Presentation is loading. Please wait.

Presentation is loading. Please wait.

A Policy Framework for Multicast Group Control Salekul Islam and J. William Atwood Concordia University Department of Computer Science and Software Engineering.

Published byGeraldine Benson Modified over 9 years ago

Similar presentations

Presentation on theme: "A Policy Framework for Multicast Group Control Salekul Islam and J. William Atwood Concordia University Department of Computer Science and Software Engineering."— Presentation transcript:

1 A Policy Framework for Multicast Group Control Salekul Islam and J. William Atwood Concordia University Department of Computer Science and Software Engineering Montreal, Quebec, Canada Workshop on Peer-to-Peer Multicasting IEEE CCNC 2007

2 2007/01/11A Policy Framework for Multicast Group Control2 Contents  Introduction  Control policy for popular multicast applications  Related work  Proposed policy framework  Policy specification example in XACML  Conclusion

3 2007/01/11A Policy Framework for Multicast Group Control3 Introduction Transmit Data Sender Receiver IGMP Message Keep Membership Information Determine Best Path to Forward Data Multicast Routing Messages Figure 1: Present IP Multicast Architecture AR CR

4 2007/01/11A Policy Framework for Multicast Group Control4 Motivation  In multicasting – anonymity of the senders and receivers  Classical model – any one can send or receive  Advantage of multicast – bandwidth conservation  Network Service Providers (NSP) can generate significant revenue by deploying multicast  The reality is  Multicast based applications are not in place  Network Service Providers (NSP) are not supporting multicast

5 2007/01/11A Policy Framework for Multicast Group Control5 How to break the cycle?  Lack of control over multicast groups  NSPs and Content Providers: no simple mechanism to get revenue  To establish a revenue stream from end users:  Add AAA functionalities to present multicast model  Access Router will act as Network Access Server (NAS)  IGMP must carry end user authentication data

6 2007/01/11A Policy Framework for Multicast Group Control6 Internet Group Management Protocol with Access Control (IGMP-AC)  Is based on IGMPv3  Supports “source filtering”  Supports different types of authentications  Access control is optional  Does not disrupt usual IGMPv3  Adds least functionality and minimal workload  Sends authentication data a minimal number of times Figure 2: The IGMP-AC architecture IGMP-AC Diameter

7 2007/01/11A Policy Framework for Multicast Group Control7 Multicast Group Security Policy  Policy—a set of rules that dictates a system  Security policy—conditions to be satisfied to access the components of a system  Multicast group security policy—rules for elements of a group  Two categories  Access control policy: deals with member authentication, join, leave, billing, etc.  Data policy: deals with data integrity and authentication, key management, etc.  This paper—a policy framework for multicast access control policy

8 2007/01/11A Policy Framework for Multicast Group Control8 Multicast Control Policy for Different Applications  Multicast access control policy is composed of  Authentication policy—straight-forward  Authorization and accounting policy—hard to specify  Multicast applications are divided into  One-to-Many (1toM): single sender multiple receivers  Many-to-many (MtoM): multiple receivers and senders

9 2007/01/11A Policy Framework for Multicast Group Control9 One-to-Many (1toM) Applications  Audio/video streaming  Internet TV Authentication during joining Authorized for any channel any time or subscribed to a specific program on a time slot Accounting policy based on subscription  Distance learning Class lectures are multicast Only a registered student can access Authorization is simple, no accounting policy  Push media :News and weather updates, sports scores  Non-essential, requires low bandwidth  Simple authentication, no authorization and accounting policy

10 2007/01/11A Policy Framework for Multicast Group Control10 Many-to-Many (MtoM) Applications  Multimedia conferencing  Audio, video and whiteboard  Participants with different roles—role based authorization  For corporate meeting—authentication is required, no accounting policy  Multi-player game  Distributed and interactive application with chat group  In free subscription—no authorization and accounting  For paid users—relevant authorization and accounting policy

11 2007/01/11A Policy Framework for Multicast Group Control11 IETF Policy Framework Figure 3: The IETF policy framework PEP: responsible for enforcement of policy PDP: produces policy decisions Policy Repository: location to store policy Policy Management Tool: an interface for the network manager to update policies

12 2007/01/11A Policy Framework for Multicast Group Control12 Comparison Among Different Multicast Policy Frameworks MethodData Policy Control Policy Specification Language Policy Protocol Follows IETF Policy FW Fits with MSEC FW GSAKMPYesPartiallyToken basedSpecifiedNoYes XMLYesNoXMLNot specified NoYes AntigoneYes Not specifiedSpecifiedNo DCCMYesNo Cryptographic Context Negotiation Template Cryptographic Context Negotiation Protocol No MGMSYesNoGMLNot specified No Table 1: Comparison Among Different Policy Frameworks

13 2007/01/11A Policy Framework for Multicast Group Control13 Summary of Different Methods  None of the methods conforms with the IETF Policy Framework  Only Antigone addresses complete access control policy  Antigone, DCCM and MGMS are for “secure group communication”  Only two comply with MSEC Framework  In conclusion: a flexible, scalable, easily adaptable multicast access control policy architecture is needed.

14 2007/01/11A Policy Framework for Multicast Group Control14 Proposed Policy Framework: Design Requirements  Should extend the IGMP-AC architecture  The entities of the MSEC Framework should be present  Will follow the IETF Policy Framework  Will deal with multicast data policy and access control policy independently—can deploy any group key management scheme  Should not depend on any specification language or policy protocol

15 2007/01/11A Policy Framework for Multicast Group Control15 Proposed Policy Framework Figure 4: Proposed policy framework IGMP-AC Diameter NAS will act as PEP PDP is collocated with GC/KS, may be distributed Policy server Policy will be communicated

16 2007/01/11A Policy Framework for Multicast Group Control16 Policy Specification and Protocol  eXtensible Access Control Markup Language (XACML) for policy specification  Security Assertion Markup Language (SAML) for the communication between a PEP and a PDP  Any other language/protocol can be used  XACML:  XML-based for access control  Query-response language  OASIS standard specifies transportation of XACML query/response inside SAML

17 2007/01/11A Policy Framework for Multicast Group Control17 Policy Specification in XACML  XACML with SAML is used widely for access control  Flexible to express different needs of access control policy  Extensible to support new requirements  The developers can reuse their existing code to support policy language  Sun Microsystems, Inc. has already implemented XACML using Java

18 2007/01/11A Policy Framework for Multicast Group Control18 Components of XACML Policy ………. ………. ………. ………. The most elementary unit of a Policy, consists of a Target and a Condition Composition of Subjects, Resources, and Actions to which a Rule is applied Actors with specific attributes. May have more than one Subjects. Data, service or a system component. May have more than one Resources. An operation on a Resource. May have more than one Actions. An expression either true or false.

19 2007/01/11A Policy Framework for Multicast Group Control19 XACML Architecture Figure 5: The XACML policy framework

20 2007/01/11A Policy Framework for Multicast Group Control20 Figure 6: Proposed policy framework with XACML and SAML Proposed Policy Framework: revisited with XACML and SAML Policy specified in XACML Creates XACML query SAML carries XACML query Creates XACML response SAML carries XACML response

21 2007/01/11A Policy Framework for Multicast Group Control21 Policy for On-line Course  An access control policy for the on-line course, INTE290  Offered by Concordia University from September to December, 2006  Email address and password for authentication  Lecture will be multicast during the class hours  Receive a lecture through http://www.econcordia.ca/INTE290/lectures  Students send questions in text/voice format in class hours  Two groups:  1toM for sending multimedia class lecture (shown in example)  MtoM of text/voice for sending questions (not shown in example)

22 2007/01/11A Policy Framework for Multicast Group Control22 XACML Policy for On-line Course If a request is successfully matched against this rule an evaluating PDP will return Permit user-id@econcordia.ca Password Both email address and password must match to get access

23 2007/01/11A Policy Framework for Multicast Group Control23 XACML Policy for On-line Course http://www.econcordia.ca/INTE290/lectures Read Lectures will be multicast here The only permitted action is to read/receive data

24 2007/01/11A Policy Framework for Multicast Group Control24 XACML Policy for On-line Course 2006-09-01 2006-12-31 Flexible condition Any date between 1 st of September and 31 st of December, 2006 is valid

25 2007/01/11A Policy Framework for Multicast Group Control25 Conclusion and future work  A new policy framework for multicast access control  The proposed framework  is based on XACML  fully complies with the MSEC Framework  follows the IETF Policy Framework.  An example access control policy for an on-line course  Future goals:  Complete the IGMP-AC project  Define inter domain behaviour  Performance study

26 2007/01/11A Policy Framework for Multicast Group Control26 For more information  High Speed Protocols Laboratory of Concordia University is doing extensive research on IP multicast, http://users.encs.concordia.ca/~bill/hspl/  To know more about IGMP-AC visit, http://users.encs.concordia.ca/~salek_is  For questions and comments: salek_is@cse.concordia.ca bill@cse.concordia.ca

Download ppt "A Policy Framework for Multicast Group Control Salekul Islam and J. William Atwood Concordia University Department of Computer Science and Software Engineering."

Similar presentations

Universidade do Minho A Framework for Multi-Class Based Multicast Routing TNC 2002 Maria João Nicolau, António Costa, Alexandre Santos {joao, costa,

Universidade do Minho A Framework for Multi-Class Based Multicast Routing TNC 2002 Maria João Nicolau, António Costa, Alexandre Santos {joao, costa,
Enabling Secure Internet Access with ISA Server

Enabling Secure Internet Access with ISA Server
L. Alchaal & al. Page 1 2002 Offering a Multicast Delivery Service in a Programmable Secure IP VPN Environment Lina ALCHAAL Netcelo S.A., Echirolles INRIA.

L. Alchaal & al. Page Offering a Multicast Delivery Service in a Programmable Secure IP VPN Environment Lina ALCHAAL Netcelo S.A., Echirolles INRIA.
Chapter 5 standards for multimedia communications

Chapter 5 standards for multimedia communications
An Associative Broadcast Based Coordination Model for Distributed Processes James C. Browne Kevin Kane Hongxia Tian Department of Computer Sciences The.

An Associative Broadcast Based Coordination Model for Distributed Processes James C. Browne Kevin Kane Hongxia Tian Department of Computer Sciences The.
Authz work in GGF David Chadwick

Authz work in GGF David Chadwick
Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.

Web Services and the Semantic Web: Open Discussion Session Diana Geangalau Ryan Layfield.
Technical Architectures

Technical Architectures
Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.

Identity Federation in Healthcare Networks Xiaohui Chen Department of Computer Science University of Virginia.
CS335 Principles of Multimedia Systems Multimedia Over IP Networks -- I Hao Jiang Computer Science Department Boston College Nov. 6, 2007.

CS335 Principles of Multimedia Systems Multimedia Over IP Networks -- I Hao Jiang Computer Science Department Boston College Nov. 6, 2007.
Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,

Securing Web Services Using Semantic Web Technologies Brian Shields PhD Candidate, Department of Information Technology, National University of Ireland,
Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.

Internet Telephony Helen J. Wang Network Reading Group, Jan 27, 99 Acknowledgement: Jimmy, Bhaskar.
A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.

A Heterogeneous Network Access Service based on PERMIS and SAML Gabriel López Millán University of Murcia EuroPKI Workshop 2005.
XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.

XACML By Ganesh Godavari Craig Peltier. Information Sharing Information Sharing relates to the sharing of information between two or more entities. Entities.
Membership and Media Management in Centralized Multimedia Conferences based on Internet Engineering Task Force Protocol Building Blocks Author: Ritu Mittal.

Membership and Media Management in Centralized Multimedia Conferences based on Internet Engineering Task Force Protocol Building Blocks Author: Ritu Mittal.
Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.

Secure Systems Research Group - FAU Web Services Standards Presented by Keiko Hashizume.
Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense

Audumbar Chormale Advisor: Dr. Anupam Joshi M.S. Thesis Defense
A global, public network of computer networks. The largest computer network in the world. Computer Network A collection of computing devices connected.

A global, public network of computer networks. The largest computer network in the world. Computer Network A collection of computing devices connected.
XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.

XACML Gyanasekaran Radhakrishnan. Raviteja Kadiyam.
Web 2.0: Concepts and Applications 2 Publishing Online.

Web 2.0: Concepts and Applications 2 Publishing Online.

Similar presentations

Ads by Google