Presentation is loading. Please wait.

Presentation is loading. Please wait.

Multicast Security May 10, 2004 Sam Irvine Andy Nguyen.

Published by Modified over 9 years ago

Similar presentations

Presentation on theme: "Multicast Security May 10, 2004 Sam Irvine Andy Nguyen."— Presentation transcript:

1 Multicast Security May 10, 2004 Sam Irvine Andy Nguyen

2 Multicast Overview Bandwidth-conserving technology that reduces traffic by simultaneously delivering a single stream of information to thousands of recipients (multicast group) Applications include video-conferencing, streaming audio, sending out stock quotes, etc. Scalable reliability, flow control, congestion control, security are all active areas of research

3 Security Objectives Usual suspects: –Authentication How do we authenticate members within the multicast group? –Confidentiality –Integrity –Exclusivity

4 Multicast Security Inherently more susceptible to attack –Many more opportunities and points for interception of traffic and attacks –Attacks affect many systems –Usually multicast address is well-known –Possible for attacker to pose as one of the many possible systems in the multicast group Solutions must be scalable and address the dynamic nature of membership

5 Unicast versus Multicast Security Security association defines a set of keying material in order to setup a secure link between two systems in a unicast protocol –Membership remains static throughout the session In multicast, the security association is among many people –Membership is dynamic throughout the session

6 Dynamic Membership Must ensure that a member is only allowed to participate when it is authorized to do so New members must not be able to access old multicast data (joins) Old members must not be able to access new multicast data (leaves) Multicast security protocol must be prepared to change the keying material on each and every join to insure integrity How do we do key management for dynamic security associations?

7 Key management solutions Centralized group key management protocols Decentralized Architectures –Management divided into subgroups Distributed Key Management protocols –No explicit key distribution center, members themselves handle key generation

8 Centralized Key Management Example Canetti et al. use one way function trees in conjunction with pseudo-random generators Each user holds log(n+1) keys Issuing a new keys takes log(n) sends

9 Group Creation kk1k01k0k10k11k00 u1 u2 u3 u4 {k00,k01,k0,k10,k11,k1,k} {k,k0,k00,k01} {k,k0,k00} {k,k0,k01}{k,k1,k10} {k,k1,k10,k01} {k,k1,k11} k is the shared key

10 kk1k01k0k10k11k00 u1 u2 u3 u4 Revoke u1's access k is the shared key for the multicast group

11 Revoke u1's access kk1k01k0k10k11k00 u1 u2 u3 u4 Generate k', k0'

12 Revoke u1's access kk1k01k0k10k11k00 u1 u2 u3 u4 {k'}:k1

13 Revoke u1's access kk1k01k0k10k11k00 u1 u2 u3 u4 {k'}:k1

14 Revoke u1's access kk1k01k0k10k11k00 u1 u2 u3 u4 {k', k0'}:k01

15 Revoke u1's access kk1k01k0k10k11k00 u1 u2 u3 u4 {k', k0'}:k01

16 Decentralized Architectures Example Iolus –Splits a large group into small subgroups –Group Security Controller at the top, Group security intermediaries manage subgroups –In order to update key for leaves, must send out new key encrypted with everyone’s secret key. Size of message is O(n) –Data path affected when sending out data (Translating data between groups)

17 Distributed key management Group Diffie-Hellman Key Exchange –N rounds, single key Distributed Logical Key Hierarchy –log(n) rounds –log(n) keys

18 Distributed Logical Key Hierarchy m2m3m4m1 m1 and m2 agree on key k12 m3 and m4 agree on key k34

19 Key (12),(34) m2m3m4m1 (m1,m2) and (m3,m4) agree on key k (12),(34) k12k34

20 Digital Signatures –RSA,DSA, Elliptic Curve –Very expensive to compute for each message Message Authentication Codes (MAC) –Given a shared key K, a positive integer L and a one way function F Compute F L (K + message), where F 0 (X) = F(X) F L (X) = F(F L-1 (X)) Message authentication

21 MAC exclusivity –If all receivers have the MAC key, than any receiver can fake a message Solution –Generate a set of m keys –Distribute n < m of the keys randomly to each receiver –Sender knows all m keys

22 Message authentication Solution (cont) –Sender computes m MACs and sends them with the message –Receivers verify the MAC for each of their known n keys –Senders cannot independently create all m MACs without collusion –Randomness prevents intentional collusion

23 Message authentication Sets of keys can reduce MAC length overhead –Use previous scheme with 1 alteration: MACs map to a single bit –Can arbitrarily forge a MAC with 1/2 m probability –Receivers can forge a MAC with 1/(2 m-n ) probability

24 What haven't we talked about Routing table security –Unauthenticated clients cannot change the routing topology –Can legitimate clients affect routing tables?

25 Differing multicast requirements 1-N multicasting –1 Sender, N receivers M-N multicast –M senders transmit to N receivers N-N full duplex communication –Any member can communicate to any other member

Download ppt "Multicast Security May 10, 2004 Sam Irvine Andy Nguyen."

Similar presentations

A Survey of Key Management for Secure Group Communications Celia Li.

A Survey of Key Management for Secure Group Communications Celia Li.
1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang

1 Efficient Self-Healing Group Key Distribution with Revocation Capability by Donggang Liu, Peng Ning, Kun Sun Presented by Haihui Huang
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5.3 Group Key Distribution Acknowledgment: Slides on.
TLS. 14.1 Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.

TLS Introduction 14.2 TLS Record Protocol 14.3 TLS Handshake Protocol 14.4 Summary.
Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, 2010. ICWCSC 2010. International.

Efficient Public Key Infrastructure Implementation in Wireless Sensor Networks Wireless Communication and Sensor Computing, ICWCSC International.
1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.

1 Network Security Outline Encryption Algorithms Authentication Protocols Message Integrity Protocols Key Distribution Firewalls.
Digital Signatures and Hash Functions. Digital Signatures.

Digital Signatures and Hash Functions. Digital Signatures.
Presentation By: Garrett Lund Paper By: Sandro Rafaeli and David Hutchison.

Presentation By: Garrett Lund Paper By: Sandro Rafaeli and David Hutchison.
Fall, 2011 - Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.

Fall, Privacy&Security - Virginia Tech – Computer Science Click to edit Master title style A Survey on Decentralized Group Key Management Schemes.
Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.

Computer Science Dr. Peng NingCSC 774 Adv. Net. Security1 CSC 774 Advanced Network Security Topic 5 Group Key Management.
1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.

1 Digital Signatures & Authentication Protocols. 2 Digital Signatures have looked at message authentication –but does not address issues of lack of trust.
Optimal Communication Complexity of Generic Multicast Key Distribution Saurabh Panjwani UC San Diego (Joint Work with Daniele Micciancio)

Optimal Communication Complexity of Generic Multicast Key Distribution Saurabh Panjwani UC San Diego (Joint Work with Daniele Micciancio)
 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.

 Authorization via symmetric crypto  Key exchange o Using asymmetric crypto o Using symmetric crypto with KDC  KDC shares a key with every participant.
Public Key Algorithms …….. RAIT M. Chatterjee.

Public Key Algorithms …….. RAIT M. Chatterjee.
Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Feb 25, 2003Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.

Secure Multicast Xun Kang. Content Why need secure Multicast? Secure Group Communications Using Key Graphs Batch Update of Key Trees Reliable Group Rekeying.
8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.

8-1 What is network security? Confidentiality: only sender, intended receiver should “understand” message contents m sender encrypts message m receiver.
بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.

بسم الله الرحمن الرحيم NETWORK SECURITY Done By: Saad Al-Shahrani Saeed Al-Smazarkah May 2006.
Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.

Mar 5, 2002Mårten Trolin1 Previous lecture More on hash functions Digital signatures Message Authentication Codes Padding.
Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Security Internet Management & Security 06 Learning outcomes At the end of this session, you should be able to: –Describe the reasons for having system.

Similar presentations

Ads by Google