| Computer Science > Communications > Network Services Infrastructure > Secure Multicast |
|
Secure Multicast
The Internet today provides no support for privacy or authentication of multicast packet istribution. Multicast groups are open in the sense that any host can join a group, and in order to send atagrams to a multicast group, a sender need not even be a member of the group. However, an increasing number of applications such as pay-per-view distribution of digital media, restricted conferences and pay-per-use multi-party games will require secure multicast services in order to restrict group membership, enforce accountability of group members and authentication of data senders. In this context, our work has focused on three directions:
The model we are assuming in this work consists of a multicast group controller and clients which join the secure multicast group as senders, receivers or both. A controller is a trusted entity responsible for client registration and de-registration and key management and distribution. Multicast data is encrypted at the senders and decrypted by clients possessing the appropriate decryption keys. Clients wishing to join the secure multicast group, in addition to joining the IP multicast group using IGMP, have to contact the group controller to register and obtain all relevant keys. A major problem associated with the deployment of secure multicast delivery services is the scalability of the key distribution protocol. This is particularly true with regard to the handling of group membership changes, such as member departures and/or removals, which necessitate the distribution of a new session key to all the remaining group members. As the frequency of group membership changes increases, it becomes necessary to reduce the cost of key distribution operations. In our work we propose the use of batching of group membership changes to reduce the frequency, and hence the cost, of key re-distribution operations. We focus explicitly on the problem of cumulative member removal and propose an algorithm that minimizes the number of messages required to distribute new keys to the remaining group members. The algorithm is used in conjunction with a new multicast key management scheme which uses a set of auxiliary keys in order to improve scalability. The cumulative member removal algorithm uses Boolean function minimization techniques, and offers significant performance advantages in terms of message complexity. The following reference describes this work in more detail: "Key Management for Secure Internet
Multicast using Boolean Function Minimization Techniques," Isabella
Chang, Robert Engel, Dilip Kandlur, Dimitrios Pendarakis and Debanjan
Saha, Proceedings of IEEE INFOCOM'99, 21-25 March 1999 Toolkit for Secure Internet Multicast Our toolkit builds on the model described above and provides a middleware for developing applications that can send and receive multicast data with appropriate levels of authentication and confidentiality. It employs the key management and distribution scheme described above. The toolkit is based on the separation of data and control plane functions, which provides applications with fine grain control of the data path, while keeping the control plane as transparent to applications as possible. The toolkit has been prototyped in Java and has already been used to enhance several multicast applications with security features. Details about the toolkit can be found in
the IBM Research Report: Participation in IRTF Activities The Internet Research Task Force (IRTF) has established a working group on secure multicast. Our group has actively participated in the activities of the group. The following internet draft proposes an architecture for secure internet multicast. http://www.ietf.org/internet-drafts/draft-irtf-smug-sec-mcast-arch-00.txt |
[ IBM home page | Order | Search | ContactIBM | Legal ]