1 / 20

Multicast Security

Multicast Security. Issues and Solutions. Outline. Explain multicast and its applications Show why security is needed Discuss current security implementations Explain the different ways of doing multicast Go in-depth into key management. What is Multicast?. Unicast

virgo
Télécharger la présentation

Multicast Security

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Multicast Security Issues and Solutions

  2. Outline • Explain multicast and its applications • Show why security is needed • Discuss current security implementations • Explain the different ways of doing multicast • Go in-depth into key management

  3. What is Multicast? • Unicast • One-to-one communication • Broadcast • One-to-all communication • Multicast • One-to-many communication • Many-to-many communication

  4. Applications of Multicast • Online chat groups • Streaming video/audio • Videoconferencing • Multiplayer games

  5. Need for Security • Protecting trade secrets • Confidential chat • Government use • Pay-per-view • Online auctions

  6. Why Security is Hard • Open group membership • Anyone can view or insert data into group • Everyone gets same packets • No individualization or customization • Senders need not be members • Can’t control information that goes to the group

  7. Security Solutions • Authentication (senders and receivers) • Identify the members of the group • Access control (senders and receivers) • Restrict membership • Restrict who can send data • Key management • Provide confidentiality and integrity • Fingerprinting • Make each receiver’s data unique

  8. IP vs. Application-Layer Multicast • IP Multicast • Network supported • Minimum traffic • Least control over access • Application-Layer Multicast • More versatile (no network support required) • Full control over the group • More network overhead

  9. Group Key Management • Basic schemes • GKMP, SMKD • Hierarchical schemes • Iolus, Logical Key Hierarchy • Batch schemes • MARKS • Trade-off schemes • CVA, HySOR

  10. Basic Key Distribution • Single group key • Pair-wise distribution • Slow • Non-scalable

  11. Hierarchical Key Distribution • Logical groups • Central management • Tree structure • Isolation of keying • Node hierarchies • Sub-group managers

  12. Batch Rekeying • Reduce rekey operations • Less overhead • Sacrifice forward/backward secrecy

  13. New Approach • No group key • Arbitrary message key • Personal keys for each node • Key encryption keys

  14. New Approach • Extreme hierarchical case • Sub-group size of 1 • Rekey isolation • Take advantage of inherent topology

  15. How it Works • Certificates • Personal keys • Message keys • Join/Leave operations

  16. Advantages • Highly scalable • Fast rekey operations • Low message overhead

  17. Remaining Issues • Vulnerable to Denial of Service • Performance dependent on the overlay topology

  18. Takeaway Points • Wide range of applications • Many require security • Current approaches are insufficient • Need a usable key management scheme

  19. Resources • http://www.cs.virginia.edu/~mngroup • http://www.securemulticast.org/

  20. References • Paul Judge and Mostafa Ammar, Security Issues and Solutions in Multicast Content Distribution: A Survey, IEEE Network. January/February 2003. • Germano Caronni, M.W., Dan Sun, Bernhard Plattner, Efficient Security for Large and Dynamic Multicast Groups. in IEEE 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, (1998). • Guang-Huei Chiou, W.-T.C. Secure Broadcasting Using the Secure Lock. IEEE Transactions on Software Engineering, 15 (8). • Suvo Mittra Iolus: A Framework for Scalable Secure Multicasting, Proceedings of the ACM SIGCOMM '97. September 1997.

More Related