Zueyong Zhu† and J. William Atwood‡

Slides:



Advertisements
Similar presentations
Push Technology Humie Leung Annabelle Huo. Introduction Push technology is a set of technologies used to send information to a client without the client.
Advertisements

CPSC Network Layer4-1 IP addresses: how to get one? Q: How does a host get IP address? r hard-coded by system admin in a file m Windows: control-panel->network->configuration-
Transitioning to IPv6 April 15,2005 Presented By: Richard Moore PBS Enterprise Technology.
Multicast on the Internet CSE April 2015.
© 2007 Cisco Systems, Inc. All rights reserved.Cisco Public ITE PC v4.0 Chapter 1 1 Addressing the Network – IPv4 Network Fundamentals – Chapter 6.
1 Internet Protocol Version 6 (IPv6) What the caterpillar calls the end of the world, nature calls a butterfly. - Anonymous.
Network Layer IPv6 Slides were original prepared by Dr. Tatsuya Suda.
Modelling and Analysing of Security Protocol: Lecture 10 Anonymity: Systems.
Multicast Fundamentals n The communication ways of the hosts n IP multicast n Application level multicast.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
Slide Set 15: IP Multicast. In this set What is multicasting ? Issues related to IP Multicast Section 4.4.
1 Spring Semester 2007, Dept. of Computer Science, Technion Internet Networking recitation #13 Web Caching Protocols ICP, CARP.
Design of Efficient and Secure Multiple Wireless Mesh Network Speaker: Hsien-Pang Tsai Teacher: Kai-Wei Ke Date: 2005/06/28.
1 IP Multicasting. 2 IP Multicasting: Motivation Problem: Want to deliver a packet from a source to multiple receivers Applications: –Streaming of Continuous.
EE689 Lecture 12 Review of last lecture Multicast basics.
Study of the Relationship between Peer-to-Peer Systems and IP Multicasting T. Oh-ishi, K. Sakai, K. Kikuma, and A. Kurokawa NTT Network Service Systems.
1 Name Directory Service based on MAODV and Multicast DNS for IPv6 MANET Jaehoon Jeong, ETRI VTC 2004.
Multicast Communication
Multicast Networking 2 References Multicast Networking and Applications Miller, C. Kenneth Addison-Wesley, 1999 Computer Networking:
© J. Liebeherr, All rights reserved 1 IP Multicasting.
CSE679: Multicast and Multimedia r Basics r Addressing r Routing r Hierarchical multicast r QoS multicast.
Chapter Overview TCP/IP Protocols IP Addressing.
Host Identity Protocol
Group Management n Introduction n Internet Group Management Protocol (IGMP) n Multicast Listener Discovery (MLD) protocol.
Study of the Relationship between Peer to Peer Systems and IP Multicasting From IEEE Communication Magazine January 2003 學號 :M 姓名 : 邱 秀 純.
A Policy Framework for Multicast Group Control Salekul Islam and J. William Atwood Concordia University Department of Computer Science and Software Engineering.
© Janice Regan, CMPT 128, CMPT 371 Data Communications and Networking Multicast routing.
Multicast Routing Protocols NETE0514 Presented by Dr.Apichan Kanjanavapastit.
CSC 600 Internetworking with TCP/IP Unit 8: IP Multicasting (Ch. 17) Dr. Cheer-Sun Yang Spring 2001.
Linux+ Guide to Linux Certification, Second Edition Chapter 14 Network Configuration.
Group Communications at Concordia J. William Atwood High Speed Protocols Laboratory Concordia University Montreal, Quebec, Canada.
Chapter 22 Network Layer: Delivery, Forwarding, and Routing Part 5 Multicasting protocol.
Security Issues in PIM-SM Link-local Messages J.W. Atwood, Salekul Islam {bill, Department.
TOMA: A Viable Solution for Large- Scale Multicast Service Support Li Lao, Jun-Hong Cui, and Mario Gerla UCLA and University of Connecticut Networking.
© J. Liebeherr, All rights reserved 1 Multicast Routing.
CSC 600 Internetworking with TCP/IP Unit 7: IPv6 (ch. 33) Dr. Cheer-Sun Yang Spring 2001.
© J. Liebeherr, All rights reserved 1 IP Multicasting.
Network Layer4-1 Chapter 4 roadmap 4.1 Introduction and Network Service Models 4.2 Routing Principles 4.3 Hierarchical Routing 4.4 The Internet (IP) Protocol.
1 IP Multicasting Relates to Lab 10. It covers IP multicasting, including multicast addressing, IGMP, and multicast routing.
4: Network Layer4-1 Chapter 4: Network Layer Last time: r Internet routing protocols m RIP m OSPF m IGRP m BGP r Router architectures r IPv6 Today: r IPv6.
Chapter 21 Multicast Routing
SEMINAR ON IP SPOOFING. IP spoofing is the creation of IP packets using forged (spoofed) source IP address. In the April 1989, AT & T Bell a lab was among.
Admission Control in IP Multicast over Heterogeneous Access Networks
Multicasting EECS June Multicast One-to-many, many-to-many communications Applications: – Teleconferencing – Database – Distributed computing.
1 Group Communications: Host Group and IGMP Dr. Rocky K. C. Chang 19 March, 2002.
Ethernet Packet Filtering - Part1 Øyvind Holmeide Jean-Frédéric Gauvin 05/06/2014 by.
1 CMPT 471 Networking II Multicasting © Janice Regan,
VPNs & IPsec Dr. X Slides adopted by Prof. William Enck, NCSU.
TRANSPORT LAYER BY, Parthasarathy.g.
Chapter 16 – Networking Outline 16.1 Introduction
Virtual Private Networks
Building Distributed Educational Applications using P2P
Multicast Outline Multicast Introduction and Motivation DVRMP.
Routing BY, P.B.SHANMATHI.
Internet and Intranet.
Internet Networking recitation #12
Internet and Intranet.
What’s “Inside” a Router?
Multicast Outline Homework #4 - posted later today, due in one week
Routing and Switching Essentials v6.0
Overlay Networking Overview.
Network Virtualization
Chapter 10 IGMP Prof. Choong Seon HONG.
Internet and Intranet.
The University of Adelaide, School of Computer Science
IP Multicast COSC /5/2019.
EE 122: Lecture 13 (IP Multicast Routing)
Internet and Intranet.
Computer Networks Protocols
Multicasting Unicast.
Presentation transcript:

Zueyong Zhu† and J. William Atwood‡ Workshop on Peer-to-Peer Multicasting IEEE CCNC 2007 A Secure Multicast Model for Peer-to-Peer and Access Networks Using the Host Identity Protocol Zueyong Zhu† and J. William Atwood‡ †University of Science and Technology of China ‡Concordia University, Montreal, Canada

Secure Multicast Using HIP Contents Introduction Motivation HIP Architecture Multicast Architectures Group Identification System Operation Validation Conclusion 2007/01/11 Secure Multicast Using HIP

Introduction Figure 1: Present IP Multicast Architecture IGMP Message Keep Membership Information Determine Best Path to Forward Data Multicast Routing Messages Transmit Data AR CR AR Receiver Sender CR AR Receiver Figure 1: Present IP Multicast Architecture 2007/01/11 Secure Multicast Using HIP

Secure Multicast Using HIP Motivation Some applications need per-instance charging Not enough demand for multicast yet, to do this in native multicast Application Layer Multicast, Overlay Multicast Although general solutions may come, it is worthwhile to look at specific cases Two examples xDSL Collaboration 2007/01/11 Secure Multicast Using HIP

Secure Multicast Using HIP xDSL DSLAN <-> user is on a separate physical path Unicast gives same performance We gain: Authentication Secure access Potential for accounting (revenue generation) 2007/01/11 Secure Multicast Using HIP

Wide Area Collaboration Strong need for authentication and authorization No need for accounting No revenue generation No benefit from multicast data transmission Overlay (p2p) multicasting is appropriate 2007/01/11 Secure Multicast Using HIP

No native multicast support When there is no native multicast support, we must use overlay or p2p 2007/01/11 Secure Multicast Using HIP

Host Identity Protocol Internet has two name spaces (Fully Qualified) Domain Name IP Address Role as locator Role as end-point identifier HIP separates these two roles Host Identifier (public key, end-point id) Host Identity Tag (128-bit hash, fixed-size end-point id) 32-bit version exists for IPv4 environments IP address continues to serve as locator 2007/01/11 Secure Multicast Using HIP

Host Identity Protocol ..2 Authenticate participant hosts Establish limited relationship of trust Four-packet Exchange Initial packet (I1) 3-packet Diffie-Hellman exchange (I2, R1, R2) 2007/01/11 Secure Multicast Using HIP

Multicast Architectures Overlay Multicast Among participants Independent of topology All at application layer Native Multicast Routers do it all Source-based tree Shared tree Agents Packet duplication Tree Management Key Management Authenticate group members Collect accounting information 2007/01/11 Secure Multicast Using HIP

Secure Multicast Using HIP Our Cases P2P HIP allows establishment of trust (security association) between the two unicast-linked nodes Use any convenient tree-construction algorithm DSLAN Unicast path Host is initiator Multicast Agent is on the DSLAN Authentication via HIP 2007/01/11 Secure Multicast Using HIP

Secure Multicast Using HIP Advantages The security provided by HIP is just what we need Use of a Multicast Agent improves control in DSLAN 2007/01/11 Secure Multicast Using HIP

Secure Multicast Using HIP New Architecture Two-layer architecture (or n-layer) New interactions No need for IGMP or PIM-SM Absolute control of membership 2007/01/11 Secure Multicast Using HIP

Secure Multicast Using HIP New Architecture HIP Forward protocol Group Receivers R Source Local Server Receiver Local Server Group Source S Multicast Agent Group’s Root HIP Responder HIP Initiator to S HIP Responder to R host 2007/01/11 Secure Multicast Using HIP

Secure Multicast Using HIP Identifying the Group Need a Group Identifier Structured identically to the Host Identifier and Host Identifier Tag: Group Identifier and Group Identifier Tag Extend I1 and R2 to carry the GIT I2 and R1 do not need to be changed 2007/01/11 Secure Multicast Using HIP

Secure Multicast Using HIP System Operation Join Start HIP with your initiator (group receiver or MA) Initiators join tree and receive multicast traffic Responder joins tree or forwards to source Leave Add “leaving request” parameter to HIP exchange Create Add “create request” parameter to HIP exchange Two levels are independent 2007/01/11 Secure Multicast Using HIP

An example of application R15 ISP 2 Local Server Group1 Receiver R16 ISP 1 Group1 Receiver R11 R12 R13 R21 R23 Group2 Receiver R22 R14 ISP A ISP B R26 R25 Group2 Receiver R24 Group2 Source S22 S21 S12 Group1 Source S11 Internet Local network Multicast Agent Group2’s Root HIP Responder Group1’s Root HIP Initiator to S HIP Responder to R host 17

Constructing Multicast Distribution Trees xDSL: One level of HIP-based control---MA joins the “native” multicast tree It is “trusted”, or native tree must be secure multicast Two-layer needs multiple unicast transmissions, or “snooping” in the network Can be extended to n-layer in the total absence of network support for multicast 2007/01/11 Secure Multicast Using HIP

Validation of the Model PROMELA + SPIN + Embeded C-code 32 receivers (Initiators) Some Intruders 2 Downstream MAs 1 Upstream MA 2 Senders Some routers 2007/01/11 Secure Multicast Using HIP

Secure Multicast Using HIP Results No assertion violation No invalid end-state No unreachable state No real, valid or successful attack Embeded C-code to test file transfer and simple encryption Load not too great Transfer is delayed, but not invalidated 2007/01/11 Secure Multicast Using HIP

Conclusion and future work Two new specialized architectures for multicast access control One for peer-to-peer networks One for xDSL environments Formal validation of its operation Future goals: Incorporate into the global system that we are building 2007/01/11 Secure Multicast Using HIP

Secure Multicast Using HIP For more information High Speed Protocols Laboratory of Concordia University is doing extensive research on IP multicast, http://users.encs.concordia.ca/~bill/hspl/ For questions and comments: zhuxy@ustc.edu.cn bill@cse.concordia.ca 2007/01/11 Secure Multicast Using HIP

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.