Advertisement
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting
Participant Access Control in IP Multicasting

Check these out next

authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)
Azad Kaki
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
Omer Coskun
Squire Technologies: Class 4 Softswitch
Squire Technologies: Class 4 Softswitch
Squire Technologies
IoT Communication Protocols
IoT Communication Protocols
Pradeep Kumar TS
MQTT 5 - What's New?
MQTT 5 - What's New?
Dominik Obermaier
Assaulting diameter IPX network
Assaulting diameter IPX network
Alexandre De Oliveira
Having Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security Analysis
Bangladesh Network Operators Group
Ip sec and ssl
Ip sec and ssl
Mohd Arif
1 of 26

Participant Access Control in IP Multicasting

Nov. 3, 2015
Download to read offline
Internet

Participant Access Control in IP Multicasting

Bangladesh Network Operators Group
bdNOG
Advertisement
Advertisement
Advertisement

Recommended

KRACK attackKRACK attack
KRACK attackVadimDavydov3305 views27 slides
Cracking wpa2 psk in the cloudCracking wpa2 psk in the cloud
Cracking wpa2 psk in the cloudFotios Lindiakos5.1K views16 slides
4G LTE Security - What hackers know?4G LTE Security - What hackers know?
4G LTE Security - What hackers know?Stephen Kho6.1K views29 slides
Exploring LTE security and protocol exploits with open source software and lo...Exploring LTE security and protocol exploits with open source software and lo...
Exploring LTE security and protocol exploits with open source software and lo...EC-Council2.1K views50 slides
On her majesty's secret service - GRX and a Spy AgencyOn her majesty's secret service - GRX and a Spy Agency
On her majesty's secret service - GRX and a Spy AgencyStephen Kho4.8K views58 slides
Hallowed be thy packets by Paul CogginHallowed be thy packets by Paul Coggin
Hallowed be thy packets by Paul CogginEC-Council709 views22 slides

More Related Content

Slideshows for you(20)

authentication and access control(http://4knet.ir)authentication and access control(http://4knet.ir)
authentication and access control(http://4knet.ir)
Azad Kaki83 views
InfiltrateCon 2016 - Why Nation-State Hack Telco NetworksInfiltrateCon 2016 - Why Nation-State Hack Telco Networks
InfiltrateCon 2016 - Why Nation-State Hack Telco Networks
Omer Coskun1.4K views
Squire Technologies: Class 4 SoftswitchSquire Technologies: Class 4 Softswitch
Squire Technologies: Class 4 Softswitch
Squire Technologies514 views
IoT Communication ProtocolsIoT Communication Protocols
IoT Communication Protocols
Pradeep Kumar TS16.7K views
MQTT 5 - What's New?MQTT 5 - What's New?
MQTT 5 - What's New?
Dominik Obermaier3.5K views
Assaulting diameter IPX networkAssaulting diameter IPX network
Assaulting diameter IPX network
Alexandre De Oliveira3.4K views
Having Honeypot for Better Network Security AnalysisHaving Honeypot for Better Network Security Analysis
Having Honeypot for Better Network Security Analysis
Bangladesh Network Operators Group255 views
Ip sec and sslIp sec and ssl
Ip sec and ssl
Mohd Arif2.3K views
Securing Internet of Things with Trustworthy ComputingSecuring Internet of Things with Trustworthy Computing
Securing Internet of Things with Trustworthy Computing
The Security of Things Forum492 views
7 palo alto security zones & interfaces concepts7 palo alto security zones & interfaces concepts
7 palo alto security zones & interfaces concepts
Mostafa El Lathy514 views
Fortinet FortiOS 5 PresentationFortinet FortiOS 5 Presentation
Fortinet FortiOS 5 Presentation
NCS Computech Ltd.7.6K views
MANRS for Network Operators - bdNOG12MANRS for Network Operators - bdNOG12
MANRS for Network Operators - bdNOG12
Bangladesh Network Operators Group281 views
802.11 mgt-opern802.11 mgt-opern
802.11 mgt-opern
akruthi k815 views
Advanced: 5G Service Based Architecture (SBA)Advanced: 5G Service Based Architecture (SBA)
Advanced: 5G Service Based Architecture (SBA)
3G4G57K views
Cisco Router As A Vpn ServerCisco Router As A Vpn Server
Cisco Router As A Vpn Server
mmoizuddin14.1K views
Information Security Lesson 7 - Remote Access - Eric VanderburgInformation Security Lesson 7 - Remote Access - Eric Vanderburg
Information Security Lesson 7 - Remote Access - Eric Vanderburg
Eric Vanderburg642 views
Network Monitoring SystemNetwork Monitoring System
Network Monitoring System
Rofiq Fauzi2.9K views
IS Unit 8_IP Security and Email SecurityIS Unit 8_IP Security and Email Security
IS Unit 8_IP Security and Email Security
Sarthak Patel774 views
Igmp presentationIgmp presentation
Igmp presentation
SamreenAkhtar8172 views
User location tracking attacks for LTE networks using the Interworking Functi...User location tracking attacks for LTE networks using the Interworking Functi...
User location tracking attacks for LTE networks using the Interworking Functi...
Siddharth Rao3.3K views

Viewers also liked(20)

Securing Asterisk: A practical approachSecuring Asterisk: A practical approach
Securing Asterisk: A practical approach
Bangladesh Network Operators Group1.5K views
Internet Governance: Why does it matter to Bangladesh?Internet Governance: Why does it matter to Bangladesh?
Internet Governance: Why does it matter to Bangladesh?
Bangladesh Network Operators Group829 views
Practical Implementation of BGP Community with GeotagsPractical Implementation of BGP Community with Geotags
Practical Implementation of BGP Community with Geotags
Bangladesh Network Operators Group901 views
RPKI with rpki.net ToolsRPKI with rpki.net Tools
RPKI with rpki.net Tools
Bangladesh Network Operators Group1.2K views
APNIC Policy Update APNIC Policy Update
APNIC Policy Update
Bangladesh Network Operators Group847 views
Shikkhok.com, An ISIF awarded project Shikkhok.com, An ISIF awarded project
Shikkhok.com, An ISIF awarded project
Bangladesh Network Operators Group979 views
APNIC Services Update APNIC Services Update
APNIC Services Update
Bangladesh Network Operators Group596 views
Traffic Engineering for CDNs Traffic Engineering for CDNs
Traffic Engineering for CDNs
Bangladesh Network Operators Group2.6K views
Monetizing 4G LTE : How we make money out of LTEMonetizing 4G LTE : How we make money out of LTE
Monetizing 4G LTE : How we make money out of LTE
Bangladesh Network Operators Group1.3K views
RPKI Deployment Status in Bangladesh RPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
Bangladesh Network Operators Group844 views
Prefix Filtering BCP Prefix Filtering BCP
Prefix Filtering BCP
Bangladesh Network Operators Group808 views
IPv6 Greenfield IPv6 Greenfield
IPv6 Greenfield
Bangladesh Network Operators Group658 views
How Internet is Empowering Women in Bangladesh How Internet is Empowering Women in Bangladesh
How Internet is Empowering Women in Bangladesh
Bangladesh Network Operators Group1.3K views
Cyber security Awareness: In perspective of Bangladesh Cyber security Awareness: In perspective of Bangladesh
Cyber security Awareness: In perspective of Bangladesh
Bangladesh Network Operators Group4K views
Discovering and Participating at ICANNDiscovering and Participating at ICANN
Discovering and Participating at ICANN
Bangladesh Network Operators Group525 views
Good Peering Practices Good Peering Practices
Good Peering Practices
Bangladesh Network Operators Group1.1K views
Launch a Successful LTE Footprints in BangladeshLaunch a Successful LTE Footprints in Bangladesh
Launch a Successful LTE Footprints in Bangladesh
Bangladesh Network Operators Group1K views
Building REN in BD Building REN in BD
Building REN in BD
Bangladesh Network Operators Group533 views
Resource Public Key Infrastructure (RPKI) Resource Public Key Infrastructure (RPKI)
Resource Public Key Infrastructure (RPKI)
Bangladesh Network Operators Group774 views
Cloud Computing Using OpenStack Cloud Computing Using OpenStack
Cloud Computing Using OpenStack
Bangladesh Network Operators Group8K views
Advertisement

Similar to Participant Access Control in IP Multicasting (20)

PLNOG 9: Piotr Wojciechowski - Multicast Security PLNOG 9: Piotr Wojciechowski - Multicast Security
PLNOG 9: Piotr Wojciechowski - Multicast Security
PROIDEA16 views
Using open source for IoTUsing open source for IoT
Using open source for IoT
Ian Skerrett8.8K views
Protocol for QoS Support Chapter 18Protocol for QoS Support Chapter 18
Protocol for QoS Support Chapter 18
daniel ayalew580 views
Pristine rina-security-icc-2016Pristine rina-security-icc-2016
Pristine rina-security-icc-2016
ICT PRISTINE1.7K views
New world IP traffic, new dimensions for Diameter managementNew world IP traffic, new dimensions for Diameter management
New world IP traffic, new dimensions for Diameter management
Innovation Assured273 views
Rina converged network operator - etsi workshopRina converged network operator - etsi workshop
Rina converged network operator - etsi workshop
ARCFIRE ICT726 views
New world IP traffic, new dimensions for Diameter managementNew world IP traffic, new dimensions for Diameter management
New world IP traffic, new dimensions for Diameter management
Innovation Assured380 views
Chapter04Chapter04
Chapter04
Muhammad Ahad407 views
Edge Device Multi-unicasting for Video StreamingEdge Device Multi-unicasting for Video Streaming
Edge Device Multi-unicasting for Video Streaming
Tal Lavian Ph.D.483 views
ICC Networking Link Series unified controller solutionICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solution
International Communications Corporation206 views
ICC Networking Link Series unified controller solutionICC Networking Link Series unified controller solution
ICC Networking Link Series unified controller solution
International Communications Corporation239 views
OPC UA Connectivity with InduSoft and the OPC FoundationOPC UA Connectivity with InduSoft and the OPC Foundation
OPC UA Connectivity with InduSoft and the OPC Foundation
AVEVA12.4K views
Using ICN to simplify data delivery, mobility management and secure transmissionUsing ICN to simplify data delivery, mobility management and secure transmission
Using ICN to simplify data delivery, mobility management and secure transmission
ITU463 views
Squire Technologies: Signal Transfer PointSquire Technologies: Signal Transfer Point
Squire Technologies: Signal Transfer Point
Squire Technologies613 views
Create New Value for You - Huawei Agile NetworkCreate New Value for You - Huawei Agile Network
Create New Value for You - Huawei Agile Network
Huawei Enterprise Hong Kong3K views
LTE network: How it all comes together architecture technical posterLTE network: How it all comes together architecture technical poster
LTE network: How it all comes together architecture technical poster
David Swift2.8K views
PLNOG 4: Emil Gągała - Deploying Next-Generation Multicast VPNPLNOG 4: Emil Gągała - Deploying Next-Generation Multicast VPN
PLNOG 4: Emil Gągała - Deploying Next-Generation Multicast VPN
PROIDEA63 views
Diameter_Apr2014.pptxDiameter_Apr2014.pptx
Diameter_Apr2014.pptx
LaCorrientedelGolfo4 views
Design and Deployment of Enterprise WLANsDesign and Deployment of Enterprise WLANs
Design and Deployment of Enterprise WLANs
Fab Fusaro54 views
FIWARE Global Summit - Introduction to LoRa Alliance and TechnologyFIWARE Global Summit - Introduction to LoRa Alliance and Technology
FIWARE Global Summit - Introduction to LoRa Alliance and Technology
FIWARE579 views

More from Bangladesh Network Operators Group(20)

IPv6 Deployment in South Asia 2022IPv6 Deployment in South Asia 2022
IPv6 Deployment in South Asia 2022
Bangladesh Network Operators Group38 views
Introduction to Software Defined Networking (SDN)Introduction to Software Defined Networking (SDN)
Introduction to Software Defined Networking (SDN)
Bangladesh Network Operators Group81 views
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
Bangladesh Network Operators Group37 views
An Overview about open UDP ServicesAn Overview about open UDP Services
An Overview about open UDP Services
Bangladesh Network Operators Group208 views
12 Years in DNS Security As a Defender12 Years in DNS Security As a Defender
12 Years in DNS Security As a Defender
Bangladesh Network Operators Group93 views
Contents Localization Initiatives to get better User ExperienceContents Localization Initiatives to get better User Experience
Contents Localization Initiatives to get better User Experience
Bangladesh Network Operators Group62 views
BdNOG-20220625-MT-v6.0.pptxBdNOG-20220625-MT-v6.0.pptx
BdNOG-20220625-MT-v6.0.pptx
Bangladesh Network Operators Group67 views
Route Leak Prevension with BGP CommunityRoute Leak Prevension with BGP Community
Route Leak Prevension with BGP Community
Bangladesh Network Operators Group94 views
Tale of a New Bangladeshi NIXTale of a New Bangladeshi NIX
Tale of a New Bangladeshi NIX
Bangladesh Network Operators Group67 views
MANRS for Network OperatorsMANRS for Network Operators
MANRS for Network Operators
Bangladesh Network Operators Group42 views
Re-define network visibility for capacity planning & forecasting with GrafanaRe-define network visibility for capacity planning & forecasting with Grafana
Re-define network visibility for capacity planning & forecasting with Grafana
Bangladesh Network Operators Group84 views
RPKI ROA updatesRPKI ROA updates
RPKI ROA updates
Bangladesh Network Operators Group19 views
Blockchain DemystifiedBlockchain Demystified
Blockchain Demystified
Bangladesh Network Operators Group72 views
Measuring the Internet Economy: How Networks Create ValueMeasuring the Internet Economy: How Networks Create Value
Measuring the Internet Economy: How Networks Create Value
Bangladesh Network Operators Group256 views
RPKI Deployment Status in BangladeshRPKI Deployment Status in Bangladesh
RPKI Deployment Status in Bangladesh
Bangladesh Network Operators Group151 views
Route Origin Validation - A MANRS ApproachRoute Origin Validation - A MANRS Approach
Route Origin Validation - A MANRS Approach
Bangladesh Network Operators Group157 views
31, Get more from your IPv4 resources31, Get more from your IPv4 resources
31, Get more from your IPv4 resources
Bangladesh Network Operators Group3.1K views
The Post Covid-19 Cybersecurity World - Where Is It Headed?The Post Covid-19 Cybersecurity World - Where Is It Headed?
The Post Covid-19 Cybersecurity World - Where Is It Headed?
Bangladesh Network Operators Group144 views
Secured Internet Gateway for ISP with pfsense & FRRSecured Internet Gateway for ISP with pfsense & FRR
Secured Internet Gateway for ISP with pfsense & FRR
Bangladesh Network Operators Group503 views
EVPN IntroductionEVPN Introduction
EVPN Introduction
Bangladesh Network Operators Group698 views
Advertisement

Recently uploaded(20)

poker-ba-la-w88poker-ba-la-w88
poker-ba-la-w88
w88 hey0 views
Layer_arc_and_OSI_MODEL.pptLayer_arc_and_OSI_MODEL.ppt
Layer_arc_and_OSI_MODEL.ppt
BeniamTekeste1 view
thai-sicbo-deluxe-w88thai-sicbo-deluxe-w88
thai-sicbo-deluxe-w88
w88 hey2 views
Anushkabhattacharya_21PGDMBHU014.pdfAnushkabhattacharya_21PGDMBHU014.pdf
Anushkabhattacharya_21PGDMBHU014.pdf
SoumyajitKarmakar72 views
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
How to Build Interoperable Decentralized Identity Systems with OpenID for Ver...
Torsten Lodderstedt0 views
activities.docxactivities.docx
activities.docx
erikagonzalez4841722 views
From Sitting to Energising. Where do you want to Be?From Sitting to Energising. Where do you want to Be?
From Sitting to Energising. Where do you want to Be?
CSUC - Consorci de Serveis Universitaris de Catalunya12 views
How to Choose Between Ecommerce and an Online MarketplaceHow to Choose Between Ecommerce and an Online Marketplace
How to Choose Between Ecommerce and an Online Marketplace
NdimensionLabs10 views
tro-choi-bach-tuoc-w88.pdftro-choi-bach-tuoc-w88.pdf
tro-choi-bach-tuoc-w88.pdf
w88 hey4 views
Speedtest by Ookla - The Global Broadband Speed Test.pdfSpeedtest by Ookla - The Global Broadband Speed Test.pdf
Speedtest by Ookla - The Global Broadband Speed Test.pdf
EncikAbdulAzimBinAbR2 views
Overview of Connected World.pptxOverview of Connected World.pptx
Overview of Connected World.pptx
AnoldKathoKamu2 views
Doc 2.docxDoc 2.docx
Doc 2.docx
maxmishra23 views
Personal Finance AppPersonal Finance App
Personal Finance App
Prasanna Hegde2 views
GSC20_Session8_Security_Laura_ISOIEC.pptxGSC20_Session8_Security_Laura_ISOIEC.pptx
GSC20_Session8_Security_Laura_ISOIEC.pptx
Olajide Kuku1 view
punto-banco-w88punto-banco-w88
punto-banco-w88
w88 hey0 views
ChE 3113_L4.pdfChE 3113_L4.pdf
ChE 3113_L4.pdf
RayanSajib10 views
Network Development in the GÉANT ProjectNetwork Development in the GÉANT Project
Network Development in the GÉANT Project
CSUC - Consorci de Serveis Universitaris de Catalunya12 views
International Conference on Network ProtocolsInternational Conference on Network Protocols
International Conference on Network Protocols
NetworkAwards6 views
Web5 - Open to Build - Block-TBDWeb5 - Open to Build - Block-TBD
Web5 - Open to Build - Block-TBD
SSIMeetup0 views
Hybrid App Development.pdfHybrid App Development.pdf
Hybrid App Development.pdf
Sanjaysharma9946542 views

Participant Access Control in IP Multicasting

  1. Participant Access Control in IP Multicasting Salekul Islam (salekul@cse.uiu.ac.bd) United International University (UIU) Dhaka, Bangladesh
  2. Outline of the presentation 24-May-14 Participant Access Control in IP Multicasting 2 Sender Access Control PANA, IKEv2 and IPsec SA Receiver Access Control IGMP with Access Control (IGMP-AC) PIM-SM Routers build the data distribution tree IGMP End hosts join/leave a multicast group IP Multicast Secure Multicast: Protects multicast data and control messages. Why it fails to provide access control? Access Control Architecture Access Control: Authentication, Authorization & Accounting Participant: Receivers & Sender(s)
  3. Protocols Involved in IP Multicast •  Internet Group Management Protocol (IGMP) o  IGMPv3 has been standardized by the IETF o  End hosts inform the neighboring router(s) about the multicast group memberships using IGMP o  Two types of messages: Query and Report •  Protocol Independent Multicast - Sparse Mode (PIM-SM) o  Depends on underlying unicast routing information base o  Builds unidirectional shared trees o  Optionally creates shortest-path trees per source. 24-May-14 Participant Access Control in IP Multicasting 3
  4. IGMP Query Message 24-May-14 Participant Access Control in IP Multicasting 4 Querier Query Message Directly connected Access Router (AR) AR AR CR
  5. IGMP Report Message 24-May-14 Participant Access Control in IP Multicasting 5 Querier Directly connected Access Router (AR) AR AR CR Receiver 1 Receiver 2 Report Messages
  6. IP Multicast Service Model 24-May-14 Participant Access Control in IP Multicasting 6 AR1 AR2 AR3CR3 Sender Receivers End Users Routing Protocol (PIM-SM) Builds DDT IGMP Messages User Joins/Leaves Sends multicast data Data forwarding using DDT CR1 CR2 CR3 DDT: Data Distribution Tree
  7. Multicast-based Applications 24-May-14 Participant Access Control in IP Multicasting 7 Number of Participants Applications One-to-many (single sender multiple receivers) • Scheduled audio/video distribution • Push media: news headlines, weather updates • File distribution and caching • Announcements: multicast session, key updates • Monitoring: stock prices, sensor equipment Many-to-many (multiple senders multiple receivers) • Multimedia conferencing • Synchronized resources • Distance learning with input from receivers • Multi-player games Many-to-one (multiple senders single receivers) • Resource discovery • Auctions • Polling
  8. Multicast Service Model: Vulnerabilities 24-May-14 Participant Access Control in IP Multicasting 8 AR1 AR2 AR3CR3 Sender Receivers End Users CR1 CR2 CR3 AR4 AR1 IGMP Join Routing Protocol Join Adversary Receiver Forged data Adversary Sender IP multicast model: • Multicast groups are open • Any one can join any one can send
  9. Motivation: Revenue Generation Architecture •  Secure Multicasting is composed of o  Protecting control messages—routing protocol specific (secured IGMP and PIM-SM) o  Protecting multicast data—encryption and authentication (IETF standardized TESLA ) •  Significant progress of securing multicasting fails to happen in large scale commercial deployment •  A revenue generation architecture considers o  Participant access control—AAA for sender(s) and receivers o  Policy enforcement o  E-commerce communications 24-May-14 Participant Access Control in IP Multicasting 9
  10. Why Access Control? •  Effects of forged IGMP messages o  Join message pulls distribution tree, may create DoS o  Leave message prunes distribution tree, prevents legitimate users from receiving o  IGMP security—only authenticates IGMP messages •  Attacks by a forged sender o  Replay attack o  Sender address spoofing attack o  May create DoS •  Secure Multicast (Group Key Management) fails to prevent these attacks 24-May-14 Participant Access Control in IP Multicasting 10
  11. How to deploy access control? •  Receiver access control for a secured group o  While joining/leaving o  Changing reception state at ARs •  Sender access control for a secured group o  Sending data 24-May-14 Participant Access Control in IP Multicasting 11 Coupling access control with IGMP Per-packet cryptographic protection at AR
  12. Sender Access Control •  AAA for sender(s) •  Per-packet protection Data Distribution Control •  Protects distribution tree from forged sender •  Not routing protocol security Receiver Access Control •  AAA for receivers/EUs Overview of Access Control Architecture 24-May-14 Participant Access Control in IP Multicasting 12 AR1 AR2 AR3CR3 CR1 CR2 Sender Receivers EUs
  13. Unicast Access Control and Authentication •  Access Control is achieved by AAA framework o  RADIUS—older version, with limited functionalities o  Diameter—next generation AAA protocol •  Extensible •  Large AVP •  Agent support •  For authentication IETF has designed o  Extensible Authentication Protocol (EAP) o  Protocol for carrying Authentication for Network Access (PANA)—EAP lower layer 24-May-14 Participant Access Control in IP Multicasting 13
  14. Authentication, Authorization and Accounting (AAA) Framework 24-May-14 Participant Access Control in IP Multicasting 14 AAA protocol AAA Server Authentication Authorization Accounting NAS AAA Client End User Network End User Database Requesting access to network EU credentials Accept Access is granted NAS: Network Access Server
  15. Extensible Authentication Protocol (EAP) 24-May-14 Participant Access Control in IP Multicasting 15 EAP Request1 EAP Response1 EAP Request2 EAP ResponseN Diameter (EAP ResponseN) Diameter (EAP Success) EAP Success NAS/ EAP Authenticator AAA Server EAP Server EAP Diameter (EAP) End User EAP Peer §  EAP summary -  Authentication framework -  Multiple authentication -  EAP methods -  Four EAP messages Request, Response Success, Failure (Initiate EAP) By peer or authenticator Authenticator to peer Peer to authenticator Diameter (EAP Response1) Diameter (EAP Request2) Encapsulated over Diameter
  16. Key Challenges for Access Control •  The most generic architecture o  Deployable for multi-domain distributed groups o  Supports wide range of authentication o  Independent of routing protocol o  Supports both ASM and SSM •  A scalable solution o  Minimum workload for on-tree routers and end hosts o  A distributed solution (e.g., using AAA) •  Reuse standard frameworks/protocols o  Fits easily in the existing Internet service model o  Will reduce the work of service providers 24-May-14 Participant Access Control in IP Multicasting 16
  17. Out of the scope NAS NAS Access Control Architecture 24-May-14 Participant Access Control in IP Multicasting 17 AR1 AR2 AR3CR3 CR1 CR2 Sender End Users AAAS Participants Database & Policy Server Updates Registration GO/MR FI Diameter IGMP Carrying EU auth. info
  18. NAS Receiver Access Control using IGMP-AC 24-May-14 Participant Access Control in IP Multicasting 18 AR1 AR2 AR3 CR1 CR2 CR3 End Users Sender IGMP-AC (EAP) IGMP with Access Control (IGMP-AC) •  Extended version of IGMPv3 •  Encapsulates EAP packets •  Verification using SPIN •  Validation using AVISPA AAA ServerParticipants Database Diameter (EAP)
  19. EAP auth End User Authentication using Extensible Authentication Protocol (EAP) 24-May-14 Participant Access Control in IP Multicasting 19 EAP method EAP peer EAP layer IGMP-AC Lower layers EAP peer IGMP-AC EAP layer Lower layers EAP auth EAP layer AAA/IP EAP method EAP auth EAP layer AAA/IP EU/ Peer AR/Authenticator/NAS AAA Server EAP Encapsulation over IGMP-AC
  20. Protocol for carrying Authentication for Network Access (PANA) 24-May-14 Participant Access Control in IP Multicasting 20 PaC (EU) PAA (NAS/AR) AS (AAAS) EP (AR) SNMP/ API PANA RADIUS/ Diameter IKE PaC : PANA Client AS : Authentication Server EP : Enforcement Point PAA : PANA Authentication Agent §  PANA summary -  Network access protocol -  Works as EAP lower layer -  Four entities: PaC, PAA, AS, EP
  21. Sender Access Control 24-May-14 Participant Access Control in IP Multicasting 21 AR1 AR2 AR3 CR1 CR2 CR3 PANA (EAP) AAA Server End User Sender IKEv2 IPsec SA NAS IKE-pre- shared-Key 1. Anti-replay 2. Prevents source address spoofing 3. Minimizes DoS AAA-Key PaC-EP- Master-Key IKE-pre- Shared-Key
  22. More about access control in multicast •  This is a brief description of our work in this area •  What else we have done? o  Policy framework o  Inter-domain access control architecture based on Diameter agents o  Data distribution control using multicast SA o  Mobile multicast: receiver access control & secured handoff 24-May-14 Participant Access Control in IP Multicasting 22
  23. Conclusion: Present status •  A set of Internet Drafts have been written and presented to bring our ideas at the IETF o  J. William Atwood, Salekul Islam and Bing Li “Requirements for IP Multicast Receiver Access Control”, IETF Internet Draft, draft-atwood-mboned-mrac-req-00, 2014. o  J. William Atwood, Bing Li and Salekul Islam “Architecture for IP Multicast Receiver Access Control”, IETF Internet Draft, draft-atwood-mboned-mrac-arch-00, 2014. 24-May-14 Participant Access Control in IP Multicasting 23
  24. Other Publications 1.  Salekul Islam and J. William Atwood, "Sender Access and Data Distribution Control for Inter-domain Multicast Groups", Computer Networks, Vol. 54, No. 10, 2010, pp. 1646-1671. 2.  Salekul Islam and J. William Atwood, "Multicast Receiver Access Control by IGMP-AC", Computer Networks, Vol. 53, No. 7, 2009, pp. 989-1013. 3.  Salekul Islam and J. William Atwood, "Multicast Security", in Horizons in Computer Science Research Vol. 2. Thomas S. Clay (ed.), Nova Publishers. 2011, pp. 127-149. 4.  Salekul Islam, "Participant Access Control in IP Multicasting", VDM Verlag, Nov. 2009. 5.  S. Islam and J.W. Atwood, "Receiver Access Control and Secured Handoff in Mobile Multicast using IGMP-AC", submitted to 33rd IEEE Conference on Local Computer Networks. 6.  S. Islam and J.W. Atwood, "Sender Access Control in IP Multicast", in 32nd IEEE Conference on Local Computer Networks, Dublin, Ireland, 2007 October 15-18, pp. 79-86. 7.  S. Islam and J.W. Atwood, "A Policy Framework for Multicast Group Control", in IEEE CCNC--Workshop on Peer-to-Peer Multicasting, Las Vegas, NV, 2007 January 11, pp. 1103-1107. 8.  S. Islam and J.W. Atwood, "The Internet Group Management Protocol with Access Control (IGMP-AC) ", in 31st IEEE Conference on Local Computer Networks, Tampa, Florida, U.S.A., 2006 November 14-16, pp. 475-482. 9.  S. Islam and J.W. Atwood, "A Framework to Add AAA Functionalities in IP Multicast'', in Advanced International Conference on Telecommunications (AICT'06), Guadeloupe, French Caribbean, 2006 February 19-22. 24-May-14 Participant Access Control in IP Multicasting 24
  25. Project Funding •  FQRNT (Quebec Provincial Govt’s fund) o  Doctoral Research Scholarship •  NSERC (Canada Govt’s fund) o  Discovery Grant •  Concordia University 24-May-14 Participant Access Control in IP Multicasting 25
  26. Contact •  Dr. Salekul Islam UIU, Bangladesh Email: salekul@cse.uiu.ac.bd •  Dr. J. William Atwood Concordia University, Canada Email: william.atwood@concordia.ca 24-May-14 Participant Access Control in IP Multicasting 26
Advertisement