Abstract
As multicast applications are deployed for mainstream use, the need to secure multicast communications will become critical. Multicast, however, does not fit the point-to-point model of most network security protocols which were designed with unicast communications in mind. As we will show, securing multicast (or group) communications is fundamentally different from securing unicast (or paired) communications. In turn, these differences can result in scalability problems for many typical applications.In this paper, we examine and model the differences between unicast and multicast security and then propose Iolus: a novel framework for scalable secure multicasting. Protocols based on Iolus can be used to achieve a variety of security objectives and may be used either to directly secure multicast communications or to provide a separate group key management service to other "security-aware" applications. We describe the architecture and operation of Iolus in detail and also describe our experience with a protocol based on the Iolus framework.
- 1 T. Ballardie, P. Francis, and J. Crowcrof~. Core Based Trees: An Architecture for Scalable Inter-Domain Multicast Routing. In Proceedings of the A GM SIGGOMM '93, San FYancisco, September 1993.]] Google ScholarDigital Library
- 2 T. Ballardie and J. Crowcroft. Multicast-specific security threats and counter-measures. In Proceedings of the Symposium on Network and Distributed System Security, San Diego, California, February 1995.]] Google ScholarDigital Library
- 3 T. Ballardie. Scalable Multicast Key Distribution. HFC 1949, May 1996.]] Google ScholarDigital Library
- 4 S. Berkovits. How to Broadcast a Secret. In Advances in Cryptology; Proceedings of CRYPTO '91, Lecture Notes in Computer Science 576, Springer-Verlag, Berlin, 1991.]]Google Scholar
- 5 M. Burmester and Y. Desmedt. A Secure and Efficient Conference Key Distribution System. In Advances in Cryptology: Proceedings of Ct~YPTO '94, Lecture Notes in Computer Science 839, Springer-Verlag, Berlin, 1994.]]Google Scholar
- 6 G.H. Chiou and W.T. Chen. Secure Broadcasting Using the Secure Lock. IEEE Transactions on Software Engineering, 15(8)'929-934, August 1989.]] Google ScholarDigital Library
- 7 S.E. Deering. Multicast Routing in Internetworks and Extended LANs. In Proceedings of the A CM SIGCOMM '85, Stanford, California, August 1988.]] Google ScholarDigital Library
- 8 S.E. Deering. Host Extensions .for IP Multicasting. RFC 1112, August 1989.]] Google ScholarDigital Library
- 9 S.E. Deering. Multicast Routing in a Datagram {nternetworks, Ph.D. Thesis, Stanford University, December 1991.]] Google ScholarDigital Library
- 10 S.E. Deering, D. Estrin, D. Farinacci, V. Jacobsen, L. Ching- Gung, and L. Wei, An Architecture for Wide-Area Multicasting. In Proceedings o.f the A CM SIGCOMM '94, London, September 1994.]] Google ScholarDigital Library
- 11 W. Diffie and M.E. Hellman. New Directions in Cryptography. IEEE Transactions on Information Theory, 22(6):644- 654, November 1976.]]Google ScholarDigital Library
- 12 S. Floyd, V. Jacobson, C. Liu, S. McCanne, and L. Zhang. A Reliable Multicast Framework for Light-Weight Sessions and Application Level Framing. in Proceedings of the A CM $IGCOMM '95, Boston, August 1995.]] Google ScholarDigital Library
- 13 L. Gong and N. Shacham. Multicast Security and its extension to a mobile environment. A CM-Baltzer Journal of Wireless Networks, 1(3):281-295, October 1995.]] Google ScholarDigital Library
- 14 N. Hailer and R. Atkinson. On Internet Authentication. RFC 1704, October 1994.]] Google ScholarDigital Library
- 15 H. Harney, C. Muckenhirn, and T. Rivers. Group Key Management Protocol (GIfMP) Architecture. Internet Draft, September 1994.]] Google ScholarDigital Library
- 16 H. Harney, C. Muckenhirn, and T. Rivers. Group Key Management Protocol (GKMP) Specification. Internet Draft, September 1994.]] Google ScholarDigital Library
- 17 H.W. Holbrook, S.K. Singhal, and D.R. Cheriton. Log-Based Receiver-Reliable Multicast for Distributed Interactive Simulation. In Proceedings of the A CM SIGGOMAf '95, Cambridge, Massachusetts, August 1995.]] Google ScholarDigital Library
- 18 i. Ingemarsson, D. Tang, and C. Wong. A Conference Key Distribution System. IEEE Transactions on Information Theory, 28(5):714-720, September 1982.]]Google ScholarCross Ref
- 19 J.B. Lacy, D.P. Mitchell, and W.M. Schell. CryptoLib: Cryptography in Software. In Proceedings of the USENIX UNIX Security Symposium IV, Santa Clara, California, October 1993.]]Google Scholar
- 20 S. McCanne and V. Jacobsen. vic: A Flexible Framework for Packet Video. In Proceedings of the A CM Multimedia '95, San Francisco, November 1995.]] Google ScholarDigital Library
- 21 National Bureau of Standards, U.S. Department of Commerce. Data Encryption Standard. FIPS Pub 46, Washington, D.C., January 1977.]]Google Scholar
- 22 C. Partridge, T. Mendez, and W. Milliken. Host Anycasting Service. RFC 1546, November 1993.]] Google ScholarDigital Library
- 23 R.L. Rivest. The MD5 Message-Digest Algorithm. RFC 1321, April 1992.]] Google ScholarDigital Library
- 24 M. Steiner, G. Tsudik, and M. Waidner. Diffie-Hellman Key Distribution Extended to Group Communication. In Proceedings of the 3rd A CM Conference on Computer and Communications Security, New Delhi, March 1996.]] Google ScholarDigital Library
- 25 L.C.N. Tseung. Guaranteed, Reliable, Secure Broadcast Networks. IEEE Network Magazine, 6(3), November 1989.]]Google Scholar
Index Terms
- Iolus: a framework for scalable secure multicasting
Recommendations
Iolus: a framework for scalable secure multicasting
SIGCOMM '97: Proceedings of the ACM SIGCOMM '97 conference on Applications, technologies, architectures, and protocols for computer communicationAs multicast applications are deployed for mainstream use, the need to secure multicast communications will become critical. Multicast, however, does not fit the point-to-point model of most network security protocols which were designed with unicast ...
Evaluating TCP-friendliness in light of Concurrent Multipath Transfer
In prior work, a CMT protocol using SCTP multihoming (termed SCTP-based CMT) was proposed and investigated for improving application throughput. SCTP-based CMT was studied in (bottleneck-independent) wired networking scenarios with ns-2 simulations. ...
TCP CERL: congestion control enhancement over wireless networks
In this paper, we propose and verify a modified version of TCP Reno that we call TCP Congestion Control Enhancement for Random Loss (CERL). We compare the performance of TCP CERL, using simulations conducted in ns-2, to the following other TCP variants: ...
Comments