Multicast Security Issues and Solutions
Outline Explain multicast and its applications Show why security is needed Discuss current security implementations Explain the different ways of doing multicast Go in-depth into key management
What is Multicast? Unicast One-to-one communication Broadcast One-to-all communication Multicast One-to-many communication Many-to-many communication
Applications of Multicast Online chat groups Streaming video/audio Videoconferencing Multiplayer games
Need for Security Protecting trade secrets Confidential chat Government use Pay-per-view Online auctions
Why Security is Hard Open group membership Anyone can view or insert data into group Everyone gets same packets No individualization or customization Senders need not be members Can’t control information that goes to the group
Security Solutions Authentication (senders and receivers) Identify the members of the group Access control (senders and receivers) Restrict membership Restrict who can send data Key management Provide confidentiality and integrity Fingerprinting Make each receiver’s data unique
IP vs. Application-Layer Multicast IP Multicast Network supported Minimum traffic Least control over access Application-Layer Multicast More versatile (no network support required) Full control over the group More network overhead
Group Key Management Basic schemes GKMP, SMKD Hierarchical schemes Iolus, Logical Key Hierarchy Batch schemes MARKS Trade-off schemes CVA, HySOR
Basic Key Distribution Single group key Pair-wise distribution Slow Non-scalable
Hierarchical Key Distribution Logical groups Central management Tree structure Isolation of keying Node hierarchies Sub-group managers
Batch Rekeying Reduce rekey operations Less overhead Sacrifice forward/backward secrecy
New Approach No group key Arbitrary message key Personal keys for each node Key encryption keys
New Approach Extreme hierarchical case Sub-group size of 1 Rekey isolation Take advantage of inherent topology
How it Works Certificates Personal keys Message keys Join/Leave operations
Advantages Highly scalable Fast rekey operations Low message overhead
Remaining Issues Vulnerable to Denial of Service Performance dependent on the overlay topology
Takeaway Points Wide range of applications Many require security Current approaches are insufficient Need a usable key management scheme
Resources
References Paul Judge and Mostafa Ammar, Security Issues and Solutions in Multicast Content Distribution: A Survey, IEEE Network. January/February Germano Caronni, M.W., Dan Sun, Bernhard Plattner, Efficient Security for Large and Dynamic Multicast Groups. in IEEE 7th Workshop on Enabling Technologies: Infrastructure for Collaborative Enterprises, (1998). Guang-Huei Chiou, W.-T.C. Secure Broadcasting Using the Secure Lock. IEEE Transactions on Software Engineering, 15 (8). Suvo Mittra Iolus: A Framework for Scalable Secure Multicasting, Proceedings of the ACM SIGCOMM '97. September 1997.