introduction </li></ul><ul><li>Applications </li></ul><ul><li>Multicast Service Model </li></ul><ul><li>Security Issues </li></ul><ul><li>Background and Requirements </li></ul><ul><li>Benchmarks and Metrics </li></ul><ul><li>Summary of methods </li></ul><ul><li>Conclusion </li></ul>Avanthi Peng Vandana
    3. 3. What is Multicasting? <ul><li>Unicast is conventional single point-to-point communication. </li></ul><ul><li>Broadcast is transmission to multiple, unspecified recipients. </li></ul><ul><li>Multicast is communication between a single sender and multiple receivers ( one-to-many ) on a network or multiple senders sending to multiple receivers ( many-to-many ) </li></ul>
    4. 4. Multicasting <ul><li>Figure from Internet Protocol Multicast, Cisco Systems, available at http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ipmulti.htm#xtocid2 </li></ul>
    5. 5. Multicast Applications <ul><li>Streaming video/audio </li></ul><ul><li>Live TV and Radio broadcasts to the Desktop, IPTV </li></ul><ul><li>Real-Time financial data delivery </li></ul><ul><li>Whiteboard/Collaboration </li></ul><ul><li>Multiplayer games </li></ul><ul><li>File/Software downloads/updates </li></ul><ul><li>News Feeds </li></ul><ul><li>Multimedia phone service </li></ul>
    6. 6. Multicasting - Video Conference <ul><li>Ex: Network video tool, LBL video conferencing tool, </li></ul><ul><li>Inria video conferencing system </li></ul>
    7. 7. Multicasting - Video Broadcasting <ul><ul><li>Figure from The grounds-wide Tele-Tutoring System, University of Virginia, available at http://www.cs.virginia.edu/~gwtts/ </li></ul></ul><ul><ul><ul><li>gwTTS - University of Virginia tele-tutoring system (Distance Learning) </li></ul></ul></ul>
    8. 8. (Figure from Cisco Systems' Internetworking Technology Handbook available at http://www.cisco.com/univercd/cc/td/doc/cisintwk/ito_doc/ipmulti.htm#xtocid0 )
    9. 9. Advantages <ul><li>Enhanced Efficiency: Controls network traffic and reduces server and CPU loads </li></ul><ul><li>Optimized Performance: Eliminates traffic redundancy </li></ul><ul><li>Distributed Applications: Makes multipoint applications possible </li></ul><ul><li>(Figure from Introduction to IP Multicast, Cisco IP Multicast Groups, available at ftp://ftpeng.cisco.com/ipmulticast/networkers03/RST1051-IntrotoIPMulticast.pdf ) </li></ul>
    10. 10. Disadvantages <ul><li>Best Effort Delivery: </li></ul><ul><ul><li>Drops are to be expected. </li></ul></ul><ul><ul><li>Multicast applications should not expect reliable delivery of data and should be designed accordingly. </li></ul></ul><ul><li>No Congestion Avoidance: </li></ul><ul><ul><li>Lack of TCP windowing and “slow-start” mechanisms can result in network congestion. </li></ul></ul><ul><li>Duplicates: </li></ul><ul><ul><li>Some multicast protocol mechanisms (e.g. Asserts, Registers and Shortest-Path Tree Transitions) result in the occasional generation of duplicate packets. </li></ul></ul><ul><li>Out-of-Sequence Packets: </li></ul><ul><ul><li>Various network events can result in packets arriving out of sequence. </li></ul></ul>
    11. 11. Multicast addresses <ul><li>Multicasting employs a Class D address format, which ranges from 224.0.0.0 to 239.255.255.255. Every IP datagram whose destination address starts with &quot;1110&quot; is an IP Multicast datagram. </li></ul>
    12. 12. Multicast Service Model <ul><li>Invented by Steve Deering </li></ul><ul><li>RFC1112 : Host Extensions for IP Multicasting - 1989 </li></ul><ul><li>Senders transmit IP datagrams to a host group </li></ul><ul><li>“ Host group” identified by a class D IP address </li></ul><ul><li>Members of host group could be present anywhere in the Internet </li></ul><ul><li>All members receive all packets sent to the address </li></ul><ul><li>Open group memberships </li></ul><ul><li>Members join and leave the group and indicate this to the routers </li></ul><ul><li>Senders and receivers are distinct: i.e., a sender need not be a member of the group </li></ul><ul><li>Routers listen to all multicast addresses and use multicast routing protocols to manage groups </li></ul>
    13. 13. How does a host join a group ? <ul><li>Internet Group Management Protocol ( IGMP , RFC 3376) </li></ul><ul><ul><li>Used by end hosts to signal that they want to join a specific multicast group </li></ul></ul><ul><ul><li>Used by routers to discover what groups have have interested member hosts on each network to which they are attached. </li></ul></ul><ul><ul><li>Implemented directly over IP </li></ul></ul><ul><li>Currently at version 3 </li></ul><ul><li>Join and Leave messages </li></ul>
    14. 17. Multicast Properties <ul><li>Three main properties of multicast: </li></ul><ul><ul><li>All members receive all packets sent to the address </li></ul></ul><ul><ul><li>Open group memberships </li></ul></ul><ul><ul><li>Open access to send packets to the group </li></ul></ul><ul><li>In order to have a secure multicast application, certain security requirements must apply to avoid the vulnerabilities. </li></ul>
    15. 18. Requirements <ul><li>The most basic security requirements: </li></ul><ul><ul><li>Secrecy </li></ul></ul><ul><ul><li>Authenticity </li></ul></ul><ul><li>Other requirements include: </li></ul><ul><ul><li>Anonymity </li></ul></ul><ul><ul><li>Non-repudiation </li></ul></ul><ul><ul><li>Access Control </li></ul></ul><ul><ul><li>Service Availability </li></ul></ul>
    16. 19. Requirements <ul><li>Secrecy usually means that only the multicast group members (and all of them) should be able to decipher transmitted data. </li></ul><ul><li>Group authenticity means that each group member can recognize whether a message was sent by a group member. </li></ul><ul><li>Source authenticity means that it is </li></ul><ul><li>possible to identify the particular sender within the group. </li></ul>
    17. 20. Requirements <ul><li>anonymity is to keep the identity of group members secret from outsiders or from other group members, or keep the identity of the sender of a message secret. </li></ul><ul><li>non-repudiation is the ability of receivers of data to prove to third parties that the data has been transmitted. </li></ul>
    18. 21. Requirements <ul><li>Access control is the ability to make sure that only registered and legitimate parties have access to the communication addressed to the group. </li></ul><ul><li>service availability is critical in multicast since DOS attacks are easy to mount and are much more harmful. </li></ul>
    19. 22. Requirements <ul><li>Figure from Paul Judge, Mostafa Ammar, “Security Issues and Solutions in Multicast Content Distribution: A Survey,&quot; IEEE Network Magazine, 2003. </li></ul>
    20. 23. Performance Metrics <ul><li>In Seminar I We talk about general performance metrics from multicast application perspective. </li></ul><ul><li>In Seminar II we will talk about each area in detail on how to achieve the performance using different solutions and benchmarks. </li></ul>
    21. 24. Performance Metrics <ul><li>Performance is a major concern for multicast security applications. Major performance metrics include: </li></ul><ul><ul><li>latency and work overhead per sending and </li></ul></ul><ul><ul><li>receiving data packets </li></ul></ul><ul><ul><li>bandwidth overhead incurred by inflating the data packets via cryptographic transformations </li></ul></ul>
    22. 25. Performance Metrics <ul><li>Other performance metrics: </li></ul><ul><ul><li>Lengths of keys </li></ul></ul><ul><ul><ul><li>Ephemeral (Short-term) security: smaller key lengths </li></ul></ul></ul><ul><ul><ul><li>Long-term security: Longer key lengths </li></ul></ul></ul><ul><ul><li>Group management activity such as group initialization and member addition and deletion.( Time Delay in milliseconds) </li></ul></ul><ul><ul><li>Possible congestion , especially around centralized control services at peak sign-on and sign-off times. </li></ul></ul>
    23. 26. Summary of metrics <ul><li>General Metrics: </li></ul><ul><ul><li>Computation overhead (depends on key lengths) </li></ul></ul><ul><ul><ul><li>Time to verify and decrypt data </li></ul></ul></ul><ul><ul><ul><li>Time to authenticate and encrypt data </li></ul></ul></ul><ul><ul><li>Communication bandwidth/latency overhead </li></ul></ul><ul><ul><li>Congestion </li></ul></ul><ul><li>Key Management Metrics: </li></ul><ul><ul><li>Key set-up and key refresh overhead </li></ul></ul><ul><ul><li>Group set-up and member enrolment time </li></ul></ul>
    24. 27. Security Requirements Overview of Multicast Security Authentication Confidentiality Access Control ( Sender/Receiver ) Key Management
    25. 28. Core Problem Areas <ul><li>Source Authentication </li></ul><ul><ul><li>TESLA </li></ul></ul><ul><li>Group Key Management </li></ul><ul><ul><li>Many protocols </li></ul></ul><ul><ul><li>Focus on IETF standardization efforts </li></ul></ul><ul><li>Access Control </li></ul><ul><ul><li>Receiver and Source Access Control </li></ul></ul><ul><ul><li>Focus on receiver primarily </li></ul></ul>
    26. 29. Standardization efforts <ul><li>Secure Multicast Research Group ( SmuG) </li></ul><ul><ul><li>IRTF Working Group to discuss research issues in Multicast Security </li></ul></ul><ul><ul><li>Identify security requirements for a variety of applications </li></ul></ul><ul><ul><li>define a common and general reference framework composed of useful building blocks </li></ul></ul><ul><ul><li>Use building blocks to construct solutions for multicast security problems </li></ul></ul>
    27. 30. Properties of Secure Multicast <ul><li>Preserve authentication and secrecy for all group communication </li></ul><ul><ul><li>Only registered senders can send packets </li></ul></ul><ul><ul><li>Only registered receivers can read packets </li></ul></ul><ul><li>Registration means the registration by the group controller/key server </li></ul><ul><li>Encryption/Decryption of sent packets with a shared group key </li></ul><ul><li>Only registered senders and receivers can encrypt and decrypt the packets </li></ul><ul><li>The group key is distributed only to the eligible senders and receivers </li></ul>
    28. 31. Source Authentication <ul><li>Motivating Scenario </li></ul><ul><ul><li>Group of subscribers get periodic stock quotes from a server </li></ul></ul><ul><ul><li>Need to verify the identity of the sender of the stock quote </li></ul></ul><ul><li>Definition </li></ul><ul><ul><li>Ability of members of a multicast group to verify the identity of the sender </li></ul></ul>
    29. 32. Requirements <ul><li>Authenticity </li></ul><ul><li>Integrity of received data </li></ul><ul><li>NonRepudiation </li></ul><ul><li>Efficiency </li></ul><ul><ul><li>Communication and Computation Overhead </li></ul></ul><ul><li>Collusion Resistance </li></ul><ul><li>Minimal Latency </li></ul>
    30. 33. Proposed Solutions <ul><li>Figure from Paul Judge, Mostafa Ammar, “Security Issues and Solutions in Multicast Content Distribution: A Survey,&quot; IEEE Network Magazine, 2003. </li></ul>
    31. 34. Source Authentication Methods <ul><li>Hash-based Schemes </li></ul><ul><ul><li>Packet Chaining </li></ul></ul><ul><ul><ul><li>Data stream partitioned into chains </li></ul></ul></ul><ul><ul><ul><li>Each packet in chain contains hash of of the next packet in the chain </li></ul></ul></ul><ul><ul><ul><li>Therefore, only first packet in chain is signed, saving space </li></ul></ul></ul><ul><ul><li>Tree Chaining </li></ul></ul><ul><ul><ul><li>Data stream partitioned into blocks </li></ul></ul></ul><ul><ul><ul><li>Each block of n messages authenticated with 1 signature </li></ul></ul></ul><ul><ul><ul><li>Nodes are message digests </li></ul></ul></ul><ul><ul><ul><li>Receiver can recreate path </li></ul></ul></ul>
    32. 35. <ul><li>MAC-based Schemes </li></ul><ul><ul><li>Efficient MACS </li></ul></ul><ul><ul><ul><li>Sender holds a set of n MAC keys </li></ul></ul></ul><ul><ul><ul><li>Receivers hold a subset of the n keys </li></ul></ul></ul><ul><ul><ul><li>Each message “MACed” with each of the n keys and receiver verifies the MAC with the subset of keys it holds </li></ul></ul></ul><ul><ul><ul><li>Appropriate choice of subsets </li></ul></ul></ul><ul><ul><li>Timed Efficient Stream Loss-Tolerant Authentication Protocol (TESLA) </li></ul></ul><ul><ul><ul><li>Sender signs the first packet and provides notification of a chain of MAC keys </li></ul></ul></ul><ul><ul><ul><li>Later packets in chain reveal prior keys </li></ul></ul></ul><ul><ul><ul><li>Synchronization required between sender/receiver </li></ul></ul></ul>Source Authentication Methods
    33. 36. Group Key Management (GKM) <ul><li>Why do we need GKM? </li></ul><ul><ul><li>Data in multicast applications typically encrypted using symmetric-key cryptography </li></ul></ul><ul><ul><li>Need to protect the keys </li></ul></ul><ul><ul><li>Hosts may belong to many groups with many different keys </li></ul></ul><ul><ul><li>Hosts may send to many groups with different keys </li></ul></ul><ul><ul><li>Support dynamic creation of groups, dynamic membership, dynamic sources </li></ul></ul>
    34. 37. Proposed Schemes <ul><li>Source : Paul Judge, Mostafa Ammar, “Security Issues and Solutions in Multicast Content Distribution: A Survey,&quot; IEEE Network Magazine, 2003. </li></ul>
    35. 38. GKM Framework <ul><li>Group Key Management Framework </li></ul><ul><ul><li>Entities </li></ul></ul><ul><ul><ul><li>Group Controller/Key Server(GCKS) </li></ul></ul></ul><ul><ul><ul><li>Hosts </li></ul></ul></ul><ul><ul><li>Registration Protocol </li></ul></ul><ul><ul><ul><li>When members join the group </li></ul></ul></ul><ul><ul><li>ReKey Protocol </li></ul></ul><ul><ul><ul><li>When members leave the group </li></ul></ul></ul><ul><ul><li>Types of Keys </li></ul></ul><ul><ul><ul><li>Key Encrypting Key (KEK) </li></ul></ul></ul><ul><ul><ul><li>Traffic Encrypting Key (TEK) </li></ul></ul></ul>
    36. 39. IETF-proposed Standards <ul><li>Group Secure Association Key Management Protocol (GSAKMP) </li></ul><ul><ul><li>Network layer </li></ul></ul><ul><ul><li>Distributed Architecture </li></ul></ul><ul><ul><li>One-to-many or many-to-many </li></ul></ul><ul><ul><li>Scalable </li></ul></ul><ul><li>Multimedia Internet Keying (MIKEY) </li></ul><ul><ul><li>Targeted at real time multimedia applications </li></ul></ul><ul><ul><li>Application-layer (SRTP) </li></ul></ul><ul><ul><li>Can be tunneled over Session Initiation Protocol(SIP) </li></ul></ul>
    37. 40. MIKEY <ul><li>End-to-end security of the key exchange </li></ul><ul><li>End-to-end mutual authentication </li></ul><ul><ul><li>Pre-shared key, public key, signed Diffie-Hellman </li></ul></ul><ul><li>Suitable for unicast and small groups </li></ul><ul><li>Simplicity </li></ul><ul><li>Efficiency </li></ul><ul><ul><li>low extra bandwidth consumption </li></ul></ul><ul><ul><li>low computational workload </li></ul></ul><ul><ul><li>small code size </li></ul></ul><ul><ul><li>Minimal number of round trips </li></ul></ul><ul><li>Independent of any specific security functionality of the underlying transport </li></ul>
    38. 41. Application Scenarios <ul><li>peer-to-peer, simple one-to-many, and small-size (interactive) groups </li></ul><ul><li>peer-to-peer (unicast) </li></ul><ul><ul><li>a SIP-based call between two parties, where it may be desirable that the security is either set up by mutual agreement or that each party sets up the security for its own outgoing streams. </li></ul></ul><ul><li>simple one-to-many (multicast) </li></ul><ul><ul><li>real-time presentations, where the sender is in charge of setting up the security. </li></ul></ul><ul><li>many-to-many </li></ul><ul><ul><li>small-size interactive groups where each party may set up the security for its own outgoing media. </li></ul></ul><ul><ul><li>Initiator of the group acts as the group server </li></ul></ul>
    39. 42. Receiver Access Control <ul><li>Open access to distributed content on the Internet </li></ul><ul><li>Any host can join a group using IGMP </li></ul><ul><li>Security threats: </li></ul><ul><ul><li>DoS </li></ul></ul><ul><ul><ul><li>Resource exhaustion </li></ul></ul></ul><ul><ul><li>Eavesdropping </li></ul></ul><ul><ul><li>Theft of service </li></ul></ul><ul><li>Restrict access to multicast group </li></ul>
    40. 43. Receiver Access Control
    41. 44. Requirements <ul><li>Group Policy Specification Functions </li></ul><ul><ul><li>Group Owner specifies a group policy </li></ul></ul><ul><li>Access Request Functions </li></ul><ul><ul><li>Hosts requests permission to join a group </li></ul></ul><ul><li>Access Control Functions </li></ul><ul><ul><li>Receive host's request, authenticate and then authorize </li></ul></ul>
    42. 45. Proposed Solutions <ul><li>Hardjono and Cain[10]: </li></ul><ul><ul><li>Access tokens to members </li></ul></ul><ul><ul><li>Authorization through Access Control Lists (ACLs)-like tokens </li></ul></ul><ul><ul><li>Token included in join request to router </li></ul></ul><ul><ul><li>Router verifies that the access-token is in the token list </li></ul></ul><ul><li>Ballardie and Crowcroft[12]: </li></ul><ul><ul><li>Authorization servers that have ACLs distributed by an initiator </li></ul></ul><ul><ul><li>Host obtains an authorization stamp from server </li></ul></ul><ul><ul><li>Router forwards the join request to server for approval </li></ul></ul>
    43. 46. Solutions <ul><li>GOTHIC[9] </li></ul><ul><ul><li>Comprehensive architecture for group access control </li></ul></ul><ul><ul><li>Identity-based and time-limited capabilities </li></ul></ul><ul><ul><li>Host requests a capability from server and forwards it to router as part of join request </li></ul></ul><ul><ul><li>Router authenticates the host and verifies the capability before allowing access </li></ul></ul><ul><ul><li>Integrate group access control with group key management </li></ul></ul>
    44. 47. Conclusion <ul><li>Introduced multicast </li></ul><ul><li>Discussed Security Issues </li></ul><ul><li>Focus on core problem areas </li></ul><ul><li>Next seminar will focus on protocols and methods that will be incorporated into the Next Generation Internet like TESLA, MIKEY </li></ul>
    45. 48. References <ul><ul><li>Paul Judge, Mostafa Ammar, “Security Issues and Solutions in Multicast Content Distribution: A Survey,&quot; IEEE Network Magazine, 2003. </li></ul></ul><ul><ul><li>2. T. Hardjono and G. Tsudik, “IP Multicast Security: Issues and Directions''}, Annales de Telecom, July-August 2000, pp 324-340 </li></ul></ul><ul><ul><li>Use of TESLA in SRTP: Internet Draft: available at http://www.ietf.org/internet-drafts/draft-ietf-msec-srtp-tesla-03.txt </li></ul></ul><ul><ul><li>Y. Challal, H. Bettahar, A. Bouabdallah, A taxonomy of multicast data origin authentication: issues and solutions', IEEE Communications Surveys and Tutorials 6 (3) (2004) 34—57. </li></ul></ul><ul><ul><li>Perrig, A., Ran Canetti, Dawn Song, and Doug Tygar, Efficient and Secure Source Authentication for Multicast ', in Proceedings of Network and Distributed System Security Symposium NDSS 2001, February 2001. </li></ul></ul><ul><ul><li>R. Gennaro and P. Rohatgi, How to Sign Digital Streams ', LNCS, vol. 1294, 1997. </li></ul></ul>
    46. 49. References <ul><li>P. Judge, “Security and Protection Architectures for Large-Scale Content Distribution'', Ph.D. thesis, Georgia Tech, Atlanta, GA, Dec. 2002. </li></ul><ul><li>2. Sandro Rafaeli, David Hutchison, A survey of key management for secure group communication, ACM Comput. Surv. 35(3): 309-329 </li></ul><ul><li>3. M. Moyer, J. Rao, and P. Rohatgi, `A Survey of Security Issues in Multicast Communications, IEEE Network, vol. 13, Nov.-Dec. 1999, pp. 12-23. </li></ul><ul><li>The Multicast Security Architecture: (RFC 3740) available at: http://www.ietf.org/rfc/rfc3740.txt </li></ul><ul><li>MIKEY: Multimedia Internet KEYing (RFC 3830) available </li></ul><ul><li>at: http://www.ietf.org/rfc/rfc3830.txt </li></ul><ul><li>Multicast Security Group Key Management Architecture (RFC 4046) available at: http://www.ietf.org/rfc/rfc4046.txt </li></ul><ul><li>GSAKMP: available at http://www.ietf.org/internet-drafts/draft-ietf-msec-gsakmp-sec-10 .txt </li></ul><ul><li>P. Q. Judge and M. H. Ammar, “Gothic: Group Access Control Architecture for Secure Multicast and Anycast”, IEEE INFOCOM, July 2002. </li></ul><ul><li>2. T. Hardjono and B. Cain, “Key Establishment for IGMP Authentication in IP </li></ul><ul><li>Multicast'', IEEE ECUMN, CREF, Colmar, France, 2000. </li></ul><ul><li>3. A. Ballardie and J.Crowcroft, “Multicast-Specific Security Threats and Countermeasures'', Proc. ISOC Symp. Net. and Distrib. Sys. Sec., San Diego, CA, Feb. 1995, pp. 2-16. </li></ul>
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×