Secure multicast conferencing Peter Kirstein, Ian Brown and Edmund Whelan University College London IDC’99, Madrid 23 Sept...
<ul><li>Video </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL Multicast conferencing involves... Audio Shared whiteb...
<ul><li>Confidentiality: only authorised conference members can access conference data </li></ul><ul><li>Integrity: you ca...
<ul><li>Each link is secured using a standard communications security protocol: IPSEC, SSL/TLS, SSH </li></ul><ul><li>Extr...
<ul><li>Multicast doesn’t fit the “point-to-point” model of current security protocols </li></ul><ul><li>There is no stand...
<ul><li>Use Real-time Transport Protocol (RTP) to send data </li></ul><ul><li>Users announce conferences and invite users ...
<ul><li>RTP allows data to be encrypted with DES - implemented in UCL’s tools </li></ul><ul><li>We want to move to IPSEC t...
<ul><li>Now standardised by IETF (RFC 2411) </li></ul><ul><li>Provides network-layer protection for all packets sent betwe...
<ul><li>The Internet Key Exchange (IKE) allows two hosts to negotiate security parameters for an IPSEC connection </li></u...
<ul><li>We use secure session invitations to distribute security parameters </li></ul><ul><li>Sent using secure SAP, SIP, ...
<ul><li>Session descriptions are stored on a secure Web server </li></ul><ul><li>Authorised conference members can retriev...
<ul><li>Users don’t like having to remember many long passphrases </li></ul><ul><li>Mobile users need access to keys from ...
<ul><li>In-network code can reduce bandwidth requirements, convert between coding schemes, provide multicast connectivity,...
<ul><li>You can give proxies the session keys needed for them to access and process data </li></ul><ul><li>We are developi...
<ul><li>Multicast conference data can be secured at the network or application layer </li></ul><ul><li>Until multicast key...
Upcoming SlideShare
Loading in …5
×

Secure Multicast Conferencing

1,857 views

Published on

Presented in Madrid, 1999

Published in: Business, Technology
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,857
On SlideShare
0
From Embeds
0
Number of Embeds
12
Actions
Shares
0
Downloads
17
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide
  • 2
  • Secure Multicast Conferencing

    1. 1. Secure multicast conferencing Peter Kirstein, Ian Brown and Edmund Whelan University College London IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL
    2. 2. <ul><li>Video </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL Multicast conferencing involves... Audio Shared whiteboard
    3. 3. <ul><li>Confidentiality: only authorised conference members can access conference data </li></ul><ul><li>Integrity: you can be sure data has not been altered in transit </li></ul><ul><li>Authentication: of conference announcers and participants </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL Security provides...
    4. 4. <ul><li>Each link is secured using a standard communications security protocol: IPSEC, SSL/TLS, SSH </li></ul><ul><li>Extremely wasteful of bandwidth </li></ul><ul><li>Multipoint control units are security risks </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL Point-to-point conferencing security is easy...
    5. 5. <ul><li>Multicast doesn’t fit the “point-to-point” model of current security protocols </li></ul><ul><li>There is no standard method of sharing keys between group members </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL But multicast is more tricky...
    6. 6. <ul><li>Use Real-time Transport Protocol (RTP) to send data </li></ul><ul><li>Users announce conferences and invite users by sending a session invitation via e-mail, the Session Announcement or Session Invitation Protocols </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL Insecure conferences
    7. 7. <ul><li>RTP allows data to be encrypted with DES - implemented in UCL’s tools </li></ul><ul><li>We want to move to IPSEC to remove need for cryptographic code in applications and take advantage of its wide range of ciphersuites and protocol and implementation security </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL Secure transport
    8. 8. <ul><li>Now standardised by IETF (RFC 2411) </li></ul><ul><li>Provides network-layer protection for all packets sent between compatible machines </li></ul><ul><li>Not yet finished for multicast </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL IP security extensions
    9. 9. <ul><li>The Internet Key Exchange (IKE) allows two hosts to negotiate security parameters for an IPSEC connection </li></ul><ul><li>But multicast IKE is much harder, and being investigated by the IRTF </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL Key distribution problem
    10. 10. <ul><li>We use secure session invitations to distribute security parameters </li></ul><ul><li>Sent using secure SAP, SIP, or e-mail (S/MIME) or retrieved via the World Wide Web (TLS) </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL Conferencing solution
    11. 11. <ul><li>Session descriptions are stored on a secure Web server </li></ul><ul><li>Authorised conference members can retrieve descriptions over a TLS link </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL Web distribution
    12. 12. <ul><li>Users don’t like having to remember many long passphrases </li></ul><ul><li>Mobile users need access to keys from many different systems </li></ul><ul><li>Software keys are vulnerable to theft </li></ul><ul><li>Smartcards alleviate all these problems </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL Smartcards
    13. 13. <ul><li>In-network code can reduce bandwidth requirements, convert between coding schemes, provide multicast connectivity, etc. etc. </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL Active services
    14. 14. <ul><li>You can give proxies the session keys needed for them to access and process data </li></ul><ul><li>We are developing proxies that can work without this security risk </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL Processing encrypted data
    15. 15. <ul><li>Multicast conference data can be secured at the network or application layer </li></ul><ul><li>Until multicast key distribution is standardised, lightweight methods based on session descriptions can be used </li></ul><ul><li>New techniques are needed to allow in-network processing of encrypted data </li></ul>IDC’99, Madrid 23 Sept. 1999 Ian Brown, UCL Conclusions

    ×