Abstract
Multicast is rapidly becoming an important mode of communication and a good platform for building group-oriented services. To be used for trusted communication, however, current multicast schemes must be supplemented by mechanisms for protecting traffic, controlling participation, and restricting access of unauthorized users to data exchanged by the participants. In this paper, we consider fundamental security issues in building a trusted multicast facility. We discuss techniques for group-based data encryption, authentication of participants, and preventing unauthorized transmissions and receptions. We also describe the application of these principles and techniques in designing an architecture for secure multicast in a mobile environment.
Similar content being viewed by others
References
M. Abadi and R.M. Needham, Prudent engineering practice for cryptographic protocols,Proc. IEEE Symp. on Research in Security and Privacy, Oakland, California (1994) pp. 122–136.
A.J. Ballardie, P. Francis and J. Crowcroft, Core based trees—An architecture for scalable inter-domain multicast routing,Proc. ACM SIGCOMM, San Francisco, California (1993) pp. 85–95. Published as ACM Comp. Commun. Rev. 23(4) (1993) 85–95.
S. Berkovits, How to broadcast a secret,Advances in Cryptology: Proc. Eurocrypt '91, Vol. 547 of Lecture Notes in Computer Science (Springer, New York, April 1991) pp. 535–541.
K.P. Birman and T.A. Joseph, Reliable communication in the presence of failures, ACM Trans. Comp. Syst. 5 (1) (1987) 47–76.
C. Blundo, A. De Santis, A. Herzberg, S. Kutten, U. Vaccaro and M. Yung, Perfectly-secure key distribution for dynamic conferences,Advances in Cryptology: Proc of Crypto '92, Vol. 740 of Lecture Notes in Computer Science (Springer, New York, 1992) pp. 471–486.
J.A. Bull, L. Gong and K.R. Sollins, Towards security in an open systems federation,Proc. European Symp. on Research in Computer Security, Vol. 648 of Lecture Notes in Computer Science (Springer, 1992) pp. 3–20.
D.R. Cheriton and W. Zwaenepoel, Distributed process groups in the V kernel. ACM Trans. Comp. Syst. 3 (2) (1985) 77–107.
W.R. Cheswick and S.M. Bellovin,Firewalls and Internet Security (Addison-Wesley, 1994).
G.H. Chiou and W.T. Chen, Secure broadcasting using secure lock, IEEE Trans. Software Eng. 15 (1989) 929–934.
M. de Prycker,Asynchronous Transfer Mode: Solution for Broadband ISDN (Ellis Horwood, New York, 2nd ed., 1993).
S. Deering, Host extensions for IP multicasting, Request for Comments 1112, Internet Network Working Group (1989).
S.E. Deering and D.R. Cheriton, Multicast routing in datagram internetworks and extended LANs, ACM Trans. Comp. Syst. 8 (2) (1990) 85–110.
L. Delgrossi, R.G. Herrtwich, F.O. Hoffman and S. Schaller, Receiver-initiated communication with ST-II, Preliminary version (1994).
W. Diffie and M.E. Hellman, Exhaustive cryptanalysis of the NBS data encryption standard. IEEE Comp. 10 (6) (1977) 74–84.
D. Estrin, J.C. Mogul and G. Tsudik, Visa protocols for controlling interorganizational datagram flow, IEEE J. Select. Areas Commun. 7 (1989) 486–498.
H.T. Kung et al., Secure short-cut routing for mobile IP,Proc. USENIX Summer Technical Conference, Boston, Massachusetts (1994).
The ATM Forum,User-Network Interface Specification (Version 3.0) (Prentice-Hall, New Jersey, 1993).
L. Gong, Efficient network authentication protocols: Lower bounds and optimal implementations, Technical Report SRI-CSL-94-15, Computer Science Laboratory, SRI International, Menlo Park, California (1994).
L. Gong, New protocols for third-party-based authentication and secure broadcast,Proc. 2nd ACM Conf. on Computer and Communications Security, Fairfax, Virginia (1994) pp. 176–183.
L. Gong and N. Shacham, Elements of trusted multicasting,Proc. IEEE Int. Conf. on Network Protocols, Boston, Massachusetts (1994), pp. 23–30. A preliminary version appeared as Technical Report SRI-CSL-94-03, Computer Science Laboratory, SRI International, Menlo Park, California (1994).
L. Gong and D. J. Wheeler, A matrix key distribution scheme, J. Cryptology 2 (2) (1990) 51–59.
G.H. Hardy and E.M. Wright,An Introduction to the Theory of Numbers (Oxford University Press, Oxford, England, 1979; first ed. 1938, fifth ed. 1979, reprinted (with corrections) 1983).
C. Huitema and B. Braden, Report of IAB workshop on security in the internet architecture, Internet draft, IAB (1994).
R.H. Katz, Adaptation and mobility in wireless information systems, IEEE Personal Commun. (First Quarter 1994) 6–17.
S.T. Kent, Internet privacy enhanced mail, Commun. ACM 36 (8) (1993) 48–59.
C.S. Laih, J.Y. Lee and L. Harn, A new threshold scheme and its application in designing the conference key distribution cryptosystem. Inf. Proc. Lett. 32 (1989) 95–99.
J. McLean, The specification and modeling of computer security, IEEE Comp. 23 (1) (1990), 9–16.
M. Minsky, A conversation with Marvin Minsky about agents, Commun. ACM 37 (7) (1994) 23–29. Interviewed by Doug Riecken.
B.C. Neuman and T. Ts'o, Kerberos: An authentication service for computer networks, IEEE Commun. 32 (9) (1994) 33–38.
C. Partridge, T. Mendez and W. Milliken, Host anycasting service, Request for Comments 1546, Internet Network Working Group (1993).
C.E. Perkins and P. Bhagwat, A mobile networking system based on internet protocol, IEEE Personal Commun. (First Quarter 1994) 32–41.
B. Preneel, Cryptographic hash functions, European Trans. Telecom. 5 (1994) 431–448.
M. Reiter, A secure group membership protocol,Proc. IEEE Symp. on Research in Security and Privacy, Oakland, California (1994) pp. 176–189.
M. Reiter, Secure agreement protocols: Reliable and atomic group multicast in rampart,Proc. 2nd ACM Conf. on Computer and Communications Security, Fairfax, Virginia (1994) pp. 68–80.
M. Reiter, K. Birman and L. Gong, Integrating security in a group-oriented distributed system,Proc. IEEE Symp. on Research in Security and Privacy, Oakland, California (1992) pp. 18–32. Also available as TR92-1269, Department of Computer Science, Cornell University.
M. Reiter and L. Gong, Preventing denial and forgery of causal relationships in distributed systems,Proc. IEEE Symp. on Research in Security and Privacy, Oakland, California (1993) pp. 30–40.
R.L. Rivest, A. Shamir and L. Adleman, A method for obtaining digital signatures and public-key cryptosystems, Commun. ACM 21 (2) (1978) 120–126.
N. Shacham, Multicast routing of hierarchical data,Proc. Int. Conf. on Communications, Chicago, Illinois (1992).
A. Shamir, How to share a secret, Commun. ACM 22 (1979) 612–613.
W.A. Simpson, IP mobility support, Draft 4, IETF Network Working Group (1994).
C. Topolocic, Experimental internet stream protocol, Version 2 (ST-II), Request for Comments 1190, Internet Activities Board (1990).
Data Encryption Standard, (U.S.) National Bureau of Standards, (U.S.) Federal Information Processing Standards Publication, FIPSPUB46 (1977).
V.L. Voydock and S.T. Kent, Security mechanisms in high-level network protocols. ACM Comp. Surveys 15 (1983) 135–171.
Author information
Authors and Affiliations
Rights and permissions
About this article
Cite this article
Gong, L., Shacham, N. Multicast security and its extension to a mobile environment. Wireless Netw 1, 281–295 (1995). https://doi.org/10.1007/BF01200847
Issue Date:
DOI: https://doi.org/10.1007/BF01200847